Blog

November 2018 work summary

This was a slow month for my business. It wasn’t a problem. I made my goal for the year at the end of October and was also teaching a class. Good to have some downtime. It allowed me to get out a new version of my digests extension.

But I did do some scattershot work here and there in November, updates mostly, including this work:

  • Upgraded a forum from phpBB 3.2.1 to 3.2.3. Initially I could not login to the Administration Control Panel. Changed cache folder permissions to make everything writeable and eventually was successful. I had to copy all the files from a version 3.2.3 reference to get the updater to work due to TWIG library errors that occurred when I tried to update the database. I reapplied the forum’s style changes for the logo and a PayPal button. I updated the Advanced BBCode extension from version 3.1.3. to 3.2.1. Changed all tables to use the InnoDB storage engine instead of the old MyISAM storage engine. There was an issue with the topics table. I had to remove a MyISAM full index before I could change its storage engine.
  • Additional work for a client I mentioned last month. Last month I completed a long upgrade of their forum from phpBB 3.0 with many modifications. In this latest work I changed the mailing list extension to use a new “Subscribers” group I created instead of Registered Users for sending topic and post notifications. This made it easier to opt out people who did not want these emails by simply removing them from the group. I created the new group then populated it with a SQL query by adding everyone in the Registers Users group to it. I provided instructions on how to remove people from this group. I noticed an inconsistency in phpbb_user_group table, removed lots of bogus rows where the user_id in the table did not exist in the phpbb_users table. I manually removed a bunch of people who did not want these notifications from the new group. A few days later, I refined the query to also filter out those where a column I created called user_email_all_posts was set to 0. I used this approach when a similar functionality was done on phpBB 3.0. All the notification issues seem to be fixed now and no latency has been reported due to emailing when creating new posts. Phew!
  • Troubleshooting. A catchable fatal error occurred on a client’s forum. It took a while to get access to the web host control panel due to the client’s illness. Once I had it, I manually purged the cache. This generated a different error. I changed PHP from 5.6 to 7.0 though made it go away. I changed permissions on the cache folder too. Later I updated the forum from phpBB 3.2.1 to 3.2.4. When I tried to run the update it said phpBB was not yet installed! I searched through the phpBB source code to see what triggered the error, eventually discovering it was because a .lock file was present in the cache folder. I removed it and the update was successful.
  • Updated forum from phpBB 3.2.3 to 3.2.4. No issues. Later, I installed the mChat extension on the forum.
  • Updated forum from phpBB 3.2.1 to 3.2.4. Updated the AllanStyle-SUBSILVER style that was the primary style, putting back the old logo. I removed the old security certificate, and installed a free Let’s Encrypt certificate. I changed the forum’s .htaccess file to redirect HTTP traffic to HTTPS. I discovered one issue on the index: insecure content was being served. This was due to http:// being in the user_avatar column of the phpbb_users table to serve avatar images. Used MySQL REPLACE to make these avatars to be served securely. In some cases there may be a blank space now because the server did not support HTTPS. I changed PHP from 5.6 to 7.2. This work inspired this blog post.
  • Updated a forum from phpBB 3.2.2 to 3.2.4. Upgraded the Cleantalk extension to the latest version. I changed config.php to use mysqli. This allowed the forum to work with PHP 7.1 (it was on PHP 5.5).

Fixing insecure content issues in phpBB

So you’ve decided to use HTTPS for your forum to show your content securely. This is good and it’s not too hard a thing to do in most cases. Everything looks good but sometimes you notice on browsers like Chrome the little green lock icon up on the URL field disappears. What’s going on? If you investigate by clicking on the icon you can usually figure out what’s going on: there is some insecure content on the web page.

What is insecure content?

Insecure content is content embedded on a web page that is delivered insecurely, i.e. from a web server using http instead of https. Usually these come from external sources, and are typically externally hosted images that are served insecurely.

One way to investigate these is to view the HTML source of the web page. Use the Find feature to scan for URLs with http:// instead of https://. The issue occurs with embedded images like this:

<img src="http://www.externalwebsite.com/myavatar.jpg />

If all these URLs could be changed to something like:

<img src="https://www.externalwebsite.com/myavatar.jpg />

then all would be well, that is if the external website supports https.

