Sai Gopal Wordpress Blog

saigopal wordpress blog

Saigopal's website

Saigopal's website

My Daughter Website

Weebly

Palwow

Freelance Jobs

Friday, May 28, 2010

Essential PHP Security - Practices

1.3. Practices
Like the principles described in the previous section, there are many practices that you can employ to develop more secure applications. This list of practices is also small and focused to highlight the ones that I consider to be most important.

Some of these practices are abstract, but each has practical applications, which are described to clarify the intended use and purpose of each.

1.3.1. Balance Risk and Usability
While user friendliness and security safeguards are not mutually exclusive, steps taken to increase security often decrease usability. While it's important to consider illegitimate uses of your applications as you write your code, it's also important to be mindful of your legitimate users. The appropriate balance can be difficult to achieve, and it's something that you have to determine for yourselfno one else can determine the best balance for your applications.

Try to employ the use of safeguards that are transparent to the user. If this isn't possible, try to use safeguards that are already familiar to the user (or likely to be). For example, providing a username and password to gain access to restricted information or services is an expected procedure.

When you suspect foul play, realize that you might be mistaken and act accordingly. For example, it is a common practice to prompt users to enter their password again whenever their identity is in question. This is a minor hassle to legitimate users but a substantial obstacle to an attacker. Technically, this is almost identical to prompting users to authenticate themselves again entirely, but the user experience is much friendlier.

There is very little to gain by logging users out entirely or chiding them about an alleged attack. These approaches degrade usability substantially when you make a mistake, and mistakes happen.

In this book, I focus on providing safeguards that are either transparent or expected, and I encourage careful and sensible reactions to suspected attacks.

1.3.2. Track Data
The most important thing you can do as a security-conscious developer is keep track of data at all timesnot only what it is and where it is, but also where it's from and where it's going. Sometimes this can be difficult, especially without a firm understanding of how the Web works, and this is why inexperienced web developers are prone to making mistakes that yield security vulnerabilities, even when they have experience developing applications in other environments.

Most people who use email are not easily fooled by spam with a subject of "Re: Hello"they recognize that the subject can be forged, and therefore the email isn't necessarily a reply to a previous email with a subject of "Hello." In short, people know not to place much trust in the subject. Far fewer people realize that the From header can also be forged. They mistakenly believe that this reliably indicates the email's origin.

The Web is very similar, and one of the things I want to teach you is how to distinguish between the data that you can trust and the data that you cannot. It's not always easy, but blind paranoia certainly isn't the answer.

PHP helps you identify the origin of most datasuperglobal arrays such as $_GET, $_POST, and $_COOKIE clearly identify input from the user. A strict naming convention can help you keep up with the origin of all data throughout your code, and this is a technique that I frequently demonstrate and highly recommend.

While understanding where data enters your application is paramount, it is also very important to understand where data exits your application. When you use echo, for example, you are sending data to the client. When you use mysql_query( ), you are sending data to a MySQL database (even when the purpose of the query is to retrieve data).

When I audit a PHP application for security vulnerabilities, I focus on the code that interacts with remote systems. This code is the most likely to contain security vulnerabilities, and it therefore demands the most careful attention to detail during development and during peer reviews.

1.3.3. Filter Input
Filtering is one of the cornerstones of web application security. It is the process by which you prove the validity of data. By ensuring that all data is properly filtered on input, you can eliminate the risk that tainted (unfiltered) data is mistakenly trusted or misused in your application. The vast majority of security vulnerabilities in popular PHP applications can be traced to a failure to filter input.

When I refer to filtering input, I am really describing three different steps:

Identifying input

Filtering input

Distinguishing between filtered and tainted data

The first step is to identify input because if you don't know what it is, you can't be sure to filter it. Input is any data that originates from a remote source. For example, anything sent by the client is input, although the client isn't the only remote source of dataother examples include database servers and RSS feeds.

Data that originates from the client is easy to identifyPHP provides this data in superglobal arrays, such as $_GET and $_POST. Other input can be more difficult to identifyfor example, $_SERVER contains many elements that can be manipulated by the client. It's not always easy to determine which elements in $_SERVER constitute input, so a best practice is to consider this entire array to be input.

