sadams101

I reported it...

Yes, I guess before doing that my hope is to get confirmation from someone else that this is a bug. 

I've not upgraded yet, but want to report a possible bug in Pages 4.4.10. If you have an article with two pages of comments, and you land directly on page two with a link like this:

https://www.celiac.com/articles.html/study-shows-worrisome-gut-changes-in-seemingly-healthy-gluten-free-celiac-patients-r5315/?&page=2#comments

or like this:

https://www.celiac.com/articles.html/study-shows-worrisome-gut-changes-in-seemingly-healthy-gluten-free-celiac-patients-r5315/page/2/

using the pagination page 1 button, or the previous of first page buttons do not refresh the visible comments to the page 1 comments. 

This same issue does not affect pages when there are more than 2 pages of comments, for example the pagination works for this:

https://www.celiac.com/articles.html/the-gluten-free-diet-101-a-beginners-guide-to-going-gluten-free-r1640/page/4/

Since I have so many custom plugins and and skin updates, I am just posting this to see if anyone else can verify this as a bug. I have tried turning off all plugins and used the default skin on my site, and this was a bug.

Is there any update for this?

Are we pushing this to the last minute for a reason?

I just got this from Facebook. How will this impact the Facebook login? Will you have this updated in time? Do I need to do anything?

Quote

Graph API v8.0 changes to token requirements     As part of Graph API v8.0, we've made changes to our token requirements. These changes will impact your app, Celiac.com Gluten-Free Forum This is a reminder that these mandatory changes will take effect on October 24, 2020. A client or app token will now be required for querying all picture endpoints, including user pictures through public_profile. Queries without a token will return a generic silhouette as the user picture.   View the full announcement here.

Understood, but I wonder if you could not simply create an "Experimental Settings" tab with ample warnings and detailed descriptions on each setting. I've been running your software for 15 years and still don't understand some of the stuff hidden in init.php. These settings may be helpful to more people if only they could access them.

I understand this, but the question was why not simply make these settings available in the Admin CP? Why do I need to learn about some of these hidden (to 99% of users) settings well over 10 years after running this software?

Also, even when looking at init.php there is no clear explanation for how to implement them. For example I see no directions that tell me that I need to add this line to my constants.php to turn this feature on--I found out how to do this here. It seems like a basic setting that ought to have a check box on the same page as the other Redis settings. Does anyone disagree?

\ define( 'OUTPUT_CACHE_METHOD', 'Redis' ); 

On 9/24/2020 at 7:33 AM, bfarber said:

Because it's not an option from the AdminCP, but is an option at the software level. You can review init.php and see all the available constants there with comments explaining what they do.

It's always fun to read through 1,400 lines of code to find hidden settings. Ever thought of making simple check boxes for these options, with the explanations, in the Admin CP? I guess I'm just old fashioned...

Mine runs faster without that line...but the real question is why the line isn't being inserted when I check the box to "Use Redis to reduce MySQL overhead"?

What setting triggers this line? It isn't in my constants.php file, and I do have the option on for "Use Redis to reduce MySQL overhead"

define( 'OUTPUT_CACHE_METHOD', 'Redis' ); // Store guest pages in Redis

I solved this by having a plugin developed which allows the built in Question and Answer challenge work with, or separately from Google's Captcha. So you can make certain groups have to answer custom questions before posting. Using these questions does not slow down things at all, and also prevents Google from loading tons of junk and spying on your visitors (yes, this form loading pulls in many dubious scripts, which is why it slows things down).

Anyone interested the plugin is called (DP44) Combine Antispam System by @DawPi

Unfortunately this is not an option for me, because of the huge speed issues reCaptcha causes. Notice below and it causes a 20% slowdown on any page that uses reCaptcha.

Here is a speed test on an article page from my site with Captcha OFF:

And here is the same page with Captcha ON:

For months now I've seen a growing number of contact us messages like the one below. Notice the unique codes used. I suspect that what is going on is that hackers are probing to see if they can manipulate the forum to send spam, thus the unique identifiers they are including in the content.

I recently patched my forum with the latest update that included an update intended to stop spam from being sent via the share article feature. I guess I am wondering if they could be using the contact us form to be sending spam? I'd like to hear from others who have been seeing similar contact us messages.

In the last few months I've noticed a sharp uptick in my spam reports from Comcast and other large email providers. When I view the spam reports, 90%+ of them contain this auto-response:

Quote

Thanks for your submission! Before your content can be seen by other members, we need to create an account for you.

Finish Submitting: Link removed.

-----

If you do not take any action, we will delete your email address and not contact you again. There is no need to unsubscribe.

The number of these reports has been steadily increasing over time, so the risk is that my site/domain/server will be blocked from sending email to many large providers like Comcast.

What is clearly happening here is that bots are trying to post, and are inserting either random email addresses from a spam list, or simply generating fake email addresses. 

They are being reported as spam by those who receive them because they are spam...these emails were not generated by the users who are reporting them as spam, they are created by bots who are simply using their emails in an automated attempt to spam using my forum.

Due to this I've turned off the Post Before Registering feature in the admin CP, and recommend that everyone else do the same, unless they want to be blocked from sending email to large email providers.

Well, I would consider the ability to send spam from my site an exploit, but won't argue about it with you. Given the ability of those who want to exploit such forms, and how easy it apparently is for them to spoof IP addresses, I hope your fixes have shut this down as a way for them to spam.

When I ran the support function today I was notified that there was an optional patch to fix a Facebook login issue, as well as other issues, including a fix for an exploit where bots can spam using the email share feature.  This actually horrified me.

Why would this patch not be pushed through as an immediate update security patch, instead of optional?

For weeks now I've been seeing strange unexplained bounces that didn't make sense. How much spam did this exploit allow?

I'm really shocked as how you handled the roll out of this fix. Email exploits are the oldest hacking activity there is...why would you have such an exploit in your software?

On 7/27/2020 at 3:38 PM, misfit76 said:

Love all the templates i have been using from you! I have a couple requests that might benefit others.

Would it be possible to add "About Author" part under the author name and avatar? Data can come from "About Me" in the profile? Caould include a setting to limit the number of characters, but this can utilize the currently empty space.

And may be, a link to other content from "specified databases" for the author?

thanks for considering!

steve k.

I had @DawPi design a plugin that does exactly this, and it also handles forum posts that have been archived. So if you have archived posts, rather than all links to those old posts being gone and no longer available from the poster's profile, there is an "Archives" tab that includes links to all archived posts.

Here is how that looks:

https://www.celiac.com/profile/2-scott-adams/

I am currently getting this error code when I try to login using Google. It was working for years, then google login stopped working at some point. I've gone through the setup instructions in detail, have tried generating a new token, but nothing seems to work. Any ideas?

Sorry, there is a problem

Error code: 1S160/2

To flush the Redis cache the command line Apache server command is:

redis-cli FLUSHALL

I have command line access to my server, I'm not sure if you do.

To restart on command line use one of these two:

systemctl restart redis
service redis restart

This was also very helpful:

https://redis.io/topics/admin

I think so, I am using a cPanel server with Centos 7.8. Unfortunately they still use Redis server v=3.2.12, which may explain why I'm not seeing data in the "Cache" part. It works, but it my not be working as well as it should. Upgrading my version of Redis is not advisable.

Some speed issues I've pointed out at more than 2 years ago, both on this forum and in support tickets, are still present. This is why I've gone off on my own path and have worked with people who have overcome most of them. I was a solid 80 on mobile before this new update. This new JS requirement will be harder to deal with, but I'm working with a programmer now to see what can be done. If I find anything out I'll post it here.

I just got this notification from Google:

Quote

Hello Google Maps Platform Customer, We are writing to let you know that the permanently_closed property is deprecated and will be replaced by the busines_status property in Places API and Places Library, Maps Javascript API on May 26, 2021. You are receiving this email because you have project(s): requesting this property in the fields parameter in Place Details and/or Find Place requests; and/or reading this property from the response returned to Place Details, Find Place, Nearby Search and Text Search requests. You have until May 26, 2021, to perform the changes in your code as described below. What do I need to know? Currently, the Places API and Places Library, Maps Javascript API in their PlaceResult object return permanently_closed=true in response to: Place Details, Find Place, Nearby Search and Text Search when a business place is temporary or permanently closed. We have deprecated this property because it does not allow us to distinguish between a place that is closed on a temporary basis and one that is closed permanently. The property has been replaced by the property business_status with values {OPERATIONAL, CLOSED_TEMPORARILY,CLOSED_PERMANENTLY}, which is returned in response to Place Details, Find Place, Nearby Search and Text Search requests. As a result, starting on May 26, 2021, the Places API and the Places Library, Maps Javascript API will stop accepting the permanently_closed property in the fields parameter in Place Details and Find Place, and stop returning it in the response to Place Details, Find Place, Nearby Search and Text Search requests. Instead, developers will receive the ‘Unsupported field name’ error when using this property in the fields parameter in Place Details and Find Place of the Places API and Places Library, Maps Javascript API, and the value `undefined` when reading this property from the PlaceResult object returned by Place Details, Find Place, Nearby Search and Text Search requests of the Places Library, Maps Javascript API. What do I need to do? Follow the Google Maps Platform Place Field Migration guide to make the necessary property substitution before May 26, 2021, to prevent user experience degradation. Your below projects may be affected and will require you to implement the code updates as described above before May 26, 2021: My forum URL was here... As always, you can contact our Google Maps Platform Support Team with any questions. Thank you for choosing Google Maps Platform.

Google just increased their requirements. Now serving JS on pages that it isn't needed is hurting speed scores badly. Test again and you will see this. I was scoring 80 on mobile, and 97 on desktop, until a few days ago when this new requirement came out. Now I score ~48. I'm trying to find out now if I can have a plugin made to serve only JS that is needed per page/module.

You may want to reach out to @Adlago who has helped me greatly to optimize my site. If I get a plugin made for this I'll let you know.

So I've had a new application created by @DawPi which does the following (I've always thought that the profile page is set up wrong, especially because I have about 5,000+ articles, many by doctors and other authors, and you can't find their About Me without fishing around for it--the about me tab is nearly impossible to find in the mobile format):

1) There is an option to add "noindex, follow" meta tags on profiles where all of the poster's content has been archived;

2) If there is About Me content, there is an option to display that content above the user's Activity Stream, and NOT show the About Me tab. It also removes the About Me tab IF there is no About Me content. You can see this here:

https://www.celiac.com/profile/2-scott-adams/?tab=activity

3) If the user has posts that have been archived, a new "Achives" tab will appear on their profile, and when you click it all of their archived posts can be found (currently they are detached from the user forever, and cannot be linked to the user).