BBC BASIC forum
Comments
-
Should the worst come to the worst, I have worked out an SQL query that promotes an existing user to administrator/founder status. It is:
update phpbb_users set group_id=5,user_type=3,user_colour='AA0000',user_permissions='' where user_id=<user>
...where the user_id is the numeric user id (which you can get by clicking the "Members" link at the bottom, hover the mouse over the username and you'll see from the link URL the ...&u=<number> - that number is the user_id.
You can run this in using phpMyAdmin (@BigEd would be better placed to assist you here as he is familiar with that interface). I was testing at the MySQL command line (but then you know I'm a command line nut). It's safe to say this recipe MIGHT cease to be valid if there's a forum software upgrade.
Hopefully you won't have to use this, but keep it in your back pocket just in case.
Edit: Writing a mysqllib BBC BASIC program would not work, the account is configured to only permit localhost access to mysql. Though I notice with some concern, that the MySQL port (3306/tcp) is open to the internet on your server. If your host offers a firewall can I recommend that this be closed? (Edit 2: Of course, if the database is a shared resource on the hosting provider then this will not be possible.)1 -
Command line where? Logged into the server via SSH do you mean, or on a local PC? I'm a BBC BASIC nut, and TBH I think you should be too at this forum!I was testing at the MySQL command line (but then you know I'm a command line nut).
Oh, that's a shame. Is it not something I can change? I don't remember it being a configuration option when the database was initially created.Writing a mysqllib BBC BASIC program would not work, the account is configured to only permit localhost access to mysql.
Why is that a concern? I want to be able to make remote queries (using mysqllib) to databases that I create on my server, since (apart from public databases such as the one I use in mysqldem.bbc) it's the easiest way of testing the library.Though I notice with some concern, that the MySQL port (3306/tcp) is open to the internet on your server.0 -
With the FTP details, I downloaded everything - the database and the forum files. I then installed a virtual machine on my home VM host with a web server, MySQL and PHP, and loaded these files on to it, and restored the forum database backup into MySQL. It was on this copy that I did my testing - NOT on your actual server! (Even if I had full SSH access, there is no way I would do this on a live box - similarly I used a copy when experimenting with the forum code here on the Distillery.)Hated_moron wrote: »
Regarding the MySQL port on your server, if it's open only for your testing, especially if you have a static IP from your broadband provider, I would strongly suggest restricting access to the port from the internet to be only from your IP address. Otherwise, if an unpatched vulnerability is discovered on your server, a hacker might be able to exploit that. (With your hosting setup, is the provider responsible for patching the operating system, or is that down to you?)0 -
What I pay for is a hosting service, it hosts web pages, other files, my Web Assembly version of BBC BASIC and databases. I want all of them to be accessible to everybody via the internet, that's the whole point.Regarding the MySQL port on your server, if it's open only for your testing, especially if you have a static IP from your broadband provider, I would strongly suggest restricting access to the port from the internet to be only from your IP address.
I might want to restrict access to individual databases, particularly ones which are there for the use of applications running on the same server such as the Forum and the Wiki. But I certainly wouldn't want to close the MySQL port and hence block accesses to databases in general.
After all MySQL is by design intended to be run on a server and accessed remotely from clients, via TCP/IP; it's a key feature that distinguishes it from some other database management systems. Presumably the 'command line' interface you like so much actually communicates with the database via a socket connection.
I might well want to write a BBC BASIC application that relies on read-write access to a shared database. Indeed I have considered using that approach as a solution to the inability of the Browser (Web Assembly) edition of BBCSDL to save files to the local filesystem, I could in principle provide a 'cloud' filesystem that people could share.
But that's equally true of FTP access or SSH access or any other protocol that has the possibility of writing as well as reading. It's something which I expect the hosting service to guard against as best they can; I'm sure if they felt the risk was too great they'd disable the hosting of shared databases entirely.Otherwise, if an unpatched vulnerability is discovered on your server, a hacker might be able to exploit that.
0 -
Fair enough. I was looking at this from my "work as a sysadmin with a security hat on" that I do in my day job. You have your use cases, so of course you need your settings to follow that. I shall say no more on the matter.0
-
The 'technical' issues regarding the forum seem to have been resolved: we now know that DDRM does still have admin access, and we know that Patrick now definitely does have moderator privileges and could approve my post if he wanted to.
That he doesn't seem to want to is unfortunate, but I have only myself to blame because I didn't explicitly mention that as an admin function that I wanted him to accept. So it looks like we have a fully-working forum, just not one that I can contribute to.0 -
The implications of this did not immediately strike me, but on reflection it means, of course, that there are (at least) two admins who could approve my pending message (and thereby promote me to unmoderated status) but who have both decided not to.Hated_moron wrote: »we now know that DDRM does still have admin access
That seems highly significant to me. If neither admin of the primary support forum for my versions of BBC BASIC thinks I have anything useful to contribute there, it's a pretty safe bet that nobody does!
0 -
If they think it's too much work, you are welcome to propose me as an assistant moderator. I would be more than happy to take that role.0
-
I'm sure it's not that: approving my post would be a once-off operation only (the way the forum is currently configured, new members are initially moderated, but as soon as their first post is approved they are automatically unmoderated).If they think it's too much work
I offered myself as a moderator, that offer wasn't accepted (well, I received no reply at all).you are welcome to propose me as an assistant moderator.
0 -
My post to the BBC BASIC forum has been in the moderation queue for nine days, which I think ought to be long enough for it to be approved (or not), but so as not to be thought impatient I'll wait a few more days and see what happens.
On this occasion it was an announcement (about BBC BASIC Z80 v5), but had it been a response to a support request I doubt that the OP would be keen on waiting that long for an answer.
0 -
It's been a while, but hopefully you've seen your post has now been approved.0
-
I'm going on holiday today for a fortnight. I'll have a laptop with me, but moderation might get delayed if the mobile network signal is poor.0
-
When DDRM was still the admin he appointed other moderators - for example me! - to share the load. I know that your immediate predecessor wasn't keen on that (I offered my services, but it wasn't accepted), and it seems you aren't either, but most forums do have more than one moderator.I'll have a laptop with me, but moderation might get delayed if the mobile network signal is poor.
I don't know whether this is the case for all forums, but phpBB does make a clear distinction between an administrator and a moderator and even a global moderator has no admin powers at all.0 -
When I get a chance on the laptop (mobile phone posting from a service station in Wales!) I will figure out how to do this.0