How do you fix these problems? There are typically two places where these problems manifest:

  • In post text
  • In the user’s avatar

Here are some approaches you can use to solve to fix the problem:

Use the Image Redirect extension

As of this writing the Image Redirect extension is a Beta release, so it is not recommended that you install it on a production system. This extension also requires that you set up a proxy server on your web server, not a trivial tasks and something you may not be able to do on your class of hosting. Camo Proxy is one example of a proxy server you can install. What this extension does is scan the page for these external image URLs, fetches them using a proxy and changes the URL so that it is served from your proxy copy, which will be on your machine and served securely. In theory this extension should solve all issues like this. Note that it takes some time to create a proxy image if it is not cached and this adds some small overhead, which may slow page rendering.

Fix the embedded URLs in your database

This works by changing the URLs in your database. You scan for http:// and replace it with https://. Using this approach has some limitations:

  • The server serving the remote content may not have https installed. What generally happens is the image is not served and a white box appears instead. This could make lots of posts look off or unacceptable, particularly if these images are large.
  • While it corrects existing URLs, it doesn’t prevent someone from doing the same thing in the future.

If you can live with these limitations, you can fix it in the database. This approach assumes you have MySQL or MariaDB as your database and that the REPLACE function is available. It also assumes you have phpMyAdmin or a similar way to issue SQL (Structure Query Language) commands to the database. In phpMyAdmin, there is a SQL tab where you can type in and execute SQL. Just make sure you use a SQL tab for your database.

There are two tables that typically need fixing: phpbb_posts and phpbb_users. Steps:

  1. Disable the forum
  2. Backup the forum’s tables. Make sure it is a complete backup by downloading the extract, uncompressing if if necessary and looking at the end of the file. There should be SQL in there populating the phpbb_zebra table at the bottom of the file.
  3. Use phpMyAdmin or a similar tool to go into your database. If you are not sure which database you need to modify, look at your forum’s config.php file. The database name is in the file.
  4. You can examine the extent of the problem by first looking at each table. In these examples I assume your table prefix is phpbb_. The config.php file contains the actual table prefix, which may be different.
SELECT post_text FROM phpbb_posts WHERE post_text like '%IMG src="http://%';
SELECT user_avatar FROM phpbb_users WHERE user_avatar like '%http://%'
  1. To actually fix these, use the following SQL:
UPDATE phpbb_posts set post_text = replace(post_text, 'http://','https://') WHERE post_text like '%IMG src="http://%';
UPDATE phpbb_users set user_avatar = replace(user_avatar, 'http://', 'https://') WHERE user_avatar like '%http://%'
  1. Reenable the board
  2. You might need to purge the cache, but it should not be necessary.

After these steps, some users may notice that their avatar no longer serves and there is a big, ugly white space instead. They may try to change the URL in their Avatar settings back to http:// to restore it, in which case the problem may recur. This option can be disabled (see below). In general they should be encouraged to upload an avatar so it can be served from your web server, which will then serve it securely.

Preventing future insecure content

For avatars, the issue is due to allowing remote avatars. This can be changed: ACP > Board configuration > Avatar settings > Enable remote avatars > No

For posts: ACP > Posting > Post settings > Allowed schemes in links. Remove http from the comma delimited list. Note that this may affect non-images that are pasted into the post, so consider carefully if you choose this approach.

 

October 2018 work summary

I completed a major project this month, and that represented the bulk of my work. This nonprofit organization has been my clients for nine years now. Earlier in the year I convinced them they needed to move their forum off of phpBB 3.0 to the latest version. As they are surgeons it was hard to pin them down so it took months of sporadic back and forth. It’s nice to finally bring this home and collect a nice four figure paycheck for all the work. Their old forum had a number of modifications and code that I had inserted into the base code to do things like send an email notification with topic and post text to all members whenever a post was made. That won’t work with phpBB 3.2. It took a lot of experimentation to figure out something that was acceptable. Some of the things I did for them:

