NineChime forum

Furry stuff, oekaki stuff, and other stuff.

You are not logged in.

#1 03-01-2015 18:40:35

Waccoon
Administrator

Wacintaki 1.6.0 finally released!

Yes, version 1.6.0 is finally done, save for some last minute testing.  Given how badly the oekaki community has dried up over the years, finding a reasonably large audience for testing has been quite difficult.

Head on over to the products download page to get it.

Code:

v1.6.0 - March 1, 2015

NOTES:
- Wacintaki has not reached EOL and I do intend to maintain it, but I doubt I'll do much more overhauling as Java applets are effectively dead and there's little point to extending Wacintaki.
- If a good HTML5 paint app shows up, Wacintaki will be recoded from the ground up and probably renamed.
- 1.6.x will be the last branch to support mods and custom templates/translations.  Future versions will cleanup all the global, config, and database messes.

CHANGES:
- Several modernizations, while respecting things that might break mods (such as globals and template controlers).
- Some syntactic cleanup, such as removing trailing "?>", fixing capitalization, alignment issues, etc.
- boot.php has had most of its globals cleaned up and organized.
- New $glob[] array for program state and config values NOT found in config.php file.
- $user and $flags arrays now cascade, allowing for cleaner defaults.
- Database layer now uses mysqli exclusively.  The mysql_* functions have been deprecated since PHP 5.5.
- Database layer error reporting and debugging has been much improved.
- Finally using SQL LEFT JOINS for avatars on index page.  Cuts number of SQL queries roughly in half.
- Hacks entry FORCE_MYSQL_API removed (hacks file is still 1.2.0 compatible).
- Replaced badly-written PHP version detection with version_compare().
- Microtime handling improved with proper string casting.
- Replaced $mailbox_status[] array with constants.
- Updated all applet code to eliminate $OekakiU and updated boot to salvage login details from multiple sources.
- Fixed missing 'all' flag in parse_flags() for legacy reasons.
- Removed $header_extra_metatags (only used in WaxPoteto).
- New password hashing using Blowfish if available and Extended DES as a fallback.
- Oekaki automatically updates old password hashes to the strength defined in boot.php.
- Random salt generator for passwords.  Uses mcrypt, openssl, or /dev/urandom/ if available and a decent fallback for Windows.
- Password detection no longer relies on config salt, so salt may be changed.
- Salt removed from installer and is now set automatically during installation (and is virtually useless).
- Retouching password-protected pictures now uses a standard hash format with the salt intact.
- Removed blinking mailbox hack (as most browsers no longer support it) and "stupid name" hack.
- report_err() now includes "error.php" rather than using a HTTP redirect.  This solves many technical and usability problems compared to passing error messages via CGI.
- Added experimental "X_DISABLE_REPORT_ERR_HACK" to boot to disable the report_err() hack.  Use this if your custom header isn't working with the new error reporting.
- Removed multiple tries from applet picture save code -- potential DDoS vector.

BUGFIXES:
- age_to_date(): fixed problem with $_GLOBALS being confused with $GLOBALS.
- Debug config no longer overlaps with NineChime.com specific hacks.
- Fixed a non-destructive issue with update_rc.php where a recode that timed out may restart at the beginning rather than resuming.
- Fixed problem where people may not be able to edit comments after retouching another artist's picture and a password is set.
- Fixed problem with comment editor clearing a non-public password if the original owner retouches the picture.
- Fixed error message in image uploader not reporting max dimensions upon rejection.
- Fixed logic error with cache management causing language files to rebuild on every page view.  Wacintaki should be a bit faster, now.

FEATURES:
- Now PHP 5.0 native.  Many PHP 5.3+ enhancements.  PHP4 fallback code removed.
- Diagnostics page now shows avatar stats as well as deprecated salt setting and database encoding state.
- Database log and statistics table for when board is in debug mode.

"U-DO-IT":
- I've done a lot of cleanup of globals and other nasty stuff, but many issues remain as I wish to remain friendly to mods and old templates.  Be aware that a diff will show radical changes, but little has actually been recoded.  Check the top of boot.php for most of the rearranged stuff.
- Use the $glob array for anything you need to make global, local vaiables for everything else.  $cfg, $user, $flags, and $datef are still distinct singletons.
- Password handling has radically changed.  Make sure to use the new functions in common.php to check hashes.  Do NOT use $cfg['salt'] as it has been obsoleted and using fixed salts is bad practice.

Last edited by Waccoon (03-17-2015 04:22:39)

Offline

Board footer

Yep, still running PunBB
© Copyright 2002–2008 PunBB