Geeklog

I am pleased to announce the release of CAPTCHA v2.0 Plugin for Geeklog. CAPTCHA 2.0 provides an additional level of defense against spam bots. This new release builds upon the original gl-captcha hack and now provides easier installation and ... [More] easier integration with Geeklog and other plugins. IBeginning with CAPTCHA v2.0 there has been a joint effort with the Geeklog development team to add support for using this plugin with several core Geeklog features. Starting with Geeklog v1.4.1, if the CAPTCHA v2.0 plugin is installed, you can now enable CAPTCHA support for the following Geeklog functions:New user registrationPost commentEmail userEmail storyStory submissionThis integration does not require any code modifications to the Geeklog distribution, support is there out of the box. Also, beginning with Forum v2.6 from http://www.portalparts.com, support for using the CAPTCHA plugin is also available. Forum v2.6 will support displaying the CAPTCHA block on the topic entry screen.I would like to express my thanks to Dirk and Blaine for allowing these integrations with Geeklog and the Forum plugin and for their ideas and feedback on implementation. Enabling support for the core Geeklog features and the Forum integration is controlled in the CAPTCHA config.php file. The following items can be configured:Anonymous users only (only display CAPTCHA block if user is not logged in)New user registration on / offPost comment on / offEmail user on / offEmail story on / offStory submission on / offForum topic entry on / offGraphics driver (GD Libs, ImageMagick, none)Graphics Format (jpg or png)For existing gl-captcha users there are no major feature enhancements to require upgrading unless you wish to take advantage of the Geeklog v1.4.1 or Forum v2.6 integration. The implementation of the Geeklog custom registration has changed so if you plan on upgrading and still using the custom registration integration, please see the install_doc.html file included in the distribution for details on upgrading.Support for CAPTCHA v2.0 can be found at http://www.mediagallery.org or the Plugin Support forum at http://www.geeklog.net.CAPTCHA Pros and ConsWhether or not a CAPTCHA implementation is the correct solution to meet your needs is only a question you can answer. CAPTCHAs do have drawbacks; the main drawback to any CAPTCHA implementation is that is makes it almost impossible for visually impaired individuals to use. In some cases, even those users who are not visually impaired may have a difficult time reading the CAPTCHA string since they are designed to be difficult to read. Also, there may be accessibility laws in your area that you must conform to as well.CAPTCHAs are not fool proof and they are not a final solution against spam bots. OCR (Optical Character Recognition) has been used to break many CAPTCHA implementations. Also, there have been reports on using cheap 'sweat shop' labor to get around CAPTCHA implementations by having people perform the registrations en mass. See Wikipedia for a more detailed discussion on drawbacks and how CAPTCHA can be circumvented.CAPTCHA is only one layer of protection against spam bots. You should consider using the other protections available for the latest release of Geeklog, the Bad Behavior plugin, Dirk's SLV Spam-X class and trackback validation. [Less]

I am pleased to announce the initial test release of version 2.6 is now available for download. A number of key changes were made over the past few weeks since I posted that work had been underway. A number of volunteers assisted with testing and ... [More] feedback refer to full story for more details.Review the readme.html - for update and install directions. You need to be running a GL 1.4 or 1.4.1 site.Download Link: Forum Version 2.6 RC1Please post any feedback and issues on my site in the portalparts support forum or on this site in the plugins forum Summary of features: Integrated Geeklog group security to create restricted forums Support for Readonly Forums - example FAQ use Support for RSS Feeds - now with enhanced formatting and rich content Advanced Moderation features like splitting topics, moving, making sticky Integrated BBcode supports using text mode and bbcode tags to format content Able to now safely just use text mode for posting and still use bbocode and advanced formatting features Enhanced Code Formatting using the Geshi library Automatic notification support for complete forums or topics. Able subscribe to a forum but then selectively un-subscribe to topics Member listing page - able to view all members or just those with forum activity Centerblock for site frontpage or sideblock for users to monitor new posts Support for autotags in topic content and can reference other forum topics using an autotag Integrated SPAMX and content filtering Integration opion with glMessenger for member private messaging and online smilie admin Easy online admin administration and member control of user preferences Special thanks to Mark Evans for collaborating with me closely over the past 2 weeks. Mark contributed the new bbcode formatting functions and enhanced the RSS feed feature and printing functions plus other fixes and ideas. I also want to thank the following site members that assisted with testing and feedback Dirk (dhaun) Tony (iowaoutdoors) Wayne (suprsidr) Michael (ironmax) Oliver (tokyoahead) Mark (mediagallery) [Less]

The second beta version of Geeklog 1.4.1 is now available for download. While we still have to sort out some issues (with MS SQL and in a few other places), this release should provide a much more polished experience and preview of the next Geeklog ... [More] version.Beta 2 fixes problems with MS SQL, improves multi-language and UTF-8 support, sorts out display problems with the Professional theme, and fixes several other bugs. It also includes updated PEAR packages (specifically PEAR::Mail, which addresses a problem with SMTP). Please see the included changelog for a complete list of changes. There's also a file, docs/changed-files, that lists all the files that changed over beta 1. [Less]

