About PHP-Nuke 7.7 - Think Before You Install It!

Posted: Thu May 05, 2005 8:23 am

Hi folks

I've noticed that many people are talking about and reporting a large number of problems with PHP-Nuke 7.7 and various add-ons, not just here at Raven's but throughout the various Nuke development sites.

First and foremost, it should be pointed out that PHP-Nuke 7.7 is ALPHA quality and is NOT ready for production website deployment.

The author of PHP-Nuke in his infinite wisdom has released this latest version of untested code into his personal "club" of alpha testers. What that means is that people that join FB's "Club" are paying for the privilege of testing unpatched, unfixed and mostly raw code that could have hundreds, if not thousands of various types of bugs in it. These bugs range from non-compliant presentation code, to plain old bugs that make things not work, to poorly structured and/or unsecured SQL queries.

Unfortunately, in an effort to keep up, some of us developers got our hands around the 7.7 code and started attempting to adapt our solutions to work with it.

I say "unfortunately" only because our actions may be partially responsible for this buggy, unfinished code finding its way out of the "Club" and into the community. It is further unfortunate as this untested code is now being deployed by users expecting it to perform as well as code that has been slowly bug fixed over the past few months (I'm talking about FB's last two versions of bug filled code, PHP-Nuke 7.5 and 7.6.)

Only recently has PHP-Nuke 7.6 code become somewhat stable and predictable as the combined efforts of many other developers outside phpnuke.org, has resulted in a substantial number of fixes to correct FB's poor and non-compliant coding methodologies.

I myself have fixed countless compliance and coding bugs in 7.6 in the past 45-days which have not yet been propagated back into the core code, so I think it is important for the user community to understand that 7.7 is anything but stable, reliable or even predictable in operational nature.

While Chatserv, the producer of the excellent "Patched" series of updates has already released a "Patched 3.0" update for Nuke 7.7, I think it is important for everyone to understand that those fixes only cover what he has (and others, that participate in providing fixes for the patched updates have) had time to identify and repair.

As the "Patched" updates are intended primarily to fix variables in PHP-Nuke (specifically sql injection vulnerabilities and other known bugs), the Patched 3.0 release is by no means a "Final" fix to the PHP-Nuke 7.7 issues or problems, nor does it begin to address the new unknown core problems introduced by FB since 7.6.

Again, frankly this new version is so new, nobody has had time to seriously put it through significant testing.

Finally, it should be pointed out that as there are still a substantial number of coding and compliance bugs in 7.6 that are being addressed. I can't speak for the entire community of bug fixers or developers, but I think it is reasonable to say that it will probably be a few more months before the baseline code of PHP-Nuke 7.6 is fully compliant and repaired.

Given that THOSE 7.6 fixes should be, but are not incorporated in 7.7, you should have a better idea just how risky it is to run PHP-Nuke 7.7. It is EXTREMELY risky as it is extremely new.

Everyone should understand that 7.7 is NOT public released as final. It is NOT stable and it should NOT be used on a production site unless you are an extremely experienced Nuke user that is prepared to deal with the problems that will definitely arise.

Finally, I hope people will understand that they should not complain to anyone in the nuke support or development communities about the quality of PHP-Nuke 7.7 code.

Everyone that works on developing and repairing PHP-Nuke scripts knows how bad the base code is, especially right after something is released into the "Club".

We also know that FB (the author) does not incorporate previous version fixes pro-actively (hence the reason why Chatserv must produce several "Patched" updates for each new PHP-Nuke Version).

Many of us feel that FB appears intent on self-destructing the application by putting this code out before it has been tested, evaluated and repaired by other competant Nuke debuggers and developers. Please don't blame us, it's not our choice that this is the method of operation at phpnuke.org. It's simply not our fault, nor within our control.

So please.. Be warned! Use PHP-Nuke 7.7 at your own risk (at least for the next few months)! It is brand new code that will need serious attention before it is ready for deployment on ANY production site.

Again, IMHO, PHP-Nuke 7.6 is just barely production ready, so if you do decide to deploy 7.7, please do not scream for immediate technical support as there may not be enough debuggers yet using it that can adequately or promptly address your issues. Over time, I'm sure that will change; however, I think it is only fair that you know the truth about this brand new release and understand the impacts of using it.

REMEMBER!!! The author of this code PROVIDES NO WARRANTY NOR ANY TECHNICAL SUPPORT WHATSOEVER!

If you are relying on us (the free technical support community of dedicated PHP-Nuke developers), please understand that many of us may be reluctant to deal with some of the 7.7 issues because we understand that this code is anything but ready for YOU to use and many of us are still working on 7.6.

In closing, I'm not saying that we won't address 7.7 technical support questions... Of course we will all do our best to address and fix all of these issues. It just may not be as prompt as when addressing other versions of Nuke, where more of us are running it and the issues are more easily and rapidly addressed.

