Archive for May, 2006

Click to run an ActiveX control on this webpage

Wednesday, May 31st, 2006

It seems to me that Microsoft is always very good at covering their own backs but not so good when it comes to protecting the user.  How many times do you see a Windows Genuine Advantage update come in that's out of step with Windows Updates (even when there's a serious vulnerability about)?  Quite often, I find.

I feel the same way about the changes that Microsoft made to Internet Explorer is response to the patent dispute between themselves and Eolas Technologies which basically meant that you have to click to run certain kinds of ActiveX.

Click to run an ActiveX control on this webpage

I have a question though - since Microsoft decided that pestering the user with a dialog box was a good way to go in this case, why not add a second option to the dialog box - a Cancel option.  That way users would get the option whether or not to run the ActiveX control.  It might make people think a bit more about security issues surrounding ActiveX.

Additionally, as far as most users were concerned, Microsoft introduced this change silently.  One day users just start seeing this box appear.  Think usability!  How about some help people?  We're already telling people to be on the lookout for suspect dialog boxes and you introduce one without making it clear what it's about.  Sloppy.

Read more ...

WordPress PHP code injection vulnerability

Friday, May 26th, 2006

Secunia is reporting that a vulnerability is present in [tag]WordPress [/tag]2.x which could allow hackers to gain remote access.

This vulnerability has been confirmed in WordPress 2.0.2 and may affect other versions (but not pre-2.0 versions since this doesn't use cache files).

The current recommendation is that access is restricted to the following directories:

  • wp-content/cache/userlogins/
  • wp-content/cache/users/

“Drupal emails gone astray”

Wednesday, May 17th, 2006

"My Drupal password emails are considered spam by my spamfilter so I found them in the spam folder. Why is this?"

Your Drupal installation isn't set up correctly to send email, so, because important information is missing from the header of the email, your filter is regarding them as spam. In Drupal go to administration, click settings, general settings and type in an email address that the installation can use to send email from. This should fix the problem.

However, doing the above will probably generate the following error: "The directory files does not exist." Create a directory in your drupal root called "files". Set CHMOD to 777 on this folder.

Viewing Style Info with Web Developer Extension

Friday, May 12th, 2006

I noticed today that the ‘View Style Info’ from the Web Developer Extension in Firefox had stopped working.

I could hover over an element within a web page and it would reveal the markup in the status bar as usual but when I clicked it didn't deliver the style info about that element. I think this is one of the best features of the [tag]Web[/tag] Developer Extension (but then it's hard to choose as there are so many!) and it's certainly one that I use most, so losing it was disheartening.

I spent an anxious few minutes searching the web for souls with similar afflictions, all the while wondering if somehow ... Bill Gates had driven a truckload of Chris Pederick's door to tempt him to remove this most valued functionality (and ..gasp..Internet Explorer beta toolbar? The one that constantly crashes IE if I install it.  No! He'd never be tempted to the dark side!!).

Anyway sense and search prevailed and I found the answer here. Apparently when I installed the latest [tag]Firefox[/tag] a few days ago I only did a standard install which doesn’t install Developer Tools and hence the DOM inspector wasn't available.  Note to self: always do a custom install next time!

Thanks Chris!  I’m a happy bunny again …

WordPress & Microsoft Fingerprint Reader

Thursday, May 11th, 2006

By default, users of Microsoft’s Fingerprint Reader are frustrated whenever they try to login to WordPress sites.  This is because the software refuses to recognize the WordPress logon screen as a something you can input a password into. 

 

The fix is thankfully a very simple edit to the css file that handles the login screen. (/wp-admin/wp-admin.css)

#login #log, #pwd {
 font-size: 1.7em;
 width: 80%;
}

If you edit the font-size to be 1.2em or less the [tag]Fingerprint[/tag] Reader will recognize the field as a logon and store your password for you!

(This works for [tag]Wordpress[/tag] 2 or higher. For previous versions edit the embedded style rule in the file wp-login.php).

As an aside, I'm keeping my eye on the FingerFox Extension which enables you to use the Fingerprint Reader with the Firefox browser. I'm not quite ready to take the plunge with the app just yet ... Perhaps when it shows up in the Official list of Firefox Extensions?? Eagerly waiting!

Updated Oct-26-2006

Important note for Microsoft Fingerprint Reader users with Internet Explorer 7. Oct 26 2006
Internet Explorer 7 is now out of beta and will start to be delivered to Windows users via Automatic Updates shortly. As it stands at the moment there are some serious problems in conjunction with the Fingerprint Reader:

  • Existing passwords to websites (accessed via IE6) no longer work.
  • Adding new passwords works but it is very slow and quirky.

We would recommend that before you install IE7 or run Windows update that you make certain that you have an alternate record of your passwords, for example stored in Password Safe (download free from Sourceforge).

