Delphi forums to phpBB – Part One

Most of my work is pretty much the same: upgrades and updates to existing phpBB boards. Lately though I’ve been tackling some unusual projects. One of these is to move a Delphi board to phpBB.

Delphi forums are proprietary and are available only on their website. I understand it has no official way to export a Delphi forum. A board there has twenty years of conversations they did not want to lose. A clever user though has figured out how to export the board using YAML.

Example of YAML file for importing

After looking at it, I figured it was cost prohibitive to do. I did a proof of concept for them, demonstrating that I could read the YAML file and get basic user, forum, topic and post information from it, and display it neatly in HTML. I explained that this would be custom work and that it would take a lot of labor, even at my nonprofit rate. I estimated $2000 – $3000 and assumed it was cost prohibitive.

Proof of concept to display user information from YAML file

That was back in February but I was recently given the go ahead to start this project. Which raises the question: how on earth to do something like this?

What convertors from other forum solutions to phpBB that do exist tend to be for phpBB 3.0, and we’re now on phpBB 3.3. And no one has written a Delphi forums converter because it has no export capability. Since then phpBB has evolved, and due to the way post text is now encoded, it’s very challenging to write any new convertor.

Which is why I said if it can be done I would want to populate an old phpBB 2 forum with its data, and convert that to phpBB 3.3. There’s a convertor built into phpBB that does just this. But phpBB 2 became obsolete 13 years ago. However, its database is relatively simple so it should be straightforward to populate from data elsewhere.

But phpBB 2 was built for versions 4 and 5 of PHP, versions now obsolete and dangerous to use, or even acquire. It’s hard to even stand up a PHP 5 environment now. Most web hosting won’t support PHP 5, and mine doesn’t. So I’d have to roll my own development environment with PHP 5.

There are two ways to do this:

  • Via a virtual machine
  • Via a separate machine

I’ve used VitualBox on my Mac for years for standing up virtual machines. While it works, it doesn’t work well on a Mac. It’s a pain to use, particularly if you need to move files between the Mac and the VM.

Because I need PHP 5 for clients generally at least once a month, I decided a separate machine was more practical. So I bought a Raspberry Pi 4 (4GB) for less than $100. The actual machine is about $35 but I added a keyboard, mouse and a book. It took some help online to figure out how to install a web server and PHP 5 for it. The Pi is cheap because it uses RISC-based processors, so it’s not Intel compatible. Also, I could use FTP to move files to it, and using a free VNC viewer, I could work on it from my Mac desktop.

Processing the YAML turned out not to be easy. I tried various things, including PHP’s PECL YAML class, which I couldn’t get to work. I was able to eventually get Symfony’s YAML class to work.

Given the go ahead, I created a phpBB 2 board on my Pi with PHP 5.6 installed. While this worked great, my script wouldn’t run there. Symfony requires PHP 7.2. So I exported the phpBB 2 database and imported it into my Mac where I run PHP 7.4. I would have to populate the database from the YAML files I was given there, and eventually move it back to the Pi when it was time to try to upgrade the database.

Loading the phpbb_users table was not too challenging. A few fields needed to be escaped using mysqli_escape_string so the data could be loaded into the table. Some fields had to be trimmed to fit inside the maximum field length.

phpBB 2 places user data in a number of tables. Topics and posts haven’t been created yet, but there is a phpbb_user_group table. Each user had to belong to a group. Creating a test user on phpBB 2, I learned that it will create a new personal group. Then I had to write some SQL to put all 600+ users into this table. I also needed to populate a number of other columns in the phpbb_users_table. Each should have a new password, but since these users were added in bulk, they share the same password for now. All share the same bogus email address too, since I didn’t have that in the YAML. They will have to change both after the board is converted. Back in the old days, the password was encrypted with a simple md5 hash.

But the customer’s thread YAML wasn’t 100% clean. It wasn’t a major issue, but 22 threads (which amount to topics) wouldn’t parse. Even the good threads though had some issues. Some threads have no name to them. I will have to create a synthetic topic name for them. Some don’t have a forum name either, so those have to go into some sort of catch all forum.

