princeton

For a very long time Invision Community has allowed community owners to choose how open or private their communities should be. Communities could optionally allow guests to post without registering, they could allow the use of pseudonyms or they could require the use of real names.
This covers a diverse range of communities but feedback from our clients made us realize that some use cases have not been accounted for.
For some types of community, where discussion topics are particularly sensitive, community owners want to make sure that members register with their real details but are given the option to post anonymously where appropriate. For example, organisations dealing with abuse or sensitive topics might want the member to feel safe and disinhibited to post info without fear of being identified by the rest of the community.
With our next release, we are pleased to introduce Anonymous Posting to make this a reality.
When enabled, members will see the option to post anonymously when creating or replying to content.

Starting a new anonymous topic
Author details for anonymously posted content is hidden throughout the community and instead a default profile picture and name is shown.
Total anonymity is not always desirable however and in some cases it may be necessary for trusted staff members to know who posted the content. Where allowed, these staff members will be shown an option to reveal the content author.

Author details are hidden but can be revealed by trusted staff members
Anonymous posting can be enabled on a per group basis and also limited to specific forums, albums and categories etc. The ability for staff members to reveal who really posted the content is a moderator permission.
We hope this new feature is a useful addition and where appropriate makes your members feel safe or comfortable to share info they might not have otherwise.
How open or private is your community and what do you find are the benefits or disadvantages of anonymity?

Security should never be an afterthought. Don't wait until an attack has compromised your site before you take action.
All too often, site owners consider increasing their security only when it's too late, and their community has already been compromised.
Taking some time now to check and improve the security of your community and server will pay dividends.
In this blog, we run down 8 ways that you can protect your community with Invision Community. We go through the security features you may not know about to best practices all communities should be following.
1. Set up Two Factor Authentication
Invision Community supports Two Factor Authentication (2FA for short), and we highly recommend making use of this feature for your users, but especially for your administrative staff.
2FA is a system that requires both a user's password and a special code (displayed by a phone app) that changes every few seconds. The idea is simple: if a user's password is somehow compromised, a hacker still wouldn't be able to log in to the account without the current code number.
You may already be familiar with 2FA from other services you use. Apple's iCloud, Facebook and Google all offer it, as do thousands of banks and other security-conscious businesses.
Invision Community supports 2FA via the Google Authenticator app (available for iOS and Android) or the Authy service, which can send codes to users via text message or phone call. You can also fall back to security questions instead of codes.
You can configure which members groups can use 2FA, as well as requiring certain groups to use it. 
Recommendation: Require any staff with access to the Admin Control Panel or moderation functions to use 2FA. This will ensure that no damage will occur should their account passwords be discovered. Allow members to use 2FA at their discretion.
2. Configure password requirements
The password strength feature displays a strength meter to users as they type a new password. The meter shows them approximately how secure it is, as well as some tips for choosing a good password.
While you can leave this feature as a simple recommendation for users, it's also possible to require them to choose a password that reaches a certain strength on the meter. 
Recommendation: Require users to choose at least a 'Strong' password.

3. Be selective when adding administrators
Administrator permissions can be extremely damaging in the wrong hands, and granting administrator powers should only be done with great consideration. Giving access to the AdminCP is like handing someone the keys to your house. Before doing so, be sure you trust the person and that their role requires access to the AdminCP (for example, would moderator permissions be sufficient for the new staff member?).
Recommendation: Don't forget to remove administrator access promptly when necessary too, such as the member of staff leaving your organization. Always be aware of exactly who has administrator access at any given time, and review regularly. You can list all accounts that have Administrative access by clicking the Administrators button under staff on the Members tab.
4. Utilize Admin Restrictions
In many organizations, staff roles within the community reflect real-world roles - designers need access to templates, accounting needs access to billing, and so forth. 
Invision Community allows you to limit administrator access to particular areas of the AdminCP with the Admin Restrictions feature, and even limit what can is done within those areas.
This is a great approach for limiting risk to your data; by giving staff members access to only the areas they need to perform their duties, you reduce the potential impact should their account become compromised in future.
Recommendation: Review the restrictions your admins currently have. 
5. Choose good passwords
This seems like an obvious suggestion, but surveys regularly show that people choose passwords that are too easy to guess or brute force. Your password is naturally the most basic protection of your AdminCP there is, so making sure you're using a good password is essential.
We recommend using a password manager application, such as 1password or LastPass. These applications generate strong, random passwords for each site you use, and store them so that you don't have to remember them.
Even if you don't use a password manager, make sure the passwords you use for your community are unique and never used for other sites too.
Recommendation: Reset your password regularly and ensure you do not use the same password elsewhere.

