Hello,

We would like to use your wonderful web application.
But for registration it needs to have first name + name and we just would like to get an alias (just one word) for the name. Do you think that it's possible please ?

Regards,
Marie

Hi,

Thks for this application.
I tried to install it from 1.3 et 1.2 but I have a message error in administration page :
Parse error: syntax error, unexpected '[' in /var/www/html/phpback/vendor/visualappeal/php-auto-update/src/AutoUpdate.php on line 362

Best regards
PHP 5.3.8
Mysql 5.5.15
Apache/2.2.9 (Fedora)

I found an error when users try to register account, they always get "invalid email" error

hi, i just try to install ohoback,

and after i input my mysql detail and admin, and click "proceed"

the url go to mydomain.com/install/install1.php and the display just blank white screen with no error

and the installation failed

I get a 404 page not found when installing after the SMTP screen (http://localhost/feedback/install/install2.php)
I am installing on IIS with MySQL 5.6

Hi there

I recently downloaded phpBack to run in conjunction with another site and get user feedback for that site. I am running on an IIS server and had a few initial challengers to get phpBack running (installed fine but then could not find the various pages - IIS error telling me they did not exist).

I managed to overcome that by installing URL Rewrite 2 onto the IIS server and adding a web.config file to the site with some rewrite rules (file attached).

However, my issue now is that the HTML is not rendering correctly - it almost looks as though it is not applying the CSS styles at all.

I have attached a screen shot of how the page renders along with the web.config file I added

Any thoughts on the issue?

Thanks

web.config.txt

The tables should have a prefix on the database.

Hi,

is it possible to write an feedback as guest (without any registration / login)?

regards

when I try to install, I got 500 internal server error, the URL: install/index2.php

You should clean the folder /public/js because you have various version of the lib and a mix of minified and full source.

Followed all the instructions and it looks like it installs ok however when I goto admin or login or post new idea all i get is No input file specified.

featuredstreamer.com/feedback/

Unfortunately you can not successfully register at "PHPBack Feedback" (www.phpback.org/feedback/). I would love to give my feedback to you.

Google is flagging www.phpback.org as harmfull: "This site may harm your computer."

When i have upload all files (phpback_v1.2.0 files from http://www.phpback.org/) to my local web server (IIS) and fill in the details.

I fill index1.php
(MySQL hostname, MySQL username and password, MYSQL database) & admin name, email, password and click proceed i moving to the next step.

Then i fill in the details there.
Feedback title, Mail email, leaving recaptcha blank because I don't know how it works yet.,
and click proceed. I get a (HTTP 404-error).

The installation creates the database but it doesn't creates any entries on the tables.

I login as admin and created ideas, and then I try to open it via click on its category, but this error appear:

Error Number: 1064

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

SELECT * FROM ideas WHERE categoryid='1' AND status !='new' ORDER BY votes DESC LIMIT 0,

Filename: /home/jarfeed/public_html/models/get.php

Line Number: 111

I've create an idea and deleted the idea and now I've a -1 on the category.

same as #41 but on bing

WARNING!

This site might download malicious software that can harm your computer. Learn More
We recommend you choose another result or you can go to this site anyway.
To learn more about why this URL was marked as malicious, please visit the Bing Site Safety page.

http://www.bing.com/toolbox/bing-site-safety?url=http%3a%2f%2fwww.phpback.org%2f

Site Safety Report for http://www.phpback.org/

URL Status

The URL is currently classified as suspicious due to the following detection types:

• Malware Network Reference
• Malicious JavaScript
• Indications of malicious activity.
• Malware Found on Adjacent Pages

Suspicious content was last detected at this URL on 2/15/2016.

Scan Information

This URL was last scanned on 3/14/2016.
We have scanned this URL 26 time(s) over the past 30 days.

Hi there!
I recently added CodeIgniter multi language support to this project.

It is necessary to add more language files in application/languages folder.
Feel free to create a pull request adding more languages files.

Thank you!

In admin panel, when I select:

• Ideas and Comments
• Users Management
• System Settings

The secondary tabs (eg "New Ideas" of "Ideas and Comments") doesn't look clickable for user (I'm not speaking from a technical perspective here, but from a user point of view). You should change the mouse pointer icon to hand for these tabs.

Is there a way to receive email notifications each time that somebody creates an idea or comment.

Or if I can edit the code to do so?

When i have upload all files (phpback_v1.2.0 files from http://www.phpback.org/) to my web hosting company and fill in the details.
for PHPBack installation

(MySQL hostname, MySQL username and password, MYSQL database) & admin name, email, password and click proceed i moving to the next step.

Then i fill in the details there.
Feedback title, Mail email, leaving recaptcha blank because I don't know how it works yet.,
and click proceed. when i came to http://feedback.supportportalen.mobi/install/install2.php i get error.

(HTTP 404-error), im going back to my ftp and take a look at the install map.
The install map is empty. Why?

Then if i go to http://feedback.supportportalen.mobi/ i get error:

A Database Error Occurred
Unable to connect to your database server using the provided settings.
Filename: core/Loader.php
Line Number: 347

Can you explain how I can solve the problem?

https://dl.dropboxusercontent.com/u/42214358/supportportalen/errors/error_install_phpback.mp4

Conclude the installation, but the friendly urls do not work.

I'm not using fastCGI

After a clean install in a subdomain, everything seems to work right. When trying to use System Settings (/admin/system), I get a blank page with no error.
Could it be an .htaccess issue?
Thanks!

Is there any plans on upgrading to CI 3.0.X?

If you want to attract contributors, you should improve the quality of your code right now because it difficult to understand and to maintain:

• Adopt Camel case names for methods with GOOD names.
• Use PHPDoc blocks for methods and files.
• Write more comments.

i try to create idea using "(" character and it appear in the url and create an error:

The URI you submitted has disallowed characters.

MySQL 5.5+ and MariaDB seem to have sqlmode=STRICT_TRANS_TABLES enabled by default on new installations. Most of the phpback insert queries have 'id' => '', which causes the error with strict mode enabled. I think the queries should be revised for compatibility, as many users will not be able to modify their database server settings.

Temporary fix: comment out sqlmode line in my.ini and restart MySQL

To let MySql generate sequence numbers for an AUTO_INCREMENT field you have three options:
-specify list a column list and omit your auto_incremented column from it as njk suggested. That would be the best approach. See comments.
-explicitly assign NULL
-explicitly assign 0

http://stackoverflow.com/questions/14762904/incorrect-integer-value-for-column-id-at-row-1

Some unit testing (or integration test) is needed for this project.
I'll be adding it soon.

Hi,
I was testing code for security vulnerabilities and got few one. i am not done with my testing but still i want to update you.
in home controller, code for search functionality

`public function search() {
$data = $this->getDefaultData();

    $query = $this->input->post('query');
    $data['ideas'] = $this->get->getIdeasBySearchQuery($query);`

data from post parameter 'query' is passing to function getIdeasBySearchQuery
and in getIdeasBySearchQuery function, code is exploding input data on the basis of space and then crafting SQL query. In whole process, user supplied data is not getting filter which is arising remote SQL Injection vulnerability.
Payload to confirm the vulnerability is
URL
http://127.0.0.1/phpback-master/home/search

post data

query=')%0Aor%0Aextractvalue(6678,concat(0x7e,(select%0Auser()),0x7e))--%0A%23

above injected request will fetch database user username
i have figured out other vulnerabilities to which i will drop soon
Thank you

I've created a few 'ideas', using both admin and non-admin accounts. The ideas are visible in the admin/ideas page. I can also open them and vote on them.

However, no ideas show up in the front page. "Last Completed Ideas" etc. are all blank. All ideas are in the (sole existing) category 'foo', but the 'home/category/1/foo' page is empty, too.

My understanding is that the ideas should be visible somewhere.

