Welcome

Welcome to the official development & support site of PHP-Fusion, a light-weight open-source content management system (CMS) written in PHP. It utilises a mySQL database to store your site content and includes a simple, comprehensive adminstration system. PHP-Fusion includes the most common features you would expect to see in many other CMS packages. Feel free to post any questions or report any problems in our community forums. Please refer to the FAQ for common questions.

Download PHP-Fusion 7 - Handbook - Demo at opensourcecms.com

Latest Active Forum Threads

	Thread	Views	Replies	Last Post
	Cast Votes - what does that... Content Administration	2	0	M4g3ll4n 07-01-2009 09:53
	PHP code showing below the ... Upgrading v6 to v7 (even RC1 & 2) issues	355	4	muscapaul 07-01-2009 08:25
	Private Message - Create Ne... User Administration	21	0	komendan 07-01-2009 04:56
	www.evagrius.net Post Your Site	21	0	dfmurphy 07-01-2009 03:34
	www.HouseMD.sk (slovakia) Post Your Site	38	0	Anonym202 07-01-2009 01:06
	PM General Discussion	51	2	DebK 07-01-2009 00:50
	Photogallery Content Administration	54	1	hame 07-01-2009 00:13
	Plz HelpME PLZ.... Content Administration	70	5	hame 07-01-2009 00:05
	[SOLVED] Internet Explorer ... Suspected Bugs and Errors	251	12	bikerbones 06-01-2009 23:51
	Permissions single user General Discussion	63	2	Centralsoft 06-01-2009 23:48

DNS issues for Europe and North America

There have been reports of users from Europe not being able to access the PHP-Fusion Network sites located in the US. With further investigation it seems some of the main DNS servers in Europe have not properly updated the DNS information for the server. To correct this try using OpenDNS.com's free and public DNS servers. Or you could simply call your ISP and have them update their DNS records.

DNS issues reports are starting to come in from North America. We are researching this issue further and have opened a ticket with our datacenter as there doesnt seem to be any issues on our end. Please stand by.

Update: It appears that within 24 to 48 hours most issues from city's that were affected have now been resolved. This is probably due to ISP dns CACHE servers. If the issues do not automatically resolve themselves within the next 48 hours please click readmore for further instructions.

Cheers!

Security update for PHP-Fusion 7.00.3 and 6.01.17

Another XSS vulnerability in messages.php has been reported and fixed.

PHP-Fusion 7.00.4 Update - for 7.00.3 only (7Kb).
PHP-Fusion 6.01.18 Update - for 6.01.17 only (6Kb).

The full download pacakages on SourceForge have also been updated.

Thanks to Nepster for the heads up!

Security update for PHP-Fusion 7.00.2 & 6.01.16

An exploit in submit.php was reported just before our recent downtime. It only affects servers with magic quotes disabled so risk is minimal. As always we have prepared an update which addresses the issue. The SVN and full download package have also been updated.

PHP-Fusion 7.00.3 Update - for 7.00.2 (4.37KB).

PHP-Fusion 6.01.17 Update - for 6.01.16 (4KB).

PHP Fusion Network returns

After a Christmas without service, the PHP Fusion Network has returned to service after being hacked by a Lithuanian member of php-fusion.lt. Those of you who visited any of the UK sites on Christmas Day will have seen a message demanding a number of things.

We would like to emphasise that we have nothing against Lithuania or its people, but we cannot endorse a support team that acts in such a manner which threatens to damage the reputation of PHP-Fusion.

Regarding the nature of the attack, I would like to stress that this latest attack had nothing to do with any exploit in PHP-Fusion but a server issue which Sheldon has now rectified. We remain fully committed to providing the best possible service and CMS to our incredibly supportive community.

Happy New Year!

Compromised downloads of PHP-Fusion at Sendspace

Hello all,

We had an issue a few days ago where a malicious person gained access to our site as a super administrator via a weak account/gained password. The download links to the full packages of PHP-Fusion versions 7.00.2 and 6.01.16 were changed to lead to files hosted on spendspace which were packaged as .rar files.

Both packages contain versions of maincore.php and ../includes/jscript.js that have been tempered with. If you downloaded one of these packages and used them to create or update your site, please download the packages again and all your files with the new ones from the downlaoded packages. It is advisable to put your site in maintenance first and delete the orginal files. Please be carefull not to delete any uploaded images (avatars, photoalbums) or attachments (though you should check their folders for suspicious php files or files with double extensions (like .php.rar or .phtml.rar). If you are uncertain whether you downloaded the correct files, please also replace them with copies from newly download packages. There is no need to re-install your website, though we recommend that you change your passwords as an extra security measure.

Please note, that we at PHP-Fusion will not post any core files except to SourceForge or this server. Any package with core files, either full packages or updates, will be in zip format.

Cheers,

Sheldon and muscapaul

PHP-Fusion Group wishes all Americans a Happy Thanksgiving!

PHP-Fusion Group would like to wish all Americans a Happy Thanksgiving! I know some of us Canadians will be enjoying your awesome Black Friday sales! ;)

Cheers
PHP-Fusion Group

Themes Site - Offline | Update: Online

Due to detected malicious hacking attempts directed at the themes site it will remain offline until further investigation can be completed. We thank you for your patience while we investigate! To calm everyone, this is not a PHP-Fusion flaw but the remains of the last attack which we were still analyzing and investigating. From my analysis to date it seems to have been a few nasty little scripts left behind that we missed when we cleaned up the account.

Cheers

Update:
The themes site is now back online!