I am proud to announce the release of Media Gallery v1.4.6. This release contains a few bug fixes, some auto tag enhancements and several HTML validation fixes. There is a new auto tag, the img: auto tag - this will return just the plain HTML code ... [More] for a Media Gallery image, no borders or other formatting is added. I have tried to identify and track down several HTML validation errors for the release as well. This release also supports the upcoming Geeklog v1.4.1 release with full support for using Microsoft SQL Server as the database backend.For a detailed list of files that have changed between v1.4.5 and v1.4.6 see the filelist in the distribution.For more details on Media Gallery, please see the Media Gallery Support Site and the Media Gallery Documentation Wiki. [Less]

After long waiting Garden 1.4 is now available for download! This theme was developed for french portal www.geeklog.fr where you can see it in action. Note: This theme is best experienced in Mozilla Firefox, Apple Safari and Internet Explorer 7.

The objective of the Microsoft SQL (MSSQL) port is to provide another database alternative to MYSQL to take advantage of SQL server in business environments where Mysql may be a barrier to entry. The goal was to provide the ability for GL1.4.0 to ... [More] work in either Mysql or MS SQL server with zero code changes required to be done by the end user. The version(s) of SQL supported are SQL 2000 and above, including the MSDE.An example plugin that was created to show an approach to isolate the database layer from the application logic can be found here in the downloads library. Since Mysql has a few proprietary functions, it's impossible to have a MS SQL server equivalent function. A few examples are LIMIT, REPLACE INTO, UNIX_TIMESTAMP, TO_DAYS, DATE_FORMAT, DESCRIBE.... the list goes on and on. However the MSSQL class takes many of these into account and automatically translates some MYSQL specific function calls into SQL server equivalents.Using the abilities of MS SQL server, I have written helper User-Defined-Functions (UDFs), views, triggers and stored procedures to assist SQL server in coping with MYSQL function calls as well as help GL1.4's code base cope with data differences between MYSQL and SQL server.The MSSQL class that I've written mimicks the MYSQL class' members that already exist in the /system/databases directory. Installation of a SQL instance of Geeklog 1.4.1 follows the same steps as creating a fresh MySQL instance, however it has these slightly different dependencies:PHP installed and configured to use the Microsoft SQL server extensions.MS SQL server (MSDE) installed - any version 2000 or greater.A SQL database and database user created for Geeklog to use. This item is no different than the comperable MySQL step for installation, but needs to be carried out on the SQL server by a user who has enough access rights to create new databases.Once you have Geeklog 1.4.1 downloaded and the dependencies configured, you'll have to edit the config.php file to ensure that the database selection is changed from 'mysql' to 'mssql' (the $_DB_dbms parameter setting in config.php). Please note that the database configuration parameters for database, user and password within config.php sill require configuration to match the 3rd bulleted item above.Important Notes:Plugins which require MSSQL support will require a MSSQL installer file and database detection routine developed to support SQL Server. I have personally converted some plugins to work on a MSSQL instance - just be aware that plugins specifically written for MySQL will not work "out of the box" on the SQL Server instance.Also note that the MSSQL class does not overcome badly coded SQL routines which MySQL may be more forgiving with. Properly formatted SQL statements are a must and become very important - so watch out for things like including the right columns for a group by clause.The MSSQL class does NOT approximate each and every MySQL function for SQL server. Only those critical functions which Geeklog 1.4.1 relies on is approximated by the MSSQL class and supporting database functions, triggers and stored procedures.Enjoy the new database abilities of Geeklog! [Less]

A first Beta release of Geeklog 1.4.1 is now available for download. After the various security issues we had this year, we concentrated on code reviews and bugfixes for this release, but there are also some new features, namelySupport for Microsoft ... [More] SQL Server. Yes, for the first time in its history, Geeklog will now also run on a database other than MySQL. The MS SQL support was developed by Randy Kolenko who posted more about it here.Calendar plugin. Moving the events and the calendar to their own plugin concludes our work on making Geeklog more modular. Don't need a calendar on your site? Now you can simply uninstall the plugin.Multi-language support. It's now possible to build multilingual Geeklog sites where not only the navigation but also the content changes when you switch languages.Various other changes, e.g. better spam protection, an option to mass-delete users, redesigned account information, and more.We're labelling this as a beta mainly for three reasons: The new MS SQL support, the mass-delete user option, and the various changes we made in the Professional theme, all of which will probably need some tweaking. So while you're invited to install 1.4.1b1 and try it out, you may not want to run your site off of it just yet. Please note that most of the changes we made in the Professional theme are to make it more based on CSS instead of a table layout. These changes are of course not mandatory for your own theme but specific to the Professional theme. The required changes to support the new and modified features of Geeklog are documented, as usual. [Less]

There has been a lot of discussion here recently regarding strange users registering on my site. There have been several potential solutions discussed as well. One of the solutions discussed is to use CAPTCHA (Completely Automated Public Turing test ... [More] to tell Computers and Humans Apart) to prevent spam bots from registering on your site. To address this need, I have released gl-captcha-1.0, a CAPTCHA implementation for Geeklog utilizing the custom registration feature.gl-captcha-1.0 is a combination of the previous beta releases and contains both the dynamic and static image support. This version also supports the use of a language file and improvements to the memberdetail.thtml template to allow users to refresh the CAPTCHA image and to email the administrator if having difficulties registering. Why another CAPTCHA implementation? I spent a lot of time logging and reviewing how spam bots were registering on my sites. What I found is that most of them completely bypass the users.php registration screen; instead they call the users.php module directly, posting the required variables. This can easily be done using a tool called curl, where you can automatically create an account. For example:curl -d mode=create -d username=somename -d [email protected] http://www.geeklog.net/users.phpThis command will usually create an account on any standard Geeklog install. Even with the Bad Behavior plugin installed many of these requests will still get through. So what I found was that any solution that relied solely on the registration screen would fail as a protection method since the registration screen can be completely bypassed.What I've done is develop a CAPTCHA implementation that uses PHP's session variable to store the CAPTCHA string. During the registration processing (the HTTP POST to users.php; i.e.; submit button), I validate the user entered CAPTCHA string is equal with the string set in the PHP session variable. If the PHP session variable is NULL (empty) or the user entered CAPTCHA string is NULL, then I force the user back to the registration screen. This prevents bots for bypassing the user registration screen and posting directly to users.php. So far, this has been a successful method to prevent spam bots from registering on my sites.Whether or not a CAPTCHA implementation is the correct solution to meet your needs is only a question you can answer. CAPTCHA's do have drawbacks; the main drawback to any CAPTCHA implementation is that is makes it almost impossible for visually impaired individuals to use. In some cases, even those users who are not visually impaired may have a difficult time reading the CAPTCHA string since they are designed to be difficult to read. Also, there may be accessibility laws in your area that you must conform to as well.To minimize these drawbacks, gl-captcha-1.0 will provide a link on the custom registration screen to allow a potential new user to email the site admin with a request for registration ($_CONF['emailuserloginrequired'] must be set to 1 in Geeklog�s config.php for this feature to work). It also states on the registration screen that a screen refresh will provide another CAPTCHA string, giving users the ability to try again if they are having difficulty in reading the current string.CAPTCHA's are not fool proof and they are not a final solution against spam bots. OCR (Optical Character Recognition) has been used to break many CAPTCHA implementations. I have tried to use various fonts and background noise in generating the CAPTCHA images to minimize the risk, but there is no assurance that a determined spammer cannot use OCR to break this implementation although I believe the chances are slim. Also, there have been reports on using cheap 'sweat shop' labor to get around CAPTCHA implementations by having people perform the registrations en mass. See Wikipedia for a more detailed discussion on drawbacks and how CAPTCHA can be circumvented.For me, using the Bad Behavior plugin, Dirk's SLV Spam-X class, trackback validation and gl-captcha-1.0 has proven to be a very successful arsenal against the various types of spam we Geekloggers face. I have no doubt that the spammers will continue to improve their technology and that the Geeklog community will also continue to answer the challenge and evolve our protections. [Less]

Three months ago, we released an update for Geeklog's Trackback handling that stopped Trackback spam by simply checking if the site in the Trackback URL was actually linking to your site. At least one spammer has now figured out how to circumvent ... [More] that check and so it's time for the next round ...Yet another update for Geeklog's lib-trackback.php is now available for download. This is a drop-in replacement for the lib-trackback.php of all Geeklog 1.4.0 releases (up to and including 1.4.0sr5-1).Note: The download link was still pointing to the old file. If you downloaded it before September 15th, 2006 2 PM EDT, please download it again to get the correct version! This new version can now also check the IP address of the Trackback against the IP address of the site in the Trackback's URL. And if those two don't match, it is most likely a spam post and can be rejected.Please note that the interpretation of the config option $_CONF['check_trackback_link'] has changed slightly: You can now add up the values to perform more than one check:0 = no check,1 = check if the site links to $_CONF['site_url'] somehow,2 = check that the site links to the exact URL the Trackback was sent to (e.g. an article on your site),4 = new: check that the IP address the Trackback came from matches the IP address the linking site resides onAnd if you want to check both the link and the IP address, you simply set $_CONF['check_trackback_link'] to 2 4 = 6, i.e.$_CONF['check_trackback_link'] = 6;(Note: Using both 1 and 2 doesn't make a lot of sense, obviously, and will be treated as if you only chose 2)Please note that even this additional check can be worked around. So it's always a good idea to have some other defenses in place as well.[/code] [Less]

The Geeklog Wiki may be down for a few days while Tom Willet (who's hosting it) is moving. We'll let you know when it's back up.[Update: It's back up. Thanks, Tom!]