CoffeeCake

I just tested it and can confirm. To replicate: Click on your display name on the upper right (assuming on desktop), and click "Sign Out" Verify you are now at the IPS homepage, and see "Existing user? Sign in" Click the Existing User? Sign In link and choose "Sign in with Email" You are now logged in. You typed no username, no e-mail, no password. I think there's a basic expectation that when you click Sign Out, you will not be able to sign back in without providing a credential of some sort. I have no social network accounts linked to my account here. I'd put this in the vulnerability category.

Yes. It took me a very long time as a new customer to figure out that you could even search Marketplace entries. We don't use Downloads, so I had no idea what that was. Additionally, when you're on the Marketplace landing page, and you see the search in the header, you would expect that your search results would assume "Search here in the place that I am." But they do not. So, in Marketplace, you think... hey, I need an application that addresses my want of an integration with Wordpress. So you type in Wordpress, and the default selection is "Everywhere" and you get 2,800 results, not landing on anything Marketplace related until (as of right now) the very last entry on page one of search results: https://invisioncommunity.com/search/?q=Wordpress&quick=1 As an admin, I think it would be nice to have a "default search context" option that on a per community basis could make the default search in certain applications include only that application's results. So here, when looking at Marketplace, the search box chooses "Downloads" (appropriately renamed Marketplace) and instead of the first relevant result being at the bottom, I see the 20 results that really what I'm likely looking from when I'm at that page: https://invisioncommunity.com/search/?&q=Wordpress&type=downloads_file&search_and_or=or&sortby=relevancy As a new customer, I resorted to navigating each of the categories and trying to find something. I did not have positive happy feelings doing this. I would even try going to a developer's profile, see that they had X number of files, but having no link to see what those files were. I remember having an "ah-ha" moment when I finally realized that I could just search by Downloads. I think this might inform the request of the thread, or add to its consideration from a UX perspective. So, in closing, maybe on my community, I want searches on the pages section to default to a set selection of database entries and pages and exclude forums when you're on a pages page. Someone else's community might want it to work exactly like it does now. I think an option, at the application level, to define the search parameter defaults, would be a useful addition.

Merging threads will retain a time-based post order from oldest to newest. The thread you merge into will be the URL retained, however the post order will respect the timestamp of each post. Whichever post is the oldest of all merged threads will be the first post in the resulting thread by design, no matter how you merge them. I believe there is a plugin in Marketplace that will let you change the timestamp of a post. That may be what you're looking for.

Additional points that were super confusing to a new person in this community involving Marketplace and search. I think this may be what @MEVi is running into: Use the term "Marketplace" everywhere. It's great that IPS uses their own product, but it's completely lost on a new person that "Marketplace" is "Downloads." ACP > Translate those strings, so that when I'm doing a search my brain doesn't have to think, no wait.. downloads. In Marketplace, when performing a search, the search box doesn't default to Marketplace results. This is counterintuitive. Might be a nice feature to provide an administrator option to have quicksearch prioritize the context in which it is called from. If you're in gallery, then search gallery only by default unless specified, or offer a radio box in the drop down upon typing (not the full list when you hit the magnifying glass icon) to quickly choose current context or all, i.e.: [x] Gallery [ ] Entire Community [more...] Provide a place for me to send invoices for all these valuable tips. 😁

Oh that's interesting. So, if you've linked a social network account to your account you can't log out of an IPS community without logging out of your social network account as well?

That just sounds broken.

From an end-user perspective, the distinction between the two is a bit confusing. I've struggled with it myself posting. It's not entirely clear that there will be a difference in result in using the "quote selection" popup vs. copying and pasting into a quote. vs. In fact, sometimes it's easier in a longer thread to go copy and paste bits. Might this be better served in your use case, @Colonel_mortis by adding a custom button to the toolbar that handles these quotes from external sources? Or, a toggle when inserting the quote that allows you to choose between internal/external (or, heck, a built in citation). I'd love the ability to quote, with a built in link to the original source (nytimes.com/article/etc.html) as you can currently link back to the original post.

