Tag Archives: PHP

How to not count views made by the Gallery 3 Admin

If you’re like me, you like to know how many times your photos are viewed; however, you don’t want to count the views made by yourself because who cares how many times you look at one of your own images?

Here’s how I got Gallery 3.0 to stop counting my views as the gallery administrator. (Update 1-27-2011: For those that have upgraded to Gallery 3.0.1, please see this post.) I should mention that my target audience for this post are those that are familiar with editing PHP files and have a means to access their Gallery database (to reset the view_counts back to zero).

First, in /themes/(your theme)/views/page.html.php add the following code near the top (below the first line, making sure you keep the code within PHP opening and closing tags.):

2
3
4
5
6
7
8
<?
if ($user->admin == '1') {
   $_SESSION['admin'] = true;
} else {
   $_SESSION['admin'] = false;
}
?>

Then, in /modules/gallery/controllers/photos.php modify the code around line 50: (make sure you do not leave the existing view_count++ statement outside the IF statements; otherwise, you’ll get duplicate view counts)

50
51
52
53
54
55
56
    $template->content = new View("photo.html");
 
    // mrh added the session admin check
    if(!$_SESSION['admin']) {
      $photo->view_count++;
    }
    $photo->save();

Then, in /modules/gallery/controllers/movies.php around line 50:

50
51
52
53
54
55
56
57
58
    $template->content = new View("movie.html");
 
    // mrh added the session admin check
    if (!$_SESSION['admin']) {
      $movie->view_count++;
    }
    $movie->save();
 
    print $template;

Finally, in /modules/gallery/controllers/albums.php around line 77:

77
78
79
80
81
82
83
    // mrh added the session admin check
    if (!$_SESSION['admin']) {
      db::query("UPDATE {items} SET `view_count` = `view_count` + 1 WHERE `id` = $album->id")
      ->execute();
    }
 
    print $template;

The Gallery will now not count any views made by the administrator which in my case, is me. :) To reset the view counts back to zero, the following SQL statement will work:

UPDATE items SET view_count = 0 WHERE view_count > 0;

Since you’re modifying the core Gallery code, be sure to make backups before applying any future upgrades as your changes will be lost.

Hopefully this helps! :)

Making Block-Spam-By-Math work better for you

This is a follow-up to the post I made a couple days ago about upgrading to WordPress 3.0 and looking for a new spam protection plugin that asked to solve a math problem. The one I chose was Block-Spam-By-Math because it seemed to work out of the box. Well, since then, I’ve learned that the plugin, as is, is not all it’s cracked up to be. I was still receiving numerous spam comments (which Akismet did catch). Due to the content of the comments, I could tell that these were automated or done by bots most likely and not humans. I, of course, understand that no plugin like this is going to stop an actual human hired to or set upon spamming blogs and galleries.

After examining how this plugin worked, it became rather obvious that it was pretty much useless. The plugin always performs addition and the two numbers to be added are there in the form with very recognizable field names and, well, it does have “X + Y” within the form text. A bot that knows how this plugin works and the field names it uses could easily parse the form’s contents to get the two numbers, add them together, and then supply the answer using an obviously known POST variable name. In fact, because the plugin adds the numbers that are submitted to it by the form, the bots can simply supply their own arguments for the plugin to use. All it has to do is use the correct POST field names. Since this is an established plugin on the WordPress site, I’m sure the blog spammers have learned to expect this plugin to be in use on WordPress blogs and have written their code to effectively get around it.

The solution that I wanted to use, which I do with my guest book on my main website, is to store the answer and/or the arguments on the server, such as in a session variable because these values are only known to the scripts running on the server; however, the way the plugin is written (or WordPress itself), the function that sets up the form is some how executed more than once when viewing a post thereby causing the values to change from what is presented on the form itself. Maybe it’s related to this theme’s possibility of having nested comments. This may explain why they perform the math on the values sent in by the form itself. So, what I did was to simply change the field names that it used to some random things I thought of to throw the bot’s parsing or string searching and posting functions off.

This has appeared to do the trick as I can now see spam attacks in my latest visitors log at my webhost resulting in 403 errors that this plugin generates on a failed response. This also proves that these attacks are coming from bots and not humans putting in the answers.

To make this change yourself, edit the /wp-content/plugins/block-spam-by-math/block-spam-by-math.php file and look for function add_hidden_fields() and function check_hidden_fields() and simply change the corresponding name and $_POST[] variables it uses:

      function add_hidden_fields() {
         $mathvalue0 = rand(2, 15);
         $mathvalue1 = rand(2, 15);
         echo '<div><b>IMPORTANT!</b> To be able to proceed, you need to solve the following simple math (so we know that you are a human) :-) ';
         echo "What is $mathvalue0 + $mathvalue1 ?";
         echo '<input type="text" name="changeme2" value="" />';
         echo '</div>';
         echo '<div style="display:none">Please leave these two fields as-is: ';
         echo "<input type='text' name='changeme0' value='$mathvalue0' />";
         echo "<input type='text' name='changeme1' value='$mathvalue1' />";
         echo '</div>';
      }
 
