I have posted a topic on phpbb.com letting folks know I’m not going to renew my phpBB3 MODs-related domains. If you’re interested, hop on over to phpbb.com and send me a PM to let me know.

First come, first served.

Way back in 2009 phpbb.com was hacked via an exposure in the phplist mailing list software. (Just to be very clear, there was no exploit found in the phpBB code used to run the site, only this supplementary program used to run the email notification system.) One of the results of the hack of phpbb.com was that several thousand user passwords were exposed and posted on the Internet. They were exposed, frankly, because they were too simple, and that’s not phpBB’s fault. More…

I’ve seen several phpBB boards over the years that swap out the regular graphic objects for holiday objects at certain times of the year. At phpbb.com they have previously done this for Halloween as well as the year-end holidays. I’ve done the same thing for my biggest board “BOB” by replacing the regular logo:

with one of several holiday logos:

And of course this:

During the American Thanksgiving week we used this:

Over at the phpBB2 Refugees site we’ve swapped our normal refugee tent for one with a more holiday feel for the last several weeks:

Right now this is a manual process, which means I have to remember to edit the php code to invoke the new logo (or alternately use ftp to upload a replacement logo with the same name over the current one). Manual process? for Dave?

I’m setting up a database table with dates and alternate logo names, and will set up a cron job that every night at midnight checks to see if holiday logos are needed for the following day or not. On BOB we rotate among several logos, so there could be more than one logo at any given time. The logo information is then written to a cache file where it will be used for the following 24 hours.

Easy as pie.

Holiday pie.

I read this morning a topic in the MOD Authors forum at phpbb.com where the topic poster was trying to figure out a way to encrypt / decrypt private message text. The technical challenge was easily overcome, as someone posted some code that allows the board owner to do exactly that.

The problem is, it accomplishes nothing.

Private messages are often a hot topic for board owners, probably because of the privacy implications of the name “private” message. As most board owners probably know, private messages are not truly private. Anyone with database access can read the private message text. Anyone with access to a backup SQL dump can do the same. But who has this type of access, and what can be done to prevent it? More…

One of the biggest complaints I’ve had with running my boards on phpBB2 is that the javascript used for BBCode and smilies insertion during the posting process offers poor (if any) support for modern browsers. Rather than reinvent the wheel, I spent some time to port parts of the subSilver2 template from phpBB3 back to phpBB2. While testing is not completely done, it seems to have been a success. I copied editor.js straight out; I don’t think I made any changes to that file but I will go back and verify that before I post a MOD. There were some minor changes made to posting_body.tpl and posting_smilies.tpl to call the new functions. For example in phpBB2 to insert a smilie we called the emoticon() function and now it’s calling insert_text() just like the BBCode insertion process.

I used the same function to update my canned messages MOD as well.

Oh, and I updated the color picker just a bit. The original color picker used values of 00, 40, 80, and two more to create an array of colors that was 5×5x5. I changed it to the old “Netscape Safe” color palette and used 00, 33, 66, 99, CC, and FF and created a 6×6x6 grid instead.

I have the new posting form activated on two different boards for the moment. As long as I don’t find too many issues I will write it up as a MOD.

As I was working through some code last night I found another “in progress” MOD that I wanted to add to the list of MODs in progress that I published yesterday. Over the years I’ve seen cases where someone from the other side of the planet has a dicey Internet connection and they end up submitting the same post twice because their browser submit times out. Or someone might post the same question in more than one forum, thinking that they’ll get more attention. Or a spammer might hit multiple forums with the same post multiple times.

I think I’ve managed to come up with something that definitely helps solve the first two scenarios and as a bonus helps the spammer problem as well. I call this my “Cross Post / Double Post” MOD, and it’s being tested on my beta board now.