When creating a new user account, an error is thrown in line 48 of controllers/action.php saying that function ereg() is deprecated (caused by a new version of php). We should use preg_match() instead.

Hello (again)

When I was testing, I create an idea and it appears in the right list. "1" appears for the category but as it wasn't validated it doesn't appear on the page...

Thank in advance for your reply

Regards

The new recaptcha standard used in https://www.google.com/recaptcha/intro/index.html is more user friendly then the current in use one. It would be nice if we can upgrade to the new version or at least enable selection of which version we can use.

PHPBack seems to build atop an older version of CodeIgniter, which has numerous security vulnerabilities:

1. http://www.securityfocus.com/archive/1/532384
2. https://scott.arciszewski.me/research/view/php-framework-timing-attacks-object-injection

Please update system/ to the latest version of CodeIgniter.

The way you generate random string is not safe. You should rely on PHP Internal/openssl
See how I revisited you code:
https://github.com/bbalet/phpback/blob/e9b2415f1d845cb607b156e65f236a5f4f359dd4/install/install1.php#L130

Hi,

How do I know the reason for this pgn stay blank?

Is there any Documentation on how to customize the UI

Not really secure and also PHP will throw a notice for this:
PHP Notice: crypt(): No salt parameter was specified. You must use a randomly generated salt and a strong hash function to produce a secure hash.

The install folder of phpback_v1.2.0.zip is empty.

So the steps described in the installation guide do not work.

When I navigate to the Admin page I see this error. In the wiki there is no description on which folder I need to give what permission to fix this error.

A PHP Error was encountered

Severity: Warning

Message: mkdir(): Permission denied

Filename: src/AutoUpdate.php

Line Number: 199

I am able to flag, but I am unable to delete,

It would be interesting to specific user groups access to provide to certain categories.

As an an example:

• Employees should provide feedback on internal procedures, tools and website.
• Representatives only to their tools and the website
• Customers only to the website

If we can select multiple categories to a question this would give more flexability

when you login as the owner of idea or admin, and open idea, the delete idea button not working

Please add support for composer

Extracting the files to our web root and having installed the application, we now encounter a 404 if we want to log in, post an idea, etc.

urls include but might not be limited to:
/home/postidea
/home/login
/home/search

Apache Access log reports:
"GET /home/postidea HTTP/1.1" 404 2097 "http://yourServer.de/" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.97 Safari/537.36"
"GET /favicon.ico HTTP/1.1" 200 3306 "http://yourServer.de/home/postidea" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.97 Safari/537.36"
"GET /home/login HTTP/1.1" 404 2098 "http://yourServer.de/" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.97 Safari/537.36"
"POST /home/search HTTP/1.1" 404 2097 "http://yourServer.de/" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.97 Safari/537.36"

Issue seems unaffected by browser, tested with up2date FireFox, Apache und IE.

I assume I did something wrong, maybe the server setup is wrong. I don't know my way around CI enough to figure it out myself.

The application seems to be translated into various languages, but there is no way to change the language or to set it when creating the account or elsewhere (as you don't have a user settings page).

I don't know if the language is automatically detected, but if it is the case it doesn't work.

When creating a new user before login in,

I got the following error:

Error

Error Number: 1364

Field 'banned' doesn't have a default value

INSERT INTO `users` (`name`, `email`, `pass`, `votes`, `isadmin`) VALUES ('Comfort food', '[email protected]', '$2a$08$.hnucYdZeHrqVU96l22IGeRoO36IWFVaw4oqFSX.xkY3NwqhsE4Bu', 20, '0')

Filename: /var/www/models/post.php

Line Number: 54
Missing banned

Solution:

Add value for banned in array $data line 51

vi application/models/post.php

44         else{
 45                 $data = array(
 46                                 'name' => $name,
 47                 'email' => $email,
 48                                 'pass' => $pass,
 49                                 'votes' => $votes,
 50                                 'isadmin' => '0',
 51                                 'banned' => '0'
 52                         );
 53         }
 54