A buddy has asked me about how to make a long display name appears shorter with dot. I google and found this:

http://www.java2s.com/Code/Php/String/Limitstringlengthanddisplay.htm

modify codes:


<?php
// Limit $summary to how many characters?
$limit = 10;
$summary = $name;

if (strlen($summary) > $limit)
$summary = substr($summary, 0, strrpos(substr($summary, 0, $limit), ' ')) . '...';
echo $summary;
?>

Hopefully that does the job.

To make the code looks smaller, do this:

$name= substr($name, 0, strrpos(substr($name, 0, 10), ' ')) . '...';

Hope that help.

Deleted users who do not log off can still gain access to Buddy Zone site just like any existing and online members. This can be a major problem.

I found out after I created some test account on my local server and I need to delete the account after some success test of the registration process. I have two screen open the same site. I deleted the account from one of the screen and close the page. On the other screen, I click on any of the link of the site and it works perfectly as if my test account has never been deleted. I can post, comment, upload pictures etc... Except when I go to view my profile, I get Invalid Profile id. I thought may be it's just my server that is not secured. I even went to http://buddyzone.vastal.com and test it. It's not hacking, ok. It's testing on the demo site. I got the same result. The script does not check against non-existing users.

I fixed mine to check against non-existing members. I cannot give out the code here, but I can tell you the logic. You can read do your programming.

There is one file is use loaded with every php files. That file is the conn*.php file. Open it with text editor program.

Around line 60, you should see a condition like this:

if ( session member id != Null )
{
sql query ="select hide online from member TABLE where member id = session member id"
res=mysql_query(sql query)
data set=mysql_fetch_array(res)
online yes = data set[ hide online ]
}
else
{
online yes = 0
}

What you can do is to add a test for non-existing member id:

if ( session member id != Null )
{
sql query ="select member id, hide online from member TABLE where member id = session member id"
res=mysql_query(sql query)
data set=mysql_fetch_array(res)

if ( data set[ member id] == Null )
{
session logg in = no
session member id =-1
}
else
{
online yes = data set[ hide online ]
}
}
else
{
online yes = 0
}

As clear as that. The added on condition simply check to see if the member id still exist in the database. If it does not exist, then tell the server that the user is no longer log in, and then get rid of the session member id. If the deleted user will no longer have access to the site. Of course if the deleted user open a new account, then access will be granted again.

I have more than a few web sites, and there is one that is not doing so well when it comes to search engine crawling. My other pages uses GPL/GNU softwares and everytime I do a google, yahoo, or msn, I see multiple results. I have never received any complain or any suggestion about how to make them easier for search engine to crawl. However everytime I do a search for asianme.com or the site that runs on buddyzone, I only get one result and maybe none from some search engines. I never figure out why. I signed up for google webmaster tools and start analyzing the poor search result site. Google keeps giving me error for duplicate titles, descriptions, etc.... Well, I didn't really pay much attention to it, until I looked at my other sites and other people's sites. Each page has a different title and description. I figure it must be the duplicate title and description that throws googlebot off.

So I started working on it by editing every single php files that I can get time to work on. I add different title, description, and keywords to each page. So all the pages are not the same for some search engines. I just started doing that so I am hoping that in a couple months, my search results will be far better off.

Here is what I have done:

1. I edit the top.php file using notepad++
2. On these lines:

<title>My Site Name</title>
<meta name="description" content="Web site description">
<meta name="keywords" content="Search keywords for the web site">

I changed them to:

<title>$page_title</title>
<meta name="description" content="".$page_description."">
<meta name="keywords" content="".$page_keywords."">

3. For each php file that I open and edit, I changed the lines:

include 'includes/top.php';
include 'includes/nav.php';
include 'includes/conn.php';
//include 'includes/right.php';

To:

include 'includes/conn.php';

//Any other php codes to load data goes here
//If you want to load a user name, forum topic, group name, song name, or picture name as the page title,
//you must place the codes before the $page_title line.

$page_title="The page title goes here";
$page_description="The description of the page goes here";
$page_keywords="Page search keywords go here";
include 'includes/top.php';
include 'includes/nav.php';

So I go through every php file and make the above changes. It's a pain in the azz to sit and go through all the files to make the very simple change, but if the changes will get better search results, go for it.

If you are like me who subscribes to more than a few friends' blogs, you will notice that when you click on Blog to go to your blog page, the first page or the default page is a listing of the blogs you subscribed to. The current display in the blog.php file will show you the latest blog from your a friend and all his blogs, then the next latest blogs and all the blogs follow by the same friend. This is no good, because whoever is the latest blogger gets all his blogs on top and the second blogger's blog comes after. Not a good way to spot all latest blogs. I don't like it and I fixed it.

The blog.php file has two "while" loops. The first one check the subscriptions for friend's id. The second embed "while" loop load all blogs belong to the friend and also display all his blogs too. So if this friend has 50 blogs and one of the blog is the latest, then the second latest blog of someone else will be on the 51th place down the list. No good.

So to fix that:

1. Write a sql query that will select your friend's id from the subscription table and the friend's blog from the blog table and order by blog id desc. What I did is to edit the blog.class.php file and place the sql query as a function in the class file.

2. Eliminate the outer "while" loop.

3. Edit the inner "while" loop to fetch the resource data from the sql query.

So.. what you will see from here on is that all the latest blog will show at the top of the page and the older blogs following them. The user name or the blogger's names will be scattered, but if you look at the date on the right, they will look right. And should you choose to read only or all the blogs from one friend, you can go to the friend's profile or page and click on "View Full Blog" to see all his/her blogs. Only public blogs. Private blogs won't show.

On February 10, 2008 as I was making some modifications to my copy of Buddyzone to add new features. While testing the site, I spotted a couple strange new users. Unusual users. There was no way to report them at all. The report user link was not even available. I decided to run a complete code scans on my entire site and discovered over 10 php files that were vulnerable for XSS and SQL Injections. In fact I have had a few of those attacks already. I was worry at first, because I had updated a customer's site with my modification. I thought it was my modification that makes the script vulnerable. I was wrong. It was the original code segments of the files that were vulnerable to xss and sql injection attack. I went ahead to do some more research and add some filters to keep away suspicious codes from entering the database. I did just that. I know there are more undiscovered vulnerabilities in the script, that I am sure because I see lots of coding like this:

"Insert into table .....$HTTP_POST_VARS["object"]";

or

<a href="url.../file.php?id=$HTTP_POST_VARS["id"]>Link Here</a>

As you can see, the first example allows "inserting" whatever is in the ["object"] into the database. And the second example allows inserting anything in the ["id"] into the url. If the file.php does not filter the input, then it's a big problem.

What should have been done? Well, my simple solution is to create a few more variables to pass the ["object"] and the ["id"] into and during the process filter for tags or other coding segments to remove suspicious hacking codes. Here is an example:

Assuming that OBJECT contains variable characters.

$this_object = addslashes(strip_tags($HTTP_POST_VARS["object"]));

First we strip off any HTML or Javascrip tags, then we add slashes to the contents. That should remove most bad codes.

Now, assuming that ID is always a number. We can do this:

if(is_numeric($HTTP_POST_VARS["id"])){
//if ID is a number, assign it to $this_id
$this_id = $HTTP_POST_VARS["id"];
}
else{
//if ID is not a number, stop.
die("No ID found!");
}

For the most part, the problem can be fixed by a little filter here and there. And if your site is unpopular, you will least likely be attacked by malicious hackers. But it's good to be prepared because your goal is to make your site popular with many visitors.

After a long two months of part-time programming I am able to create a Kudo add-on to buddy zone 2.0 as shown on http://www.asianme.com. The programming is easy but to implement it with the existing code is a bit hard to do. That is because I had to edit some of the files that will interact with the Kudo, and I managed to finished them including the admin control panel. The only option left right now is the Edit option to edit the Kudo earning activities or log.

Here are some of the features currently available:

Admin Control Panel Features:
----Add Kudo Activity Names. ie: Signing up, Post, Upload pictures, and so on...
----View Kudo Activity Names, to see a complete list of all activity names and number of kudos for each activity.
----View Kudo Log, to see a complete list of all users' activities that earned them kudos and the number of kudos.
----View Kudo Balance, to see a list of total kudos for each member account.

User Features:
----View Kudos earned and how earned
----Give Kudos to friends or other members (Coming soon)

Pages that Earns Kudos:
----Submitting News, blog, journal, photo, post forum, and all their comments.
***User can also give kudos to the writer by adding a comment.

Those are the basic features available now. Instruction on how to implement them will be available in the coming month(s).

I tested the login.php file in my Buddy Zone 2.0 by accident when I allow already logged in user to click on the Login link and discovered that it can kill the site.

The login.php file can crash your site if an already login user enter http://www.yourdomain.com/login.php on the URL. The login.php will go through infinite loop and literally brings your site down. To prevent this infinite loop for already login user, edit the login.php file and after:

session_start();

add these lines:

if($_SESSION["logged_in"]=="yes")
{
print "You are logged in";
}

to check if user has already logged in. If the user has already logged in, he/she will get the "You are logged in" message or can be redirected to another page assigned by the site owner.

I do not know if this infinite loop can happen on other sites, but at least it loops infinitely on my site until I fixed that.

My site hasn't have more than 10 comments on a user's profile that he/she would want to see all of them. And therefore I was not awared of this although I know that Buddy Zone uses actual number to set the limit of query instead of a variable that can be alter easily. It would be nice if each user can set the number of blogs or comments to show on his/her profile. That would be a future project.

As of now, I found the fix for showing more than the original 10 comments on a user profile. Here is the instruction. Please backup the file before performing this surgery.

Open the profile.class.php file, look for

function get_profile_comments($member_id)
{
$sql="select * from testimonials where member_id = $member_id and approved = '1' order by test_id desc limit 0,10";

Change the 10 to whatever number off comments you want to show. That should fix it temporary.

The original function to display the number of posts under each category for the Buddy Zone 2.0 forum only counts the start up posts or Topics. It does not count the reply posts. At all time, the number of Topics will equal the number of Posts. Most uses probably do not pay attention to these numbers. However users who post topics would expect some replies and with the replies, the number of Posts should not be the same as the number of Topics.

As requested by a member at http://www.cyberdatecentral.com/index.php/topic,329.msg1611.html#new. I have looked into it and made some changes.

Buddy Zone owners who wishes to make the changes can follow the follow steps. Always make a back up of your file(s) before attempting this fix, because I offer not warranty or liability of any kind.

Open the forum.class.php file, got about line 319, look for

function get_sub_num_forum_posts($main_cat_id)
{
$sql="select count(*) as a from forum_topics where sub_forum_id = $main_cat_id";

You only need to change the forum_topics to forum_posts to make the function counts the number of posts instead of topics. So your change would look like this:

function get_sub_num_forum_posts($main_cat_id)
{
$sql="select count(*) as a from forum_posts where sub_forum_id = $main_cat_id";

This fix, as stated before, should display the correct number of posts under each category or topics.

There is this little sneaky paypal referral link that is not mentioned anywhere in the Buddy Zone license agreement or instruction at all. I called it sneaky, because that's what it is. Most buyers will just use the script as it comes and for as long as it runs. They may not know that Vastal or the person whose paypal referral id is in the create_listing.php file is collecting referral money. I have had my site running for about three months and I have been modifying the layout for the site. Just about a few days ago, the modified layout looked pretty ugly on the classified page when I clicked on create listing. I notice that the paypal logo and moved my mouse cursor over it. I saw the link and it's not a straight forward link, but it's a paypal referral link. I openned the create_listing.php file and go to about line 265, I found these codes:

<!-- Begin PayPal Logo -->
<a href="https://www.paypal.com/row/mrb/pal=xxxxxxxxxxxxx"; target="_blank">
<img src="http://images.paypal.com/en_US/i/bnr/paypal_mrb_banner.gif"; border="0" alt="Sign up for PayPal and start accepting credit card payments instantly.">
</a>
<!-- End PayPal Logo -->
</div>

PayPal allows you to accept credit card payments in multiple currencies from buyers in 45 countries worldwide.
It is the most secure payment form online for both buyer and seller.
Sign up today to protect yourself: visit <a href='https://www.paypal.com/row/mrb/pal=xxxxxxxxxxxxx' target='_blank'>PayPal</a>

I xxxxxxx out the code for the person's protection, ok. So... I was a little upset at first that this is happening. At least the Vastal should tell it's customer to change the code after they had purchased the software, but Vastal just somehow doesn't mention it anywhere.

I have my own paypal account too. So I sign up for paypal referral and put my own paypal referral codes there to replace those. As the site owner, it's your right to collect any revenue generates from your hard working site.