Advertisements

Posts Tagged Drupal

Drupal more tag

In Drupal, posts are automatically trimmed to create excerpts, and a “read more” or other like text is inserted in the end of your excerpt to give readers a link to the full page. But what if your entire article is shown in the excerpt and you want to get rid of the “read more” link?

There’s a really easy way to do this.

Drupal has a “break” tag, “” (without the quotes), that overrides the default excerpt generation, and allows you to specify where the excerpt breaks from the main article. By placing this tag anywhere within an article, you can cause the except to appear shorter or longer, or include the full article without the “read more” link. To do this, simply have this tag at the end of the article, and just make sure there’s no spaces or any other characters after it.

It’s really that easy.

Questions, comments, or feedback? Please do so in the comments section below. Thank you!

Advertisements

Leave a comment

Redirect non-www to www (and vice-versa) via htaccess

This is probably old news for a lot of folks, but it’s handy nonetheless and I often have to look up these .htaccess strings. Note that Apache mod_rewrite is required for any of this to work.

This (and it’s comments) are based on the Drupal default .htaccess file [License as of 9/30/11: GPL], because the Drupal .htaccess file explains it very well. Mind that lines starting with # are comments. Uncomment them to make them take effect.

Also, this should NOT be used with a WordPress install (it will result in a redirect loop). Instead, make the change in Dashboard > Settings > General.

RewriteEngine On
# If your site can be accessed both with and without the 'www.' prefix, you
# can use one of the following settings to redirect users to your preferred
# URL, either WITH or WITHOUT the 'www.' prefix. Choose ONLY one option:
#
# To redirect all users to access the site WITH the 'www.' prefix,
# (http://example.com/... will be redirected to http://www.example.com/...)
# uncomment the following:
# RewriteCond %{HTTP_HOST} !^www. [NC]
# RewriteRule ^ http://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
#
# To redirect all users to access the site WITHOUT the 'www.' prefix,
# (http://www.example.com/... will be redirected to http://example.com/...)
# uncomment the following:
# RewriteCond %{HTTP_HOST} ^www.(.+)$ [NC]
# RewriteRule ^ http://%1%{REQUEST_URI} [L,R=301]

Questions, comments, or feedback? Please leave a comment below. Thank you!

, , ,

Leave a comment

How to create an unfiltered input type in Drupal 7

The default input types in Drupal strip out unapproved HTML tags and optionally format links with tags. If you’re creating a block for some more advanced purpose, such as the insertion of JavaScript or other HTML that you don’t want stripped, you will likely want an input type with no filters.

Note that an unfiltered input type will not support PHP; you must enable the PHP module for this. Once you enable the PHP module, it will create an input type specifically for PHP. The PHP block will allow unfiltered HTML, but may present an unnecessary security risk.

To create an unfiltered input type in Drupal 7, do this:

Go to Configuration > Content Authoring > Text Formats

You should see the default text formats appear.

Click add new text format and give your new text format a name, such as “Unfiltered HTML.” Choose the roles that will be allowed access to this input type. Be aware that allowing untrusted users access to an unfiltered input type may have security implications. Don’t check anything under Enabled Filters. Click Save Configuration.

That’s it. Your input type is now ready for use.

Now, if you want to create a block with unfiltered content, such as the display of JavaScript code, simply choose “Unfiltered HTML” as the input type of the block.

,

Leave a comment

How to post an email address in Drupal’s ‘filtered HTML’ mode without creating a link

In Drupal’s ‘filtered HTML’ input mode, email addresses are automatically turned into links. However, there are times when you don’t want this behavior, such as when you’re posting a SIP address, Google calendar address, or any string that looks like an email address but isn’t.

While you can turn off this behavior globally by editing the input type, that may not be what you want if you’re only posting a few of these addresses.

Instead, take a trick from HTML and post a character code. The character code for the @ symbol is @

Drupal will format this address as a link:

example@example.com

This will display just the same as the above, but will not be formatted as a link:

example@example.com

This helped me, so I thought I’d share it. If you have any Drupal tricks, feel free to share them in the comments below! Thanks!

Leave a comment

Bad Behavior on Drupal 7

Bad Behavior is a set of PHP scripts that is designed to keep your blog or forum clean from spam by taking a much different approach than typical solutions. While I could go into a big explanation, you can read all about it here

That said, Drupal 7 is available for download, but the Drupal 6 Bad Behavior module has not yet been ported to Drupal 7. These instructions will help you get a very crude installation of Bad Behavior protecting your Drupal 7 site, albeit in the “no logging” mode, which is not the preferred method. If you’re familiar with Drupal 7 enough to attempt a port, I would ask that you please visit the Drupal 6 module and contact the developer. The Drupal community would greatly appreciate it.

These instructions are based on the Bad Behavior Porting Guide.

First, download Bad Behavior from http://bad-behavior.ioerror.us/download/

When you unzip it, you should have a folder called bad-bahavior.

Upload that folder somewhere to your web root, so that bad-behavior-generic.php is accessible as http://example.com/bad-behavior/bad-behavior-generic.php (These are sample instructions only, advanced users are encouraged to place the scripts wherever they like.)

edit bad-behavior-generic.php

Locate the following line:

'httpbl_key' => '',

Input your http:BL API key from Project Honey Pot. If your API key is ‘exampleAPIkey’, you’ll have this:

'httpbl_key' => 'exampleAPIkey',

edit drupal index.php

Right below the opening <?php tag, insert the following line, making sure it has the correct relative location of bad-behavior-generic.php:

require_once("bad-behavior/bad-behavior-generic.php");

That’s it!

Questions, comments, and feedback are always welcome and appreciated.

 

,

Leave a comment

Drupal and Yourls

Actually, this should work with any CMS supporting PHP code blocks: Drupal, Joomla, WordPress (with a  plug-in), phpBB, etc. Has been tested working with Drupal 6, Joomla 1.5.

You’ll want to replace YOUR-YOURLS-DOMAIN-HERE below with the actual YOURLS domain, and API-SIGNATURE-HERE with the API key found at your YOURLSDOMAIN/admin/tools.php.

<?php
if ( isset($_REQUEST['url']) ) {
$url = $_REQUEST['url'];
$keyword = isset( $_REQUEST['keyword'] ) ? $_REQUEST['keyword'] : '' ;
if ($keyword) { $keyword = '&amp;keyword='.$keyword; }
$return = file_get_contents('YOUR-YOURLS-DOMAIN-HERE/yourls-api.php?signature=API-SIGNATURE-HERE&amp;action=shorturl&amp;format=simple&amp;url='.urlencode($url).$keyword);
echo <<<RESULT
<h2>URL has been shortened</h2>
<p>Original URL: <code><a href="$url">$url</a></code></p>
<p>Short URL: <code><a href="$return">$return</a></code></p>
RESULT;
} else {
echo <<<HTML
<h2>Enter a new URL to shorten</h2>
<form method="post" action="">
<p><label>URL: <input type="text" name="url" value="http://" size="50" /></label></p>
<p><label>Optional custom keyword: <input type="text" name="keyword" size="5" /></label></p>
<p><input type="submit" value="Shorten" /></p>
</form>
HTML;
}
?>

The idea was based off this post, which I could never get to work for me. It always had a PHP error, and it depended on having Drupal and Yourls installed on the same site. The above code will work even if the installation is remote (on a different server). It only requires that you’re able to get an API key.

Feedback is welcome.

, , , , , ,

Leave a comment

Beware of poorly-written CMS plugins.

CMS systems like WordPress, Drupal, Joomla, etc are rife with plug-ins and modules you can add for extra functionality, but it’s really hard to tell the load that some of those add-ons place on your system and database. When you want to have a website that won’t collapse under load (or take the server down with it) it’s important to have well-written plug-ins. Many times we install things assuming without knowing the impact they can have. Especially in the case of shared hosting where everyone shares a server, it’s important to play nice — or face the possibility of having your hosting account suspended because you put too heavy of a load on the system.

I got to experience both sides of this first hand. Some time back I had my Drupal site hosted on my own machine. In searching for a decent chat room, I found the Drupal chat room module. It was easy to install and set up, and I had a few friends joining in to give me feedback on it. After 3 or 4 people joined, it started to get really laggy. I took a look at the server and saw that it was literally drilling a hole in the SQL server. The amount of queries and load that it was producing was just unbelievable. So I disabled it. Lesson learned.

Last night while I was making some changes here, I noticed a lot of issues with pages taking forever to load, lost connections to the MySQL server, etc. Since I’m on shared hosting, the first thing I thought of was “maybe the server is having an issue?”

So I checked server status: Nothing.

I let it go and kept making edits to my pages, but noticed the problem was getting worse instead of better. I checked server status again; nothing. I thought: There has to be a problem somewhere. So I looked through my cPanel and found an icon that I thought might give me a clue: CPU Throttling.

What you see below on the left side of the red line is what I saw (I took the screenshot 15 hours after I started working the issue so I would have a clear before-and-after).