Changing a forgotten WordPress password

Thursday, May 11th, 2006

What do you do if you have a WordPress blog and you’ve forgotten the password? (This is quite common if you’ve ever clicked the ‘Remember me’ option some time back in the dim and distant past. This works great until you clean out your browser’s cache taking your cookies and your password along with it!)

First of all, don’t Panic! This short post will help you get back into your WordPress blog and get you back blogging.

To make these changes I'm going to assume that you have access to phpMyAdmin and are comfortable using it (making a wrong change here can trash your entire WordPress database!  You have been warned!).

  1. Log into phpMyAdmin.
  2. Click on the Databases link and then click on the database you want to edit from the list that appears.
  3. You will now be faced with a list of tables in that database.  From this point on I'm assuming that you used the default "wp_" prefix for your WordPress tables.
  4. In the right-hand pane scroll down to "wp_users" and click on the "Browse" icon (if you hover over the icons you'll notice a tooltip appear).
    WordPress password reset
  5. You'll now see the list of users for the site.  The Admin will be the user with the ID number 1.  Assuming that’s you, click on the "Edit" icon next to this to edit it (again, hover long enough and you'll see a tooltip appear).
    WordPress password reset
  6. You'll now see all the details associated with the Admin user.  The field that you are interested in is labeled "user_pass".  This field contains the password that have been encoded using the MD5 one-way hash which turns the password that was used into a string that is 32 alphanumeric characters long.  Don't bother trying to reverse the hash back to the password!  Consider the password lost!
  7. Into the "user_pass" field, type in your new password. 
    (REMEMBER THIS PASSWORD!!! )
  8. Now your new password will be not stored in the database as the plain text password you just typed in (which would make it easy to steal) but rather as an MD5 hash of the password. So the next important step is to convert your password.  Fortunately, phpMyAdmin offers a really easy way to do this.  
    From the "Function" field select "MD5".
    WordPress password reset
  9. Once you've made that change, scroll to the bottom of the screen and click "Go".  The password will be hashed using MD5 and stored in the database.
  10. Log out of phpMyAdmin.
  11. One final thing.  If you’re using WordPress 2.0 or higher you’ll need to delete the WordPress cache file.  Using your FTP program (or cPanel file manager) delete all the contents of the /wp-content/cache folder.
  12. Now log into your WordPress blog using the new password and start blogging again!

WordPress Chronological Order …

Wednesday, May 10th, 2006

Today I've lost the plot at least a couple of times...

I've been trying today to sort out Adrian's Drac Ant page over on Antrageous Antics. The page is a WordPress category page (with a little bit of extra formatting that will show only on the Drac Ant category archive).  Simple enough, but what bakes my brain is trying to figure out how to put in meaningful navigation through the pages of Drac Ant cartoons, especially because in this case they correspond to journal entries and dates in the original Bram Stoker book, Dracula. 

Adrian wants a way for the user to quickly get to the earliest entry that was made because, being a daily cartoon site, the site is set to show one cartoon post per day and that means the archives will only show one post per page too (unless of course you know of some way round this, if you do please let me know!)  So getting back to the original entry would take a lot of clicks otherwise.  Luckily the WP-PageNavi plugin puts in a link to the Last page by default if there are more than 3 pages.  But wait a minute shouldn’t that ‘Last’ really be ‘First’?  After all that page contains posts that were posted earlier in time than those on the ‘First’ page, right?

I've used WP-PageNavi many times before but it's never really hit me before today that when it shows [1] [2] [3] » Last  that the ‘Last’ page it’s linking to is really the first chronologically speaking. It's not just this plugin that does it or WordPress - lots of software does it. Just a chronological semantic glitch ... perhaps because so many people, myself included, are still adjusting to websites that handle the page navigation in reverse chronological order. Before the advent of the blog and blogging software this was pretty hard to do manually!(As an aside we were discussing recently the main differences between a blog and a website and I'd have to say that content being arranged chronologically is probably the biggest difference after trackbacks.)

So I edited the plugin (email.php) to swap around  the words First and Last in the code. 

But then it occurred to me that there was something wrong with the WP-PageNavi set as it was in amongst the previous and next entries blocks.
I had to look at it for a little bit before I realized what it was. The little double arrow » on the pagenavi is pointing in the direction of the older posts. But there's also a » on the Next Cartoon link which is pointing to the more recent posts - it should be the other direction! That's it, brain 100% fried. How come I never noticed this before? (Am I having an 'off' day today or a more switched on than usual day???)

So I switched around the the « and » arrows in the template so they pointed the right way:

<div class="alignleft">
<?php previous_posts_link('Next Cartoon &laquo;    |     ') ?>
<?php wp_pagenavi()?>
</div>
<div class="alignright">
<?php next_posts_link('|     &raquo; Previous Cartoon') ?>
</div>

Ugh! Is that right now? Or should this site not be called 'Vexentricity' (i.e. vexation + eccentricity) but rather 'The Beginnings of Dementia' ... ?

|

Oblivion? I’m oblivious to all else!