What is your involvement after they take over? Are you being compensated? Moving on to other things? Is this work for hire? It seems like the decisions made by the people taking over for you, no matter how awfully ill-informed they may be, are not your problems to worry about. I've been in a position where people who are used to using hammers insist on smacking screws with them no matter what. If they're thinking Wordpress is interchangeable with IPS, leave them to it. Put your recommendation in writing, tell them why IPS is a better model and leave them to it. Good luck with Wordpress!

Hmm... I'm not understanding. I don't think you can do what you're wanting to do. Either forums is the default app at the root of your subdomain, or it resides at some subdirectory. You can change it from /forums to something else by modifying the furl.json file in the forums application directory.

Yes, with a tie in on the warning system. This is a far better first step over moderating content.

Glad to hear you're up to date, that the temporary hiccups have been overcome, and that you were able to resolve things. I didn't realize until just now that this thread had been resurrected from Christmas day and that @Joel R was digging into the archives. I'm all for a constants.php setting called \define('I_HEREBY_KNOWINGLY_BREAK_THE_WARRANTY_STICKER_AND_PROMISE_I_WILL_BE_COMPLETELY_AT_BLAME_FOR_DISABLING_UPDATE_NOTIFICATIONS_ITS_NOT_IPS_FAULT_PINKY_PROMISE', true);

Personally, and this is just my opinion on the matter, security fixes should be provided for a given version within a contractually agreed period of time that is unlinked from having access to continued improvements and bug fixes. With each released version, an end of life date should be provided where we all know when security fixes will be abandoned for a particular version. I completely understand not getting the benefit of continued development and new features, or fixing or improving upon things without an active license, but holding security fixes hostage behind a support contract is on the lower end of the ethical spectrum of things. Can you open a gofundme and would IPS be okay with you linking that here?

Absolutely understandable, Morrigan. I've been in a similar position before and had to do what I would have considered unthinkable and take a community offline because we were simply not able to pay the bills, and I was simultaneously coupled with horrific personal tragedies. I completely empathize with the difficult position you are in, and while I could never stand in your shoes, I wish I had the ability to solve the much larger issues for you that have nothing to do with this software. Last week, there was an active, coordinated attack on our community attempting to exploit previously patched vulnerabilities. My suggestion is not that somehow money will fall out of the sky, but rather that what seems like the appropriate course of action (don't show security notifications if my license is expired), may actually be an indicator that there may be other avenues to consider. Your family obviously comes first. Let your members know where things stand (you don't need to fully disclose things, but just that personal circumstances have put the community in this unfortunate position), and ask if they can chip in with donations with a goal to cover your costs to stay updated. Consider passing the reigns to someone else permanently or temporarily until you're in a better place, or let folks know it's time to move on and shut the community down. There are a few other RPG communities that have been asking questions here in the past week--maybe they'd be willing to take in your community and give it a home, or partner with you in some creative way. I'd strongly encourage you to not risk something worse by leaving things unpatched and ending up with something landing somewhere between increasing your hosting costs by having your servers compromised, to having your members' personal information compromised, to having your site's reputation tarnished.

I think you can fix this by setting Forums as the default app in the ACP under applications. I think?

This was an issue from the 4.4 to 4.5 upgrade, though not do to licensing costs. We had to wait until we had addressed a number of blocking issues before performing the update, yet the reminder was up there the whole time in full force. If a change is made, it should be something a bit more involved than clicking a link. I'd hate to accidentally click the "SHH" button out of force of habit or half awake. Whatever it is should require another shh push should another update be made available. "Ignore this particular update" is as far as that should go, and extra alertiness/ignoring this is at your own peril when it's a security issue should be in place. Or, please provide a value for constants.php that makes sure those who would like to be notified everywhere of a security issue can continue to opt in for that. I'd suggest considering the ramifications of an additional hardship of having your community exploited through a known security vulnerability whose alert you did not receive for a lapse in license, or whose alert you disabled entirely. From my perspective, and my perspective alone, that would be a far greater hardship than being faced with a notification. I could easily imagine someone coming here very upset (personal hardships aside) that they weren't notified about an important security issue, now are faced with the aftermath of having their community impacted by a known security issue, and saying that they would have found a way to renew or have disabled their community entirely had they known the impact. The fallout from something like that may be far more expensive in direct and indirect ways than the cost of renewal. If it's just the front-end notification you'd like removed, you can do so with a one line custom CSS, setting display: none to the notification div.

