Re: How about Ikonboard?

By popular request, I took a look at ikonBoard. The version I checked is the brand new 3.11.

My first look made me grimace:

$SIG{__WARN__} = sub {
   my $wn = shift;
   return if $wn =~ /Use of uninitialized value/i;    #Most annoying
   return if $wn =~ /name "(?:.+?)" used only once/i; #Very annoying
   warn $wn;
};
[download]

Ugh. We're off to a grand start. No taint mode either. But strict! Well, it wants to be mod_perl compliant..

The codebase is pretty large so I didn't examine it as closely as YaBB's, even though I spent a lot more time looking at this one. However, the more I looked, the more it made up for the initially awful impression. The global configuration variables have been stuck into package iB and there's no other globals - parameters are passed as subroutine arguments. Great. Its SQL bindings modules appear to be carefully proofed against SQL injection attempts.

There is no central input validation instance, but wherever I looked data seems to get validated, somehow or other, at one point or other, in safe fashion. It still leaves me with the uneasy feeling in the stomach that a developer may overlook a variable or other and open up a hole, but in contrast to the YaBB team they do seem to have a healthy distrust for external input.

At this point, I feel I can recommend ikonBoard in good consciousness as a suitable messageboard engine.

Makeshifts last the longest.

Comment on Re: How about Ikonboard? Download Code

Replies are listed 'Best First'.
Re: Re: How about Ikonboard? by kiat (Vicar) on Sep 23, 2002 at 10:49 UTC
Thanks, Aristotle! Your comments on ikonboard are really useful. I'm trying to study the code to understand what exactly certain pieces of code are doing but have difficulty understanding because of DB and SQL, which I know little about. However, I do understand the obvious ones. I thus agree with you that the ikonboard engine seems to be a good bet. I would like to try and understand YaBB because I find it easier to understand when textfiles are used instead of SQL database. I want to be able to "hack" the code a little here and there to change certain things if necessary. With ikonboard, I'm quite helpless but I may be able to do something with YaBB.	[reply]
Re^3: How about Ikonboard? by Aristotle (Chancellor) on Sep 23, 2002 at 16:43 UTC
There's more to keep track of, but there's less work in any single abstraction layer to do. You probably want to learn mostly how the top layer(s) work without worrying too much about what the low-level storage modules do. Otherwise, if you ever decide to move to a different method (upgrade from DMB files to a real database or something), your hacks will cease to function. Also, I would say that it protects you from yourself. `:-)` It is probably easier to write a good hack for iB than YaBB. The latter may be easier to hack, but I've seen a lot of hacks for the various messageboard CGIs that often were horribly coded but "somehow" worked because the messageboard was horrible code to begin with. With a properly written script, it might be harder for a beginner to modify things, but that probably that modifications that work well are actually well written, too. Makeshifts last the longest.	[reply]