There is a major issue is that the YAML’s attachment information provided a file upload name, but the name is not in the /files folder provided with the YAML. Files seem to have some sort of hash name. This may mean that attachments cannot be imported. If I want to import any attachments, I will have to install the old phpBB 2 attachment mod.

But at least this approach looks viable, if tedious. More learning experiences ahead.

SEO and phpBB

Board administrators typically want their board’s content to rank highly in search engines. It can help attract traffic and new members. That said, for the most part your users determine your board’s content, based on what they post. So it would seem kind of pointless to make your board search engine optimization (SEO) friendly. So is SEO a lost cause and waste of time on phpBB boards?

Not really. But remember that bulletin boards are structurally different than most web content, in that the contents changes frequently as users make posts. And you can’t do much to control what users post.

Moderators can remove offensive or off-topic posts. Moderators can also change topic titles, which might help in a topic’s ranking in a search engine. Most won’t because there are too many topics to deal with, the topic poster may feel offended and there is no guarantee that a moderator’s title topic will be more SEO-friendly than the poster’s topic title.

Also, phpBB does most of the deciding for you. The <title> tag for a page is usually a mash up of the board’s name and the topic name. This is not easily changed as it’s built into phpBB’s templating system.

Most phpBB boards fill niche areas. It’s hard to find a phpBB board that discusses general politics, for example, as it is done in so many other mediums. A board that discusses classic Mickey Mouse cartoons is more likely to be a board because it’s more granular. But because it’s more granular, it’s likely to get fewer views. Consequently, I see many more boards with 10,000 posts than 1,000,000 posts. In a way, this is good. This is where phpBB excels.

If you buy my book I go into a lot more detail on SEO and phpBB, so you might want to buy it. But here are a few points you may find useful:

  • Your board’s title and description are the most important factor you can control to influence search engines. The board’s title appears on almost all pages. So if SEO is important, you might want to work with a SEO expert to find an optimal title for your board. This often involves trying various board title’s over time to see which one has the most impact. You can set the title in the ACP: ACP > General > Board settings. The board title is more important than the board description, which can be left blank if it adds no value.
  • Analyze who is using your site and what they are reading. You can’t measure what you don’t track. So if you are not tracking your board’s traffic, you should, and you should be regularly reviewing the analytics for your board. There is a Google Analytics extension for phpBB that is easily installed. You first need to create a site in Google Analytics. Enter the tracking key on the board settings page after the extension is installed. Other analytics sites will require entering HTML or Javascript code into the overall_header.html and/or overall_footer.html templates for your style. Purge the cache after making these changes for them to take effect.
  • Actively moderate your board. Remove clearly irrelevant or off-topic posts if you have the energy. Search engines are trying to connect searchers with answers to specific questions, so the more concise a topic is in answering a question, the higher the page is likely to rank. Ideally you will empower your moderators to do this for you. Give forum users clear guidance on the forum’s moderation criteria in a sticky post. And make sure users know how to flag off-topic or spam posts for moderator review. The icon is easy to miss on the view topic page.
  • Using the SEO Sitemap extension doesn’t hurt. While it won’t make your board rank higher, it does provide a definitive list of your topics and posts for search engines, hopefully ensuring all your content gets indexed.
  • Encourage relevant pictures. Pictures make a topic and a post more engaging, providing the pictures are relevant. so all things being equal should make the topic rank higher than similar page. Encourage your posters to add a relevant attachment comment to each picture. This markup will be studied by search engines and helps identify the picture.

I also found this article online today that you may find useful.

Should my board use Tapatalk?

Tapatalk is a service that lets users interact with bulletin boards using mobile devices. Rather than going to a bulletin board with a mobile device’s browser, users can use a Tapatalk app instead.

Tapatalk’s app supports phpBB as well vBulletin, IPBoard, kunena, myBB, WoltLab, SimpleMachines and xenForo. Used with phpBB, you must install a Tapatalk extension downloaded from its website and configure it. If you have an older phpBB 3.0 board, a Tapatalk modification can be installed as well.

Tapatalk provides a common interface for accessing all these forum solutions. This makes things simpler for users if they frequent lots of forums, not all of which are phpBB, providing these forum solutions also integrate with Tapatalk.