Don't do this via phpMyAdmin. Connect to your MySQL server via SSH (the mysql command) and perform the operation there. Do not export and reimport the data to Notepad++. Back up everything twice before you start. That way, when you forget or ignore the suggestion to back things up the first time, you have your second warning to fall back on. 😁 You can see all impacted posts and preview the change by running a SELECT statement with a conditional that matches your replace. For example: SELECT `post`, REPLACE(`post`,'http://wrongDomain.com/','http://correctDomain.com/') AS `expectedresult` FROM `forums_posts` WHERE `post` LIKE '%http://wrongDomain.com/%';

Agree entirely. As a general rule, anytime something is suggested to be added, it should come with permissions, and an "off-by-default" setting. At no time should some feature someone else finds useful change the behavior for all others. IPS shouldn't be in the business of making decisions about how we run our communities. They should strive for a platform that gets as many of us as close to our goals as possible, and with toolsets that can be turned on and off in a considered fashion. There are all sorts of features available in IPS that if turned on for our community would be horrid mistakes, that may be core functionality and super important to another community. We have entire swathes of the suite disabled that I bet many would be surprised about that even severely limit moderators and administrators from accessing core functionality. We should shy away from "oh no this feature you're requesting, other community admin, would be horrible for my site, so it's a terrible idea, go away." Instead, I like to think about the ideas people have and how they may be developed into broader ideas from their specific use case. Jordan needs a kindness plugin, but a community talking about financial securities might need a "currencies plugin" and a community talking about pornography might need a "no sharpies plugin," etc. Backing up from this idea, I see a good case for something complementary to the post moderation at the thread level introduced in 4.5. It's just another tool in the toolbelt, that can be turned off and locked up for safe keeping if not applicable to you and yours.

Yes, @Davyc post moderation at the thread level is a great new feature, however addresses it at a different point in the posting flow. This call out is for the "you're about to hit submit" part of the funnel. I imagine something similar to the club T&C addition, but for threads/forums outside of clubs. It would be great to have that at the forum level (outside of clubs), but also at the "you're about to post" point of engagement.

Adding a bit more versatility to the idea, we have also considered something like this that for certain things reminds others to carefully consider what they're getting into. We've envisioned this as a popup prior to composing a reply or creating a new thread in a specific forum where a gentle reminder of expectations might do more preventatively than moderation action retroactively. We had something similar in vBulletin where we'd force a preview of the post upon submission with reminders outlined on the screen and asking the member to doublecheck what they've written is appropriate for the area/thread/forum. I like the idea of this at a per thread level (similar to enabling moderation at the thread level), per forum level, and even per user group level. Thread message/Announcement meets interstitial.

Slight warning that @bfarber's suggestion will replace every occurrence of http://wrongDomain.com in every post in every thread and every forum. Any time it's mentioned in the body of a post, or in any part of a link. If you or anyone else have made posts intentionally referencing wrongDomain.com, then this would change those too. Maybe that's not what you want. Only you know. You can add conditions with a WHERE clause to exclude certain posts where the domain should not be changed, etc. If you can, test this on a copy of your community first and make sure things are as you expected afterwards.

You could do it with an UPDATE statement and the REPLACE() function in SQL, but back everything up first and test in your test environment. REPLACE() documentation: https://dev.mysql.com/doc/refman/8.0/en/string-functions.html#function_replace If you need more granularity, look at REGEXP_REPLACE(): https://dev.mysql.com/doc/refman/8.0/en/regexp.html#function_regexp-replace

Oops. Well maybe that's why the link is there and totally broken 😁 I don't see why you couldn't use oauth then. Have one install be the oauth server and the rest the oauth clients.

Yes, take a look at the help guides for IPS Connect. I'd provide a link but it seems the person in charge of maintaining the menu here has never used mobile to try and access things. 🧐

This would be done most easily by modifying your web server's configuration (apache, nginx, etc.) If you use an .htaccess file, you could do it here. This web site uses terms like cPanel and htaccess and may be helpful you get you in the right direction. Replace the extensions they care about with xml and json: https://www.inmotionhosting.com/support/website/htaccess-prevent-filetype/

Depending on your web server, make rules to deny access (404 or 403 errors) the files you don't want served to the public.