What is panther

Panther is an open source forum application released under the GNU General Public License (GPL-3.0), Version 3, 29 June 2007. It is free to download and use and will remain so. Panther was designed to be a fast, user friendly and very secure forum application with a variety of features that are all fundamental when creating a new community.

Panther is a fork of FluxBB 1.5.7, adding various functionality and security improvements, such as the use of PDO prepared statements, more advanced hashing algorithms, and salt for user passwords. In 2015, FluxBB 2.0 was merged with the Flarum project, which was not very popular among community users. Development is still ongoing under the direction of Franz Liedke, but only until Flarum is fully released at which point development will cease.

Due to the unforeseen and changed circumstances, FluxBB was forked into Panther, which includes many improvements and enhancements to the software.

So why should I use Panther?

Just like the animal, Panther is a unique and very special forum software. Panther is a very fast, yet very secure forum application, which is written in PHP and MySQL - two of the most widely used programming languages in the world. Panther has a large variety of features that are very well optimised, we use intensive caching to speed up your forum and deliver the best possible speed, quality and security for all your users.

Database Transactions

Panther uses database transactions which allow changes on the server to not take place until the full script has finished. This means that in the event of a database error, Panther will automatically roll back the changes made to avoid half-complete data being entered into the database. Due to transaction usage, Panther loads much quicker and is more efficient at querying the database.

Caching

Panther uses advanced caching mechanisms to automatically cache all vital parts of your forum. This saves crucial database query time and allows for much more intensive usage of features, which do not sacrifice performance. This allows for the best possible speed for you and all your users.

PDO (PHP Data Objects)

We also use the benefits of PDO prepared statements to keep your forum completely secured from SQL Injection. At last count, at least 90% of all popular forum software do not utilise this feature and instead simply "escape" user data before placing it directly into the query. Escaping data is not as reliable as prepared statements and leaves open the potential for vulnerabilities with the forum. Moreover, some applications are still vulnerable when using PDO (particularly those running <= MySQL 5.5.11) due to the use of "emulated" prepared statements. These are when PHP sends the data and query to MySQL separately (like a prepared statement), but the MySQL server will simply escape all the data and then insert it into the query. This can become a security risk, especially if the MySQL server is running a charset such as the default (usually Latin 1). With Panther, we connect using utf8 and disable emulated prepared statements to circumvent such security vulnerabilities. Security remains the #1 priority of your forum.

Once more, you can only be SQL Vulnerable when you code a special, not standard way of querying the database.

Developer Friendly

Our code is developer friendly, meaning you can very easily create your own extensions for Panther and add them through the administration panel by simply uploading and clicking a single button. Our plugin system allows you to never modify the core, which is always considered a bad idea in content management systems. Simply visit the plugin through the administrative interface.

We use a custom made database driver to allow you to reap the rewards of PDO with having to over-complicate things for yourself. Custom methods such as select, update and delete allow you the ability to quickly access common functions for a database while not having to know any SQL knowledge. Gone are the days of using try/catch blocks to catch exceptions, you simply need to use the available method, keeping a single array of data separate from the query.

{file:database_example}

Ease of Administration

Our system allows you to very easily and efficiently administrate your forum, without even needing to touch a single line of code. Moreover, when it comes to updating your forum, we have a built in automatic updater which will guide your forum through the process. Don't want automatic updates? That's fine. These can be disabled or enabled at your will. We allow administrators easy access to stopping spammers, moderating forums and assigning new user groups.

Security

Panther uses an sha512 hash (128 characters), along with 16 characters of salt for each user password in the database. This means that in the event your database was compromised (which could only happen through the back-end of your server itself), attackers would have to spent an awful lot of time attempting to crack your hashes. We also use login keys for a one time login per user which are re-generated on every logout. This means that unlike other forum softwares, such as FluxBB or PunBB, who simply put the hashed user password into the cookie, it is much harder, if not impossible, to guess the cookie value of a Panther user. Each login key is 60 characters in length.

In addition, we use a token system to prevent cross site request forgery attacks against your forum. These are when hackers can exploit unauthorised requests to your forum, allowing them to impersonate other users, potentially changing forum submission details or launching payments.

Part of the token is made up of the unique login key for that one session on the forum. Forum-based passwords are hashed using sha512 and another 16 characters of salt. To prevent users from guessing forum-based passwords, cookies are also given salt, an impressive 64 characters of salt, unique to their cookie.

We use advanced brute-force protection to stop people from randomly "guessing" one of your users passwords, which can be toggled on or off at your will. Set the amount of login attempts per username, or the total amount for all users at any time, as you use your very own login queue to prevent brute force attacks on your forum.

Spammers

Spammers are troublesome users, who repeatedly enter nonsensical messages or links to websites. It's important to understand that spam is a very difficult thing to combat on certain applications and forums more than others. However, with Panther, we have already thought this out. Since most spammers are bots, we have already gone ahead and denied all bots access to your register, login and posting pages. This means that no bot can register, login or post on your forum already blocking the vast majority of spam and abuse.

We also use configurable robot tests to allow only users who are really interested in what your forum has to offer to answer them. These can be configured on a group basis, but that's not all. We allow you to moderate all posts made in forums, or on a user-group basis to prevent spam from really getting through. Any combination of these is enough to truly bore human spammers making their entire goal redundant. Still not enough? We also include StopForumSpam integration which will allow you to report the troublesome users to StopForumSpam directly through your forum interface. And if you're still not satisfied, you can download one of our many extensions. Dealing with Spam has never been so easy!

CDN (Content Delivery Network)

Panther has CDN support built in to help even more to produce the fastest possible loading times for your forum. Compress images using the TingPNG compression tool in order to reduce server bandwidth and space, optimising your website even more. Choose which files you want on your own content delivery network and which you want on the same domain as your forum.

Search Engine Friendly URL Schemes

Panther uses a total of three different URL schemes allowing you to choose the URL scheme of your forum. The default, file based and folder based URL schemes are easy to switch to, by a single dropdown box in the admin panel. You can choose how you want search engines to perceive your website and rank it. Already use different a URL scheme? No problem. Both the default URL scheme and any other chosen one will be accessible by bots, so you will not get penalised for the change. Moreover, we use the "canonical" tag to tell the Google bot how you want your page to be indexed. This means that even if they access it through the default scheme, you will still get indexed using the URL scheme you want.

Modifications

Modifications are a difficult thing to achieve, because quite often they require you edit the core of the software. With Panther, we have introduced an extensive plugin and extension system, allowing you to simply upload files into the appropriate locations. You don't have to edit files by hand, making the process easy and reliable. Moreover, you can simply upload extensions straight through your forum interface, which makes things even easier. Additionally, we use XML extensions which are both safe, and reliable. Unlike forums that use PHP extensions that can pose a security risk, the Panther parser will turn the XML into valid PHP code, store it in the database and cache it. Extensions with Panther are very easy to install, use and change, built with simplicity for the end user in mind.

Creating communities has never been this easy! Panther really is the dawn of a new age in forum software.