  • Used DavidIQ’s mailing list extension to handle the post and topic notifications with the post text. I had to tailor it to make it send emails to all registered users, rather than just one email address. I also had to change the template text to meet their requirements.
  • Installed five different styles and customized each to meet various styling requirements. I used the Quick style extension to give users an easy way to change styles on the navigation bar.
  • Figured out a way that users could upload and embed “web ready” videos without needing to use the Quicktime plugin. IMHO this is a serious deficiency of phpBB that it won’t use the <video> tag for these formats like .mp4 and .ogg. Basically this meant hacking the attachment_body.html template. I also had to create a MP4 attachment type, add it to the Flash group, enable the Flash group and take other formats out of the Flash group. I also had to enable the documents attachment group. This allows other video types to be uploaded, however they have to be downloaded to be actually played. The general idea is to encourage these surgeons to upload MP4 files only.
  • We quickly discovered that when MP4 videos were uploaded they were usually uncompressed. A 12 second video was 19.1MB! I found ffmeg, a command line utility that allows videos to be compressed, resized and moved from one format to another. I integrated ffmpeg into their virtual server and wrote a PHP script that once an hour looks for new videos. If it finds an uncompressed MP4, it compresses it using the “fast” method and updates the metadata for the file stored in the database. I used ffprobe to examine the video’s metadata, asked for it to output the data in a XML format, then used PHP’s DOM object to grab the information I needed. It took more than a day to write it, but it will save them lots of storage space as well as make videos faster to load and play. Given these videos are of surgery, they needed to be kept private so hosting on sites like YouTube was out of the question. The whole forum is tightly locked down to members only, and uses HTTPS to encrypt all communications.

There were lots of extensions installed as well in addition to other minor requirements addressed. Some extensions provided functionality identical to the mods they had, such as the Recent Topics extension. In a few cases they chose to drop the functionality of their old modification.

In any event, this project is largely closed although I expect a few bugs will manifest themselves in production use I will have to fix.

Other work in October:

  • I updated a phpBB from from version 3.2.2 to 3.2.3. Installed a beta Medals extension.
  • Spent two hours of labor on digest emailing issues. Since the hosting was GoDaddy, I pretty much knew what the problem was: GoDaddy blocks outgoing emails it thinks might be spam, and doesn’t bother to tell the client they are doing this. It basically takes a technical conversation with them and to get the client to certify that they really don’t have any inappropriate content or malware on their domains.
  • Spent time troubleshooting an issue on why no posts were being created on a forum. The basic issue was low board traffic. Also updated phpBB from version 3.2.2 to 3.2.3.
  • Answered some questions on user statistics and most users online. On the client’s old version of the forum, the number of users included a hack that added inactive users and bots. They really wanted that back so I changed /includes/acp/acp_main.php to include all types of users, and warned them this adds a complication with updates and upgrades.
  • Updated two domains for the same client from phpBB 3.2.2 to 3.2.3.
  • Client needed to change the domain registrar from GoDaddy to another registrar for two domains. Helped her with this obscure process.
  • Upgraded a vanilla prosilver style forum from phpBB 3.1.6 to 3.2.3. The upgrade was very slow and seemed to hang. I tried a few hours later and was able to get it to resume and finish. There was an issue related to moving to a new server and having PHP 7 installed, which triggered certain errors on phpBB 3.1. Replaced logo.
  • Upgraded another vanilla prosilver forum from phpBB 3.1.10 to 3.2.3. I changed the spambot countermeasure to reCaptcha V2. I added latest Cleantalk extension. I changed user registration settings to user gets email. Changed PHP to version 7.

Why you need to upgrade phpBB to version 3.2

A lot of forum owners are procrastinators. The current version of phpBB (as of this writing) is phpBB 3.2.3. If you are not on the phpBB 3.2 you should upgrade. Why?

Because in two months the group that manages the PHP programming language (which phpBB is written in) will stop supporting versions of PHP 5 with security fixes. This means after January 2019 you may be vulnerable to new exploits found in PHP 5, used by phpBB 3.1 and earlier versions.

It’s understandable why you might not want to upgrade your forum from your current version, generally phpBB 3.0 or 3.1. As most of my work is upgrading forums I see all the time why forum owners drag their feet. Reasons include:

  • Their forum has lots of mods and custom changes made over the years. With modifications not supported in phpBB 3.1 and higher, they have to figure out how to move forward. Many modifications do not have the equivalent available as extensions. So they either have to give up the functionality of the mod (which often makes forum users unhappy) or just procrastinate as long as possible. Procrastination is the easier approach.
  • Their forum has a style with lots of changes. Perhaps a logo has been integrated that is nonstandard, or they’ve made major changes to the templates and the stylesheets. Lots of styles haven’t been migrated to phpBB 3.2 either, so this is another issue they will have to deal with if they upgrade.
  • They know just enough PHP to be dangerous, so they’ve tweaked the code here and there to do special things. That would go away with an upgrade, or at least the cost of making changes to the base code gets more expensive. It’s heavily discouraged and makes upgrading or updating phpBB a pain, because you often have to reapply these changes. Custom changes can be done by writing a custom extension, but it’s a complicated thing to do. You need to be a very experienced PHP programmer to write an extension, and heavily study phpBB’s architecture and coding requirements.
  • Having someone like me upgrade your forum costs money.

Now that push has come to shove though, unless you are willing to bear the security risks, it’s time to finally make the upgrade. phpBB 3.1 users are not off the hook either, because this version of phpBB does not support PHP 7, the latest major version of PHP. I helped a client migrate their forum just yesterday to PHP 7. PHP 7 was installed on their new server. Certain things stopped working or created PHP notices.

Note that versions of PHP before 5.6 are already not patched for security issues. So if you are using an earlier version of PHP like PHP 5.2 (popular for phpBB 3.0 and 2.0) or PHP 5.3, 5.4 or 5.5 you are already at risk. You really can’t upgrade to PHP 7.0 as you will experience errors. Some phpBB 2.0 and 3.0 users have issues running PHP 5.6.

So now may be the time to take the plunge. Of course I can help you in this process. You may want to read my upgrade page. In addition to running the latest version of phpBB, I think you will find that once you are there it is worth the hassle. The extensions architecture of PHP 3.1 and higher is very nice, almost as nice as using WordPress plugins. The themes are responsive, so they look great on mobile devices. In addition, PHP 7 is about 50% faster than PHP 5, which is another great incentive to upgrade, particularly if you have performance issues with your forum.

You can send me a query if you want to discuss upgrading your forum.

September 2018 work summary

Things slowed down a bit in September, which was okay because I also started teaching a class this month.

I did have one large job at the start of the month that more than paid the rent. This was a commercial job and it involved moving a forum from phpBB 3.0.14 to 3.2.2. I was working as a subcontractor. The contractor’s client had a very particular look and feel to his forum and he wanted that to be retained as much as possible, so the challenge was to do this despite the fact that many modifications on the forum were not available as extensions. Obviously this meant making sure the style closely matched the phpBB 3.0 style. I did the prototyping work in a development environment. It took a long time to get things tweaked before I was given permission to move the changes into production. The first attempt at an upgrade of the database failed due to a resource timeout. The second attempt worked but took about six hours using command line interface. I installed the mChat, ReImg Imag Resizer, Google Analytics, Post Count Requirements and later NavBar search extensions. I set up Q&A spambot countermeasure. I removed dead modules and dead software including Tapatalk. The rest was styling work. I created a custom style based on Prosilver SE and then tried to emulate look of existing site. I added archives link to navigation bar, put the Twitter logo in the footer, and customized the footer to add link to site. Three templates were changed. Style customizations were placed in stylesheet.css. Later, there was four hours of additional styling work working from a punch list. One of the challenges was to do the work quickly. It was four days from start to finish. Given that this was a big forum, this was a moderate challenge.

Also in September:

  • I updated a forum from phpBB 3.2.1 to 3.2.2. There was a routing error caused by modSecurity being enabled. I disabled it and was able to post. Also upgraded PHP from 5.5 to 7.1 for about 50% faster performance for the client.
  • Similar to my last work for this client, I created MySQL triggers to subscribe people in the registered users and newly registered users groups to get topic and post notifications, but on a different domain.
  • I updated a forum from phpBB 3.1.4 to 3.2.3. (phpBB 3.2.3 was released in the middle of the month.) I installed an updated Aero style. I removed the Board3 portal extension. I installed updated extensions: Topic Preview and Notify Admin on Registration. I upped PHP version to 5.6 from 5.4. I changed the spambot countermeasure to use reCaptcha V2. I installed my digests extensions (version 3.2.8) and tested email using both a manual test and cron.
  • I updated phpBB from version 3.2.2 to 3.2.3 for a client using update files method. Updated five extensions that were out of date.
  • I updated another forum from phpBB 3.2.2 to 3.2.3. I updated the Tapatalk extension from 2.0.8 to 2.1.3. I had to reapply a style change to common.css.

With the release of phpBB 3.2.3, the phpBB group not only fixed some bugs that really needed fixing (including one that only allowed one attachment per post) and the migrator issues that gave me hell, but it also appears that the update program will now update any extensions that need updating, if the links work correctly. This is normally a good thing but if you wrote any custom changes to these extensions this might overwrite them, and there is no warning of this. You are not supposed to do this, but I have clients who have done this or asked me to do it for them. The update program really needs some sort of warning or a switch of some sort so these don’t happen automatically.

Update prices lowered!

It’s not often that I lower prices. But I lowered my prices for updates by 50%. Updates are when you go from one micro version of phpBB to another, like 3.2.2 to 3.2.3.

I had raised these prices because the changed files process I used stopped being reliable. Which meant that I had to upload all the files for a version to ensure success, which was more time consuming, particularly if there were files with custom changes in the styles folder I have to replicate.

With the release of phpBB 3.2.3 though, it looks like these problems are ironed out. This means in most cases the labor is less than an hour. Hence the price is now $40 commercial and $20 noncommercial.

I noticed the updater will also attempt to upgrade extensions, a time saver. It’s not always perfect however. So when you ask me to update your extensions too, if the updater for phpBB does this as well there is no extra work for me to do, hence no additional charge.

Should I install phpBB?

What are you getting into when you install phpBB? phpBB, open-source forum software for the web, is often simple to install. Most web hosts have a scripting center that allows you to install it on a domain in a few clicks. But should you?

It’s not like there aren’t other forum solutions out there, although arguably phpBB is the one that has survived the longest. To name a few, there is commercial vBulletin software, myBB, Xenforo, Phorum and pUNbb. There are also forum plugins. For example, WordPress has BBPress and BuddyPress. Since I specialize in phpBB I can’t speak with much authority about other forum solutions. However, as a software engineer I can highlight what I think some of phpBB’s strengths and weaknesses are, the subject of today’s posts.

What is forum software exactly?

Before you decide on any forum solution, understand what forum software is. Forum software is not blog software. It’s not a place that you use to rant about stuff that interests you and which others can comment. It is software that allows lots of disparate people to discuss certain topic areas elegantly. It imposes discipline on the content it manages by keeping things organized in forums, topics and posts.

Forum software is used by discrete communities that have something in common and want to share that information in an open manner. Usually what they are discussing is pretty specialized. For example, it might be a support forum for a commercial or open-source product (phpBB.com uses phpBB for its support forum), or a fan site, a bunch on people who own a particular type of boat or plane, whatever! Forum software allows people to create and reply to topics. It’s designed to run independently of a framework. For example, the BBPress plugin for WordPress requires it to work as an add on to WordPress, which means that to use BBPress you must also be a WordPress user on the site. Similarly, Facebook groups can act a bit like a forum, but it requires you to join the Facebook enclave. Facebook however does not organize content in its groups into forums and topics. Most forum software is designed to be standalone, at this is certainly the case of phpBB. It’s not designed to work with WordPress or any other content management system. In our social media age, this is sometimes a drawback.

phpBB’s emergence

phpBB has a long and proud legacy. Version 1.0 was released in 2000, at just the moment that the PHP language became dominant on the web, replacing mostly a lot of Perl scripts. Timing was everything. It was written in PHP, used the popular free MySQL database and was free and open-source. “Open source” was kind of a new thing back then, but it was essential to its growth. Not only was it free, anyone could modify it.  So it got downloaded and installed like crazy. It’s still widely used today. Most support sites run on phpBB. This means you have probably used phpBB already, even if you aren’t aware of it. So it will seem comfortable and familiar, even if you don’t understand why.

Version 2 came a year later in 2001 and is still being used today by many sites because it is fast and lightweight. Version 3 was released in 2007, which thoroughly modernized it. Version 3.1 arrived belatedly in 2016. It’s big feature was extensions, similar to WordPress plugins plus responsive styles, so things looked good on mobile devices. Prior to 3.1 if you wanted to extend phpBB’s functionality you installed “mods” that was code changes inside the source code, which made upgrading phpBB difficult. 2016 saw the release of version 3.2, the current version, which looks and behaves a lot like 3.1 but addressed some annoying issues mostly on the backend.