In addition to providing a common app, more recently Tapatalk has started hosting their own forums which you can use, called Tapatalk Groups. This has some advantages: they maintain your bulletin board, and host it as well, so it’s effectively free hosting. Users use their app to interact with it. You may be able to import your phpBB bulletin board and create your own Tapatalk Group.

Tapatalk Groups have certain advantages. It’s mobile first. You can integrate donations to fund your board because it’s built into their architecture. But it will serve ads, which is how they normally monetize their service through donations. You can use its built in donations feature to help monetize your board. Spam protection is built in and some customization of the group’s look and feel is available. It’s also cloud hosted, making access very fast with extremely high uptime.

When used with phpBB, not only do you install their extension, but you must also upload a mobiquo folder to your board’s root directory. Most of the work between phpBB and Tapatalk is done by libraries in the mobiquo folder. Your users don’t have to use Tapatalk, but could access your board using a browser as well.

Tapatalk allows you to create a branded app, but they charge for this service. This allows people download your app, not a Tapatalk app per se. They would find the app in the store for their mobile operating system under your brand name. This obviously can simplify things. To access your board, people simply open your branded app.

About twenty percent of my clients have Tapatalk installed. These days, Tapatalk seems less useful. This is because phpBB is now responsive, i.e. you can use a browser on your mobile device to access phpBB and it will size down intelligently for the device’s screen size. Most styles for the old phpBB 3.0 software were not responsive, meaning boards were often be hard to read because they were scrunched down so much to fit the narrow screen width. You had to pinch to zoom in and read content in many cases.

Still, some would prefer to use an app optimized for bulletin boards rather than a mobile browser. For these people, using Tapatalk might be a preferred solution.

You won’t find Tapatalk as one of phpBB’s approved extensions. Why is this? It’s because their mobiquo library is proprietary software and works independently of phpBB’s software, so it violates its GPL-2 license. This makes it ineligible for inclusion in their list of approved extensions.

Also, the Tapatalk app provides a standard user interface, but it won’t reflect your board’s style. You can make posts, create topics and make attachments to posts, but any additional features made available through phpBB’s extensions cannot be used. So you won’t get the same experience with a Tapatalk app that you will get interacting with a web browser.

If you install the Tapatalk extension, be aware that it works outside of phpBB and may introduce problems.

New guidance on phpBB and system crons

A recent release of my digests extension revealed underlying problems not only in the extension, but also on guidance I’ve been giving for setting up phpBB and system crons. I can’t seem to edit the Wiki page, but I left notes on my digests extension discussion forum. I need to place them here for wider visibility. I will update the Wiki page when that technical issue is resolved.

With my digests extension, it’s generally important for digests to be mailed on time. Otherwise it depends on board traffic to send digests, which on sites with low traffic could result in significant delays in receiving digests.

There are two ways to do this in an automated way:

  • Create a system cron
  • Use a phpBB cron, but use a tool to call the board at least hourly, which kicks off phpBB’s cron process, which includes handling any scheduled outgoing digests

With a system cron, it turns out that you can’t use a semicolon to separate commands on one line in most cases. So this guidance is wrong in most cases. It all depends on the Linux shell used by the root user, which is usually bash. So when programming a cron job, to get two commands to work on one line, you need this instead:

cd /path/to/board && ./bin/phpbbcli.php cron:run

The && acts as a conditional, essentially saying that if the command to the left of the && succeeds, then issue the command to its right.

On my test board I also discovered I had to change the permissions on the /bin/phpbbcli.php program to 755, as the cron needs the execute permission, and it’s lacking with 644 permissions. This is not ideal as this introduces a potential security issue. Considering it’s just one file, I consider the security implications minor at best. With a system cron, you need to program a real cron job and tell phpBB to not use its built in cron based on board traffic: ACP > General > Server settings > Server settings > Run periodic tasks from system cron > Yes

If you want to use phpBB’s built in cron, you need to call it at least hourly and create a cron using curl, wget or lynx to hit your phpBB board as if it were a browser. If you follow the Wiki approach it causes a HTTP redirect, which basically causes it to fail. So the cron should look more like this (all on one line):

* * * * * curl -k -A='Mozilla/5.0'

The key here is to use app.php in the cron, to avoid the redirect.

