New Idea

[tdodnz]

I was thinking it would be cool if a mod was made for this community forum where u could just do something like

[install=http://www.yoursite.com/mod.yp]Click Here to install this mod[/install]

And that does like a popup where u put in the address to your packages file or something and it installs it to your server, it would probably have to include index.php and the admin user would need to be logged in else u get some error like your not logged in its more of a hack than a mod

[David]

What is wrong with the current Package manager?

[[Unknown]]

A lot.  I don't partiularly like the practicallity of this one either.

-[Unknown]

[tdodnz]

no im meaning so that you can do like you do with a url so you post a thing in the forum to an install and it auto installs the package from the specified location.

So what happens is you click on the link and a popup appears which asks for the url to your board index, you put it in and it sends commands to your board to install the package from this location.

its just dso we don't have to goto our forum to install it but can do it from here

[David]

Umm, seems really dangourous if a remote server can do the full install just by entering a url.  I would much rather have to download the yabbpack and then install it.

[Gobalopper]

I would go with a central server that has a bunch of the mods and also links to other approved sites that may have some not found there.

But before that is done I really think we need a site like BoardMod. Or some better way of keeping track of mods.

[tdodnz]

essentially its not a remote server its just your website just told to go install this mod via security of course u need to be logged in as admin and so on.

What i mean is the same way that you put a URL into a post you could put an install package in accept the bit thats
url=http://www.bla.com would be
pack=http://www.bla.com/mymod.yp

and this just does a popup which allows for the admin to log into their server and hit install in the little box, it boots itself off index.php on your server and just does a remote login like you would if you put a login on a seperate page but it sends a hidden value that if your admin and this is a mod then boot up the install window thats in admin so that u just hit d/load then install its still using your server just logging in in a seperate browser.

It would be like BoardMod unless put out with 1.5.1

[irbrian]

Perhaps what you're saying is that it would be nice to be able to add a package server to your site with a single click.

While it'd be handy for someone like me that adores the package manager I don't know how you'd accomplish that across servers without bringing up security issues.

But it would really be nice if there were a centralized package server. Having to maintain the package servers yourself seems a bit unwieldy considering that the whole point of the packman is convenience.

[tdodnz]

security issues = none

the user has to login as admin this is not controlled by the forum its comming from it just does a popup to their forum and sends the command to download this package its just sending you there straight away and auto downloading and dropping you into the package manager.

It uses the package manager to download the file, all it does is gives it a url to download the package from.

So it goes to your forum to the login page makes you login and when u login it sends posts to something like

Code Select Expand

http://www.yoursite.com/forum/index.php?action=login2&pak=1&pakurl=http://www.someonessite.com/theirmod.yp
Now the login page is built into the forum ur comming from and posts to their forums login script with those 2 extra parameters. it sees the parameters and once logged in goes to the package downloader and downloads the package like what happens when you go to the package manager load up a package server and click download that is all quite a simple mod, the hardest part would be the url reference.
Also it would need to be put out with the next version of the forum.

This does not create a security problem as you are forced to login and you have to be admin it just makes a shortcut as such for admins to download mods.

If the admin was logged in they could just go to index.php and put in those lines above and it would download a mod.

Actually the login page would need to be on the forum thats having it installed else security prob such as taking pasword and crap and it would have a url checker and so on.

No security breach possible via adjusting a forums script due to the url tester thing which is just a bit of php requesting the current url on post and a few more simple security things.

[[Unknown]]

security issues = none

security issues = none a lot

What if I were to say, do this:

Click here to get $100!!!

Trust me, it's not gonna happen.

-[Unknown]

[Peter Duggan]

That's an amazing URL! Even more outrageous than the one I stumbled across here!

[tdodnz]

@Unknown

That wouldn't matter like I said the page thats poped up loads a login page off the users site whos trying to install it which clearly states download package, and you have to be an admin, it will say are you sure you wish to download this package and so on. Its just as secure as using the package manager.

[[Unknown]]

Maybe you misunderstand.....

Say I'm the admin of my site. (duh)
Now, someone at this board goes into chit chat and posts their mod - which basically installs a back door to the site and emails them the link - on the site.

Now, being the fool I am, I click on the link looking for a quick bill.  To my utter and terrible dismay, it installs this mod and removes all the admins too.

How wonderful.

And, this is only one example - even if I knew it WAS a mod, it could say "Super Does-everything Mod" and be "Admin Killing Backdoor Mod".  The filename couldn't tell you either.

-[Unknown]

[tdodnz]

yes I agree with you totally but the thing is it doesn't install it it just downloads it, and its no more secure than connecting to a package server to download the mod.

I could go make a mod that wipes the admin and makes me an admin and gives me there forum url and call it a skins mod, and just say ive made it I would get heaps of emails with my details to login to their forum as an admin.

You could also release a mod that does this as a part of the real mod as such its only as good what they say it does.

This is just using the package system so its just the same. I spose that this mod could just boot up their package server but whats the difference.

[David]

What is wrong with the current system of you have a url to a package server and then you add it to your list?  The reason there arn't a lot of package servers is so that there are not rogue ones.