6. Stay up to date
It's a fact of software development that from time to time, new security issues are reported and promptly fixed.
But if you're running several versions behind, once security issues are made public through responsible disclosure, malicious users can exploit those weaknesses in your community.
When we release new updates - especially if they're marked as a security release in our release notes - be sure to update promptly.
Invision Community allows you to update to the latest version via the AdminCP. You no longer need to download a thing!
Recommendation: Update to the latest version whenever possible. Remember, with Invision Community's theme and hook systems, upgrades to minor point releases should be very straight forward.
7. Restrict your AdminCP to an IP range where possible
If your organization has a static IP or requires staff members to use a VPN, you can add an additional layer of security to your community by prohibiting access to the AdminCP unless the user's IP matches your whitelist.
This is a server-level feature, so consult your IT team or host to find out how to set it up in your particular environment.
Recommendation: Consider IP restriction as an additional security layer when you are not able or willing to use 2FA.
8. Properly secure your PHP installation
Many of PHP's built-in functions can leave a server vulnerable to high-impact exploits, and yet many of these functions aren't needed by the vast majority of PHP applications you might run. We, therefore, recommend that you explicitly disable these functions using PHP's disable_functions configuration setting. Here's our recommended configuration, although you or your host may need to tweak the list depending on your exact needs:
disable_functions = escapeshellarg,escapeshellcmd,exec,ini_alter,parse_ini_file,passthru,pcntl_exec,popen,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,show_source,shell_exec,symlink,system Another critical PHP configuration setting you need to check is that open_basedir is enabled. Especially if you're hosted on a server that also hosts other websites (known as shared hosting), if another account on the server is comprised and open_basedir is disabled, the attacker can potentially gain access to your files too.
Naturally, Cloud customers needn't worry about this, we've already ensured our cloud infrastructure is impervious to this kind of attack.
Recommendation: Review your PHP version and settings, or choose one of our cloud plans where we take care of this for you.
So there we go - a brief overview of 8 common-sense ways you can better protect your community and its users.
As software developers, we're constantly working to improve the behind-the-scenes security of our software. As an administrator, there's also a number of steps you should take to keep your community safe on the web.
If you have any tips related to security, be sure to share them in the comments!
 

Are you looking to launch a new online community or revitalize an existing community, and you're worried about the numbers of users?
Gaining members - and retaining them - is always the hardest struggle for new communities.  Even if you're an established brand or organization, it can be a challenge to build a core group of members.  The problem?  Most communities launch too early.  
The truism "if you build it, they will come" is no longer valid.  There are countless online peer and social groups, industry associations, and trade organizations competing for your user's time and attention.  You can't launch a new community and passively wait for users to visit.  The Internet is too crowded now.
Ask yourself the hard question: are you having difficulty attracting and retaining new members?  One of the best secrets to launching new communities is to already have a core group of members in place -- all done in advance of launching your community.  
Follow the CHIP process to generate member demand.

Download:  IPS CHIP Process 2019-09.pdf
Part of the magic behind the CHIP Process is that by reaching out, you build relations with existing members in a meaningful manner.  Don't push your community idea at this point.  Your only goal is to meet people, build genuine relationships, and understand key themes such as user challenges or industry needs.  
This dramatically heightens your chance of success when you do launch.  You have a known audience familiar with you and your community, who can spread the word.  You identified a core group of active users, who can immediately start posting.  You also surveyed key themes and business challenges, so you even have a headstart on content will be most attractive. By doing this prep work in advance, you've fine-tuned your community strategy to exactly what's needed and can be successful on Day 1.  
Building a new community requires prep work.  Although Invision Community can empower you with a modern set of features once you launch, you need to pair the platform with the excitement and problem-solving that only your community can offer - and that means taking the time to understand what's needed before you launch. 
Best wishes on your community launch, and share your community's success in the comments below!  

