Click anywhere to close this dialog

Farewell

Great is the art of beginning, but greater is the art of ending
Henry Wadsworth Longfellow

I announce that I cease all development and activity in the programming universe indefinitely. My career has reached the turning point I was not expecting for at least another year, leaving me highly off guard and without laid-out plans for this hobby's continuity. I have begun a 5-year residency program in Neurosurgery which is clearly not compatible, time-wise, with programming.

I gave in all my passion for developing, and you gave me back your loyalty and trust, even when I did not deserve that much. Now it is the time for payback. I release all my present and past work as Open Source software, in the hope some talented developer will continue maintaining and expanding my vision of a modern, sleek forum software. The intrinsic flexibility of MyBB is the true hidden gem of an otherwise outdated codebase; I do hope the project can continue and be updated complying to the latest coding standards.

I hereby thank Euan, kawaii, andrewjs18, Ben, Matt, Omar G., effone, Eric J., Devilshakerz, Wildcard, JordanMussi and all the other team members I have had the opportunity to work with when I was a MyBB team member. I thank Tomm M, my mentor, who inspired me to pick up coding with his piece-of-art plugins. And finally, I thank all of you MyBBoost subscribers who have helped me getting through my toughest university years economically.

Yours sincerely, Filippo

[Security] Email and password changing

6 Apr 2020 Edited
#1
https://community.mybb.com/post-1114226.html This is a massive security vulnerability, the change email page is directly accessible.

- Permission setting to change password and email for usergroups.
- Username changes are moderator approvable, this functionality should be provided with password and email changes.
- Enforce email verification for password and email changes.
- Previous email, date and IP logging for email and password changes.
- Failed login attempts logging between password and email changes.
- IP and date logging for password reset requests.
- Lookup accounts with password/email changed from IP range.

Secondary plugin:
- Message and title filter for thread creation in sub-forums that prevents posting and responds with customizable instructions.
- Message and title filter for PM's and contact page which would disable(IP and cookie block) PM'ing and contacting through the contact page until further notice. This should be a flag in the database that can be modified externally and it would eventually update in the Task Manager.
Shade 6 Apr 2020
#2
I can work on the first one. I have to do some brainstorming but it might be a Basic to Advanced-tier plugin. Don’t expect it before end of July/August.

Please open a thread per each plugin request.

PS: there is no security vulnerability. Both pages are only accessible if logged in.
Kalju 6 Apr 2020 Edited
#3
The point is to stop users from being able to change email and password and the info provided in that thread just hides the buttons without removing the functionality.

I have it implemented by just copying the permission code from "can change username".
Shade 6 Apr 2020
#4
So you don't need it anymore?
Kalju 7 Apr 2020
#5
Still need the logging data.
Shade 7 Apr 2020 Edited
#6
Alright, will add to my to-do list.