What are phpBB’s strengths and weaknesses?

phpBB is great but not perfect forum software. phpBB has many upsides, but it has downsides as well. In the interest of fairness, I thought I would document some of them.

These will also appear in my Mastering phpBB Administration book, which is undergoing professional editing at the moment, so consider this a bit of a preview. I’m hoping in a month or so it will be published. Here’s an except from the draft of the book on its strengths and weaknesses, as I see them:


  • Longevity. It’s been around since 2000.
  • Market share. According to the phpBB Group, phpBB is the #1 bulletin board solution in use. If you type “bulletin board software” into a search engine, generally phpBB is at the top.
  • Support. The phpBB Group’s support forums are outstanding. Responses to questions are quick and almost always helpful.
  • Security. While no software can guarantee it is free of security vulnerabilities, phpBB’s combination of open source software, code peer reviews and their extensive automated nightly build tests minimize unexpected security issues.
  • Rock solid. While most phpBB boards are relatively small, with just tens of thousands of posts, some are huge with millions of posts. As of this writing,’s forums alone have over 4.2 million posts. It needs to just work and almost all the time it does, at least if you use the latest version of phpBB, stick with approved extensions and your web host’s technical infrastructure doesn’t change too quickly. When phpBB fails, it’s almost always due to hosting changes beyond its control.
  • Features. If you need a feature, it’s likely available in phpBB, with one major exception (see the next section.)
  • Familiarity. Since you have likely used it before without knowing it, there is no steep learning curve.
  • Fanatical devotion to open standards. The phpBB Group goes to great lengths to ensure phpBB works across all browsers and devices. It does this by carefully adhering to the latest web standards and daily automated testing of builds in development.
  • Responsive. It behaves seamlessly on mobile devices, intelligently sizing down to the device’s screen size, yet with no loss of functionality.
  • Uses top-tier integrated third-party libraries. Under the hood, phpBB uses a host of other top-notch, enterprise-class software libraries. For example, it uses a Twig templating library from Symfony for rendering web pages with dynamic content.
  • Supports lots of databases. Typically phpBB is used with the MySQL or MariaDB database management systems (DBMS). But if you want to run it on the Oracle, Postgres, Microsoft SQL Server or even the SQLite DBMS, it will work and function virtually identically.
  • Permissions system. There is probably no better permissions system available anywhere. It’s incredibly feature rich, if more than a bit obscure.
  • Extensions. Since version 3.1, phpBB supports extensions. Extensions are new features that you can add to phpBB that can be turned on or off once you install them, all without affecting its base code. Extensions are not currently quite as easy to use as WordPress plugins, but they are getting there. And the number of approved extensions just increases with time.
  • It’s maintained and updated. If a security issue is uncovered, it tends to get fixed promptly with patch instructions to use until there is a new release. Over time, new releases will update phpBB so that it works with the latest changes to technology.


  • No multi-threading. While a poster can quote from a previous post inside of a topic, you cannot see a group of related, indented replies to a post within a topic. Hopefully this will show up as a feature one of these days.
  • New features are added slowly, if at all. While phpBB is a rock-solid bulletin board solution, it is not easily changed. This is in part because it is so feature-rich. Features that are added tend to be relatively minor and incremental. Rarely do you see big, new features. The extensions system introduced in phpBB 3.1 was one of these rare and big changes to phpBB.
  • Standalone. phpBB doesn’t integrate with other software solutions. For example, you can’t integrate it into WordPress or Joomla, at least not elegantly. It’s not available as a WordPress plugin.
  • Updates and upgrades can be painful. While better than it was, updating and upgrading phpBB is often a challenge. Most of my consulting business involves helping clients on these issues. Web hosting limitations also can introduce problems during these time-critical activities. For many users, the improved update process in phpBB 3.3 will do a lot to address this.
  • Setting up a bulletin board is mysterious and somewhat painful too. This is one of the major reasons I wrote this book. Mostly, bulletin board administrators learn by doing. It’s so much better to do things the phpBB way … except you can get a hundred different opinions on what the best way is. I’ll risk the wrath of the phpBB community (they are a passionate, but very helpful bunch) by telling you what I think the best way is, and why. I will help step you through these phpBB mysteries based on more than a decade of practical experience.
  • Complicated to administer. While using a phpBB bulletin board is not complicated and usually intuitive, administering a phpBB bulletin board can be very complex. With so many features, it’s hard just to know what they all are or where to find them. Certain very powerful features, like its granular permissions system and its ability to bundle permissions into roles are totally awesome, but rarely delved into. Sometimes an administrator won’t even know a feature exists.

So know what you are getting into. If any of these are major issues, you might want to use another bulletin board solution, or just not bother to install phpBB in the first place.

Getting rid of old spam is hard

phpBB is now pretty good at keeping spam users from registering and posting. In the phpBB 3.0 and 3.1 days, its defenses turned out to be pretty weak. The GD Image spambot countermeasure (still the default) was easily hacked. phpBB has at least added settings to let you tune it better, making it harder to hack. It also started supporting Google’s reCAPTCHA, but the version in phpBB 3.1 was quickly hacked and phpBB was not agile enough to quickly integrate its versions 2 and 3 reCAPTCHAs.

This led to the an inundation of spam on certain forums, mostly bogus spam registrations but also lots of spam posts in some forums. Some administrators countered by requiring all new users to be approved by an administrator. But when inundated with hundreds of these in a short period of time, it’s a hassle to delete them all, or discern the real new users from the spam ones. For a few years, I made quite a bit of money removing spam for clients.

With phpBB 3.2 things slowly got better, at least if administrators used best practices. Best practices were to use reCAPTCHA version 2 “I am not a robot”, or the Question & Answer, providing the questions were sufficiently difficult. A malicious human could still take the time to solve the questions, but these were unusual. There were also a few extensions that could help. The Sortables CAPTCHA was one of the more useful ones.

My go to for years has been the Cleantalk extension, which requires subscribing to their service. But now there is also an Akismet spam extension, which also requires a subscription, which can be free for personal sites.

All this is good at preventing spam, but how do you get rid of months or years of spam posts? That was my dilemma this week working with a client.

The latest version of the Cleantalk extension has a feature that removes spam users and their posts. But I discovered it has a few serious limitations:

  • It bases its judgment based on the IP of the poster. The user’s last IP is stored automatically. It doesn’t examine the post text. Over time, IPs that used to be marked as spam get cleaned up, and when this happens these IPs are no longer flagged, so spam registrations aren’t caught.
  • Its interface for finding these users is slow and can easily time out, which means sometimes it can’t succeed. It also lacks pagination.

Why this particular client ignored this problem for a few years, I don’t know. But cleaning up the database was a big challenge. The only real way to do it is to manually look at every post and flag those that were spam, then use moderator tools to get rid of them.

This was time prohibitive, but if these could be removed presumably people would start posting again and Google would rank the site as legitimate again, bringing in new people.

The next best solution I found was to try to identify when the spam started. This took quite a bit of analysis, but looking in the most posted forum on the board it looked like it started on Feburary 10, 2018. So I used phpBB’s Prune User feature to remove users and their posts that registered after the spam started.

This seems to have gotten rid of the spam. But it also removed accounts of some legitimate users, and their posts as well. Those who had accounts before then were unaffected and their posts remained.

phpBB needs a real solution which so far doesn’t exist.

But I think I have found a solution … if I write the extension. If you are an extension developer, please go ahead and develop it, just tell me so I don’t waste my time.

It turns out that the Akismet, the biggest solution out there and used widely in WordPress to moderate comments, has a Submit Spam API. So in theory, if you pass the needed information to it including the poster’s IP and the post text, it can render a judgment on whether it is spam or not. If these posts can be flagged, they can then be removed.

One possible issue is that the service requires sending it a User Agent string. phpBB does not store this. Perhaps a fake user agent string could be supplied, but would this render a correct judgment? If no, this solution wouldn’t work. Also, it requires an Akismet key to use, which might require some boards to purchase the key. This may be a limiting factor for some.

