meyerweb.com

Skip to: site navigation/presentation
Skip to: Thoughts From Eric

Gatekeeper 1.5 RC2

Thanks to the good offices of Server Logistics (providers of the Complete MySQL package) and Jonas Luster (who gave me the database import command I actually needed) I brought my local copy of WordPress back up to speed last night and was able to test the Gatekeeper update script.  Thus, WP-Gatekeeper RC2 makes its debut.

Here’s what changed:

  • Added “reset to default” links for the challenges and the markup template on the management page.  Remember that if you say “OK” to the pop-up dialog box, the data will be reset to install default and there’s no going back.
  • Fixed a bug where logged-in users still had to answer the Gatekeeper challenge.  Now there should be no challenge for logged-in users.  This assumes that your install allows people to register and log in, of course.  (Thanks, ColdForged!)
  • Tweaked the scanning routines to be more cross-platform friendly, the form scanning to be kinder to 1.5 themes that were ported from 1.2 installs, and fixed (I think) a slash-insertion bug that could affect the markup template.  (Thanks, Scott!)
  • Added theme-root support.  (Thanks, Terrence!)
  • Changed the gatekeeper_default_template option to be called gatekeeper_markup instead.

That last change was the original motivation to create the update script, since the plugin would break without updating the option name.  While I was at it, I decided to throw in routines to let users of the 1.0b1 version migrate their challenges over to version 1.5 and then delete the old tables.

So if you’ve run any previous version of WP-Gatekeeper, you’ll need to download and run the update script.  It’s called wp-gk-rc2-update.php.  To run it, uncompress the archive and drop the PHP file into your main WordPress directory, then load it up in a Web browser.  From there, the script should walk you through the update procedure.  If you’ve only ever used  GK 1.5 RC1, then it will be two steps and painless.  If you were running 1.0b1, then it’ll be three or so steps and still painless.  (Unless of course I have bugs, in which case there may be pain.)

Basically, you’ll need to run the updater either immediately before you install the RC2 plugin, or immediately after.  In the interval between the two, there will be trouble.  I’m sorry, but I don’t know of a way toclose that window.  My recommendation is to run the update script and then drop the plugin into your plugins directory as soon as the updater finishes.  However many seconds passes between the two will be the window of possible breakage.

So there you have it.  Assuming no problems are encountered, the plugin will reach 1.5 final within the next week.  Let me know if you hit any roadblocks or see ways in which the code can be improved.

Update: problems have been encountered.  The automatic-placement routines seem to have failed, so no challenge will appear unless you use the gatekeeper_pose_challenge() call in your comment form template.  This means nobody will be able to post unless they’re logged in (and maybe not even then).  I’ll post an update as soon as I figure out what’s failing and how to fix it.  Sorry for any inconvenience!

14 Responses»

    • #1
    • Comment
    • Thu 10 Mar 2005
    • 1211
    Geoffrey Sneddon wrote in to say...

    Wow… I was surprised with the steps for the upgrade from GK 1.5RC1, although I’ll let everyone else have the same surprise…

    • #2
    • Comment
    • Thu 10 Mar 2005
    • 1239
    Eric Meyer wrote in to say...

    It would have been more thoughtful to report any problems you encountered, Geoffrey.

    The update script has been, you guessed it, updated. Try again, please.

    • #3
    • Comment
    • Thu 10 Mar 2005
    • 1954
    Geoffrey Sneddon wrote in to say...

    I thought it was deliberate, obviously I was wrong, that’s more or a less why I didn’t say… Also, with the two headers, I thought that those were the two stages… Probably why I didn’t pick up any problem was I had to go immediately after updated the plugin, and forgot to check it was working later. Obviously I couldn’t have been much more wrong than that… Sorry Eric.

    Anyhow, I’ve checked it this time, and being so tired, I put in the wrong answer! Apart from that, the only bug I can find quickly is the Markup Template gets put back to the default.

    • #4
    • Comment
    • Thu 10 Mar 2005
    • 2340
    Jed wrote in to say...

    Eric.
    I can’t seem to download the latest RC2 zip file, when I right-click to save as I get the **.zip.html
    And left-clicking doesn’t do anything, apears the file is not available.

    Thanks.
    -Jed

    • #5
    • Comment
    • Fri 11 Mar 2005
    • 0944
    Eric Meyer wrote in to say...

    You got me, Jed; I just downloaded the file both through right-clicking and left-clicking, and was able to expand the .zip file with no trouble. When I checked the HTTP headers the file returns, it showed as application/zip, so there’s no reason the extension should be changing to .zip.html. I can only guess that it’s a problem with the specific browser you’re using, whatever that might be.

    • #6
    • Comment
    • Fri 11 Mar 2005
    • 2159
    Nick Romney wrote in to say...

    The file available for downloading has Version: 1.5rc1 as line 5, which therefore ends up as the displayed version in the plugin manager.

    Also, you might want to make explicit where to place the upgrade file. I placed mine in wp-content/plugins, and then in wp-admin (where the wordpress upgrade script is), and finally in the root wordpress directory. Perhaps you could detect which directory the file is in – I had limited success using php like
    if (file_exists('wp-config.php')) {

    I’m using the default Kubrick installation, and neither 1.5rc1 or 1.5rc2 added a captcha to my comment form.

    • #7
    • Comment
    • Fri 11 Mar 2005
    • 2257
    Eric Meyer wrote in to say...

    Doh! Forgot to update the actual plugin’s version number. Well, it’s still pre-release, so I now wave the Magic Wand of Betadom and declare it will be fixed later.