Who remembers the earlier days of the internet? Back when you popped your logo at the top left of your site and you were largely done?
Invision Community has continually developed to account for all the new services that have been built during our 16 years.
We now have social media sharing images, favicons and more to consider.
Invision Community 4.4 also adds mobile application icons, Safari mask icons and data for an application manifest. Handling of these logos and icons was a prime candidate for improvement in 4.4.
Moving our current options
Step one for improving our handling of these images was to move our current options out of themes and to allow them to be managed suite-wide from a single area. You can still upload a logo image per-theme (which shows in the header area), but the rest of the options have now been relocated to a new area: Customization > Appearance > Icons & Logos.

Adding new options
After giving favicon and share logo management its own dedicated area, we took a look at enhancing the configuration options made available through the interface without requiring theme template edits.
Multiple share logos
You can now upload multiple share logos. If you elect to upload more than one share logo, Facebook and similar sites will generally either show a carousel to allow you to choose which logo to use when sharing, or simply use the first image referenced.
Application icons
You can now upload an image to represent your website which will be used to generate the "home screen" icons for iPhones and Androids automatically. Uploading a single image will result in several different copies of the image (in different dimensions) being generated, and mobile devices will automatically choose the best option from the list as needed.
Safari mask icon
You can also now upload a Safari Mask icon, which is used to represent your website in certain areas on Apple computers (such as on the "touchbar" of certain keyboards). This image must be an SVG image with a transparent background, and all vectors must be 100% black.
Additionally, you can specify the mask color which is used to offset your image when necessary (e.g. to represent it as "selected" or "active").
Application manifest
In order for devices to support the application icons that you upload, a file known as a web manifest must be generated and delivered to the browser. This now happens automatically, using details and icons specified in the AdminCP. Certain details, however, can be configured explicitly from the Icons & Logos page:
Short name
This is a short name to represent your site in areas with limited screen space, such as below your application icon on a mobile phone home screen. Site name
This is the name of the site. The "Website name" setting is automatically used if you do not explicitly override it when configuring the manifest. Description
A short description of your site Theme color
You can choose a (single) color to represent the general theme of the site. This color may be used by devices in areas such as the address bar background. Background color
You can also choose a (single) color to use as the background color for your site when the application is launched from a shortcut saved to the user's device home screen. Display mode
Finally, you can specify the display mode your site should launch in. For our more astute designers and developers, you may have already realized that generating the manifest file lays the groundwork for future PWA (Progressive Web App) development and support. Additionally, some Android devices will automatically prompt users to add your website to their home screen now that a manifest file is generated by the site.
Oh, and for the sake of completeness, we also generate the special browserconfig.xml file that Microsoft products (including Microsoft Edge, Internet Explorer, X-Box, and Microsoft-based mobile devices) look for when pinning sites and generating live tiles. There are no additional configuration options for this file - everything is automatically generated from the aforementioned options.



The end result?
Your community can now better convey, automatically, certain details to the myriad of devices out there that may be accessing your site, and you now have much better control over those details. You can more easily fine-tune the "little things" that help paint a complete picture of your web presence, and the groundwork has been laid for bigger and better things in the future as standardization and adoption of PWA functionality improves.
This blog is part of our series introducing new features for Invision Community 4.4.

It's very easy to focus on a single metric to gauge the success of your community.
It's very common for community owners to look at page hits and determine if their SEO and marketing efforts have paid off.
Getting traffic to your site is only half the equation though. The most valuable metric is how many casual visitors you're converting to engaged members.
Invision Community already makes it easy for guests to sign up using external services such as Facebook, Twitter and Google.
However, there has to be a conscious decision to click that sign-up button. For some, this may be a barrier too many.
Invision Community 4.4 reduces this barrier by allowing guests to create a post to a topic they want to engage with.
Once they have posted, they are asked to simply complete their registration. They are more likely to do this now they have invested in your community.
This will be incredibly valuable when you consider how much traffic a forum receives from inbound Google searches. With Post Before Registering, you'll increase your chances of turning that inbound lead into a registered member contributing to your site.
Let me take you through the feature and show you how it works.
When browsing the community guests will see the ability to submit a post, with an explanation that they can post now and complete registration later. The only thing they have to provide in addition to their post is an email address.

Posting as a guest
This works in any application for new content (topics, Gallery images, etc.) as well as comments and reviews. It will only show when a newly registered member would be able to post in that area - for example, it will not show in a forum that only administrators can post in. 
After submitting the post, the post will not be visible to any user, but the user will immediately be redirected to the registration form with an explanation to complete the registration. The email address they provided will already be filled in.

Registration form after posting as a guest
At this point, the user can either fill in the registration form, or use a social sign in method like Facebook or Twitter to create an account. After the account has been created, and validation has been completed if necessary, their post will automatically be made visible just as if they had registered and then posted.
If the user abandons the registration after they've submitted their post, an email will be sent to them to remind them to complete the registration.

Email reminding user to finish registering
 
Some Notes
Invision Community already has a feature that allows guests to post as guests without registration if granted permission. That feature has not been removed and so if you already allow guests to post, the behaviour will not change. This new feature is only available when a guest can't post in a given area, but a member would be able to. The entire feature can also be turned off if undesired. If the area the guest is posting in requires moderator approval, or newly registered members require approval of new posts, the post will enter the moderation queue as normal once their account has been created. Third party applications will require minor updates to support this feature. Once your casual visitor has invested time in your community by crafting a post, they are much more likely to finish the registration to get it posted. If you have set up external log in methods, then registration only takes a few more clicks.
This blog is part of our series introducing new features for Invision Community 4.4.

Yet again, Joel hijacks our company blog for another generous slice of knowledge from the front-lines of administrating a successful community.
Inspired by Invision Community client @Joey_M who discovered the emoji of serendipity and chief architect @Matt who literally knows everything about Invision Community in ACP Tips and Tricks, they both made me realize there’s always something to learn no matter your level of experience. 
You know how to post.  You know how to react.  You sometimes spice it up and make a poll.  And for the most part, you and your users go about your forum lives with a secure sense of certainty and satisfaction that you know how to interact with your community.
But what if I told you there’s a whole world of wonder at your fingertips, young grasshopper?  Your Invision Community includes stars to navigate by; magical pictures that appear and disappear; and little yellow men who giggle, laugh, and sometimes roll over in delight. 
Here are 5 hidden tips to help you discover a little more of the IPS magic for you and your users.  

How do you know what you don’t know?
1. Click-and-hold
Be sure to dazzle your users with this secret way of changing your content title.  Change titles of your content items such as topic titles, album titles, and download files by using the click-and-hold strategy. Go to your forums and click-and-hold down the mouse over any topic title until you see that you’re able to edit the title.  Surprise! Use this secret strategy as the perfect way to quickly mass edit titles.

Click-and-impress your users with the click-and-hold strategy
2. Stars and Dots
Active forum users jump around dozens of boards every day to stay involved.  And within a loooong topic with many pages, you need a fast way to jump to the most recent unread topic.  Before each topic is an icon: either a dot or a star.  Clicking these icons will always jump you to the latest unread post, so you can quickly dive back into the conversation.  Dot means unread; Star means you participated in the topic.

My forum icon constellation tells me that I’m most compatible with a Capricorn.
3. Emoji Short-codes
One of the newest features to be included in Invision Community is emojis.  While there are ways to insert emojis from both mobile keyboards and the editor, you can also start typing “:thumbs up:” to reveal the secret emoji menu.  Try it now in the comments of this article. Last person to give me an emoji thumbs up wins! 