As I have time I hope to see if this is a viable approach finding and removing spam posts in phpBB.

phpBB 3.3 is released!

Two days ago, the phpBB group released its latest minor version of phpBB: 3.3, also known as Proteus. You can learn more about it on its launch page. To give you some perspective, phpBB 3.2, the last minor version, was released on December 9, 2016. So it’s been three years since the last minor release of phpBB.

I looked at a development version a couple of weeks back. So I was kind of taken by surprise by 3.3’s sudden release. Minor versions tend to introduce some new functionality, and Proteus does. It’s just that for most administrators and users, it won’t seem like that big a deal and things will look and behave pretty much the way they always have. As with phpBB 3.2’s introduction, most of its changes are covert, rather than overt. Unless you know what you are looking for, you won’t notice much.

New logo

One hard-to-miss feature, at least if you use the default proSilver style, is the phpBB logo is different. It’s now a Scalable Vector Graphic (SVG), which makes it look crisp and shiny in all resolutions, including retinal displays. It looks a tad bigger, but also more white and almost glossy. Also, the logo includes the words “forum software”, which is new. Previously, the logo was a transparent GIF and it said “Creating communities”.

New phpBB logo
New phpBB logo

Updating is getting easier

Updating phpBB is getting easier too. It won’t compare to updating WordPress, which takes place entirely behind the scenes and can be done with a single click. The exact mechanics of how it will work is unknown until 3.3.1 is released. But the launch page says:

“With our brand new installer updating will be easier than ever in phpBB 3.3! Upload a single folder to your board and all your files will automatically be replaced.”

This will be welcome because updating has always been a hassle. Over time, it may affect my income a bit since a lot of it comes from updates. I expect a lot of my customers will still want me to do this as a service.

You will still need to upload one file, an archive. I also expect there will be a number of other manual steps, because there will always be issues of overwriting custom changes to styles and extensions that may have issues. You will probably have to back up your styles and extensions folder manually before updating. Time will tell.

New PHP requirements

Proteus requires PHP 7.1.3 or higher, and cannot use a version of PHP greater than 7.4. So many administrators will have to upgrade PHP first, which may be an issue for those using PHP 5.4 and 5.6. They will finally have to take the plunge.

Most likely a lot of these boards will have an issue: they will need to edit their config.php file to tell phpBB to use mysqli drivers instead of mysql drivers. So far, fixing this issue has not been intuitive.

Overall, taking the plunge to PHP 7 is good: twice the performance compared with PHP 5 and phpBB can use many new features in PHP 7 too. I have noticed some extensions have issues with PHP 7, however, for example the AWS S3 extension.

Upgrading from phpBB 3.2

The upgrade process from 3.2 is pretty much unchanged from 3.1 to 3.2, and will be more manual in nature than the newer upgrade process. You can see the steps required here.

Improved Emoji support

From a user’s perspective, the exciting feature is likely to be increased Emoji support. Previously, only certain Emoji characters could be used, and only in post text. Now you can use virtually any Emoji character, and you can use them in topic titles too. However, you cannot use Emoji in the subject line of topic replies.

The Emoji in topic titles permission is enabled by default. If you want to disallow it, the easiest way is to change a user role, like Standard Features. ACP > Permissions > Permission roles > User roles > [Role name]. Click on the green wheel for the role. See illustration:

New emoji in topic titles permission
New emoji in topic titles permission

Over time, phpBB forums will look a lot more colorful and visual.

No support for IE before IE11

Also with Proteus, phpBB essentially gives up caring about Internet Explorer versions 7-10. It’s not that phpBB won’t render pages with these older browsers, but certain features won’t work or may behave quirkily. This is because to do fancier things, phpBB relies on a Javascript library called jQuery. It now uses a newer version of jQuery which is not compatible with these older browsers. The phpBB Group’s rationale is that since Microsoft won’t support old versions of Internet Explorer, they don’t have to either.

Some other features they are highlighting:

  • Clever quotes. Quotes can show a link to the post and post author. It can also show the date and time of the quoted post.
  • Improved reCAPTCHA. Previously only reCAPTCHA V2 Checkbox was allowed for a reCAPTCHA solution. Now you can use the Invisible reCAPTCHA V2. One consequence of this is that the V2 Checkbox is no longer supported, so as part of upgrading phpBB to 3.3 you should have to get a new set of reCAPTCHA keys from Google’s reCAPTCHA site that support this method, and plug them into the Spambot Countermeasures area in the ACP.
  • Notifications are supposed to be very fast now. The whole notifications process has been reengineered. It’s unclear if this means email notifications are sped up. I’m pretty sure they will go into phpBB’s mail queue like they do now, so your Email settings should apply.
  • FontAwesome improvements. In phpBB 3.2, phpBB supported a rather limited set of scalable FontAwesome characters. The number supported are now much larger, and they will all look fine on retinal displays.
  • Symfony 3.4. This is behind the scenes stuff, but phpBB 3.3 uses a newer version of the Symfony PHP libraries, including its heavily used template engine.
  • ACP Statistics screen is now responsive. As noted in my first look, the statistics panel in the ACP now splits statistics into two groups, which has the benefit of making the screen responsive. You can see the new look below:

New ACP Statistics screen
New ACP Statistics screen

Should you upgrade?

You probably don’t want to upgrade right away. This is because some of your extensions may not work and if you made changes to your style, those won’t carry over so they will need to be replicated.

However, the same day the phpBB Group also released phpBB 3.2.9, which brings over some of these features including Emoji support. You might want to update to that version for a few months until extensions and your style becomes compatible with phpBB 3.3.


What will be new in phpBB 3.3?

If you’ve been waiting for phpBB 3.3, you’re not alone. The phpBB Group is famous for not setting release dates. They arrive when they arrive. There is no big company like Automattic is for WordPress behind phpBB.

I took a development version of 3.3 (3.3.0-RC2-dev) for a spin today to see what’s new. And the answer is not too much, at least so far. There are only two things I noticed right away:

  • The phpBB logo is now a Scalable Vector Graphic. This means it will scale nicely and always look sharp and fresh.
  • When you access the General tab in the Administration Control Panel, statistics are laid out differently and are arguably a bit confusing. Two tables with statistics? The first block contains counts. The second one contains metadata. It could be better laid out

phpBB 3.3 ACP Statistics
phpBB 3.3 ACP Statistics

What phpBB 3.3 “Proteus” really seems to be about is keeping it up to date. So far I don’t see any new features. A one-click update is supposed to be in 3.3, but I don’t see it. I suspect it got deferred for phpBB 4.0.

How is it keeping it up to date?

  • PHP 7.3 and 7.4 will be supported. These versions of PHP have been out for a while, but phpBB wouldn’t work reliably with them.
  • PHP 5.6 and 7.0 will not be supported. The minimum supported version of PHP will be 7.1.
  • The reCAPTCHA Invisible CAPTCHA will be supported. Currently, only V2 Checkbox is supported. This means CAPTCHA can happen implicitly. You shouldn’t need to click on a checkbox to prove you are a human.
  • Two new password hashing algorithms will be allowed: Arg2i and Arg2id. Passwords are not stored in the database in plain text. But using these newer algorithms, passwords become harder to crack. The 2id version is also much faster than the 2i version.
  • phpBB is dropping support versions of IE below IE11. That’s because the versions of Windows these run on are no longer supported by Microsoft, so they feel free to let them go
  • As a consequence of the above, jQuery 3.4 will be included. This version works with newer versions of browsers and pointedly does not support ancient versions like IE7.

If there are other new features, I’m not finding them. For most users, except for the phpBB logo, it will look and behave as it did under 3.2.

Understanding roles, part five – forum roles

As the name implies, forum roles control the privileges to forums. Forums are the key structure in phpBB and where most of the action happens, so there must be a lot of ways to finely tune access to forums.

Forum roles are most typically used to control forum privileges as they simplify the process. I will also demonstrate a way of circumventing these roles to set more granular forum permissions.

User roles provide a broad set of permissions, many of which extend to work users do in forums. Allowing attachments to posts is one example. Since roles are bundles of permissions, permissions in forum roles may override some user role permissions.