      // Check for hidden fields and wp_die() in case of error
      function check_hidden_fields() {
         // Get values from POST data
         $val0 = '';
         $val1 = '';
         $val2 = '';
         if ( isset( $_POST['changeme0'] ) ) {
            $val0 = $_POST['changeme0'];
         }
         if ( isset( $_POST['changeme1'] ) ) {
            $val1 = $_POST['changeme1'];
         }
         if ( isset( $_POST['changeme2'] ) ) {
            $val2 = $_POST['changeme2'];
         }
 
         // Check values
         if ( ( $val0 == '' ) || ( $val1 == '' ) || ( intval($val2) != (intval($val0) + ntval($val1)) ) ) {
            // Die and return error 403 Forbidden
            wp_die( 'Bye Bye, SPAMBOT!', '403 Forbidden', array( 'response' => 403 ) );
         }
      }

In the code above you want to change the changemeX items. The original code and my new code has something other than what is shown here. To be even sneakier you could change them once a week or however often and there’s no need for them to be the same thing with 0, 1, and 2 after them. They just have to match each other in the functions. As I’m sitting here typing this, I just had another idea to try. ;) Anyway, hopefully this well help cut down some of the automated comment spam attacks.

Blog has been upgraded to WordPress v3.0!

I have upgraded my blog to WordPress v3.0 which was just released a couple days ago. As I always do, I backed-up all my files and database before proceeding. I have a local copy of my blog on the PC so I upgraded it first. I did the auto upgrade option again which seemed to have worked well. Even so, once again I had to edit the /wp-includes/vars.php file to force $is_apache to true (see below) since the SERVER_SOFTWARE variable comes back as WebServerX instead of Apache.

// Server detection
 
/**
 * Whether the server software is Apache or something else
 * @global bool $is_apache
 */
//$is_apache = ((strpos($_SERVER['SERVER_SOFTWARE'], 'Apache') !== false) || (strpos($_SERVER['SERVER_SOFTWARE'], 'LiteSpeed') !== false)) ? true : false;
$is_apache = true;
/**
 * Whether the server software is IIS or something else
 * @global bool $is_IIS
 */
$is_IIS = (strpos($_SERVER['SERVER_SOFTWARE'], 'Microsoft-IIS') !== false) ? true : false;

I also had to edit the /wp-login.php file and add session_start(); at the beginning for the Register Plus plug-in to work properly as PHP sessions are not automatically started at my webhost (I could make them auto-start if I wanted but I’d rather have control of it via my scripts):

session_start();
/**
 * WordPress User Page

Now I could have stopped here; however, I wanted to use the new default WordPress theme, Twenty Ten which had a wider footprint and additional functionality beyond the previous default theme. I also figured it would be the most stable and up-to-date theme to work with the new WordPress version.  I made of a copy of the theme and placed it into its own directory, giving it my own name.

Since this was a new theme, I had to modify some of the PHP files to add my custom code. All I really had to do was add a JavaScript code snippet to the /mytheme/header.php file that some of my archived pages use to show and hide parts of their content. I also had to add a piece of code to the /mytheme/comments.php file for the Math Comment Spam Protection plugin to function; however, this theme’s coding of the comment form was much different and from what I could tell would have to do a lot of hacking around with the code to get it to work. So, I decided to look for something else. I came across the Block-Spam-By-Math plugin. This one worked with the new theme and I didn’t have to add any additional code anywhere to make it work! During this time frame where I did not have a functioning Math protection plugin, Akismet caught around 55 spam comments! This was in less than a day and a half. Since adding in the new plugin, Akismet has only seen one new spam comment. This just proves how many spam comments a plugin like this will stop.

Update: August 24, 2010: The Math Comment Spam Protection is now compatible with WordPress 3.0.1 and have switched my blog back to using it.

At this stage all I’m really doing is playing around with CSS styles to get the blog to appear how I want. This is where things like Firebug for Firefox come in real handy by telling me where an element is getting its style from. It will tell you about the element’s inheritance, which file(s) contain the CSS, and the line numbers within those files. By the way, I found the CSS Tutorials at W3Schools to be rather helpful in testing out various font-size and line-height combinations which this theme seems to use heavily. I may change its use of fixed pixel sized line-heights in favor of relative values so that they scale properly with changes in font size, we’ll see. :)

Before I close and while there’s still 30 minutes left in the day, I just wanted to wish my dad and all the other dads out there a Happy Father’s Day!! :-D

Blog has been upgraded to WordPress v2.9

I have updated my blog to WordPress v2.9 which was just released. I did the auto upgrade option again which seems to have worked well. Even so, once again I had to edit the /wp-includes/vars.php file to force $is_apache to true (see below) since the SERVER_SOFTWARE variable comes back as WebServerX instead of Apache.

// Server detection
 
/**
 * Whether the server software is Apache or something else
 * @global bool $is_apache
 */
//$is_apache = ((strpos($_SERVER['SERVER_SOFTWARE'], 'Apache') !== false) || (strpos($_SERVER['SERVER_SOFTWARE'], 'LiteSpeed') !== false)) ? true : false;
$is_apache = true;
/**
 * Whether the server software is IIS or something else
 * @global bool $is_IIS
 */
$is_IIS = (strpos($_SERVER['SERVER_SOFTWARE'], 'Microsoft-IIS') !== false) ? true : false;

I also had to edit the /wp-login.php file and add session_start(); at the beginning for the Register Plus plug-in to work properly as PHP sessions are not automatically started:

session_start();
/**
 * WordPress User Page

Other than the modifications above, which I have always had to do, the upgrade went smoothly. :)

Of course, I did perform a complete database and file backup before upgrading! :)

Changed method of displaying random Gallery2 image to bypass DNS performance issues

Yeah, I know this probably will not make much sense to most people other than those dealing with something similar.

In the past I had been using PHP’s CURL functionality to obtain and display a random gallery image on both my main website and blog. The code I used was similar to the following:

$ch = curl_init();
$timeout = 10; // set to zero for no timeout
curl_setopt ($ch, CURLOPT_URL, 'http://gallery.markheadrick.com/main.php?g2_view=imageblock.External&g2_blocks=randomImage&g2_linkTarget=_blank&g2_show=title|date|views';);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
$file_contents = curl_exec($ch);
curl_close($ch);
if ($file_contents != false) {
   echo $file_contents;
} else {
   echo '
<div class="small">Error, exceeded '.$timeout.' second connection timeout.</div>
 
'."\n";
}

This method worked fine; however, every now and then it would take several seconds to complete causing the webpages to display that much slower. After much investigation from when I started noticing this many months ago, I determined that the delay was being caused by the amount of time it was taking the server to look-up the IP address of gallery.markheadrick.com. I used the following bit of code to test this with:

function getmicrotime()
{
   list($usec, $sec) = explode(" ", microtime());
   return ((float)$usec + (float)$sec);
} 
 
$port_starttime = getmicrotime();
$fp = @fsockopen('gallery.markheadrick.com', 80, $errno, $errstr, 10);
if (!$fp)
{
    echo "Offline ".number_format((getmicrotime() - $port_starttime), 4)." seconds\n";
}
else
{
    echo "Online ".number_format((getmicrotime() - $port_starttime), 4)." seconds\n";
    fclose($fp);
}

All this does is show the amount of time it takes to make a connection. Normally this should be a fraction of a second (0.0843 seconds for example). Well, on occasion this would take 4, 5 or more seconds to complete. If I used the server’s IP address instead of gallery.markheadrick.com, it would always take a fraction of a second (0.0001 seconds). So, the only difference was the system trying to determine what the IP address of gallery.markheadrick.com was. Similar behavior was displayed when I connected to google.com vs its IP address. In order for CURL to work, I had to supply it with gallery.markheadrick.com as the server has many domains and sub-domains associated with the same IP address.

Over time I’ve submitted numerous support tickets concerning this hostname look-up delay as the problem has surfaced, been fixed, and then resurfaced for whatever reason.

A couple days ago it started happening again and I submitted a new support ticket concerning it which more or less went nowhere and told them to just forget about it and close it.

Since my gallery is on the same server as my website and blog, I thought I should be able to obtain an image directly using PHP and MySQL; however, after looking at Gallery2’s database schema, this was going to be more difficult than I had thought. I then wondered if I could simply include some part of the Gallery code that dealt with the ImageBlock code that displays a random image. Then, I wondered if I could just include Gallery’s main PHP file and somehow feed it the variable values it needed to work. The following is what I eventually ended up with:

$_GET['g2_view'] = 'imageblock.External';
$_GET['g2_blocks'] = 'randomImage';
$_GET['g2_show'] = 'title|date|views';
$_GET['g2_linkTarget'] = '_blank';
ob_start();
include_once ($_SERVER['DOCUMENT_ROOT'].'/gallery/main.php');
$gallery_ob = ob_get_contents(); // Gets the contents of the output buffer
ob_end_clean(); // Ends capture and cleans the buffer so that it will not be displayed
$gallery_ob = str_replace('http://www.markheadrick.com/d/','http://gallery.markheadrick.com/d/',$gallery_ob);
$gallery_ob = str_replace('http://www.markheadrick.com/v/','http://gallery.markheadrick.com/v/',$gallery_ob);
echo $gallery_ob;

Hallelujah!! It worked! :) During my search for answers the following two articles/threads helped me out the most: I want “include” to return a string instead of writing directly into the page. and [SOLVED] Get arguments in include function. Because I was including the code under a different sub-domain, it was using the wrong URL for the image and link. This is why I needed to add the two str_replace functions. On my blog, it was trying to load the image from blog.markheadrick.com instead of gallery.markheadrick.com. I also had to increase the amount of memory PHP could use for scripts on my blog from 32M to 64M.