While phpBB was undoubtedly popular, updates were infrequent and its huge legacy base made it hard to push out new versions. Its team of core developers worked inefficiently together, in part because the tools for doing so were relatively primitive at the time. This allowed many other forum solutions to emerge to fill the feature gap while the phpBB group lumbered awkwardly forward into the future.

phpBB’s strengths

I first installed phpBB 2.0 in 2002 and have followed it since then. I have developed modifications and extensions, as well as generating good income from helping users upgrade and migrate their forums. In spite of the phpBB Group’s sometimes lumbering organization, it’s got some major strengths:

  • Institutional legacy. Simply because it’s been around so long, it tends to get widely installed and used. Those who have phpBB forums rarely move to other forum solutions.
  • Familiarity. Most likely you already know how to use phpBB because you have used it on various sites. While the forum/topic/post metaphor is hardly new, phpBB’s implementation of it garnered it a lot of attention and traction, so most forum solutions try to imitate it while addressing its perceived deficiencies.
  • A fanatical devotion to open source. The phpBB Group developers walk the walk on open source. They are really quite devoted to the whole idea of open source software, quite fanatical and arguably more than a little obsessed about it. They don’t give preference to any particular technology (except PHP and web standards like HTML, CSS and Javascript) and try to give you flexibility. For example, most forum solutions are written only for the MySQL database. Despite the fact that hardly anyone who has a phpBB forum uses databases other than MySQL, they support a whole host of other databases including Postgres, SQLite and Oracle.
  • Terrific support. phpBB’s support forums are phenomenal. You will likely find a dozen answers to your question with a simple search but if not a quick post will generate fast response, often from dozens of highly experienced support members, all volunteers. They are so good that in most cases the problems I encounter I don’t have to solve. I can find the solution on their support forums.
  • An anal obsession to standards. This is both a strength and a weakness. WordPress has now something like 40% of the web site market, but WordPress runs fast and loose. It’s not hard at all for people to create buggy plugins and non-optimal themes and WordPress will approve a lot of these. WordPress is a Wild West place where you are never quite sure if what you are adding on is crap or gold. That’s not a problem with phpBB. They go to extraordinary lengths to check their releases for bugs, running them against a host of security tools and making the base code pass thousands of detailed automated tests. I doubt there is an open source project that releases higher quality code. As an extension author, I am impressed and sometimes annoyed by how difficult it is to get my extensions approved. They inspect everything with incredible care and make sure you adhere to their voluminous and often somewhat obscure coding standards. This also makes things slow as there are plenty of extensions and styles in the review queue and reviews can take months. Rest assured though that officially approved extensions and styles are top quality.

phpBB’s weaknesses

  • Lack of agility. The phpBB Group’s tendency toward being anal also means they are not agile. It’s hard to bring out new versions of phpBB since everything must be nitpicked to death. Arguably this is also because there are tons of features and options in phpBB; look through all the Administration Control Panel’s various screens sometimes to get an idea of how many features can be changed, enabled and disabled. Its permissions system alone is awesomely powerful while awesomely obscure. When finally released, new versions tend to be very stable and rock solid but if you are an impatient person, your patience will definitely be tested and then some. On the other hand, their development practices are top notch. They use state-of-the-art testing, development and bug tracking tools. They have daily builds of their software to see what breaks.
  • Legacy architectureAdding new features tends to be excruciatingly difficult not because their code is not modular enough (this problem largely went away with phpBB 3.1) but because the database is so baked in. Many features would mean large changes to the database. Business logic is baked into many different programs, although phpBB 3.1 introduced classes (the whole /phpbb folder) that addressed a fair amount of this problem.
  • No multi-threaded topics. This means you can’t see a set of replies to a particular post within a topic, or get a hierarchical view of replies to a topic.
  • Standalone. It doesn’t integrate with anything, at least not elegantly. It won’t work seamlessly with your content management system, like WordPress. The closest it comes to this is that it supports authentication via LDAP (Lightweight Directory Access Protocol), but even so users must still create accounts on the forum to use it.

There is a lot more to this topic that I may delve into in future posts. But this post at least gives you a heads up. phpBB is great software: stable, reliable, well tested and industrial strength. If you can live with its functionality and limitations and are okay if the features change slowly at best, it’s still a terrific solution. If you need more agility from your forum solution, you might have to look elsewhere. However, any other solution you pick may not hang around. phpBB is eighteen years old and is likely to survive another eighteen years without a sweat.