Be a 💯 with 🙂 
4. Image Attachments
Forum posts come alive with image attachments that add color and vibrancy. But adding thumbnails to the bottom of your posts is a missed opportunity to enrich your post at the appropriate spots within the post.  After you upload an image attachment to a forum post, double-click on the image attachment.  You’ll be presented with a secret menu with options to align and resize, so you can create stunning forum posts with images.

Much color. Much alignment. So much wow.
5. Profile Banners
Banners play a prominent part in multiple parts of the community, such as the Calendar, Profile, Clubs, and Blogs.  But usually the page only displays a portion of the banner, and most of the banner is hidden.  If you ever want to see the full banner in all of its glory, click near the top of the banner to auto-magically reveal everything!  Now you see, now you don’t.  

The iceberg is a metaphor
How many of these five secret tips did you know?
If you knew all five, give yourself a round of applause!  It’s rare for even the most seasoned Invision Community administrator to know all five, and you’ve mastered them all.
Did you know four?  Congrats, you’ve done a great job of exploring your community suite and you should keep it up.
Did you know three or less?  You should do some serious soul searching. Kidding. 
But it’s a definite sign that your soul would benefit from reading Invision Community News for more useful tips.  
Becoming a great community manager is a combination of community strategy and product knowledge.  By empowering yourself with more functional knowledge and tools, you’re giving yourself the ability to leverage a bigger toolkit.  Whether you’re typing emoji short-codes to laugh with your members or inserting attachments into a tutorial on hidden tips for your community, I hope you learned something new, something surprising, and something perhaps even a little wonderful. 
Let us know in the comments below what hidden tip surprised you the most.     

Do you recall that scene in Harry Potter where young Harry is sitting in his Uncle’s living room when hundreds of letters from Hogwarts burst through the fireplace, filling the room?
Sometimes, when you log into the administrator’s control panel, it can feel a bit like that.
As the administration control panel has evolved, there has been more of a need to display notifications, alerts and warnings to the administrators.
There are several things which may require an administrator's attention which may show a notice on the AdminCP dashboard, a banner on the community, or send an email. For example:
When a new version of Invision Community is released. A new member registers and requires administrator validation. A configuration issue is detected, for example if dangerous PHP functions are enabled on the server. There are items Commerce which require manual action, such as transactions pending manual approval or items to be shipped. Up until now, each such area would manage how these notifications show and are sent independently. In 4.4 we have introduced a new section of the AdminCP which shows all things which require administrator attention in one place, easily accessible from any AdminCP page.

AdminCP Notification Menu
Clicking on any of these notifications will take you to the relevant area of the AdminCP, or there is also a full-screen Notification Center which allows you to quickly take common actions such as approving members.

AdminCP Notification Center
While the best approach is to take the appropriate action (which will automatically dismiss the notification) so you always have an empty Notification Center, most notification types can be hidden, either temporarily on a per-notification basis by clicking the cross in the top-right, or administrators can hide all notifications of a certain type from their individual settings. Administrators can also choose which type of notifications to receive an email notification about.

Notification Settings
Each notification has a severity indicated by the coloured bar on the side and certain notifications can also show banners either across the AdminCP, or also on the front-end (to administrators).
Notifications group automatically (so for example, if there are 5 members pending approval, you will see 1 notification rather than 5 separate ones) and where appropriate each administrator can choose if they want to receive a single email, or a separate email with each occurrence.
Now you won't miss an invitation to Hogwarts, or anything important again.
This is a blog about our upcoming Invision Community 4.4 release, due later this year.

Unless you've been living under a rock, or forgot to opt-in to the memo, GDPR is just around the corner.
Last week we wrote a blog answering your questions on becoming GDPR compliant with Invision Community.
We took away a few good points from that discussion and have the following updates coming up for Invision Community 4.3.3 due early next week.
Downloading Personal Data
Invision Community already has a method of downloading member data via the member export feature that produces a CSV.
However, we wanted Invision Community to be more helpful, so we've added a feature that downloads personal data (such as name, email address, known IP addresses, known devices, opt in details and customer data from Nexus if you're using that) in a handy XML format which is very portable and machine readable.
 

You can access this feature via the ACP member view
The download itself is in a standard XML format.

