Tag Archives: PHP

Not Counting Views Made by Gallery 3.0.1 Admin

Update: June 22, 2011: This information also applies to Gallery version 3.0.2.

After upgrading my Gallery to version 3.0.1, I needed to re-add my code modifications to stop the gallery from counting views made by the administrator since I don’t care how many times I view my own pictures LOL. Some of the core files had changed so I had to make the following changes this time.

First, in /themes/(your theme)/views/page.html.php add the following code near the top (below the first line, making sure you keep the code within PHP opening and closing tags.):

2
3
4
5
6
7
8
<?
if ($user->admin == '1') {
   $_SESSION['admin'] = true;
} else {
   $_SESSION['admin'] = false;
}
?>

Then in /modules/gallery/models/item.php around line 1019 modify the increment_view_count() function by adding the check around the query statement:

1019
1020
1021
1022
1023
1024
1025
  public function increment_view_count() {
    // mrh added the session admin check
    if(!$_SESSION['admin']) {
      db::query("UPDATE {items} SET `view_count` = `view_count` + 1 WHERE `id` = $this->id")
      ->execute();
    }
  }

Now, views will not be counted by the gallery administrator! Since I am the only one that uploads photos, this is all I need to do. For those wanting to stop view counts made by any owner of a photo, check out this thread on the Gallery forums. 🙂

How to not count views made by the Gallery 3 Admin

If you’re like me, you like to know how many times your photos are viewed; however, you don’t want to count the views made by yourself because who cares how many times you look at one of your own images?

Here’s how I got Gallery 3.0 to stop counting my views as the gallery administrator. (Update 1-27-2011: For those that have upgraded to Gallery 3.0.1, please see this post.) I should mention that my target audience for this post are those that are familiar with editing PHP files and have a means to access their Gallery database (to reset the view_counts back to zero).

First, in /themes/(your theme)/views/page.html.php add the following code near the top (below the first line, making sure you keep the code within PHP opening and closing tags.):

2
3
4
5
6
7
8
<?
if ($user->admin == '1') {
   $_SESSION['admin'] = true;
} else {
   $_SESSION['admin'] = false;
}
?>

Then, in /modules/gallery/controllers/photos.php modify the code around line 50: (make sure you do not leave the existing view_count++ statement outside the IF statements; otherwise, you’ll get duplicate view counts)

50
51
52
53
54
55
56
    $template->content = new View("photo.html");

    // mrh added the session admin check
    if(!$_SESSION['admin']) {
      $photo->view_count++;
    }
    $photo->save();

Then, in /modules/gallery/controllers/movies.php around line 50:

50
51
52
53
54
55
56
57
58
    $template->content = new View("movie.html");

    // mrh added the session admin check
    if (!$_SESSION['admin']) {
      $movie->view_count++;
    }
    $movie->save();

    print $template;

Finally, in /modules/gallery/controllers/albums.php around line 77:

77
78
79
80
81
82
83
    // mrh added the session admin check
    if (!$_SESSION['admin']) {
      db::query("UPDATE {items} SET `view_count` = `view_count` + 1 WHERE `id` = $album->id")
      ->execute();
    }

    print $template;

The Gallery will now not count any views made by the administrator which in my case, is me. 🙂 To reset the view counts back to zero, the following SQL statement will work:

UPDATE items SET view_count = 0 WHERE view_count > 0;

Since you’re modifying the core Gallery code, be sure to make backups before applying any future upgrades as your changes will be lost.

Hopefully this helps! 🙂

Making Block-Spam-By-Math work better for you

This is a follow-up to the post I made a couple days ago about upgrading to WordPress 3.0 and looking for a new spam protection plugin that asked to solve a math problem. The one I chose was Block-Spam-By-Math because it seemed to work out of the box. Well, since then, I’ve learned that the plugin, as is, is not all it’s cracked up to be. I was still receiving numerous spam comments (which Akismet did catch). Due to the content of the comments, I could tell that these were automated or done by bots most likely and not humans. I, of course, understand that no plugin like this is going to stop an actual human hired to or set upon spamming blogs and galleries.

After examining how this plugin worked, it became rather obvious that it was pretty much useless. The plugin always performs addition and the two numbers to be added are there in the form with very recognizable field names and, well, it does have “X + Y” within the form text. A bot that knows how this plugin works and the field names it uses could easily parse the form’s contents to get the two numbers, add them together, and then supply the answer using an obviously known POST variable name. In fact, because the plugin adds the numbers that are submitted to it by the form, the bots can simply supply their own arguments for the plugin to use. All it has to do is use the correct POST field names. Since this is an established plugin on the WordPress site, I’m sure the blog spammers have learned to expect this plugin to be in use on WordPress blogs and have written their code to effectively get around it.

The solution that I wanted to use, which I do with my guest book on my main website, is to store the answer and/or the arguments on the server, such as in a session variable because these values are only known to the scripts running on the server; however, the way the plugin is written (or WordPress itself), the function that sets up the form is some how executed more than once when viewing a post thereby causing the values to change from what is presented on the form itself. Maybe it’s related to this theme’s possibility of having nested comments. This may explain why they perform the math on the values sent in by the form itself. So, what I did was to simply change the field names that it used to some random things I thought of to throw the bot’s parsing or string searching and posting functions off.

This has appeared to do the trick as I can now see spam attacks in my latest visitors log at my webhost resulting in 403 errors that this plugin generates on a failed response. This also proves that these attacks are coming from bots and not humans putting in the answers.

To make this change yourself, edit the /wp-content/plugins/block-spam-by-math/block-spam-by-math.php file and look for function add_hidden_fields() and function check_hidden_fields() and simply change the corresponding name and $_POST[] variables it uses:

function add_hidden_fields() {
   $mathvalue0 = rand(2, 15);
   $mathvalue1 = rand(2, 15);
   echo '<div><b>IMPORTANT!</b> To be able to proceed, you need to solve the following simple math (so we know that you are a human) :-) ';
   echo "What is $mathvalue0 + $mathvalue1 ?";
   echo '<input type="text" name="changeme2" value="" />';
   echo '</div>';
   echo '<div style="display:none">Please leave these two fields as-is: ';
   echo "<input type='text' name='changeme0' value='$mathvalue0' />";
   echo "<input type='text' name='changeme1' value='$mathvalue1' />";
   echo '</div>';
}

// Check for hidden fields and wp_die() in case of error
function check_hidden_fields() {
   // Get values from POST data
   $val0 = '';
   $val1 = '';
   $val2 = '';
   if ( isset( $_POST['changeme0'] ) ) {
      $val0 = $_POST['changeme0'];
   }
   if ( isset( $_POST['changeme1'] ) ) {
      $val1 = $_POST['changeme1'];
   }
   if ( isset( $_POST['changeme2'] ) ) {
      $val2 = $_POST['changeme2'];
   }

   // Check values
   if ( ( $val0 == '' ) || ( $val1 == '' ) || ( intval($val2) != (intval($val0) + ntval($val1)) ) ) {
      // Die and return error 403 Forbidden
      wp_die( 'Bye Bye, SPAMBOT!', '403 Forbidden', array( 'response' => 403 ) );
   }
}

In the code above you want to change the changemeX items. The original code and my new code has something other than what is shown here. To be even sneakier you could change them once a week or however often and there’s no need for them to be the same thing with 0, 1, and 2 after them. They just have to match each other in the functions. As I’m sitting here typing this, I just had another idea to try. 😉 Anyway, hopefully this well help cut down some of the automated comment spam attacks.

Blog has been upgraded to WordPress v3.0!

I have upgraded my blog to WordPress v3.0 which was just released a couple days ago. As I always do, I backed-up all my files and database before proceeding. I have a local copy of my blog on the PC so I upgraded it first. I did the auto upgrade option again which seemed to have worked well. Even so, once again I had to edit the /wp-includes/vars.php file to force $is_apache to true (see below) since the SERVER_SOFTWARE variable comes back as WebServerX instead of Apache.

// Server detection

/**
 * Whether the server software is Apache or something else
 * @global bool $is_apache
 */

//$is_apache = ((strpos($_SERVER['SERVER_SOFTWARE'], 'Apache') !== false) || (strpos($_SERVER['SERVER_SOFTWARE'], 'LiteSpeed') !== false)) ? true : false;
$is_apache = true;
/**
 * Whether the server software is IIS or something else
 * @global bool $is_IIS
 */

$is_IIS = (strpos($_SERVER['SERVER_SOFTWARE'], 'Microsoft-IIS') !== false) ? true : false;

I also had to edit the /wp-login.php file and add session_start(); at the beginning for the Register Plus plug-in to work properly as PHP sessions are not automatically started at my webhost (I could make them auto-start if I wanted but I’d rather have control of it via my scripts):

session_start();
/**
 * WordPress User Page

Now I could have stopped here; however, I wanted to use the new default WordPress theme, Twenty Ten which had a wider footprint and additional functionality beyond the previous default theme. I also figured it would be the most stable and up-to-date theme to work with the new WordPress version.  I made of a copy of the theme and placed it into its own directory, giving it my own name.

Since this was a new theme, I had to modify some of the PHP files to add my custom code. All I really had to do was add a JavaScript code snippet to the /mytheme/header.php file that some of my archived pages use to show and hide parts of their content. I also had to add a piece of code to the /mytheme/comments.php file for the Math Comment Spam Protection plugin to function; however, this theme’s coding of the comment form was much different and from what I could tell would have to do a lot of hacking around with the code to get it to work. So, I decided to look for something else. I came across the Block-Spam-By-Math plugin. This one worked with the new theme and I didn’t have to add any additional code anywhere to make it work! During this time frame where I did not have a functioning Math protection plugin, Akismet caught around 55 spam comments! This was in less than a day and a half. Since adding in the new plugin, Akismet has only seen one new spam comment. This just proves how many spam comments a plugin like this will stop.

Update: August 24, 2010: The Math Comment Spam Protection is now compatible with WordPress 3.0.1 and have switched my blog back to using it.

At this stage all I’m really doing is playing around with CSS styles to get the blog to appear how I want. This is where things like Firebug for Firefox come in real handy by telling me where an element is getting its style from. It will tell you about the element’s inheritance, which file(s) contain the CSS, and the line numbers within those files. By the way, I found the CSS Tutorials at W3Schools to be rather helpful in testing out various font-size and line-height combinations which this theme seems to use heavily. I may change its use of fixed pixel sized line-heights in favor of relative values so that they scale properly with changes in font size, we’ll see. 🙂

Before I close and while there’s still 30 minutes left in the day, I just wanted to wish my dad and all the other dads out there a Happy Father’s Day!! 😀

Blog has been upgraded to WordPress v2.9

I have updated my blog to WordPress v2.9 which was just released. I did the auto upgrade option again which seems to have worked well. Even so, once again I had to edit the /wp-includes/vars.php file to force $is_apache to true (see below) since the SERVER_SOFTWARE variable comes back as WebServerX instead of Apache.

// Server detection

/**
 * Whether the server software is Apache or something else
 * @global bool $is_apache
 */

//$is_apache = ((strpos($_SERVER['SERVER_SOFTWARE'], 'Apache') !== false) || (strpos($_SERVER['SERVER_SOFTWARE'], 'LiteSpeed') !== false)) ? true : false;
$is_apache = true;
/**
 * Whether the server software is IIS or something else
 * @global bool $is_IIS
 */

$is_IIS = (strpos($_SERVER['SERVER_SOFTWARE'], 'Microsoft-IIS') !== false) ? true : false;

I also had to edit the /wp-login.php file and add session_start(); at the beginning for the Register Plus plug-in to work properly as PHP sessions are not automatically started:

session_start();
/**
 * WordPress User Page

Other than the modifications above, which I have always had to do, the upgrade went smoothly. 🙂

Of course, I did perform a complete database and file backup before upgrading! 🙂