Rhett

Almost ten years ago we launched the Marketplace; a place to connect Invision Community owners with talented developers creating new functionality.
Over the decade, the Marketplace has grown to hold thousands of applications, large and small. For many Invision Community owners, the Marketplace has become an essential resource.
Our aim was always to have the Marketplace available inside your Admin Control Panel to make it even easier to purchase and install extra functionality.

I'm pleased to say that as of Invision Community 4.5, this is now a reality. You can browse the Marketplace and install new add-ons without leaving the Admin Control Panel.

Obtaining Resources
Paid resources can be purchased directly from the Marketplace and are available to install immediately after the payment is complete. You no longer need to download and install the files yourself.
You may also notice some additional information with the resource listing, we'll be introducing a new 'tab' to marketplace resources to allow the authors to provide more useful information such as answers to frequently asked questions, or configuration instructions etc.

The video below takes you through the purchase and installation of a Marketplace application.
marketplace-install.mp4
Installing an Application
Updates
Some of the eagle-eyed among you may have noticed in the first screenshot that there are more 'bubbles' showing in the menu on the left. These are supported for Applications, Plugins, Themes and Languages.
In Invision Community 4.5 every resource available via the AdminCP is automatically versioned, you will see update notifications for everything you have installed (previously, you would only see update notices if the resource author supports them).
Installing an update is as simple as clicking on the update notice, then clicking 'update' on the Marketplace listing.

Installing Updates
Downloads Changes
Our Marketplace is built on our Downloads application, during development of this feature we needed to add new functionality. We have included as many of these improvements as possible in our software for the benefit of our customers, some of these are:
Custom Fields can now be set to only show to members that have purchased a file. Files can now be set to accept a single file upload instead of multiple. New file versions can now be moderated without hiding the current version from view. Downloads REST API Performance Improvements New /download endpoint that counts the download Added more data to the /downloads/file/{id} response Ability to sort file results by last updated date We hope you're as excited about this feature as we are.

If you've been around Invision Community for a while, you'll know our frontend default theme hasn't significantly evolved since the early days of 4.0. Indeed, the last significant refresh came with 4.2.
With the upcoming release of 4.5, we wanted to revisit the default theme and give it a facelift for 2020, as well as make incremental improvements to the underlying codebase as a stepping stone to a bigger re-engineering in a future version. Keep an eye out for our next blog for more on the facelift.
In this entry, I want to go over some of the design and code-level changes we've implemented that will be of particular interest to third-party theme designers, or those building a custom theme for their community.
IE11 Support
Until now, we've supported IE11 as a 'B' browser - meaning we didn't aim for perfect support (especially visually), but did aim to make all functionality work, and we fixed IE11-specific issues if possible.
As of 4.5, we no longer support IE11 in any way and Invision Community will not work well in that browser. By removing support for IE11, we are able to make use of newer CSS technologies which significantly eases development for us and third-party designers. I'll discuss some of those below.
Combined theme settings
We've combined a number of existing theme settings into one new setting. We've found that settings like poll_bar, step_background, rating_hover and so on are nearly always set to the same color - typically the site's main brand color. These settings have therefore been replaced with one new brand_color setting, which is used throughout the CSS in places where this primary color would be needed. This will simplify the early stages of theme development and make it easier to match branding in Invision Community.

Front end colors
Removing hardcoded colors
While our theme settings have allowed community owners to change most colors, there were still many hardcoded in our CSS framework. These were typically neutral colors used for things like 'close' links, semi-transparent backgrounds and so on, but it was enough to make creating a dark theme an unrealistic prospect without an awful lot of effort (and kudos to those designers who have offered dark themes up until now!).
In 4.5, we've removed hardcoded colors from our framework, and instead rely on colors already defined by theme settings. You can now, finally, create a dark theme just by editing the built-in theme settings.
Type scale & {fontsize} tag
While we've had fixed type-size classes (e.g. ipsType_normal) for a long time, in practice many elements had their own font sizes set. This leads to inconsistency and poor visual rhythm too. Another side effect is it was also tough to globally change the font size (such as for branding purposes, or to create a theme for visually-impaired users).
To solve these problems, we first created a type scale; that is, a fixed number of sizes to choose from. A product the size of Invision Community does have need for a flexibility, so we settled on the following scale:
x_small: 12; small: 13; medium: 14; base: 16; large: 18; x_large: 20; 2x_large: 24; 3x_large: 30; 4x_large: 36.
All of these values are editable as theme settings, so each theme can adjust the type scale used. Our default CSS in 4.5 has been fully updated to put all type on this scale.
To actually make use of these settings, we have added a new {fontsize} tag which accepts either a scale key, or a specific pixel size (for those occasional situations where a specific size is absolutely needed, e.g. icons).
Why couldn't we just use {theme="x_small"}, or even CSS variables? To solve the problem of globally scaling text, we have also added a percentage-based scale setting that will save you from having to create your own type scale. The {fontsize} tag automatically applies the global scale to any values passed into it. Want text in your theme to be twice as big as default? Simply set the global type scale to 200% and the entire theme will reflect the change immediately. 

The new font size options
Spacing scale
The lack of a consistent spacing scale has led to some arbitrary values being used in any given situation, which again has had a negative impact on the visual harmony of our design. We've therefore implemented a 4px spacing scale (using CSS variables rather than theme settings this time) and applied across almost all padding/margin values. In time, we anticipate fully switching all measurement values to the scale.
New CSS class families
We have added a range of new spacing classes for padding and margins, allowing far more control over how these are applied, especially on different device sizes. Previously, ipsPad (15px) was simply halved on small screens - with no 'opt-out' short of adding specific CSS. We've felt this has been imprecise for some time, especially since mobile devices typically have larger screens in 2020 and don't need to be so tightly-spaced.
ipsPad_all now replaces the existing ipsPad, and does not halve itself on small screens. Instead, there's a new responsive naming convention that allows you to apply specific padding on specific device sizes:
ipsPad_all:double md:ipsPad_all sm:ipsPad_all:half
In this arbitrary example, desktop size (the default) get double padding, medium (tablets) get regular padding and small (phones) get half padding.
We've added similar classes for top, bottom, left and right padding, as well as horizontal, vertical and none (to removing all padding) shortcuts.
For margins, the old ipsSpacer_* classes have been replaced with a new ipsMargin family that work exactly the same as the padding classes above, with the same range of flexibility.
The old ipsPad/ipsSpacer classes will continue working as they did before for backwards compatibility, but should be considered deprecated from 4.5 onwards.
We've also added a whole range of new ipsFlex classes, also with responsive controls (making it easy to have horizontal layouts on desktop and vertical layouts on mobile, for example), as well as a new ipsGap utility that automatically adds spacing between elements, without requiring manual :first-child/:last-child exclusions.
CSS variables & calc()
In 4.5, thanks to IE11 support ending, we're finally making use of CSS variables and calc() to make CSS more maintainable and easier to customize. A lot of repeating or often-customized styles - such as form field styles, message colors, card styles, border radii etc. - are now created as CSS variables, allowing theme designers to easily change styling in one place. Instead of magic numbers, we either stick to our spacing scale, or use calc() to avoid hardcoded numbers.
The future
The work we've done so far is just a 'first-pass'. We'll be pressing forward with modernization throughout the 4.5.* series and beyond with a view to reducing our footprint, improving our ability to maintain our CSS and, of course, making theming easier for our customers.

We have come a long way since the late 90s when someone had the genius idea of using a small yellow smiling face image instead of the more common colon-bracket representation of a smiling face.
In Invision Community, there are various places that photography can be used to create visual interest. From uploads in topics, to cover photos for blogs and members.
The humble upload field has served these areas well, but sourcing images to use can be a pain; especially when you have to walk the minefield that is copyright and attribution.
Fortunately, there are a few "CC0" online stock photo libraries that offer quality photography that requires no attribution and are not hampered by copyrights.
One such library is the ever-popular Pixabay, which was established in 2012 and features a very powerful API. Pixabay has over a million images ready to use from llamas to sausages and everything in-between.
Invision Community 4.5 now includes support for Pixabay which brings those images to your fingertips (or mouse pointer if you're on a desktop.)

This video shows the feature in use.
As you can see, not only can you upload into posts from the stock photo library, but you can also use it to add a cover image to your profile and blog entries.
Finding quality photography has never been so easy!
For those that love technical details, the stock photo picker is a programmatic option on the upload form field type making it very easy to add to your own code and apps.
How will you use this new feature? Let me know!

You'd be forgiven for thinking that RSS feeds belong in some bygone era of the web where Netscape was king and getting online meant listening to your modem scream at your phone line.
There's certainly a lot of newer web technologies to share data, but the venerable RSS feed still has a place.
Invision Community has supported RSS feed importing and exporting for a very long time now; however, it has been restricted to just Forums and Blogs.
Importing an RSS feed is a simple way to populate content on your community. It's even a great way to share content to and from your site without creating blocks or writing custom code.
Invision Community 4.5 now centralizes RSS feed importing, so it is available for Forums, Blogs and Pages.

You can now choose to import an RSS feed to any Pages database. Better yet, there is now full support for image enclosures.
RSS feeds have a special tag to note that the feed entry has an attached image. Lots of RSS feeds use this, such as the NASA Image Of The Day feed. Until now, this image has just been silently discarded.

Now, it is imported as an attachment (so it can be moved around in the post or Pages entry). If the Pages database you are importing to has record images enabled, you can optionally import the enclosure as a record image which some template sets can use as a header image, just as our blog here does.

But what about exporting enclosures?
Happily, Invision Community 4.5 can now export the main content image of an item as an enclosure. This certainly makes the Gallery RSS feed export a lot more useful!

While these updates are not revolutionary, they certainly make RSS feed importing and exporting much more useful. We've been asked to support RSS feed importing into Pages for quite a while now.
What do you think of these changes? What will you import into your Pages databases?

I've had this similar conversation dozens of times in the recent past when someone has taken an interest in what I do.
Person: So what does Invision Community do?
Me: We develop and sell an independent community platform.
Person: Oh. Neat.

I used to say the F word. But this used to cause some confusion.

'We develop and sell a forum system'.
This used to elicit a response similar to this:
"Forums? They're still going?"
This line of thinking is quite prevalent among those who frequent Facebook, or use Facebook Groups to manage their micro communities. Even though they probably use forums regularly, or end up on forum topics when searching for things like "Why is my iPhone not charging", they don't realise this.
I recently guested on a podcast, where we spoke about "Facebook or Forums?", and I received this comment.

 
It appears, then, that the word "forums" has a lot of legacy connotations attached to it. It conjures up images of the past when Netscape Navigator was the world's favourite browser, and AOL was still mailing out CDs.

That is all ancient history now, and we've moved with the times. The product we have now has roots in the product from the early 2000s but it is wildly different and much more capable.
When you explain that you can segment discussions into separate areas (aka forums), and even set up independent micro-communities (clubs), you can see lightbulbs going off.

"That's amazing! I had no idea! So you mean I don't have to have my community in a single stream struggling for attention among adverts?"

Nope, there is another way.

Why not try an independent community platform?

I'd love to hear your thoughts. Do you avoid the F word too?
 

It's been said that the best place to hide a dead body is on page 2 of Google.
While we can't promise to get you to page 1 for a generic search term, we have taken some time for Invision Community 4.4 to do an SEO sweep.
Moz.com defines SEO as "a marketing discipline focused on growing visibility in organic (non-paid) search engine results. SEO encompasses both the technical and creative elements required to improve rankings, drive traffic, and increase awareness in search engines."
We have the technical skills and were fortunate enough to have Jono Alderson of Yoast lend his time, knowledge and vast experience to improve our SEO.
This blog article gets a little technical. It's completely fine to leave at this point with the comfort of knowing that Google will be a little happier on your site with Invision Community 4.4.
The majority of the changes are designed to send stronger signals to Google and friends over which content to slurp and which to look at a bit later.
Still here? Good. Let us roll up our sleeves and open the hood.

 
Pagination
The most visible change is that we've taken pagination out of query strings and placed it in the path.
For example, the current pagination system looks a little like:
yoursite.com/community/forums/123-forum/?page=3
Which is fine but it gets a little confusing when you add in a bunch of sort filters like so:
yoursite.com/community/forums/123-forum/?sort=asc&field=topic&page=3
A better approach would be to make a clear signal to both Google and humans that pagination is a separate thing.
Invision Community 4.4 does this:
yoursite.com/community/forums/123-forum/page/3/?sort=asc&field=topic
Not only is this good for search engines, but it's also good for the humans too as it is more readable and no longer confused with filter parameters.

Of course, we ensure that the old style pagination is redirected (via a 301 header) to the new pagination URL automatically so nothing breaks.
Canonical Tags
These tags are a way of telling search engines that a specific URL is the 'master copy' of a page. This helps prevent duplicate content from being indexed.
Without it, you are leaving it up to the search engine to choose which is the master copy of the page.
For example:
yoursite.com/community/forums/123-forum/ and yoursite.com/community/forums/123-forum/?sort=desc&field=time may show the same content but have different URLs.
By setting the canonical tag to point to yoursite.com/community/forums/123-forum/ regardless of filters sends a strong signal to the search engines that this is the page you want to be spidered.
Invision Community sets these tags in many places, but we audited these in 4.4 and found a few areas where they were missing.
For example, viewing a member's profile doesn't always set a canonical tag which may confuse search engines when you click on "View Activity" and get a list of content items.
Soft 404s
When an application or website wants to tell the visitor that the page they are looking for doesn't exist, it sends a 404 header code along with a page that says something "We could not find that item" or "No rows available".
If a search engine spiders a page that looks like a 404 page, but it doesn't have the 404 header code, it logs it as a "soft 404".
Given the short amount of time Google has on your site to discover new content, you don't want it to hit many soft 404s.
Invision Community 4.4 omits containers (such as forums, blogs, etc.) that have no content (such as a new forum without any topics yet) from the sitemap, and also adds a 'noindex, follow' meta tag into the HTML source.
Google will periodically check to see if the status of the page has changed and happily slurp away when content has been added.
Other changes
Although the changes listed here don't deserve their own section in this article, they are no less important.
We have audited the new JSON-LD markup added to Invision Community 4.3 to help search engines better understand the relationship between pages.
The "truncate" method that is used to display a snippet of text in areas such as the activity stream now only sends the first 500 characters to the javascript method to reduce page loads and page 'noise'.
The profile view in Invision Community contains a mix of information pertinent to the member and content they've authored.
We've ensured that the content areas are using a specific URL, with appropriate canonical tags. This will help reduce confusion for search engines.
If you made it this far, then well done. It's time to slam the hood closed and mop our collective brows.
These changes will certainly help Google and friends spider your site a little more efficiently and have a clearer idea about what pages and data you want to be indexed which can only improve your ranking.

You've no doubt heard about GDPR by now. It's a very hot topic in many circles. Lots of experts are weighing in on the best approach to take before the May 25th deadline.
Which reminds me of my favorite joke:
"Do you know a great GDPR expert?”
Yes, I do!
“Could you send me his email address”
No, I'm afraid not.
I wrote about how Invision Community can help with your GDPR compliance back in December. I've seen a lot of posts and topics on GDPR in our community since then.
First, let's get the disclaimer out of the way. I'm a humble programmer and not a GDPR expert or a lawyer. The information here is presented to assist you in making decisions. As always, we recommend you do your own research and if you're in any doubt, book an appointment with a lawyer.
It is also worth mentioning that GDPR is very much a living document with phrases like "legitimate interest" and "reasonable measures". None of these phrases have any real legal definition and are open to interpretation. Some have interpreted them severely, and others more liberally.
GDRP is about being a good steward of the data you store on a user. It's not designed to stop you from operating an engaging web site. There's no need to create stress about users linking to other sites, embedding images, anonymizing IP addresses, and such on your site. These don't impact any data you are storing and are part of the normal operation of how the web works. Be responsible and respectful of your users' data but keep enjoying your community.
Let's have a quick recap on the points we raised in our original blog entry.
Individual Rights
The right to be informed
Invision Community has a built in privacy policy system that is presented to a new user, and existing users when it has been updated.

 
What should your privacy policy contain? I personally like the look of SEQ Legal's framework which is available for free.
This policy covers the important points such as which cookies are collected, how personal information is used and so on.
There may be other services out there offering similar templates.
Right to erasure
I personally feel that everyone should listen to "A Little Respect" as it's not only a cracking tune, but also carries a wonderful message.
The GDPR document however relates to the individuals right to be forgotten.
Invision Community allows you to delete members. When deleting members, you can elect to remove their content too. There is an option to keep it as Guest content, thus removing the author as identifiable.
It's worth using the 'keep' option after researching the user's posts to make sure they haven't posted personal information such as where they live, etc.
Emailing and Consent
Invision Community has the correct opt-in for bulk emails on registration that is not pre-checked. If the user checks this option, this is recorded with the member's history. Likewise, if they retract this permission, that action is also recorded.

 
When you edit the terms and conditions or privacy policy, all users are required to read it again and opt-in again.
Cookies
A lot of GDPR anxiety seems to revolve around these tiny little text files your browser stores. If you read the GDPR document (and who doesn't love a little light reading) then you'll see that very little has actually changed with cookies. It extends current data protection guidance a little to ensure that you are transparent about which cookies you store.
Invision Community has tools to create a floating cookie opt-in bar, and also a page showing which cookies are stored and why.
This is the page that you'd edit to add any cookies your installation sets (if you have enabled Facebook's Pixel, or Google Analytics for example).
Your GDPR Questions
Now let's look at some questions that have been asked on our community and I'll do my best to provide some guidance that should help you make decisions on how to configure your Invision Community to suit your needs.

Alan!!
Is the soft opt-in cookie policy enough? What about the IP address stored in the session cookie?
Great question. There's conflicting advise out there about this. The GDPR document states:
The ICO states that session cookies stored for that session only (so they are deleted when the tab / window is closed) are OK as long as they are not used to profile users.
This is re-enforced by EUROPA:

My feeling is that GDPR isn't really out to stop you creating a functioning website, they are more interested in how you store and use this information.
Thus, I feel that storing a session cookie with an IP address is OK. The user is told what is being stored and instructions are given if they want to delete them.
Given the internet is very much driven by IP addresses, I fail to see how you can not collect an IP address in some form or another. They are collected in access logs deep in the server OS.
Finally, there is a strong legitimate interest in creating a session cookie. It's part and parcel of the website's function and the cookie is not used in any 'bad' way. It just allows guests and members to retain preferences and update "last seen" times to help deliver content.
Do I need to delete all the posts by a member if they ask me to?
We have many large clients in the EU with really impressive and expensive legal teams and they are all unanimous in telling us that there is no requirement to delete content when deleting a user's personal information. The analogy often given is with email: once someone sends you an email you are not obligated to delete that. The same is true with content posted by a user: once they post that content it's no longer "owned" by them and is now out in public.

Ultimately, the decision is yours but do not feel that you have to delete their content. This is not a GDPR requirement.
What about members who haven't validated? They're technically not members but we're still holding their data!
No problem. The system does delete un-validated users and incomplete users automatically for you. You can even set the time delay for deletion in the ACP.

 
What about RECAPTCHA? I use this, and it technically collects some data!
Just add that you use this service to your privacy policy, like so:
I see many companies emailing out asking for members to opt back in for bulk mail, do I need to do this?
Short answer: No.
Since Invision Community 4.0, you can only ever bulk email users that have opted in for bulk emails. There's no way around it, so there's nothing to ask them to opt-in for. They've already done it.
There is a tiny wrinkle in that pre 4.2.7, the opt-in was pre-checked as was the norm for most websites. Moving forward, GDPR asks for explicit consent, so this checkbox cannot be pre-ticked (and isn't in Invision Community 4.2.7 and later). However, the ICO is clear that if the email list has a legitimate interest, and was obtained with soft opt-in, then you don't need to ask again for permission.
What about notifications? They send emails!
Yes they do, but that's OK.
A notification is only ever sent after a user chooses to follow an item. This falls under legitimate interest.
There is also a clear way to stop receiving emails. The user can opt-in and opt-out of email as a notification device at their leisure.

 
Do I need to stop blocking embeds and external images?
No. The internet is based on cross-linking of things and sharing information. At a very fundamental level, it's going to be incredibly hard to prevent it from happening. Removing these engaging and enriching tools are only going to make your community suffer.

There's no harm in adding a few lines in your privacy policy explaining that the site may feature videos from Vimeo and Youtube as part of user contributions but you do not need to be worried. As stated earlier, GDPR isn't about sucking the fun out of the internet, it's about being responsible and transparent.
Phew.
Hopefully you've got a better understanding about how Invision Community can assist your GDPR compliance efforts.
The best bit of advice is to not panic. If you have any questions, we'd love to hear them. Drop us a line below.

One huge benefit of running your own Invision Community is the moderation tools.
Out of the box, Invision Community allows you to turn members into moderators. Better still, you can define what these moderators have permission to do.
Part of this moderation suite is the report system. The report system allows your members to flag posts that need a moderator's attention.
There comes a time when your community is so successful that it can be a little tough to keep up with all the content and reports.
Community Moderation
This new feature leverages your member reports to automatically remove objectionable content from public view.
You as the admin will define thresholds for the content. For example, you may say that to hide content, a post needs 5 reports.
This reduces the workload for your moderators and enables you to crowd source moderation.
Let's take a look at this feature in a little more detail.
Reporting Content
When a member reports a piece of content, they now have the option to set a type, such as "Spam" or "Offensive". These options can count towards the threshold. Once the threshold has been passed the item is hidden.

The threshold can be set up by creating rules in the Admin CP.
Admin Set Up
At its heart of the system are the rules. You can create custom rules in the Admin CP to determine the thresholds.

For example, you may decide that:
A member with less than 10 posts only needs 5 reports to hide the content.
But you may want to give more experienced members a higher threshold as there is more trust.
You simply add a new rule:
A member who joined over a year ago with over 500 posts needs 10 reports to hide content.
You can do that easily with the rules system as it will scan them all and pick the one most suitable for this member.

It's as simple as that.
Notifications
Once an item has received enough reports to match the threshold, it is automatically hidden from view.

A notification is sent to all moderators who opt in for notifications. This notification shows inline in the notifications center.

It can also optionally be sent via email for those who want to know without checking the site.

Restoring the content
Of course, a moderator may decide that the content is fine and un-hide it. Once a piece of content has been un-hidden, automatic moderation will not hide it again.
Report Types
Depending on your community, the default types may not be suitable or relevant. You may also want to set up other report types.

You can do this via the Admin CP.
Preventing Abuse
Your first thought may be that a single member can report a single item multiple times to force content to be hidden. 
The system will only count a unique member as one point towards the threshold. This means a single member can report an item 5 times, but they are only counted once towards the threshold.

 
You can also set a time limit between reporting the same item. This will prevent a member reporting a single item multiple times in succession.

Of course, the member can delete their report if it was in error.

Report Center
The Report Center is the hub for all reported content. Invision Community 4.3 adds a filter to view a specific report type. The reports themselves also show the type of report.

We hope that this new feature will be a huge help and time saver for you and your moderators.
We'd love to hear your thoughts, please let us know what you think and if you have any questions.

Stripe is the most popular payment method in Commerce, allowing communities to take payments by card securely with easy setup.
While there's no doubt that credit cards are still the most popular methods of making a payment, digital innovations such as Apple Pay are increasing in popularity.
For 4.3 we've deepened our integration to support some of their latest features.
Apple Pay & Google Pay
Apple Pay allows users to pay quickly with their iPhone, iPad or Mac (with Safari and either a paired iPhone or using the MacBook Pro with Touch ID) using the card details stored on the device, authenticated with Touch ID or Face ID.
Apple Pay
Google Chrome (on desktop or Android devices) supports a similar feature allowing users to pay with card details stored in their Google account with Google Pay, or stored in Chrome itself.
Paying with card details stored in Google Chrome
 
Both of these features are now supported through Stripe in Invision Community 4.3. Setup is simple - for Apple Pay you simply need to verify that you own your domain by uploading a file you obtain from the Stripe dashboard, and nothing special is needed for Google Pay - and then create the payment method in the AdminCP. Stripe does not charge any additional fees for either option.
Commerce will automatically hide the option if the user's device does not support either method.
3D Secure
Also known as Verified by Visa, Mastercard SecureCode, and other brand names, 3D Secure is a system that is used to verify a customer's identity before purchase is completed and transfers the fraud loss liability from the merchant to the cardholder bank in case of fraudulent disputes.
After the user has entered their card details, they are redirected to their bank's website and asked to provide additional verification.
Our integration with Stripe in 4.3 now supports this process. A new setting allows you to choose if you want to use 3D Secure just for cards which require it (i.e. cards which would decline the payment if 3D Secure is not completed) or for all cards which optionally support it as well.
 
Amex Express Checkout
American Express cardholders can use Amex Express checkout to pay by using their American Express login rather than providing their card information.  This is also now supported through Stripe in 4.3.
Amex Express Checkout
 
Alipay, Bancontact, Giropay, iDEAL, SOFORT
These are popular payment processors internationally (Alipay is popular in China, Bancontact in Belgium, Giropay in Germany, iDEAL in the Netherlands, and SOFORT in several European countries).
The checkout experience is similar to PayPal with the user being redirected to the appropriate site, authenticating the payment, and then being redirected back.
All of these are also now supported through Stripe in 4.3.
 
Dispute/Chargeback Handling
A dispute (also known as a chargeback) occurs when one a cardholder questions your payment with their card issuer, which causes the funds, plus a fee, to immediately be taken from your account until evidence is provided that the transaction was legitimate.
Anyone operating an online store knows how frustrating this experience can be. In 4.3, we've made dealing with this situation a little easier. When a dispute is created, Commerce will now mark the transaction as disputed, which will immediately revoke any benefits from the purchase (for example, if it's for a subscription that moves them into a different group, they will be placed back into their original group; if it's a Downloads file, they won't be able to download it any more; if it's for a physical item that hasn't been shipped yet, the shipping order will be placed on hold).

Disputed Transaction
All transactions with currently open disputes can be accessed quickly from the transaction list. The transaction page will show you the status and reason for the dispute, and links to your Stripe dashboard where you can respond.
When the dispute is resolved, the transaction screen will be updated, with either the transaction being marked as refunded if the dispute is lost, or going back to paid if the dispute is won and the funds returned to you.

A dispute that was lost

A dispute that was won
 
 
Radar
Radar is Stripe's suite of fraud detection tools using machine learning and customisable rules to help detect fraudulent transactions.
Stripe will automatically blocks transactions is considers highest risk already. However, for "elevated" risk transactions, while Stripe would alert you of them so you could review them, Commerce would process the transaction normally.
In 4.3, Commerce will place any transactions which Radar reports as having an "elevated" risk level on hold for manual review, so you can decide whether to approve or not before the funds have been captured.
In addition, the transaction details screen for Stripe transactions now provides some additional information about Stripe's checks on the transaction, including the Radar risk level, if the CVC check passed, and if the billing address provided matches the card's billing address.
If a fraudulent transaction does make it through, you will now have the option to indicate this when refunding the transaction to help Stripe's anti-fraud systems learn.

Emoji: built in to Invision Community 4.3! ?
Invision Community has a long history. We remember the early days of forums, back when graphical "emoticons" or "smilies" were added.
We have always shipped our products with a basic set of emoticons with the ability to add your own images and has supported emoji from mobile devices.
Emoji has become a standard across mobile and desktop devices so it made sense to bring them to Invision Community fully.
You can choose from 3 different styles of Emoji:
The native style provided by the user's operating system (if you choose this option, users on different platforms will see different styles) Twitter style EmojiOne style
Emoji Settings
Once you have chosen one of these options, all of the available Emoji will show in the emoticons selector when making a post. Unlike in older versions, the entire list is scrollable (the categories drop down will jump you to the category rather than filter), you can search, and standard Emoji features like skin tone modifiers are fully supported, and of course, you can make them as big as you like.

Navigating Emoji

Skin Tone Modifier

Make Emoji any size
 
Autocompleting Short Codes
In addition to using the selector, you can also use optionally enable standard :short_codes:. These will be autocompleted as you type.

Autocompleting Short Codes
You can also enable more conventional ASCII emoticons to be automatically replaced too:

ASCII Short Codes
 
Don't Worry: Custom Emoticons Aren't Going Anywhere!
You can use custom emoticons either instead of, or even alongside Emoji. If you give your custom emoticons a text replacement starting and ending with : they will even show in the autocompletion alongside Emoji.

Custom Emoticons
 
Technical Details 
Whichever style you choose, Emoji is stored in the database as the actual Unicode characters, so you can even change the setting and all Emoji, even those in existing posts, will immediately change.
If you choose to use the native style (so the Emoji will match the style provided by the operating system), the system will automatically detect which Emojis are supported and the selector will only try to show the ones the platform can render.

As we make our final commits, merge in the last of our branches and wait for Charles to move more tasks to the development list, we pause to reflect on our year together as a company.
Pour some egg nog, grab some snacks and lets take a look at our journey this year.
Our year in numbers
In 2017 we made 72 Invision Community releases, 6584 code commits, read 157,203 customer replies and made an average of 177 staff replies to tickets per day.
Our year in dates
We were certainly busy this year. We launched Invision Community 4.2, started work on Invision Community 4.3, started two new blog series and a newsletter. Lets take a look at the key dates.
March 10th
We started talking about our upcoming release, Invision Community 4.2 which saw us drop "Invision Power Services" in favour of the sleeker and less awkward "Invision Community".
March 28 - 30th
During our series of blogs on 4.2, we launch a triple whammy of blog entries outlining reactions, clubs and social media promotions. Three new tent-pole features that drove 4.2 to be our most successful release.
July 19th
We release Invision Community 4.2 to deafening applause (most of it was our own, but it still counts). We give the development team a 15 minute break and then drop the 4.3 task list internally.
September 15th
We start a new blog series "Team Talk". The idea is to show that we're not a bunch of code writing robots, but we're real people with personalities, hopes and dreams. So far, it's proved that we're mostly a bunch of code writing robots without personalities. The irony.
October 18th
Not content to just talk about silly things in Team Talk, we launched our new long form blog series "Community Management". Here we give our many years of community building insight to help you become successful in running your communities. We've tackled a number of subjects from SEO to security so far with many more planned for 2018.
October 30th
Our development team have been busy working on Invision Community 4.3 and we announce it to the world. And being the huge tease we are, we've said nothing since. Rest assured, we've got a lot done and its shaping up to be another great release. We'll be talking about it in more detail next year.
It's all about you
Of course, we couldn't finish without saying a massive THANK YOU to all our customers. We are so lucky to do something we love for a living and that is only possible because you choose to use us to build your community.
We are committed to keep moving forward to ensure that we serve you in the best way possible. We'll keep innovating to give you the tools you need to succeed and we'll keep posting blogs packed full of tips and advice.
Here's to 2018 and all the adventures it brings.

 
 

This entry is about our IPS Community Suite 4.2 release
In IPS Community Suite 4.2 we have added a bunch of new settings for the Downloads Index Page.
 

Downloads Index Page - Settings
With 4.2 you'll be able to hide any of the boxes. 

Hidden Most Downloads Box
 
Another often requested feature was that people want to be able to choose the categories from where the files should be fetched
This way you'll be able to hide files from some very old categories.

Hidden Categories

This entry is about our IPS Community Suite 4.2 release.
We are happy to introduce the next major feature that will be available in IPS Community Suite 4.2 - Clubs.
Clubs are a brand new way of supporting sub-communities within your site. Many people have requested social group functionality in the past and Clubs are our implementation of this concept. Let's take a look at a few screenshots, and then go over what they are capable of doing.

The Club directory

A Club homepage

Club member listing

Example of content within a club (topics, in this case)
There's a lot to digest there! Let's go over the basic functionality.
 
Club Types
Four types of club are available:
Public clubs
Clubs that anyone can see and participate in without joining. Open club
Clubs that anyone can see and join. Closed club
Clubs that anyone can see in the directory, but joining must be approved by a Club Leader or Club Moderator. Non-club-members who view the club will only see the member list - not the recent activity or content areas. Private club
Clubs that do not show in public, and users must be invited by a Club Leader or Club Moderator As the site admin, you can of course configure which club types can be created and by whom. You could, for example, allow members to create public and open clubs, but allow a "VIP" group to also create Closed and Private clubs.

Admin configuration option for Club creations
 
Club Users
Each club has three levels of user:
Leader
A leader has all of the permissions of a moderator, and can add other moderators. They can also add content areas (see below). The club owner is automatically a leader. Moderators
Moderators, as the name implies, have the ability to moderate content posted within the club. As the site administrator, you can define which moderator tools can be used. You could, for example, prevent any content being deleted from clubs, but allow it to be hidden. Moderators can also remove members from a club. Users
Anyone else that joins the club.
Defining the moderator permissions available to club moderators
Your site administrator and moderators, with the appropriate permissions, are able to moderator content in any Club regardless of whether they are a member of it. 
Clubs can be created by any user who has permission. As you would expect, this is controlled by our regular permission settings.
For closed clubs, there's an approval process. Users can request to join and the request must be approved by a leader. Leaders get a notification when a user requests to join; the user gets a notification when their request is approved or denied.

Approving and declining join requests
 
Club Content
Club Leaders can add a variety of content areas to their club - forums, calendars, blogs and so on. It's important to note that these content areas are fully functional just as if they existed as a top-level admin created area. They will appear in search results, activity streams, users can follow them, embed links to them, and so on. If a user has permission to see a forum (for example) within a club it will behave exactly like other forums they see - and the same for all other kinds of content.
Each content area a leader adds can have a custom title, and will appear in the club navigation. This means, for example, that you can have multiple forums within a club, and give each a different name.

Adding content areas to a club
 
Club Custom Fields
Clubs also support custom fields. Custom fields are defined by the site administrator and can be filled in by Club Owners. The values they enter are shown (along with the club description) on the club homepage.

Custom fields in a club
On the Club Directory page, users can filter by the custom club fields.

Filtering clubs
 
Club Locations
Clubs have built-in support for Google Maps, allowing users to specify a physical location for their club. Let's say you run a community for car enthusiasts; each club might be tied to a particular region's meetup. The Club Owner specifies the location when setting up the club, and clubs are then shown on map on the directory page:

Club locations
And within a club, the location is shown too:

 
Club Display
We offer two ways to display club headers within the club - the standard way, shown in the screenshots you've seen up to this point, but we also have a sidebar option. This is something the admin sets globally for the site, rather than per-club. This is useful where your site design doesn't facilitate another horizontal banner taking up valuable screen real-estate; moving the club banner to the sidebar alleviates this pressure on vertical space.

Sidebar club style
Using Clubs in Other Ways
There's a lot of scope for using clubs beyond allowing users to create their own groups. You do not even have to call them "clubs" if that does not suit your use case. For example, on a company intranet you could rename Clubs to "Departments", and create a private group for each of your main roles. This would allow each department to have its own community, with its own forums, gallery, file sharing and so on, private and separate from other departments.
Similarly, they'd also work well in situations where you as the site admin want to create entire micro-communities. Take for example a video game publisher. Using Clubs, they could create a micro-community for each of their games, complete with forums, galleries and so forth, and then set the Clubs directory as their overall community homepage. Immediately, they have a setup that hasn't until now been possible out-of-the-box with IPS Community Suite.
 
We expect our clients will come up with some really innovative uses for the new Club functionality, and we can't wait to see what you do. We'd love to hear your feedback - let us know what you think in the comments.

This entry is about our IPS Community Suite 4.2 release.
IPS Community Suite has long had a reputation system; first we had a simple up/down system, later updated to introduce a Likes system as an alternative. Whichever system you chose to use, it tied in with our reputation system.
We're pleased to introduce the latest updates to the reputation system, and it's something that has been requested for quite some time: Reactions.
Quite simply, reactions allow users to offer more fine-grained sentiments towards content than a simple up/down or 'like'. They are now in common usage on social networks, and so users expect to be able to be more nuanced in their response to something they see.
Let's see how they work in a post, and then cover the options you'll have available.

What you see above is the default setup for a site that has used the Like system in version 4.1. We include 5 reactions by default:
Like Thanks Confused Sad Haha If you currently use the older style up/down reputation system, don't fret - you'll still get the new reactions on upgrade, but they'll be disabled by default and instead the new reaction UI will show up/down reactions. This gives you the flexibility to decide which of the new reactions, if any, you want to allow.
So, those are the basics - but what configuration options can you expect to see? First, you can of course add your own reactions! We expect that beyond the default reactions you'd expect to find, some sites will want reaction types specific to their use-case. On an intranet, you might want to have 'agree' and 'disagree' reactions for staff to use when responding to discussions. On a gaming community, you might replace the icons to be some graphic from a video game that means something to your particular userbase. There's a wealth of possibilities.
Each reaction you set up can be configured to adjust the original author's reputation count - a reaction can be positive (i.e. award a reputation point), negative (i.e. subtract a reputation point), or neutral (i.e. leave the reputation count unchanged). Our default set won't include any negative reactions, but you are free to configure these and new reactions to suit your own use-case. A user's total reputation count is still shown alongside their content and in their profile, of course.
If you don't want to use the new reactions for whatever reason, you can disable all of them except Like, and it'll behave just the like 4.1-and-earlier system:

 
Sites that currently use the up/down system don't show a list of names of users, and instead show an overall reputation score for the content. With the new reaction system, you can enable this even if you don't use up/down reactions. This is great if you plan to use reactions as, for example, an agree/disagree system, or where the content score is more important to your site than the individual reaction types.

How the reaction UI looks with the 'count only' setting enabled
As you'd expect, you can click individual reaction counts (or the overall reputation score, if you enable that setting) to view who reacted to the content. This remains a permission setting that you can apply per-group.

On touch devices, on-hover functionality is not suitable, and so for these devices the reactions UI looks like this:

Reactions play well with all areas of the suite, including Recommended Replies:

...and activity streams...

...and a couple of places we aren't quite ready to reveal yet  
 
We hope you're looking forward to this new feature as much as we are. It's already been a hit on our internal testing site, and we're looking forward to seeing how clients customize it for use on their own community.
Developer note: Reactions are one of two new features (the other currently unannounced) so far that make use of PHP Traits.

This entry is about our IPS Community Suite 4.2 release.
Sometimes you may find situations where you want to highlight one or more replies to a content item to bring attention to a really great response. This is especially true on busy communities where you might have dozens or even hundreds of replies in a single discussion.
There is now an ability for a moderator to Recommend a reply (or multiple replies) and even leave an optional note explaining why they think you should view that post.

Moderator Permission

Optional note for recommended reply
When a reply is Recommended you will see a snippet at the top of the content item along with the optional moderator note and a link to jump right to that reply.

A topic with a recommended reply.
You can Recommend more than one reply and this feature works through IPS Community Suite in forum topic, blog entries, gallery images, and so on. You can set this permission along with other moderator permissions in the AdminCP.
We really think this will allow moderators to bring attention to some of the best replies and guide users to the best content your community has to offer.

IPS Community Suite 4.1.16 is nearing the end of development so I wanted to go over some of the new features in this upcoming release. Some are big and some are small but we always enjoy making any sort of enhancements to the Suite.
We expect 4.1.16 to go to public beta next week. If you are interested in using a public beta please check out our beta forum (clients only) with more info. We welcome as much testing as possible and our betas are considered safe to use on a live site. We do offer support for betas so, if you are technically minded, consider giving them a try.
Commerce: New Ticket Listing
We have redesigned the ticket listing view in Commerce to be much more user friendly and better use screen space. You can also now group by department which is great for organization.

 
Much like Activity Streams on the front end you can create custom views for tickets based on how you work.

The new My History view allows staff to quickly see their latest replies and actions along with some basic stats.

There are many other smaller improvement in Commerce in 4.1.16 as well. We think you will enjoy all the updates.
Security Questions
To enhance the security of your member accounts we now have a new security questions feature where you can allow your members to put in their own, personal security questions. The member will then be prompted to answer those questions for account actions you define.

Account Change Emails
Members will now receive confirmation emails when they change their email address...

and their password...

Topics per Page
You can now define the number of topics per page in forum view.

Remove all Followers
Moderators can now remove all followers from any item that allows follows. This is useful if you are archiving an old item or otherwise do not want people getting notified of new activity on an item.

Automatic Following
Your members can already choose to automatically follow content they start or reply to but now you can define this as the default behavior for all members. Your members can of course override this to their own preference.

Embed Failure Message
To answer the constant question "why didn't my media embed?" we now show you why. Regular members will just see a message indicating the Suite tried to embed but was not able to. Admins will get more information on what failed.

Suspended Member Page
When you banned/suspended a member previously they simply saw a generic permission denied message. We now show a more friendly page saying they were suspended and why.

The member can click to get the full information from the Warning System as well.

Contact Us
The contact us page now has configuration options to control where messages are sent. You can do email and even Commerce support departments now.

Announcements
Global announcements can now be restricted by member group.

And some technical stuff...
In addition to the new feature additions we have also fixed dozens of issues reported by clients. There was a particular focus on Commerce, Pages, and IPS Connect. Some other items of note:
Performance improvements in: profile view, sitemap generator, posting replies, and Activity Streams We now try to more reliably detect the AWS S3 endpoint for those using S3 file storage Tasks view will now show the last time a task ran More efficient license key checking to keep the keys from being checked too often which can slow your site down If group promotion based on date is enable the system will now auto-promote even if a member does not login If you move your site to a new URL you no longer have to update a constant if using the image proxy You can now press ctrl/cmd+enter in any editor window to submit the reply (yay!) In Commerce ticket view there are keyboard shortcuts to perform common actions (such as press 'r' to open reply box or 'n' for note) There is now logic to prevent double-posting when the initial post encounters an error on submit If your datastore (cache system) is not working properly the AdminCP will now show you a warning telling you that it needs attention.    

We are currently beta testing our next release, 4.1.12, which contains hundreds of bug fixes, dozens of improvements, as well as a handful of new features. I wanted to introduce one of those new features: post preview.
Long-time users of our software will know that a post preview function was a standard feature, but we took the decision to not include it in the initial IPS4 release. It had a couple of drawbacks:
it only applied to certain pages, such as topic view - other WYSIWYG editors simply didn't get a preview the workflow wasn't very good for modern web apps, requiring a round-trip to the server and a full page refresh When IPS4 was released, we felt that the built-in rendering of the editor was a sufficient preview of how the end result would appear. However, while analyzing ongoing customer and user feedback for IPS4 in its first year of release, we have seen that a preview still has a use. There are some circumstances when a true WYSIWYG experience is just not possible such as using more advanced formatting (like LaTeX) or when admins create certain custom editor plugins.
As a result, we rethought post preview. We wanted to ensure that all editors could be previewed, and that it didn't have a clunky workflow. In addition, since IPS4 uses a responsive theme, we wanted to give users the opportunity to preview how their post would look on different devices.
Here's the result, and what will be available in 4.1.12:

Post preview in IPS Community Suite 4.1.12
The preview is shown by clicking a new button on the toolbar (meaning it can be moved, removed, etc. just like the other default buttons). When the preview loads, the toolbar allows the user to resize it to different device sizes. If they are on desktop, they can also view it at tablet at phone sizes; on a tablet, it can also be viewed at phone size.
So now we not only show a true preview of what content will look like when posted, but we also allow you to preview how it will look on other devices. Of course that preview is just a best-guess since different devices have different window sizes but it does give you an idea.
We hope this reimagining of an old feature for a more modern web will please end-users and make posting content a more accurate process. Stay tuned for more updates on what's included in 4.1.12!
Version 4.1.12 is currently in beta testing and should be released in the next two weeks.

Security should never be an afterthought for your community. All too often, site owners consider beefing up their security only when it's too late and their community has already been compromised. Taking some time now to check and improve the security of your community and server could pay dividends by eliminating the cost and hassle of falling victim to hacking in the first place.
Let's run down 7 ways that you can protect your community with the IPS Community Suite, from security features you may not know about to best practices all communities should be following.
 
1. Be selective when adding administrators
Administrator permissions can be extremely damaging in the wrong hands, and granting administrator powers should only be done with great consideration. Granting access to the AdminCP is like handing someone the keys to your house, so before doing so, be sure you really trust the person and that their role requires access to the AdminCP (for example, would moderator permissions be sufficient for the new staff member?).
Don't forget to remove administrator access promptly when necessary too, such as the member of staff leaving your organization. Always be aware of exactly who has administrator access at any given time, and review regularly. You can list all accounts that have AdminCP access by clicking the List Administrators button on the System -> Security page.
2. Utilize Admin Restrictions
In many organizations, staff roles within the community reflect real-world roles - designers need access to templates, accounting needs access to billing, and so forth. IPS4 allows you to limit administrator access to very specific areas of the AdminCP with the Admin Restrictions feature, and even limit what can be done within those areas. This is a great approach for limiting risk to your data; by giving staff members access to only the areas they need to perform their duties, you reduce the potential impact should their account become compromised in future.
3. Choose good passwords
This seems like an obvious suggestion, but surveys regularly show that people choose passwords that are simply too easy to guess or brute force. Your password is naturally the most basic protection of your AdminCP there is, so making sure you're using a good password is essential.
We recommend using a password manager application such as 1password or LastPass. These applications generate strong, random passwords for each site you use, and store them so that you don't have to remember them.
Even if you don't use a password manager, make sure the passwords you use for your community are unique and never used for others sites too.
4. Stay up to date
It's a fact of software development that from time to time new security issues are reported and promptly fixed. But if you're running several versions behind, once security issues are made public through responsible disclosure, malicious users can exploit those weaknesses in your community.
When we release new updates - especially if they're marked as a security release in our release notes - be sure to update as promptly as you can so you receive the latest fixes. Your AdminCP will also let you know when a new version is ready for download.
5. Use .htaccess protection for your AdminCP
In addition to IPS4's own AdminCP login page, you can set up browser-level authentication, giving you a double layer of protection. This is done via a special .htaccess file which instructs the server to prompt for authentication before access to the page is granted. IPS4 can automatically generate this file for you - simply go to System -> Security in your AdminCP, and enable the "Add a secondary admin password" rule.
And it should go without saying, but to be clear: don't use the same username or password for both your .htaccess login and your admin account, or the measure is redundant!
6. Restrict your AdminCP to an IP range where possible
If your organization has a static IP or requires staff members to use a VPN, you can add an additional layer of security to your community by prohibiting access to the AdminCP unless the user's IP matches your whitelist. This is a server-level feature, so consult your IT team or host to find out how to set it up in your particular environment. If you're a Community in the Cloud customer, contact our support team if you'd like to set up this protection for your account.
7. Properly secure your PHP installation
Many of PHP's built-in functions can leave a server vulnerable to high-impact exploits, and yet many of these functions aren't needed by the vast majority of PHP applications you might run. We therefore recommend that you explicitly disable these functions using PHP's disable_functions configuration setting. Here's our recommended configuration, although you or your host may need to tweak the list depending on your exact needs:
disable_functions = escapeshellarg,escapeshellcmd,exec,ini_alter,parse_ini_file,passthru,pcntl_exec,popen,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,show_source,shell_exec,symlink,system Another critical PHP configuration setting you need to check is that open_basedir is enabled, especially if you're hosted on a server that also hosts other websites (known as shared hosting). If another account on the server is comprised and open_basedir is disabled, the attacker can potentially gain access to your files too.
Naturally, Community in the Cloud customers needn't worry about either of these steps - we've already handled it for you!
 
So there we go - a brief overview of 7 common-sense ways you can better protect your community and its users. As software developers, we're constantly working to improve the behind-the-scenes security of our software, but as an administrator, there's also a number of steps you should take to keep your community safe on the web.
If you have any tips related to security, be sure to share them in the comments!

Several clients have asked how we placed the Twitter feed block on the sidebar of our News page. It's really quite easy and a great demo of how you can place custom HTML in our system. Here is how it was done:
Get the embed code from Twitter Create a custom HTML block in our Pages app Drag and drop that block into the sidebar That really is it! Here is a video walkthrough:
This is a basic example of a custom HTML block that you can use in so many different ways. You could create a "call to action" the only shows to Guests to get them to register. You might also create text that only displays to your staff with quick links to areas they need.
Here we demo dragging the block into the sidebar. You can also put blocks right in theme templates and use them in many more ways. That will be covered in future theme tips.