Wednesday, May 10th, 2006

Elder Scrolls IV: Oblivion for PCI’ve been playing the latest Elder Scrolls game Oblivion for the past few days.  Yes I know the weekend was 3 days ago and I’m supposed to be working now, but it’s just that it’s a hard game to stop thinking about. 

One of my kids called it ‘Oblivious’ and the name’s rather stuck because I must admit I am pretty much oblivious to everything else right now.  I’m just not bothered about  work, or that I have chapters due next week, or event blogging for that matter.  I was barely that excited when a box got delivered this morning containing a whole bunch of copies of  my new book Building Forums with vBulletin … and let’s face it normally I’d be signing a copy for the FedEx guy!  (But … and I  have to add this before my editor comes over and confiscates my Oblivion disks …  it is a really good book for newbie vBulletin webmasters, and you really should go buy it!)

I was new to Oblivion (until I learned of it from Dan Ackerman back when he linked to the history of the scrolls video) so I have no clue whether the previous 3 versions of the game were this cool to play … but I’ve got to say that I am really impressed.  I love the first person nature of the game and it is such a beautiful and totally immersive experience that it can be pretty hard to let go of. Yesterday I was walking down the street (real world, not virtual) and finding myself glancing at flowers in people’s hedges and wondering if they have healing properties or cure fatigue. Then I realized I was peering into people’s faces as they went past to see if they wanted to talk to me.  I even find myself swaying from side to side when I’m talking to people now and I keep expecting a little red hand to appear in front of items in the supermarket. 

Help me!  Just like the crew of Red Dwarf I’m trapped in a game and I suspect it might be better than life! Well, better than work anyway…

Building Forums with vBulletin

Building Forums with vBulletin is available from Amazon.com | Amazon.co.uk | Barnes & Noble and all good bookshops.

More info about the book will appear in Kingsley-Hughes.com’s books section  … once I’ve completed the Oblivion quest where I catch the gang who stole Gogan’s pants!

Manually Adding Feedburner to your WordPress Blog

Thursday, May 4th, 2006

Feedburner is very easy to set up on your site if you use the WordPress FeedBurner Plugin.

If you plan to use this you must use the WordPress permalinks structure, which is all well and good if you've just started a new blog and can switch to that structure without affecting any existing posts on your blog. But if your site's been running for a while before you decide to add Feedburner, switching to that link structure isn't an option for you. Here are the changes you need to make to your blog's templates in order to add Feedburner without using the plugin:

  1. Login to your blog and click on Presentation, then Theme Editor.

    If you're new to editing your blog's theme, check whether it says "If this file were writable you could edit it" towards the bottom of the page and, if so, follow these instructions to set the permission on your theme's folder using your FTP program or cPanel File Manager.

  2. Choose the Header template.
  3. Within the template, find the following line of code and select the text:

    <link rel="alternate" type="application/rss+xml" title="<?php bloginfo('name'); ?> RSS Feed" href="<?php bloginfo('rss2_url'); ?>" />

  4. Replace the text with the following line of code:

    <link rel="alternate" type="application/rss+xml" title="RSS" href="http://feeds.feedburner.com/your_feed_goes_here" />

  5. Now to add your Feedburner details. Login to Feedburner and follow the steps to add your feed. Then copy the feedburner address for your feed.

  6. Lastly paste the URL into the code and save your header template.

Now your Feedburner feed will be automatically discoverable by most RSS reader software and some browsers.

  1. Next, you need to add a Feedburner link in place of the existing one. You'll find this in the Footer template if you're using the Default WordPress theme or in the sidebar template if you're using the Classic WordPress theme.


    Default

  2. Classic

  3. Open the appropriate template in the theme editor and find the following code:

    feed:<?php bloginfo('rss2_url'); ?>

  4. Paste in your Feedburner link:

    Save the file by clicking Update File.

You can leave the comments feed as is (this enables readers to keep up with replies to your blog posts) or you could create a separate Feedburner feed for comments too. Of course if you don't have comments switched on you can delete the link altogether.

Another good way to provide a link to Feedburner is using a 'chicklet' Feedburner will help you to choose which chicklets you want and supplies the code to go into your template.

Happy Feedburning!

Smart Quotes in WordPress

Monday, May 1st, 2006

If you've ever posted code into a WordPress blog you may have noticed that single quotes (') get changed to smart quotes ().

One solution for preventing this is to remove the filters that are reformatting the text you enter. Download the plug-in fix to prevent smart quotes. (This is basically Katja's hack put into plugin form. I expect someone else has saved this as a plug-in somewhere, but I haven't found it myself as yet and this site is as much a repository for things I need to remember as for others to use! So apologies for any duplication... )

  1. Unzip the file "smart-quote-fix.php" into the wp-content/plugins folder.
  2. Log into WordPress site admin and click on the Plugins tab. Activate the plug-in from the list.
%d bloggers like this: