As far as our plans for continued community development, we plan on leveraging the powerful bbPress system for our future projects at PushButton Labs and have so far liked what we’ve seen! If you were using the phpBB integration for your community, we suggest looking into bbPress if you wish to continue using forums on your site.

If you have the phpBB module active in OnePress, please do the following before upgrading to WordPress 2.8. It is important that you change the authentication method in phpBB to the original “db” method. Since OnePress has kept WordPress and phpBB databases were kept in sync while acting as the active auth method, you should not have to worry about losing any login functionality with phpBB. However, as when doing any changes, we ask that you please update your database first. To change your phpBB login method, simply navigate to your phpBB Administration Panel -> Authentication and for the authentication method, choose “db.”

If you have found yourself in a position where you have upgraded before changing the phpBB authentication method to “db,” read here to learn how to fix this issue.

Concerning new functionality in WordPress 2.8, the only change visible to you, the user, is the method in which widgets are handled. Previously, WordPress required you to work on sidebar widgets on a per sidebar basis. Now, all of the sidebars are displayed at the same time. Due to this, the sidebar copy and pasting functionality of OnePress has changed a little bit. The interface now prides a highlight on the selected sidebar. So now, you click the sidebar you wish to copy, click copy, select the sidebar on which you wish to paste, and click paste! It’s that simple!

Upon logging in, user’s encountering this issue were experiencing an error:

“Fatal error: Call to undefined function is_ssl() in forums/includes/auth/auth_op.php on line 81″

A different error was displayed when logging out:

“Fatal error: Call to undefined function op_userExists() in /forums/includes/auth/auth_op.php on line 376″

By updating OnePress this will no longer occur.

Also included in this release is an added functionality to the Content Body Widget. This widget now provides the capability to filter posts displayed by tag name. Simply control the filter option by editing the widget and entering the name of the tag(s) you wish to have displayed in that widget in the “Filter Content by Tag” field.

Examples of filters:

featurette — Posts tagged as featurette
featurette,cars — Posts with either featurette or cars as tag
featurette,-cars — Posts with featurette tag but not tagged as cars

Release Notes

• Fixes in WordPress module to avoid hitting actions in registration process if the request is not a $_POST.
• Activating phpBB module no longer throws a PHP error. This was caused by using attribute_escape() on an array.

For step by step instructions on how to upgrade OnePress, please refer to our Upgrading OnePress Versions tutorial.

If you have your WordPress configured such that anyone can register, then this plug-in is for you!

The WordPress registration process requires providing a valid email address and using a password sent to that email address to login for the first time. While this is indeed a deterrant, it’s only one line of defense in the war against spammers.

When using the OnePress framework to build a community site, we recommend setting the option so that user’s must be registered to comment. This reduces spam quite significantly but what’s to stop [human] spammers from taking the extra step and getting the password from their email, only to bombard your blog with meaningless comments. Here’s where the OnePress Akismet for Accounts plug-in comes in.

What we have accomplished is a manner in which Akismet can be used to filter out those individuals registering or logging into your site. Using the Akismet spam filtering API, the user’s credentials are submitted to the service, and based on their response, the user is denied access to the site or allowed to proceed as per usual. This is an incredibly effective service and great way to keep only the users who really matter active on your site. The plug-in options allow you to choose if you would like Akismet filtering turned on for registration, login, both or neither.

Also, this plug-in provides an interface for flagging users as hammers or spammers after they have signed up. Much of Akismet’s power comes from the amount of data the service collects from administrator’s marking comments as spam or not spam. Well now, as an administrator, you can denote whether a user is a spammer (negative user) or a hammer (positive user) and other site owner’s will benefit from your input.

Definitely check out this plug-in if you have the “anyone can register” option turned on, as it will help decrease the amount of spammers that join your site!

Download OnePress Akismet for Accounts
OnePress Akismet for Accounts Plug-in source on Google Code

After hunting around the web for quite some time today, we tried to find a solution to this issue and it appeared that the only way to fix the problem was to dive into phpBB code and fix it ourselves. Disclaimer, phpBB3 doesn’t have any real plug-in system so any mods require code additions… so if you’re using phpBB you’re probably used to having to edit code to add/adjust functionality.

When it comes to stopping spammers, the best cut-off point is registration. Since users have to be registered to post on the forums, it’s logical to do the human check when registering. Usually a captcha is enough to handle this but it appears that in the case of phpBB3 it is not. So, we’ll resort to adding a simple math question that will do this check for us.

To get started, we need to edit the template for our phpBB style’s registration form so it will ask the appropriate question. In this case, our template is located at /styles/greytouch/template/ucp_register.html. To add a new field to our form, we will use the same markup that the theme is using for the other fields:

<div class="panel">
	<div class="inner"><span class="corners-top"><span></span></span>
	<h3>Are you human?</h3>
	<p>Believe it or not, a lot of users who try to register are not human.  So, we ask that you answer this simple question to prove you are and we'll let you in!</p>
	<fieldset class="fields2">
	<dl>
		<dt><label for="confirm_code">What is 2 plus 2?</label></dt>
		<dd><input type="text" name="human_question" id="human_question" size="8" class="inputbox narrow" title="human_question" /></dd>
	</dl>
	</fieldset>
	<span class="corners-bottom"><span></span></span></div>
</div>

Of course, this HTML will be placed right above the hidden fields and token in the form. I have just gone ahead and hard-coded the question into the HTML to keep things straight-forward. In this case, my question is “What is 2 plus 2.” Use any question you’d like, or even a series of questions is possible with a little tweaking.

Now that we have the form that the user is to fill out upon registering, we need to provide a little PHP logic to handle the user’s answer to make sure they are indeed human. This will require editing one of the core phpBB3 files, which I dislike doing, but I hate spammers even more. The file we want is located at /includes/ucp/ucp_register.php. Now, this file contains all of the logic that handles form validation when a user signs up to your forums. Be careful that you don’t remove anything or it could make matters worse.

First, we need to make sure that the value the user entered for our new field is accessible in our PHP code. To do so, we are going to find where the $data array is build (line 165) and add a new value to that. Here’s what the resulting array will look like (notice ‘human_question’ is now a key=>value pair.)

		$data = array(
			'username'			=> utf8_normalize_nfc(request_var('username', '', true)),
			'new_password'		=> request_var('new_password', '', true),
			'password_confirm'	=> request_var('password_confirm', '', true),
			'email'				=> strtolower(request_var('email', '')),
			'email_confirm'		=> strtolower(request_var('email_confirm', '')),
			'confirm_code'		=> request_var('confirm_code', ''),
			'lang'				=> basename(request_var('lang', $user->lang_name)),
			'tz'				=> request_var('tz', (float) $timezone),
			'human_question'	=> request_var('human_question','',true)
		);

A little bit further down (around line 180), the validate_data() function is built. We will use this function to our advantage to make sure that the value entered for ‘human_question’ is a string. Here’s what that function call will now look like (once again ‘human_question’ is added to the array).

			$error = validate_data($data, array(
				'username'			=> array(
					array('string', false, $config['min_name_chars'], $config['max_name_chars']),
					array('username', '')),
				'new_password'		=> array(
					array('string', false, $config['min_pass_chars'], $config['max_pass_chars']),
					array('password')),
				'password_confirm'	=> array('string', false, $config['min_pass_chars'], $config['max_pass_chars']),
				'email'				=> array(
					array('string', false, 6, 60),
					array('email')),
				'email_confirm'		=> array('string', false, 6, 60),
				'confirm_code'		=> array('string', !$config['enable_confirm'], 5, 8),
				'tz'				=> array('num', false, -14, 14),
				'lang'				=> array('match', false, '#^[a-z_\-]{2,}$#i'),
				'human_question'	=> array('string', false, 0, 10)
			));

Now, we just need to find an appropriate place in the process and add a check to make sure the answer matches what we expect. For this, I ended up throwing a simple “if” statement above the code for “Visual Confirmation handling” (around line 216.)

			if($data['human_question'] != '4' && strtolower($data['human_question']) != 'four'){
				$error[] = 'You did not answer the human question correctly.';
			}

And that should do it. Note, I am checking against both the numeric and written answers, as I don’t want a real user to get frustrated by me telling them their math is wrong when it really isn’t. Also, using the strtolower() function is helpful in case they are using capital letters.

By adding the error message to the $error array, when a wrong answer is provided the form will not validate and they will burn one of their login attempts. phpBB provides an option in the administrator control panel to limit the amount of registration attempts a user is given in a session. I recommend making sure this is at 5 or lower just to avoid getting hammered by some bot. To do this, navigate, in your admin panel to “Board Configuration” -> “User registration settings” and set the option “Registration attempts” to “5″ (or even lower) and save changes.

Also, another thing you can do if you don’t have a lot of user’s signing up regularly is turn on the option to have an admin confirm account registrations. To do so, navigate, in your admin panel to “Board Configuration” -> “User registration settings” and set the option “Account activation” to “By Admin” and save changes.

Notice. After making all these changes, you definitely need to purge the cache on your forum, otherwise your HTML template won’t update. You can do this under the “General” tab of the admin panel click the button that corresponds to “Purge the cache.”

Hopefully this will relieve some headaches and decrease the amount of spam you see on your site. It’s too bad we can’t have a cleaner solution but until phpBB provides a real plug-in system our options are pretty limited.

Release Notes

• PHP errors occuring when changing password/email in WordPress and do not have any modules active.
• Error being thrown when adding more than one content body widget to the same page.
• #welcome div is not rendered unless “Anyone Can Register” option is selected.
• Option in phpBB content widget for displaying avatars from phpBB instead of gravatars.

By the way, did you know that to get your phpBB forum to look great with this theme, you don’t need a new style at all. If you have the Greytouch phpBB theme installed, it will automatically react to your installation of Bullseye. Just make sure that when you activate “Bullseye” your /wp-content/themes/onepress/settings.inc.php file has been updated (should happen automatically but never hurts to double check.) Here’s what the $op_current_theme variable should look like:

        $op_current_theme = <<<EOT
bullseye
EOT;

Bullseye Theme and Greytouch Style in phpBB

Notice
When upgrading to 1.0.5, you will need to update your phpBB module. To do so, log into your WordPress administration panel and navigation to Settings -> OnePress. In here, you should see a link under the phpBB checkbox that says “Upgrade Module.” Simply click on this link and your phpBB install will be automatically updated with the latest OnePress module.

Release Notes

• Fix for adding content body widget twice in the same sidebar causing fatal error.
• Changing password in WordPress will now be reflected when logging into phpBB and vice versa.
• Changing email in WordPress will change the email in phpBB and vice versa.
• User defined header image no longer repeats.
• Fix for logging out of WordPress not properly logging user out of phpBB.
• Logging in now redirects you back to the last page you were on.

For step by step instructions on how to upgrade OnePress, please refer to our Upgrading OnePress Versions tutorial

Also, we have updated the presentation of the phpBB content widget so that it not only shows the forum title and author, but also the number of replies, number of views, and the author’s gravatar.

phpBB Content Widget on makeitbigingames.com

Release Notes

• Deactivating phpBB module was still looking to phpBB when loading registration form. It now checks to make sure the phpBB module is active first.
• Account for whitespace when including wp-settings.php through eval chain that is used when logging in/out from phpBB.
• Fix for OP Recent Comments always displaying comment’s author name as “Anonymous.”
• Use is_callable instead of method_exists for PHP4 compatibility. This will allow servers running PHP4 to activate the phpBB module.
• Display for phpBB content widget improved and gravatar support added.
• Logging out when phpBB exists but is not installed or active was causing 404 error, logout process now looks for this case.
• Fixes for pathing issues when users installed WordPress in a subdirectory.
• Comments template “Logout” link needed a nonce attached it for WordPress 2.7 compatibility.

For step by step instructions on how to upgrade OnePress, please refer to our Upgrading OnePress Versions tutorial

1. Download the latest OnePress Framework version
2. Use your FTP client to log into your site.
3. Locate the directory /wp-content/themes/
4. Unzip the downloaded OnePress file and upload it into the /wp-content/themes/ directory
5. You should be prompted whether or not you wish to overwrite the contents of /wp-content/themes/onepress/. Choose “Yes” or “OK.”
6. After uploading is complete, navigate into your /wp-content/themes/onepress/ directory and verify that the directories–images, op, scripts, and widgets–all exist.
7. In your web browser, navigate to http://www.mysite.com/wp-content/themes/onepress/style.css (path may vary depending on site structure), replacing mysite.com with your site’s domain. Verify that the seventh line in the file reads “Version: 1.*.*” (the asterices representing the version you meant to install.) If this is the case, you’re done!
8. Optional. If you are using a OnePress module (i.e. phpBB), verify that the settings.inc.php file exists in the /wp-content/themes/onepress/ directory. If it is not there, create an empty file with that name and set the permissions, in chmod, to 666.