The MOD design has so far turned out to be fairly simple. I tie into the flood control process and retrieve the post text for the last three posts by the user. From there I take the current post text and compare it to the prior posts. The first check is a straight equality check, meaning I check for the exact same post text. This will catch the “copy/paste” folks with very little overhead. If the post text is not identical, then next I use a function called similar_text(). (similar text reference at php.net) This function takes three arguments. The first two are the two strings to compare, and the third is a variable to store the results of the comparison, which is a number from 0 to 100. The result code should essentially be treated as a percentage. If the two posts are 95% similar then I check to see if the original post already in the database is in the same forum as the new post being attempted. If the forums are the same, then a “Double post” exception is triggered. If the forums are different, then a “Cross post” exception is triggered instead.

The number of posts (3) and percentage of similarity (95) are both controlled via the board configuration screen, so it’s quite flexible. Setting the percentage threshold to zero (0) is the same as turning the comparison process off.

This MOD is being tested on my “beta release” board right now. The first version of the MOD did not use the similar_text() function mentioned above. I attempted to use the soundex() function instead. However it seemed that the soundex() function did not look at enough text, so posts that were clearly different were still being reported as being the same. Switching functions solved that issue.

I’m now wondering if I need to deal with setting different threshold values for different forums. I hate to do that, as it drastically increases the complexity of the code. But for example there are many forum “games” that people play in an “off topic” type of forum. Some of those games look very repetitive, and would potentially trigger the CP/DP exception handling. Then again, the current logic looks across all forums, so as long as the person is active in more areas than just the off-topic games area it might be okay. I don’t want this feature to get in the way of normal use, but I do want to help out the moderator team by capturing / rejecting double post and cross post events.

Stay tuned for details as we start user testing this week.

What has Dave been working on lately? Not blog posts, obviously. Here are the headlines…

1. Full-Text Search
   I created a full-text index on the post subject and text over a year ago to see if maintaining that index would cause any performance issues. I’m happy to say that I have not seen any challenges from inserts / updates with this index in place. I’m going to be altering the search screen to allow the full syntax offered by MySQL on this type of index and hope to release that in a few months. Some of the challenges I have not yet decided how to solve are things like limiting forums – either by security or user preference – and other criteria that can be entered on the standard search screen.
2. Capture Post Revisions
   I’ve also added some code to capture post revisions. We’ve had a couple of folks that come back to our board and edit their post, removing all of the text and leaving only something like “…” instead. This destroys the continuity of the topic, and as a result we’re going to now track post revisions by capturing the post text history. If needed a moderator will be able to review and then restore a prior post, and ultimately lock that post from further editing. As with the full text search I have done fairly extensive testing on how this is implemented in order to ensure that performance does not suffer, and I’ll have a few blog posts about that process. This MOD is completed and I expect to roll it out onto the main board in a few weeks. (FWIW, I first talked about this post several years ago, and am just now finally getting it completed.)
3. Moderator Posts
   I’ve added a new field to the post table that allows a moderator to designate whether it’s a moderator post or a user post. For example, moderators can certainly participate in a normal board conversation as a regular person. But they may also add posts in their role as a moderator. This new feature will format those posts differently so they stand out, will automatically remove the “personal” aspects of a post such as signatures, and does not increment a moderator post count for this type of post. It is intended to be a way for moderators to be able to separate out their moderator posts from their board participation posts. This MOD is also completed and expected to be released shortly.
4. Including External Content
   I’ve added some cron jobs that parse RSS feeds from several blogs owned by board members. Their blog posts are automatically set up as part of their signature (as “Latest Blog Posts”) and updated once an hour. For bloggers that our community wants to recognize, this is a great way for them to get additional exposure without having to manually update their signature every time they publish a new blog post. This part of the MOD is already in use on our board. Only board admins can currently enter blogger information, as we want to go through a review process and certify blogs rather than allowing just anybody to link to an external site. This was done by altering the administrator user edit form and leaving the regular user profile form alone.