Pre-defined forum roles

The following forum roles come built in to phpBB:

  • No Access. Can neither see nor access the forum. This should be applied when you want to hide a forum from appropriate groups and users. You most typically use it to hide forums from guests and bots.

  • Read Only Access. Can read the forum, but cannot create new topics or reply to posts. You often see this role applied to guests.

  • Limited Access. Can use some forum features, but cannot attach files or use post icons. This role is often applied to newly registered users.

  • Limited Access + Polls. As per Limited Access but can also create polls. This role is also often applied to newly registered users.

  • Standard Access. Can use most forum features including attachments and deleting own topics, but cannot lock own topics, and cannot create polls.

  • Standard Access + Polls. Like Standard Access but can also create polls.

  • Full Access. Can use all forum features, including posting of announcements and stickies. Can also ignore the flood limit. Not recommended for normal users. This is often applied to more privileged users such as moderators and administrators.

  • On Moderation Queue. Can use most forum features including attachments, but posts and topics need to be approved by a moderator. This role can be applied to a problematic poster known for making inflammatory posts.

  • Bot Access. This role is recommended for bots and search spiders. It does allow bots to read the forum, so if you don’t want bots to read the forum, the bots groups should use the No Access role.

  • Newly Registered User Access. A role for members of the special newly registered users group; contains NEVER permissions to lock features for new users. This gets around a quirk in phpBB where newly registered users can start new topics (which have to go through moderation) only because they are also in the registered users group. It’s strange that phpBB is not configured this way by default.

There is one other implied role: No role assigned. As the name implies, it indicates a lack of permissions in the defined context, so other forum permissions if they exist are used instead.

Setting forum roles

Generally, it’s best to attach roles to groups. Attaching roles to users can be done, but it makes it hard to fix permissions issues. Most likely, roles already exist for groups accessing your forums. However, when you create new forums, you often need to attach some roles to the users that will use them, generally through group forum permissions: ACP > Forums > Forum based permissions > Group forum permissions.

First, select the user group whose roles you want to change or add. In the Look up usergroup dropdown, select the group then press Submit.

On the next screen, select the forum or forums you want to add or change roles for, in the appropriate Select a forum select list or dropdown. The dropdown is used to select a set of forums inside a category. Then press Submit.

Finally, you have an interface for changing or adding roles for each forum for the user group selected. See screenshot below. In the Role dropdown, select the role to be applied for the forum and user group. When all are set as desired, press the Apply all permissions button at the bottom of the screen.

Assigning roles to forums
Assigning roles to forums


Creating new forum roles

You can define a forum role using similar procedures for user, moderator and admin roles: ACP > Permissions > Permission roles > Forum roles > Create role. In general, the existing roles make it unlikely that you will need to create other forum roles.

Overriding role permissions

While not a good idea generally, I should point out you can override forum role permissions for groups and users. Use either:

ACP > Users and groups > Users > User forum permissions

ACP > Users and groups > Groups > Group forum permissions

Here’s an example of how it can be done for a user’s forum permissions.

In this case, Jane Doe is a teacher and in the teacher’s group, so she has Standard Access role’s permissions to the teachers’ forums. This means she cannot post sticky topics, i.e. posts that stick to near the top of the list of topics in a forum.

We would like to allow her to post stickies but not change her permissions otherwise.

User forum permissions, pick user
User forum permissions, pick user


We first enter her name by entering it in the Find a member field and pressing Submit. See screenshot above.

User forum permissions, select a forum
User forum permissions, select a forum

Then we pick the forums where we want the permissions applied. In this case, it makes sense to select the Teachers forums category and the forums inside it. Once selected, press Submit. See screenshot above.

On the next screen, the role shows no role assigned because no user role has been applied. The user still has a group role applied. Click on the Advanced permissions link.

You can then select any permissions you want to grant. In this case, I granted the Can post stickies permission by changing it to Yes. Since multiple forums should be show on the screen, do this for each forum in the category. See screenshot below, which shows only the permissions for the category.


User forum permissions, advanced permissions
User forum permissions, advanced permissions

Clicking the Apply permissions button will make the permission stick for this forum, or do all then press the Apply all permissions button at the bottom. Now Jane Doe has the necessary added permission, but it was done outside of the forum role.