The FreeBSD 'zine
February 2000 : Phorum

Installing a Discussion Forum
by Dan Langille <[email protected]>

When I first asked about a discussion forum package, everyone seemed to mention phorum; and with good reason. I'm quite pleased with it. It seems very configurable, and very well put together. The home page for phorum is


Note:��I used a soon-to-be-released port of apache13-php3-fp-modssl, but feel free to use the apache13-php3 port from the FreeBSD Ports Collection.

Downloading and Installing

The tarball I used was from the phorum FTP site, but you should check the phorum home page and get the latest version.

I then moved this tarball into a subdirectory of an existing website. Actually, I did this:

	cd /path/to/website
	mkdir forum
	tar xvfz phorum308.tar.gz
	cd phorum308

The first things you will need to read are readme.txt and security.txt.


I think you should stop and read security.txt now. I mean NOW. You're not going to take my word and just do what I did are you? Imagine the security holes I could create in your system if you did that.

I created a .htaccess file in my forum directory and added the following to it:

	<Files admin.php3>
	    require group admin

	<Files forums.inf>
	    Order deny,allow
	    Deny from all

	<Files forums.inf.bak>
	    Order deny,allow
	    Deny from all

Be sure to follow the directions in security.txt, titled IV) Securing the Admin Script, and you should not have any problems.

You might want to read a bit about protected directories with Apache for a bit of detail. Also see the section of this article entitled "Additional Security Options".

Database Configuration

The first thing you need to do is create a database. I called mine forum. I also created a database user, phorum.

	# mysql -u root -p
	Enter password: 
	Welcome to the MySQL monitor.  Commands end with ; or \g.
	Your MySQL connection id is 8 to server version: 3.22.22

	Type 'help' for help.

	mysql> create database forum;
	Query OK, 1 row affected (0.13 sec)

	mysql> GRANT
	    ->       select, insert, update, create, alter, delete, drop
	    ->     ON
	    ->       forum.*
	    ->     TO
	    ->       phorum@localhost
	    ->    IDENTIFIED BY
	    ->       'password';
	Query OK, 0 rows affected (0.01 sec)


This example shows you how to track down a particular field if you wish to customize your phorum. I removed the host name from the message output. This is a personal preference. Your choice.

If you want to customize a particular aspect of phorum, the first step is to figure this out which file the settings you wish to modify are in. The URL for any messages contains something like this:


The other point is to locate something contanst in the message which is near to what you actually want to change. In this case, the domain name appears just to the right of the author. I chose that as my target. The correct way to do this is to look at your language module. In my case, that is english.lang. I searched for "Author" and found this line:

	$lAuthor          = "Author";

$lAuthor is what you want to look for within read.php3. In that file, I found this line:


See $host? Remove that section of the code and the line becomes:


That's it. The host is now gone from all messages but is still stored in the database if you need to find it.

Removing The <html></html> Tags

phorum allows people to post messages with embedded SQL. As phorum is primarly designed to work with websites, embedded SQL is a good thing. Another good thing about phorum is that you can optionally choose to have email replies to a thread sent to your address if you have contributed to a thread. This mail will contains the message which was just posted to the phorum. The body of the message will be surrounded by <html></html> tags. This is something I didn't want. So I modified post.php3 to remove them. Here's the patch I created to do this.

	--- post.php3.original  Fri Jan 21 16:34:31 2000
	+++ post.php3   Fri Jan 21 16:44:38 2000
	@@ -175,13 +175,13 @@
	     $author = "<b>$author</b>";
	     $subject = "<b>$subject</b>";
	-    $body="<HTML>$body</HTML>";
	+    $body="$body";
	     $body=eregi_replace("</*HTML>", "", $body);
	-      $body="<HTML>$body</HTML>";
	+      $body="$body";

This patch is also available from The FreeBSD Diary.

Problems and Solutions

These are the problems I've encountered and how I solved them.

  • Warning: Access denied for user: 'testuser@localhost' (Using password: YES) in ./abstract.php3 on line 63
If you browse to admin.php3 and you get the above message, you have a database issue. Perhaps, you haven't specified the correct password, your database name is wrong, etc.
  • Warning: fopen("./forums.inf","w") - Permission denied in /www/freebsddiary/phorum/admin.php3 on line 159
Ensure forums.inf is writeable by your webserver. In my case, I made sure forums.inf was writeable by group www.

Additional Security Options

There are some security issues associated with phorum, but I feel they can be adequately handled if you exercise care. The two files which we secured in the Security section can also be renamed. This will prevent people from trying to guess the password and gives you an extra layer of security.

If you are going to rename admin.php3, remember that the file contains self-references which must also be changed. By my count, there are 10 instances which need to be changed.

If you are going to rename forums.inf, remember to also modify the references within:

  • code.php3 (both forums.inf and forums.bak.inf)

And of course, remember to change the .htaccess file to refer to the new file names.

If I've missed anything, please let me know.

- Dan

Current Issue
. Issue #06 : July 2000

Old Issues
. Issue #01 : February 2000
. Issue #02 : March 2000
. Issue #03 : April 2000
. Issue #04 : May 2000
. Issue #05 : June 2000

Quick Links
. Table of Contents
. Mailing Lists
. FreeBSD Events
. User Group Calendar
. Site Statistics
. Old Articles
. Latest News
. Press Releases
. Contribute
. Send us Feedback
. Other Resources
. Submit an Article
. Submit an Event

Today's Fortune
The makers may make and the users may use, but the fixers must fix with but minimal clues

FreeBSD 'zine Poll
Are you going to BSDCon?
What the hell is BSDCon?
Results More polls

. VicFUG

. Issue #01 : Download
. Issue #02 : Download
. Issue #03 : Download
. Issue #04 : Download
. Issue #05 : Download
. Issue #06 : Download


Runs on FreeBSD

Add Channel to My Netscape


Contact: <[email protected]>
This site and the tarballs are built every 6 hours.
Copyright � 1998-2000, The FreeBSD 'zine
Code revision: 07/24/2000��All rights reserved.