    I thought I was clear about where to run the upgrade file in the post: “To run it, uncompress the archive and drop the PHP file into your main WordPress directory, then load it up in a Web browser.” Good idea about the test, though. I’ll have to keep that in mind for the future.

    The lack of CAPTCHA is very odd, because I tested the plugin with my copy of Kubrick and it worked fine for me. Even if the plugin didn’t find the right place, it should still have picked up the textarea and dropped into place after it. Any chance there might be a conflict with other plugins you’re running?

    • #8
    • Comment
    • Sat 12 Mar 2005
    • 1201
    Nick Romney wrote in to say...

    Doh! Not reading the instructions – classic error! (And on a day when so many are taking the SATs).

    Even with all other plugins deactivated, I get no textarea search and replace. The only behaviour with gatekeeper turned on is that when I submit a comment, I get the error message from the gatekeeper_stand_guard() function.

    I’ve tried using the following themes: classic, default, quentin 0.9, and steam 1.5, and all had the same problem.

    Thanks, Nick.

    • #9
    • Comment
    • Sat 12 Mar 2005
    • 1529
    Eric Meyer wrote in to say...

    Yeah, upon further review, the plugin would seem to be somehow broken– something about my regular expressions is failing, but I don’t know what or why. I even tested them in BBEdit, and was able to find the piece of markup I wanted through its find feature. The same expressions fail in the PHP.

    Since I’m now at SXSW, hopefully I’ll find someone with the skills to help me out. Meanwhile, you can use the explicit gatekeeper_pose_challenge() call until I get this sorted out.

    • #10
    • Comment
    • Sun 13 Mar 2005
    • 1726
    Geoffrey Sneddon wrote in to say...

    Is it possible to add an option to add failed comments to the moderation queue, surely all you need is a call of wp_set_comment_status($comment_id, 'hold);?

    • #11
    • Comment
    • Tue 15 Mar 2005
    • 1533
    ColdForged wrote in to say...

    Eric, allow me to say a big thanks. Perhaps you’ve disabled trackbacks or it’s awaiting moderation, but I’ve described my ignorance of how effective the plugin has been for me here.

    To summarize, I honestly forgot I had installed WP-Gatekeeper and was concerned that something was broken on my site, though I was getting plenty of legitimate comment traffic. Then I remember the Gatekeeper. I modified your code slightly to keep track of the number of failed validations and report it on the plugin page as well as on the dashboard… in 15 minutes I received 12 thwarted spam comment attempts. Just awesome.

    Thanks again for this tool.

    • #12
    • Comment
    • Tue 15 Mar 2005
    • 2205
    John Clegg wrote in to say...

    Gatekeeper is a solution that will stop automated bots from spamming wordpress. (I have wordpress and find this problem a real pain in the ass. I have all but abandoned my wiki site because of wiki-spam)

    I have a problem with this solution. What’s to stop someone from paying people to enter spam comments manually and thus bypass your test?

    When I worked in india, I discovered that people were being paid to “enhance” hit / visit / Alexa ratings. I am not talking about one or two people. I am talking about organised “campaigns” to boost ratings. This usually involved a chain of cyber cafes across the company.

    I thought the old blacklist plugin was a lot better solution. (It seems to have stop working with WordPress 1.5) When it was working, I only got the odd piece of spam. Is it a better idea to have an automated blacklist with the ability for wordpress users to update the global list?

    Don’t get me wrong, Gatekeeper is a good idea. My problem is that the spammer will get smarter :-(

    • #13
    • Comment
    • Wed 16 Mar 2005
    • 0950
    ColdForged wrote in to say...

    What”s to stop someone from paying people to enter spam comments manually and thus bypass your test?

    Nothing. This is merely another tool in the overall scheme for me. If someone wants to pay a lot of someones to enter inane comments by hand into my blog Gatekeeper won’t help… that’s where other tools come into play. Between the Gatekeeper and the built-in moderation keys and blacklist stuff on WP 1.5, I feel like I have the tools I need. Currently.

    My problem with the automatic blacklists like Spam Karma is that it had false positives that were very difficult to figure out and correct. Coupled with its tendency to punish multiple posters — an ordinarily sound practice, but unfortunately harsh when people post something that gets cut for some reason, then post to ask why, then post again to ask why the previous one was disallowed… it can get ugly.

    • #14
    • Comment
    • Thu 7 Apr 2005
    • 0437
    Marc Jennings wrote in to say...

    Is this just me? If I want to edit a mis-typed question, I can go into the GateKeeper mangement page, and click “Edit”. I get the question and expected response back. If I edit it and then click on “update”, it edits the previous challenge. (eg, if I edit challenge 2, the update is made on challenge 1)

    I have had a bit of a poke around in the code, but don’t understand WP Plugins well enough to find the appropriate bit of code. I guess WP provides some database access stuff through API metheds, but I don’t know what they are. :(

Leave a Comment

Line and paragraph breaks automatic, e-mail address required but never displayed, HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>



Remember to encode character entities if you're posting markup examples! Management reserves the right to edit or remove any comment—especially those that are abusive, irrelevant to the topic at hand, or made by anonymous posters—although honestly, most edits are a matter of fixing mangled markup. Thus the note about encoding your entities. If you're satisfied with what you've written, then go ahead...


March 2005
SMTWTFS
February April
 12345
6789101112
13141516171819
20212223242526
2728293031  

Sidestep

Feeds

Extras