BlueHost uses a unique CPU throttling approach, not primarily to control CPU/RAM usage, but to control scripts which pound on the SQL database and make time-consuming queries. If the database gets pounded too hard, it becomes a major issue for everyone on the server. So they throttle access to the database for load spikes, and that keeps everyone happy. They say that a throttle of 500 sec/hour is acceptable, and you shouldn’t see any slowdown from it. Obviously my problem was way beyond that.

I was obviously having an issue with some script, and it needed to be fixed immediately. Since they make log files available to you for “Slow SQL queries”, I took a read through them. I saw here and there 1.3, 1.5, 1.8 seconds… not terrible. Then I saw the issues. I had SQL queries that were running 3, 4, 5, 6, even up to 8 seconds each. You know what? It wasn’t even this site. It was the feeds module I had added to another site.

So I weighed the benefit I was seeing to the site (which was zero) and went ahead and started purging the data and disabled the modules. This took a few hours (because of the already throttled connection state), and when I was done I let it idle for an hour and made sure I was no worse off than before I had started. It was nearly 3am, so off to bed I went.

I woke up this morning and immediately checked the CPU throttling chart. Not only was I under the 500sec/hr target, I was less than half of it.

screenshot-1

The worse part of this is that I was almost never aware of the issue. It wasn’t until I stated making bulk edits that I noticed there was a problem.

This does happen to be a system that only BlueHost offers. My only request might be that I could have gotten alerted via email when the load spike shot up so I could have been aware of the issue rather than having to find it out myself. But in any case, I saw it, I took care of it, and all is well.

Have an experience with a script that negatively impacted your CMS or server platform? Please share it below…

, , , ,

Leave a comment

Captchas, Anti-spam services, and Bad Behavior

I run this WordPress blog as well as a Drupal-powered forum site and one of the biggest challenges that any webmaster can have is controlling spam — both in comments and user sign-ups.

I used to rely heavily on captchas, and I’ve gone through several captcha and non-captcha systems to try to find the “ideal” solution: One that cut the spam down to nearly nothing as well as not putting too much of a burden on the legitimate users (as to possibly deter them from participating on the site).

Here’s what I’ve tried, and what I’ve learned in the process:

reCAPTCHA (WordPress, Drupal): This service aims to stop bots and spammers by presenting two words.

Pros: As a side effort, the service also aims to help digitize books by using the legitimate users to correctly identify one of the mangled words provided. Also has a feature called “reCAPTCHA Mail Hide” to hide email addresses behind a captcha to keep them from being harvested by web bots.

Cons: reCAPTCHA has one distinct weakness: Only ONE word needs to be correctly entered to pass the captcha. Additionally, at least one implementation has a weakness making the captcha worthless.

Mollom (WordPress, Drupal, Joomla) : Mollom is a text analysis service with a captcha fallback.

Pros: Aims to be unobtrusive. Does not present the user a captcha unless textual analysis cannot be performed or appears to the service to be a spam submission. Captchas are “cleaner” looking than other services (less visual distortion). Audio captchas.

Cons: Limitations on the free service, and does not scale well. Free service only allows 1,000 legitimate posts per day, then it’s 30 EUR/mo/site. (Around $50 USD). No service uptime guarantee with the free service.

Akismet (WordPress, Drupal) : Akismet is a non-captcha anti-spam service that does textual analysis (similar to Mollom) except completely without the aid of captchas.

Pros: Comes installed on all WordPress.COM blogs by default and needs no configuration. Powered by, and maintained by Automattic, the same team behind WordPress and Gravatar. Suspicious submissions are placed in a moderation queue for the administrator to manually approve, with the option to automatically expire (delete) them after 30 days or so. Easy setup via an API key.

Cons: Akismet weighs input the same across all Akismet-protected sites. This means that someone who submits a comment on an Akismet-protected blog that gets flagged as spam would get the same treatment on an Akismet-protected forum (and every other Akismet-protected site for that matter) until enough comments get marked as false positive for the system to re-learn the user is not a spammer. I had a user that got hit by this false-positive treatment the first day I implemented Akismet on another site and it became a hassle. When I enabled Akismet on this WordPress site, his comments were still getting flagged as spam. That’s a serious issue for me. (Akismet FAQ)

Defensio (WordPress, Drupal, Facebook) : Similiar to Akismet, weighs each source seperately, and offers Facebook protection as well.

Pros: Defensio is a service similar to Akismet, but weighs content from each website (blog, forum, etc) separately to avoid mistakes. You register each web property you want protected and obtain an API key for each. Slow to learn at first, but avoids false-positive/negative and cross-property disasters like I mentioned above with Akismet. This service is a favorite of mine. Additionally offers profanity / file link protections, as well as customizable filters. (Link)

Cons: Slow to learn at first. Might require you to manually flag content until it learns. Currently free, though they mention possibly charging for the service in the future for commercial users.

Bad Behavior (WordPress, Drupal, Joomla) : Not a captcha or textual analysis service at all, takes a completely different approach

Pros: Filters access at the http level, by blocking proxies, historically abusive IP addresses, suspicious user-agents, and malformed requests. Cuts down on bandwidth, spammers, users who are accessing site content through known proxies, etc. Conserves server bandwidth and resources, as pages are not served up at all when a block is performed. No training required.

Cons: It’s possible that a number of users whose ISPs force proxies may be blocked, but I have not seen evidence that this is happening on my sites.

So there you have it. Personally, I use a combination of Bad Behavior and Defensio on my sites, and I’ve seen a big drop in the amount of spam.

Have experience with one or more of the above? Please share it!

, , , , ,

Leave a comment

Web Analytics Reviews

I wrote this piece after going through several analytics packages in search of the best fit for my sites and needs. Here’s what I came up with…

What I’m looking for in an analytics tool:

Ability to track:

  • Page views / Visits and visitor counts (the usual)
  • Referrers / Searched terms from search engines
  • IP addresses (for access spam control)
  • Logged in user names (What my users are looking at)
  • Near-realtime stats (as close to realtime as possible, not having to wait until the next day)
  • Integration with Drupal/WordPress as a maintained module (less important)

The tools:


Google Analytics

What it does

  • Tracks page views / visitor data / search terms

What it doesn’t do:

  • IP addresses
  • Logged-in user name
  • Near-realtime stats

Cost: FREE

Traffic limit: 1 million page views per day.

Other thoughts: Some think that stats collected are used by Google to adjust search results.


Woopra

What it does:

  • IP addresses
  • Logged-in user names++
  • Page views / visits and visitor counts
  • Chat with your users##
  • Real-time stats
  • Referrers / search terms
  • Integration with Drupal

What it doesn’t do:

  • Clicking on the ‘chat’ function would crash the app.
  • Clicking on the ‘analytics’ once crashed my app for several hours

Cost: Free to Expensive$$

Traffic Limit: Depends on pricing tier

Other thoughts: Requires desktop app install (Windows / Mac / Linux [Java-based]). At 3,000 monthly page views for the free package and 10,000 for the $5/mo package, this is the pricey end of analyics packages. Considering all the bugs I had with it, I would consider something else. Unlimited sites, pricing plan is per-site.


Clicky

What it does:

  • IP addresses
  • Page views / visits and visitor counts
  • Real-time stats**
  • Referrers / search terms
  • Integration with Drupal

What it doesn’t do:

  • Logged-in user names

Cost: Free to expensive$$

Traffic Limit: Depends on pricing tier

Other thoughts:

Stats are near-realtime as they are displayed on a webpage. A refresh takes care of loading the newest stats. Free plan is good for 3,000 page views a day. $5/mo plan is good for a lot more. Pricing plan is tied to your account. Limit to the number of websites you can track.


Piwik

What it does:

  • IP addresses
  • Page views / visits and visitor counts
  • Real-time stats (via the Live! plugin)
  • Referrers / search terms
  • Integration with Drupal

What it doesn’t do:

  • Logged-in user names

Cost: FREE

Traffic Limit: As much as your webserver/database server can stand.

Other thoughts: This is a self-hosted software, which means you have to install it on your webserver or hosting account. Free / Open source. Though the usability and feature-set is impressive, there are a number of serious bugs which can be show-stoppers for the non-technical or easily-frustrated user. Database grows over time and requires manual purging. Can put a serious load on DB servers on high-traffic sites. No limit to the number of sites you can track. Set  up login/password access for others to view stats.


Mint

What it does:

  • IP addresses
  • Page views / visits and visitor counts
  • Real-time stats**
  • Referrers / search terms
  • Integration with Drupal
  • Logged-in user names++

What it doesn’t do:

Come free.

Cost: $30/site

Traffic Limit: As much as your webserver/database server can stand.

Other Thoughts: At $30/site this can be expensive in multi-site operations, but this is a very well polished software package. Database growth is kept in check as detailed stats are only held for 6 weeks. Totals are kept forever. This happens to be my software package of choice.


** There’s a catch.

$$ Cost varies according to traffic / number of monitored websites

++ Requires Drupal module

## Though this is a feature, I never got it to work correctly.

, , , , ,

Leave a comment