Thanks in advance for your patience and understanding and please bear with us while we attempt to identify and resolve some of the problems with PHP-Nuke 7.7 so that it will be "final" release ready over the next few months.

Steph

Worker Joined: Aug 16, 2003 Posts: 107 Location: USA

That why i stopped at 7.4

Client Joined: Dec 04, 2004 Posts: 757

Well from what I read around well I was reading posts that it the best nuke release ever etc very stable. if only there were a few warnings around like yours on its release
Cheers
mrix

Posted: Thu May 12, 2005 5:58 pm

I think 6.5 was the best release ever.

Stopped at 7.3 on my sites as far as upgrading goes.

Posted: Thu May 12, 2005 6:05 pm

I am still extremely pleased with 6.9 *LOL*

New Member Joined: Oct 09, 2004 Posts: 5

I actually paid for it! And the site has been hacked twice in the space of a week. Never had this before. According to the system admin it was a r0nin exploit and the vulnerability is in the phpbb part of the site.

I think i'll just pay a licence fee and move over to Vbulletin or Invision. I know they are not perfect but the vulnerabilities that do crop up are at least dealt with fast and they are far less than those in phpnuke.

Posted: Tue May 17, 2005 2:02 pm

I've had only a small handful of problems going to 7.7. Nothing as big as 7.6's issues, because 7.7 had many of 7.6's issues - with fixes out there, I've only seen a small handful. TinyMCE, as stated in another post, the firefox issue, but other than that and a calendar issue, I don't really see that many problems. I'm not advocating 7.7, but I have most of its bugs fixed that came with the previous version. Of course, I'll still post my problems that I come across without a solution as of yet.

registered · Worker Joined: Oct 07, 2003 Posts: 211

I stopped with 7.4 and am very happy with it. I don't see the need for anything higher as of yet. This is one time I am glad to be a year or so behind the "new versions."

Posted: Tue May 17, 2005 6:59 pm

I stopped an 7.5 simply because I'm sick and tired of releases that offer no siginficant reason for upgrading further - no added functionality that cannot be obtained elsewhere or even bug fixes for core code.
Most of us have significant modifications added to core code to suit our personal needs and even with unlimited time and the best file compare utilities available, this still makes upgrading a tedious and laborious task with little to be gained after a successful 'upgrade'.

I also have to wonder about the licencing issue now it appears FB is now using third party software (tinyMCE) tacked onto phpNuke.

On a personal level, I have to echo the sentiments of 64bitguy and I have the greatest respect for everyone that helps the community by providing fixes and patches for each and every release of phpNuke so others can enjoy their nuke sites.

Client Joined: Jan 29, 2004 Posts: 624

Thanks for this valuable public service of warning the nuke community, 64bitguy, now I know NOT to install 7.7. I'm at 7.1 now with chatserv's 2.9 patches. And I'm holding there til I find a stable upgrade. What's the best after 7.1? I think FB is simply profiting from the nuke community not supporting it.

Posted: Mon Jul 11, 2005 12:28 pm

southern wrote:

I think FB is simply profiting from the nuke community not supporting it.

Exactly right!!!!!!!!!!!!!
Let em see, the next best version after 7.1 would be ... 7.1 LOL

Rather than ask, what is the next best stable version of phpNuke, People should be asking themselves "what must have feature is in a later release that I cannot live without and is not available from the general nuke community" - go one be honest!

If it aint broke, dont break it by upgrading with FB released code.

Posted: Mon Jul 11, 2005 2:00 pm

It ain't broke, Guardian, so I'm standing pat til I can't live w/o something. Only reason I considered 7.7 is the WYSIWYG editor but I don't really really need that! I don't have the time to fool around with another FBuggy upgrade and with 7.1 I don't have to give FB credit if I don't want. Smile

Posted: Mon Jul 11, 2005 11:29 pm

You could try FCKEditor or there is the SPAW editor over at www.kodetech.com which I am using myself for my news articles.

Posted: Tue Jul 12, 2005 8:40 am

Thanks for the lead.

Posted: Tue Jul 12, 2005 9:12 am

Just remember to make sure that you are using 7.6 or earlier if you install a WYSIWYG editor! Changing editors in 7.7 or 7.8 is not a solution at all, nor is disabling the editor as I describe in detail in my article at http://64bit.us/article83.html. I'm sure there are other implications from implementing editors with Nuke as well, but I think people will discover those issues on their own after making the switch. Personally, I love Nuke without the editors because of the flexibility that it offers to format articles, nevermind the 100% W3C Compliance (once you recode the modules for compliance that is).

Posted: Sat Jul 16, 2005 10:19 am

Good article and analysis of 7.7/7.8 probs, 64bitguy. If I didn't know better I'd think FB was deliberately releasing 'upgrades' that are wide open to hackers. Other developers are more than happy to include security patches in their upgraded code but FB never seems to care much about that so he must be either lazy or cynical... or maybe he is taking a little dinero on the quiet from hackers lol