CoffeeCake

31 minutes ago, Ocean West said:

There is no way that any one who is a member with thousands of posts is a spammer, therefore this feature should have an exclusion list of groups.

I like this, but I also think it should have a content count basis as well. The issue is the restoration effort in case of mistake. Your approach would work for us too, yet our promotions have time involved as well, so someone brand new could theoretically post 200 times.

I think that's a interim workaround is that moderators would need to go to the user's activity and select their posts from there for deletion, however if it's group based, it may involve moving them into the "can delete spam" first as a safety mechanism.

Maybe we'll spin this up and put it on the marketplace to be able to see whatever is in the secret forums that seem to be full of good information for developers that don't offer things here.

On 9/3/2020 at 11:25 AM, Adriano Faria said:

https://invisioncommunity.com/forums/topic/457797-protecting-the-acp-controllers/

What do I need to do to get access to this forum?

2 hours ago, jaeitee said:

+1 curious about this as well.  Is anyone currently using it on 4.5 and have you experienced any issues?

I reached out to @stoo2000 via his support ticket system and he stated that the functionality should work in 4.5 if upgrading from 4.4, however that the ACP interface would return a CSRF error until upgraded (so, no access to settings/reports/etc.). He committed that a 4.5 upgrade is in the works, and that one of the challenges is that this application modified the core_members table.

4.5 coding standards are being more rigorously enforced, so that data will need to be migrated into application specific tables.

2 hours ago, bfarber said:

There is a technical challenge to implement this (it's honestly the same reason we don't have group-based advertisements in emails right now). For something like Sendgrid, we compile the email and use replacement variables to swap out the email variables (username, etc.). We do this per-language right now, but we'd have to start doing it per-language per-group in order to implement per-group options within emails.

I think this would be a welcome change and should be considered for your backlog for future improvement. Generally considering the segregation of user levels and user preferences is probably a good idea for new features and enhancements. There's probably always a use case for "this special group of people should be able to get something different and/or choose to get something different."

4 hours ago, Askancy said:

I pose another conundrum, If I purchase your Steam Profile Integration resource, and you decided not to renew the license anymore, I lose the ability to install it since it disappears from the marketplace and I don't have any files locally? 

Sincerely the file local allows me to analyze the code and implement an IP.board resource with my site in Laravel, just like I did as Custom Links, now everything turns out more machinous. 

This is it in a nutshell. Those of us with significant investments and commitments in ongoing support of our communities understand that it is wholly unwise to leave ourselves at the mercy of individuals who may or may not continue supporting something critical, or continue maintaining an active license, or to assume that they have plans in place should they, for whatever reason, no longer be able to continue developing their resource.

We have historically looked at marketplace offerings as springboards that help us minimize our resources on getting new, needed functionality, yet with the understanding that anytime we add things to our installation, we now own the responsibility to ensure that we can take over continued support and development should the original developer no longer be available. In our plans for 4.4 to 4.5 migration, we've had to do this very thing and recreate functionality for marketplace purchases that are simply not being updated or where the developer has since left the building. Having access to those 4.4 files that we had previously stored in our code repositories made this compatibility task easier for our developers. Having dependencies like a need to integrate IPS extensions with Laravel or other frameworks or platforms is exactly the sort of thing that helps define how you should consider what and how you add things to IPS.

As I've shared before, we have found Not Good Things(tm) in the past from the resources we've downloaded, and have purchased resources only to find that the developer's implementation did not meet best practice guidelines and/or took steps that would put our community at risk by installing. That knowledge comes from having our developers audit those resources, install them in local development environments, and through our identifying and anticipating problems before they become incidents. The IPS folks here doing their absolute best to audit new resources should be commended for their efforts and talents, and it's great that they're increasing that effort. Yet it is fool hearty to think that they, or any small group of developers, would be well positioned to test for conflicts with a seemingly infinite number of configurations, back end systems, dependencies, and resources, and would not make errors in judgement or mistakes. We are all, after all, human.

Hobbyists and up and coming communities aren't worried about this. IPS' core market isn't worried about this. IPS sees this as a fringe case, where the benefits of turning off the ability to extract files from Marketplace in a downloadable format outweigh the incentives to turn it off. I understand their approach, and the business reasons for doing so.

Yet that understanding comes with the knowledge that the Marketplace we had in 4.4 is no more, and instead has been converted to some sort of imagined "Applesque" app store that caters to the lowest common denominator and that no longer meets the needs of customers like ourselves. If the equivalent of Steam Integration stops working for the local book club's forum, oh well. They'll survive and adapt. That's okay, and the change works for the people that comprise the core customer here. If integrating with Steam is the core of your community, you don't want to find yourself in that position.

It would have been nice to have had that shift in strategy and functionality communicated to us in some capacity in advance instead of finding out about it by surprise so we could have planned and anticipated for increases in budgeting for development time. When you consider simple things like IPS not maintaining a transparent versioning system, and instead favoring nebulous patches that only appear if you think to click the "something's wrong" button, we should remain cognizant that the focus of IPS right now seems to be on CIC and building their SaaS model and making things look as stable, magical, and seamless as possible for that market. From that vantage point, this all makes sense.

If your goal is to expand upon what others make available, or to maintain a solid operational continuity plan, or to understand what you're adding onto your installation, the understanding that purchasing something from 4.5's Marketplace is akin to "it will attempt to install and does whatever it does right now and that's your only guarantee, no looking under the hood, trust us, good luck in the future, not our problem" is something that should most definitely be informing how you use IPS' Marketplace.

Communities that are worried about these things would be wise to purchase resources directly from developers or create their own and bypass the new marketplace entirely, ensuring that they have the tools to pickup where that developer left off should the developer no longer be able to provide needed updates, stop renewing their license, become incapacitated in some way, or just have new interests.

I'd say it's a bug that it's not visible on mobile.

12 minutes ago, jaeitee said:

Once you hit that limit you can forget about emails going out to existing members, and new members can't signup.

Exceeding sendgrid's limits are what made us default all email to off and have members opt in again explicitly following our move to IPS.

We would hit the monthly limit halfway through the month and then no emails until the first.

1 hour ago, BankFodder said:

Sorry. What do you mean by this?

This would have been better implemented at the user group level.

So, folks with a subscription or moderators or some other group of users get the full email while others get the truncated version.

1 hour ago, John T Davis said:

I can't honestly remember if it was a setting I turned off way back on 4.1 that got re-enabled, or if it's something new, but it seems to have fixed the problem.

This is new to 4.5, and should live as a group setting.

19 minutes ago, Drewfus said:

ok think I found it so what if I wanted to put a signup or login in instead of login or existing user login not sure what I would put there for a signup form.

 

To add a sign up button, you would want to edit the template for the error page itself and not the language string. You can edit templates within the theme via the ACP.

Alternatively, you could rename the login button to something like "Log in / Sign up" by editing the language string used there.

8 hours ago, BankFodder said:

it won't install manually because it is bigger than 2 MB

No idea about your plugin issue, yet the upload size issue is probably a limitation set in PHP.

Check your php.ini config for post_max_size and upload_max_size values and increase them as needed. Restart of php/web services will likely be required for the setting change to take effect.

Just now, ahc said:

You misinterpreted.  These are definitely not legitimate marketplaces and just rip all of the content here and offer it for free.  

Oh, my mistake. Yes, not looking for that.

1 minute ago, ahc said:

There are currently 3 websites at the top of google that always have the latest marketplace items and update their content almost as quickly as it gets uploaded here.

I had no idea there were alternative sites upon which IPS plugins and applications were sold, and my quick attempt at google fu netted no results that looked legitimate.

Are developers here in the habit of selling their modifications on other marketplaces that do not have the restriction of having to be installed via ACP? This would entirely resolve the issue for us, as we could continue our development practices and due diligence.

This is built in behavior.

As @Meddysong linked to, scroll down to the section on Announcements in the Mod CP guide. The floating bar option you see here now for the Labor Day holiday closure announcement is the "floating bar on top of page" option under the option that selects where the announcement should appear.

1 hour ago, Eudemon said:

removing existing item from marketplace listing if dev's license expire

Not sure about now, but prior to 4.5, if the submitter's license expired, the product would show that it was no longer available for purchase.

5 minutes ago, James101 said:

Hopefully IPB figures some way out to fix it automatically.

Open a post in the feedback/ideas forum. That seems to be the way they accept feature requests. 🙂

Another nice add would be to be able to only apply the "hide all/delete all" automatically when the affected number of content is less than some configured value. Auto hide anyone with 10 posts or less, but require a moderator to intentionally delete/hide posts for numbers larger than that.

22 minutes ago, James101 said:

However, when unflagging the user as spammer the topics/posts are still hidden and need to be manually approved again.

This is the expected behavior, but it would be nice to have the option to restore what was done.

You can configure what flag as spammer does in the ACP and make the delete or hide option be an additional step for the moderator to help guard against this.

I don't believe there's any way at present to report back to IPS' spam service that the person you flagged as a spammer is no longer a spammer.

3 hours ago, ahc said:

All of a sudden I was locked out of things I had just paid for or renewed. I sent in a ticket and was told that this was always the intended behavior and that if I had access to purchase, renew, and download files before with an inactive license, it was in error.

This is absurd.

It seems you're trying to make a copy of your production site to test with.

To restore a copy of your IPS install, you need both the database and filesystem, as well as any other dependencies (elasticsearch, Amazon S3, etc.).

This (or something similar) required a fix in 4.4 via custom css code:

https://invisioncommunity.com/forums/topic/443872-google-adsense-auto-ads/?do=findComment&comment=2769312

Not sure if the solution there needs to be modified with all of 4.5's theme changes.

2 hours ago, CodingJungle said:

flag for the hook system that says "upgrade in process, do not use these hooks"

+1. Very interesting use case. Hopefully this makes it into the testing plans of the IPS third-party app reviewers.

We have the exact same setup and did not run into this error. I'd recommend creating a support request and making sure your test license is installed properly, as well as that your test URL is reflected in the client area correctly.

Edit: Though, in retrospect, we haven't done a 4.4.10 to 4.5.1 upgrade test yet. Our test environment was linked to Marketplace in the previous beta release. I suppose something may have broken in the beta versions in-between from when we did our login/onboarding.

5 hours ago, Stuart Silvester said:

it will always use live data to determine if an update is available.

This is better™️

4 hours ago, haqzore said:

This is good, but if that's the case they should have a "check for updates" button on the plugins page too (imo) 

I think it checks for updates for Themes from marketplace as well? But... I've never downloaded a theme from the marketplace, so not sure. There's one task that checks for updates, and it's correct that the only place a button presently appears in 4.5 is in the Applications page. The task runs daily as part of the scheduled system tasks (System > Tasks > "updateCheck"). The button is a shortcut to run that task on demand.

1 hour ago, nigeld27 said:

Does anyone know what causes this error? Could you tell me how to get past it please?

Check out this explainer: