Installation Wiki

Configuring PhpBB

From InstallationWiki

Jump to: navigation, search
phpBB
Official Page
Project Documentation
[www.phpbb.com/downloads/ Download]
Source Book
phpBB:A User Guide
phpBB:A User Guide
ISBN 978-1-904811-91-6
Publisher Packt Publishing
Author(s) Stoyan Stefanov, Jeremy Rogers

Contents

Post-Installation Tasks

After you've installed phpBB,you need to perform a few post-install operations, namely to delete unneeded directories and to set some basic configuration options.

Time For Action: Deleting Unneeded Directories

1. Connect to your server via FTP (skip this step for local installations).

2. Go to the directory where phpBB is installed.

3. Delete the install and contrib directories.

4. (Optionally) delete the docs directory as well.

What Just Happened?

After a successful installation, when you visit your new phpBB forum's homepage you'll get a hint about your post-install tasks. You're advised to delete the install and contrib directories, because leaving them on the server is considered a security risk, so big that phpBB won't even run if it detects their presence.

The doc directory can be deleted as well if you like; it's not a security threat, but can save some disk space.

Basic Configuration

After the unneeded directories are deleted, you can access your new and shiny bulletin board that you just installed. Great! It works!

Now it's a good idea to familiarize yourself a bit with the administration panel. And you can do this right away by editing some general configuration variables.

Time For Action: Initial Configuration Using the Administration Panel

  1. Load your bulletin board in the browser, i.e. visit http://www.yourdomain.com/forum. It looks like the following screenshot:
  2. Log in using the form at the bottom of the page. Depending on how the installation ended, you may be logged in already. If you're not, use the administrator username and password that you selected during the installation.
  3. Click the Go to Administration Panel link; it is located at the bottom of every page.
  4. Click the Configuration link found under the General Admin section in the left-hand menu.
  5. Edit the fields as needed (discussed shortly).
  6. Click Submit when done.

What Just Happened?

You successfully logged in to your administration panel, the place for managing your phpBB-powered bulletin board. You loaded the general configuration settings form and saved the settings.

Most of the fields in this form are pre-filled with values that are just fine as the phpBB installer set them, but some are better if edited. What follows is a list of fields of interest:

General Board Settings

Site name: A friendly name for your site: often, the domain name. It will appear at the top of every page. The default is yourdomain.com, and you can see it in action in the previous screenshot.

Site description: A brief description of what the site is about, preferably not more than six to seven words. It will appear at the top of every page and is not required. Again, look at the previous screenshot to see the default value A _little_ text to describe your forum.

Enable account activation: This refers to the way new users are accepted. There are three options:

  • The users are accepted right away, as soon as they sign up (this is the default option).
  • They have to confirm their subscription by clicking a link received by email. This way they confirm their wish to become members and also authenticate that they are the owners of the email address supplied during registration. This is probably the most used option.
  • The members' sign-up applications need to be reviewed and approved by an administrator.

System Timezone: The time zone where your community is mainly located. It's a default value that every member can overwrite.

Enable GZip Compression: Enabling this option will cause all pages to be compressed when sent from the server and decompressed after they are received by the user's computer if the user's browser supports compression. If it doesn't, the page won't be

compressed by the server. This results in a faster working site and uses less bandwidth, but increases the server load because of the overhead of compressing every page that is served.

Cookie settings

Cookie name: Normally you don't change this. You might need to alter this value only if you host more than one forum under the same domain name. If this is the case, you can use a different cookie name for each installation.

Cookie secure: Enable this option if your site runs on Secure Socket Layer (SSL); in other words if your pages are displayed using the secure HTTPS protocol, instead of just HTTP.

Session length [seconds]: Determines how long the user session "lives" before it's deleted. It's a security-related setting, which determines how many seconds users can stay inactive (not visiting any board page) before they are logged out by phpBB.

Avatar Settings

Avatarrefers to those little member-specific graphics that appear in the posts below a member's username. You have three ways to provide this functionality:

  • Enable gallery avatars: Users can select from a number of predefined graphics that you upload to a specified directory.
  • Enable remote avatars: Users can put links to graphics that they find on the Internet, stored on other servers.
  • Enable avatar uploading: Users can upload graphics to your server.

Avatar Storage Path: Where the uploaded avatars are stored; the default is images/avatars, which translates to http://www.yourdomain.com/forum/images/avatars/.

Avatar Gallery Path: Where the pre-defined graphics are stored; the default is images/avatars/gallery, which translates to http://www.yourdomain.com/forum/images/avatars/gallery/.

COPPA Settings

COPPA stands for Children's Online Privacy Protection Act. Basically it requires parents' written consent if their children are to become members of your forums. For more information, see phpBB user guide and http://www.coppa.org.

Email Settings

Admin Email Address: The email address that you provided during the installation.

Email Signature: This will be appended to every email phpBB sends on your behalf, such as private message notifications, topic-watch notifications, etc. Use your imagination to come up with friendly message footers to your members.

Use SMTP Server for email: You have the option of using an SMTP server to send mail, instead of the native PHP mail function. Some hosts disable the PHP mail function because of the danger of unethical clients misusing it (to send spam). If this is the case, you need to use an SMTP server to send the mails. Your Internet service provider (ISP, the one you use to connect to the Internet) has most likely given you access to an SMTP server to send emails (with Microsoft Outlook, for example). You can use this SMTP server for your bulletin board. You can also use this option if you install phpBB on your own PC and don't have a mail server set up.

Setting Up the avatars Directory

If you're allowing membersto upload avatars to your server, you have to make the directory that stores them writable. The file permissions (on a Linux machine) need to be 777. Using the same methods for changing the file permissions as we used for config.php in the pre-install section, change the permissions to 777 for the image/avatars directory or wherever you decided to store members' avatars.

Security Tips

Making sure that your board is as secure as possible should always be a concern. Here are some tips that can help you get started.

Administrator Password

Make your administrator password difficult to guess. It's a very important password, so you wouldn't want other people to guess it and play around with your board. This is also true for any moderators you decide to assign later on. Remind them to change their passwords to something really hard to guess. For example, using the same password as the username is definitely not advisable. Be creative and go with something like y0u11n3v3rgue$$ (read "you'll never guess") and wh00p3375 (read "whoopee 75"). It's also a good idea to change this password regularly and to use it only for this board (not for other services like Hotmail and the like).

Disallow Remote Connections to the Database

Remote connections allow you to access your database from a remote location. For instance, from your local machine you can query the database that is running on the remote hosting server. This definitely has benefitsfor example for making local backups of the data in the remote databasebut it can be a security risk. If the username and password to access the database are somehow revealed, then if the remote connection is enabled, an intruder can access your data from his or her computer. If the remote connection is disabled, the hacker will have to have access to the remote server in order to be able to connect to your database. Additionally with remote connection enabled, the potential hacker can try to guess what your password is by trying different combinations until he or she is connected.

Some hosting providers let you enable/disable remote connections, while some don't allow remote connections at all. Check what your situation is and (unless you have a very good reason) make sure the remote connection is disabled.

MySQL Account

Use a new MySQL account (or a new account for any other database you might be using for that matter) for the bulletin board. This was described in more detail in the pre-install section of this article.

config.php

After you change the permissions of the config.php file (described in the pre-installation section) so that it's writable by all, and you install phpBB, it's time to revert back. Using the exact same methodology as described before, change the permissions to 664.

Here is a more visual description of the config file after the chmod 664 config.php command. This is a screenshot from an FTP client for Windows.

.htaccess Protection for the Administration Panel

Alittle extra layer of protection for the admin panel can be the setting of an .htaccess directory protection. .htaccess is a file that can contain a number of instructions for the Apache web server that are applicable for the directory where the .htaccess file is and to all sub-directories. Setting up .htaccess protection will result in an additional username/password window that will be displayed when you enter the admin panel. Setting up the protection may not be a trivial task, and there are quite a few tutorials that can help you with this available on the Web. .htaccess documentation can be found on the Apache website at http://httpd.apache.org/docs/howto/htaccess.html.

It's possible that your hosting provider gives you access to an easier interface (a control panel) that can help you set up the protection.

So using .htaccess directly or through a friendlier interface you can protect the admin sub-directory within the root phpBB directory using a username and password different than the "normal" administration password. This way you're making it harder for potential intruders as they have two different username/password pair to deal with.

Finding Help

Remember how we spoke about the huge community of phpBB users? Well, these are the people that can help you out if you have a problem that you cannot figure out. On phpBB.com, there is a support section that contains "static" articles such as the user guide, the knowledge base, and the FAQ, and there's also the community section (that is not surprisingly powered by phpBB) where phpBB users from around the globe share their experience. The same sort of community of users you can find on phpBBHacks.com.

When you encounter a problem, don't panic; you're not alone, and chances are someone has had and resolved the exact same problem, and this individual is most likely to share the resolution. So it's very probable that the question you have has already been asked and answered. All you need to do is find it. If you can't find the resolution you need, post your question on the bulletin board, but make sure you search first.

Then even though you've found your answer, don't leave right away. You could dawdle for a while and help others with problems that you know how to fix.

At this point you have the knowledge and know-how to start up your community website. Today!

Additional References

  • For instructions on Creating phpBB templates, click here
  • For instructions on Customizing phpBB Forums, click here
  • For instructions on Troubleshooting phpBB Forums, click here

Source

The source of this content is Chapter 2: Installing and Configuring phpBB of phpBB: A User Guide by Stoyan Stefanov and Jeremy Rogers.

Retrieved from "http://www.installationwiki.org/Configuring_PhpBB"