   As an extension to this, I’m also pulling in the content from the blog post and storing that in a hidden forum. As the blog posts are added to the forum they are obviously added to the full-text index because they’re part of the same table. I am also adding these posts to the standard phpBB2 search tables at the same time. That way if someone searches for term “X” and that’s found in an external blog post, they’ll see a link in their search results. The blog address is stored on the topic table and a different icon is used to show the user that they’re leaving our board and heading to an external site. I have all of the main work done; the last requirement is altering search.php so that it offers the ability to include / exclude external content and then react to that setting accordingly. I hope to get this completed in the next few weeks.

5. Social Media Profile Links
   I’ve added Facebook, Twitter, and LinkedIn fields to user profiles. These are displayed along with the other profile links, using smaller 18×18 pixel logos. I’m planning on going back and redoing the other profile links to use the same form factor but that part hasn’t been done yet. Here are the images I’ve made, using logos or other material provided by each service provider.

One thing that many of these MODs have in common is my concern for performance. We’re over 750K posts now, and still running extremely well on a server that is hosting several dozen sites, although none of them as active as our big board. Every time I touch the code performance is a primary goal. Another MOD that I’ve been planning is to port the phpBB3 posting form back to phpBB2 since it does a better job of supporting modern browsers as well as proving some additional formatting features. I haven’t even started on that yet, but I think it would be good. Now that I’ve personally switched to Chrome as my standard browser I’m noticing some interesting quirks.

So that’s what I’ve been up to for the past few months.

One of my other blogs had been hit and hit hard by spammer comments advertising headphones. This morning I noticed this one here on this blog:

That’s specifically aimed at human-powered paid-to-comment spam. I would rather already have excellent-quality comments than the next quantity of comments.tour headphones Sadly, I’m nonetheless getting an awful lot of spam comments (what’s up, Akismet?), so I think it’s time to install some additional defense layers.

The words “tour headphones” were a link, of course. Subtle, it was not. But I found it extremely ironic and ultimately amusing that the comment itself talked about spam. If you pick a few phrases from that comment you’ll find the exact same thing on other blogs / boards as well, or at least I did when I searched.

I’ve decided to contact the headphone manufacturer directly and let them know that I will never buy their products. Ever. Might not change anything, but it will make me feel better.

Oh, and I added specific code to my anti-spam process to look for this particular type of link.

I have had a couple of requests now for Tapatalk or something similar on my board. The Tapatalk application does not currently support phpBB2, but iPhone / Android support is becoming more of an interest to folks. Tapatalk is not a template or theme, it’s an application designed to interact with a discussion board (they support phpBB3 as well as several others).

I have to admit that I find this to be a far more intriguing idea than a mobile template. The folks behind Tapatalk offer a free API that would allow developers to extend the app to different forum systems. It would be interesting to see if anyone is currently working on phpBB2.

Tapatalk

I’m registering on their “Forum owner” area and will see what things look like.

Wow. Just. Wow. It’s been so long since I’ve posted here, I’m wondering if it will echo when I publish this?

Things have been really busy in real life, which I suppose goes without saying. I have two boys that are growing up and going through cub scouts and sports and school and everything else.

Yet, here I am. I am back to reconsider whether I need to upgrade from phpBB2 to phpBB3 for my main board (which as I write this is very close to collecting it’s 700,000th post, and is running almost one million page views a week). I am back to see if I can figure out how to integrate FB “likes” into my board, and how to allow folks to add Linked-In to their profile. That last one, at least, should be easy.

Things have been humming along quite nicely, although the spam frequency has started to go up. Seems that my Checkbox Challenge is either less of a deterrent, or human spamming is on the rise. For that, I guess I need to look at my server logs and see how long those folks are taking to get through the registration process. Fortunately there is still no answer for the Spammer Hammer, which makes it easy for my moderator team to quickly and easily eradicate all traces of the spammer from the board.

And gmail? Is it still the number one source of spam attempts? It would be interesting to check. I have not looked at those statistics in months (years?).

And I missed Libertyvasion. I had intended to go, but all of a sudden August was here and I had not made any plans, so I stayed home. I have watched some of the sessions posted to Youtube, and it did look fun. I will hopefully be ready for the next one. Anyone know when / where that will be?