A sample export
Pruning IP Addresses
While there is much debate about whether IP addresses are personal information or not, a good number of our customers requested a way to remove IP addresses from older content.
There are legitimate reasons to store IP addresses for purchase transactions (so fraud can be detected), for security logs (to prevent hackers gaining access) and to prevent spammers registering. However, under the bullet point of not storing information for longer than is required, we have added this feature to remove IP addresses from posted content (reviews, comments, posts, personal messages, etc) after a threshold.

The default is 'Never', so don't worry. Post upgrade you won't see IP addresses removed unless you enter a value.

This new setting is under Posting
Deleting Members
Invision Community has always had a way to delete a member and retain their content under a "Guest" name.
We've cleaned this up in 4.3.3. When you delete a member, but want to retain their content, you are offered an option to anonymise this. Choosing this option attributes all posted content to 'Guest' and removes any stored IP addresses.

Deleting a member
Privacy Policy
We've added a neat little feature to automatically list third parties you use on your privacy policy. If you enable Google Analytics, or Facebook Pixel, etc, these are added for you.

The new setting

 
Finding Settings Easily
To make life a little easier, we've added "GDPR" as a live search keyword for the ACP. Simply tap that into the large search bar and Invision Community will list the relevant settings you may want to change.

 
These changes show our ongoing commitment to helping you with your GDPR compliance. We'll be watching how GDPR in practise unfolds next month and will continue to adapt where required.

Invision Community 4.3.3 is due out early next week.

We have a very important announcement to make!
There are times where you need to get the attention of your visitors. You might be closed on certain days of the year, performing server maintenance (if you are consider our Cloud Plans, they're excellent) or running a competition.
Invision Community has always had an announcements feature baked in, but we felt it could be improved.
Okay, maybe this feature isn't as flashy as some of the others we're introducing in 4.3, but these useful features should make managing your community easier.
The new look announcement feature replaces the old widgets enabling you to display customisable announcements in any of the following locations;
Top of the page Above the page content In the sidebar
The three new announcement locations
Each location has some slightly different features; the page top banner is dismissible by the member if they no longer want to see it, whereas the banner above the content and the sidebar announcements cannot be dismissed.
Most of the original customisable features are still available, including the ability to select which applications and pages show certain announcements and which member groups can see them. Combining this with the three new locations gives you much more flexibility for different types of announcements and we've also included the option to customise the color of the announcement.

New customisable options
 
The announcements have also been improved to contain more information. Rather than showing an unformatted snippet along side the title, announcements can now be tapped to open a modal showing any further details.

Modal showing announcement content
We hope you'll enjoy these useful improvements in Invision Community 4.3. Stay tuned for further announcements (pun intended)!

We are happy to announce the new Invision Community 4.3 is available!
Some highlights in Invision Community 4.3 include...
Improved Search
We now support Elasticsearch for scalable and accurate searching that MySQL alone cannot provided. There are also enhancements to the overall search interfaces based on your feedback.

 
Emoji
Express yourself with native emoji support in all editors. You can also keep your custom emoticons as you have now.

 
Member Management
The AdminCP interface to manage your members is all new allowing you easier control and management of your membership.

 
Automatic Community Moderation
You as the administrator set up rules to define how many unique member reports a piece of content needs to receive before it's automatically hidden from view and moderators notified.

 
Clubs
The new Clubs feature has been a huge hit with Invision Community users and we are expanding it to include invite-only options, notifications, exposure on the main community pages, paid memberships, and more.
Custom Email Footers
Your community generates a lot of email and you can now include dynamic content in the footer to help drive engagement and content discovery. 
New Gallery Interface
We have reworked our Gallery system with a simplified upload process and more streamlined image viewing.
 
The full list follows. Enjoy!
Content Discovery
We now support Elasticsearch which is a search utility that allows for much faster and more reliable searching. The REST API now supports search functions. Both MySQL and Elasticsearch have new settings for the admin to use to set search-defaults and default content weighting to better customize search logic to your community. Visitors can now search for Content Pages and Commerce Products. When entering a search term, members now see a more clear interface so they know what areas they are searching in and the method of search. Member Engagement
Commerce can now send a customizable account welcome email after checkout. You can whitelist emails in the spam service to stop false-positives. REST API has many enhancements to mange members. Ability to join any OAuth service for login management. Invision Community can now be an OAuth endpoint. Wordpress OAuth login method built in. Support for Google's Invisible ReCaptcha. Groups can be excluded from Leaderboard (such as admins or bot groups). All emails generated by Invision Community can now contain admin-defined extra promotional text in the footer such as Our Picks, and Social Links. Admins can now define the order of Complete Your Profile to better control user experience. Clubs
Option to make a Club visible but invite-only Admins can set an option so any Club a member is part of will also show in the parent application. So if you are in a Club that has a Gallery tab then those image will show both in the Club and in the main Gallery section of the community. Club members can now follow an entire Club rather than just each content section. There is a new option on the Club directory page for a list view which is useful for communities with many Clubs. If you have Commerce you can now enable paid memberships to Clubs. Admins can set limits on number of Clubs per group. If a group has delete permission in their Club, they can now delete empty containers as well. Members can ignore invitations. Moderation and Administration
Unrestricted moderator or administrator permission sets in the AdminCP are visually flagged. This prevents administrator confusion when they cannot do something as they will be able to quickly see if their account has restrictions. You can choose to be notified with a new Club is created. Moderators can now reply to any content item with a hidden reply. Download screenshot/watermarks can now be rebuilt if you change settings. Support for Facebook Pixel to easily track visitors. Moderators can now delete Gallery albums. Automatic moderation tools with rules to define when content should auto-hide based on user reports. Totally new member management view in AdminCP. More areas are mass-selectable like comments and AdminCP functions for easier management. New Features
Commerce now has full Stripe support including fraud tools, Apple Pay, and other Stripe features. Commerce packages can now have various custom email events configured (expiring soon, purchased, expired). Full Emojii support in the editor. Complete overhaul of the Gallery upload and image views. Announcements system overhaul. Now global on all pages (not via widget) and new modes including dismissible announcements and top-header floating bar option. Many new reports on traffic and engagement in the AdminCP. Blog has new view modes to offer options for a traditional site blog or a community multi-member blog platform. The content-starter can now leave one reply to Reviews on their item. Commerce now makes it much easier to do basic account-subscriptions when there is no product attached. Useful Improvements
Forums has a new widget where you can filter by tags. If tags are not required, the tag input box now indicates this so the member knows they do not have to put in tags. Member cover photos can now be clicked to see the full image. Any item with a poll now has a symbol on the list view. Twitch.tv embed support. You can now update/overwrite media in the Pages Media Manager. Mapbox as an additional map provider to Google Maps. Technical Changes
Direct support for Sparkpost has been removed. Anyone currently using Sparkpost will automatically have their settings converted to the Sparkpost SMTP mode so your email will still work. Your cache engines (like Redis) will be checked on upgrade and in the support tool to ensure they are reachable. Third-party applications will now be visually labeled to distinguish them from Invision Community official applications. The queued tasks list in the AdminCP is now collapsed by default as queued tasks are not something people need to pay much attention to during normal operations. When upgrading from version 3 series you must convert your database to UTF8 and the system saves your original data in tables prefixed with orig. The AdminCP now alerts you these are still present and allows you to remove them to reclaim storage space. On new installs there are now reasonable defaults for upload limits to keep people from eating up storage space. Categories in all apps (forums, gallery albums, databases, etc.) no longer allow HTML in their titles. This has been a concern both in terms of security and usability so we were forced to restrict it. Large improvements to the Redis cache engine including use for sessions. The login with HTTPS option has been removed and those who were using it will be given instructions to convert their entire community to HTTPS. Images loaded through the proxy system now honor image limits for normal uploads. We now consider BBCode deprecated. We are not removing support but will not fix any future issues that may come up.
 
There's a lot to talk about here so we are going to lock this entry to comments so things do not get confusing. Feel free to comment on upcoming feature-specific entries or start a topic in our Feedback forum.
 

An enterprise customer recently asked us how to have a different feed block for each of their forums. Their goal was to have each forum show a 'popular topics' block containing topics only from that particular forum. Unfortunately this isn't possible using the standard block manager right now, since each view is treated as one configuration. That means that any blocks added to forum view will show for all forums.
However, as usual in IPS4, some of the more advanced power under the hood does allow you to achieve the same goal - in this case, by using HTML Logic. This technique uses a similar idea to the one I outlined in the Dynamic-ish Forum Feeds blog in May.
 
Creating conditional blocks
The way we would implement this functionality is by creating a custom block that is simply a wrapper for other blocks. This wrapper block will contain HTML Logic that determines which feed block to show, based on some information about the current page.
The first step would be to create standard feed blocks for each of the forums to which this should apply. In our example we're creating 'popular topics' blocks, but it could be anything you wish - the principle will remain the same. Another idea would be to create a 'Topics from other forums' block for each of your forums, whereby in the block configuration, you set it to include topics from all forums except the one in which it will be displayed - a good way of cross-promoting your topics.
In order to include the blocks later, set the template key of each to be forum_x, where x is the ID of the forum in which you will display the block.
 
Once we've created a block for each forum, the next step is to create our wrapper block, which should be a custom block set to use Manual HTML, with the following code:
{{if request.app == 'forums' && request.module == 'forums'}} {{$id = \IPS\Request::i()->id;}} {block="forum_{$id}"} {{endif}} What's happening here is we're checking the app and module from the page URL are both 'forums', which indicates we're in forum view. We then use the {block} tag to insert the appropriate block based on the ID parameter from the URL.
To use this block, simply save it, then using the Block Manager on the front-end, drag it into the desired location in your forum view.
I hope this quick suggestion gives you some ideas for other ways to create blocks that show contextually depending on what the user is viewing. If you have ideas for interesting ways to use this technique, share them in the comments!

HTML Logic is our name for the additional tags available in IPS4's templates that allow runtime logic to be executed. It comprises if/then/else statements as well as loops and more.
Since HTML Logic has access to all of the underlying PHP framework in IPS4, it's very powerful and a lot can be achieved with it. One common use is to limit certain content within a template to particular member groups. Let's see how that might be done.
 
Showing or hiding content only to guests
We'll first look at a simpler idea: showing or hiding content specifically to guests (i.e. anyone who isn't logged in). Within IPS4, the \IPS\Member::loggedIn() object contains information about the current user. Guests always have a member_id of NULL (i.e. no value), so we can simply check that value in our logic tag:
{{if \IPS\Member::loggedIn()->member_id === NULL}} This content *only* shows to guests, since they have a NULL member_id. {{endif}} {{if \IPS\Member::loggedIn()->member_id}} This content *only* shows to logged-in users since their member_id is a number, which will equal true. {{endif}}  
Showing content only to specific groups
Let's go a bit further and this time show content to specific (primary) member groups. First, you need to get the IDs for the group(s) you want to deal with. You can find this by editing the group in the AdminCP, and making a note of the id parameter in the URL. On my installation, the Administrator group is ID 4 so we'll use that in our example.
Once again, we're using the \IPS\Member::loggedIn() object, but this time we're using the member_group_id property.
{{if \IPS\Member::loggedIn()->member_group_id === 4}} This content only shows to members in the "Administrators" group (ID 4 in our example) {{endif}}  
Working with multiple groups at once
Following the code above, you could simply repeat the check against \IPS\Member::loggedIn()->member_group_id several times, for each ID you want to allow. However, since our templates allow arbitrary PHP expressions to be used, there's a neater way: use an array of member group IDs you want to allow, and check against that using PHP's in_array function. Here's an example where we only show content to group IDs 2, 4 and 6:
{{if in_array( \IPS\Member::loggedIn()->member_group_id, array( 2, 4, 6 ) )}} This content only shows to members in groups with the ID 2, 4 or 6. {{endif}}  
Have a request for a theme tip? Let us know in the comments and we'll try and help out in a future tip!