What you consider to be input is a matter of opinion in some cases. For example, session data is stored on the server, and you might not consider the session data store to be a remote source. If you take this stance, you can consider the session data store to be an integral part of your application. It is wise to be mindful of the fact that this ties the security of your application to the security of the session data store. This same perspective can be applied to a database because the database can be considered a part of the application as well.

Generally speaking, it is more secure to consider data from session data stores and databases to be input, and this is the approach that I recommend for any critical PHP application.

Once you have identified input, you're ready to filter it. Filtering is a somewhat formal term that has many synonyms in common parlancesanitizing, validating, cleaning, and scrubbing. Although some people differentiate slightly between these terms, they all refer to the same processpreventing invalid data from entering your application.

Various approaches are used to filter data, and some are more secure than others. The best approach is to treat filtering as an inspection process. Don't correct invalid data in order to be accommodatingforce your users to play by your rules. History has shown that attempts to correct invalid data often create vulnerabilities. For example, consider the following method intended to prevent file traversal (ascending the directory tree):





Can you think of a value of $_POST['filename'] that causes $filename to be ../../etc/passwd? Consider the following:

.../.../etc/passwd



This particular error can be corrected by continuing to replace the string until it is no longer found:





Of course, the basename( ) function can replace this entire technique and is a safer way to achieve the desired goal. The important point is that any attempt to correct invalid data can potentially contain an error and allow invalid data to pass through. Inspection is a much safer alternative.

In addition to treating filtering as an inspection process, you want to use a whitelist approach whenever possible. This means that you want to assume the data that you're inspecting to be invalid unless you can prove that it is valid. In other words, you want to err on the side of caution. Using this approach, a mistake results in your considering valid data to be invalid. Although undesirable (as any mistake is), this is a much safer alternative than considering invalid data to be valid. By mitigating the damage caused by a mistake, you increase the security of your applications. Although this idea is theoretical in nature, history has proven it to be a very worthwhile approach.

If you can accurately and reliably identify and filter input, your job is almost done. The last step is to employ a naming convention or some other practice that can help you to accurately and reliably distinguish between filtered and tainted data. I recommend a simple naming convention because this can be used in both procedural and object-oriented paradigms. The convention that I use is to store all filtered data in an array called $clean. This allows you to take two important steps that help to prevent the injection of tainted data :

Always initialize $clean to be an empty array.

Add logic to detect and prevent any variables from a remote source named clean.

In truth, only the initialization is crucial, but it's good to adopt the habit of considering any variable named clean to be one thingyour array of filtered data. This step provides reasonable assurance that $clean contains only data that you knowingly store therein and leaves you with the responsibility of ensuring that you never store tainted data in $clean.

In order to solidify these concepts, consider a simple HTML form that allows a user to select among three colors:

Please select a color:





In the programming logic that processes this form, it is easy to make the mistake of assuming that only one of the three choices can be provided. As you will learn in Chapter 2, the client can submit any data as the value of $_POST['color']. To properly filter this data, you can use a switch statement:





This example first initializes $clean to an empty array in order to be certain that it cannot contain tainted data. Once it is proven that the value of $_POST['color'] is one of red, green, or blue, it is stored in $clean['color']. Therefore, you can use $clean['color'] elsewhere in your code with reasonable assurance that it is valid. Of course, you could add a default case to this switch statement to take a particular action in the case of invalid data. One possibility is to display the form again while noting the errorjust be careful not to output the tainted data in an attempt to be friendly.

While this particular approach is useful for filtering data against a known set of valid values, it does not help you filter data against a known set of valid characters. For example, you might want to assert that a username may contain only alphanumeric characters:





Although a regular expression can be used for this particular purpose, using a native PHP function is always preferable. These functions are less likely to contain errors than code that you write yourself is, and an error in your filtering logic is almost certain to result in a security vulnerability.

1.3.4. Escape Output
Another cornerstone of web application security is the practice of escaping outputescaping or encoding special characters so that their original meaning is preserved. For example, O'Reilly is represented as O\'Reilly when being sent to a MySQL database. The backslash before the apostrophe is there to preserve itthe apostrophe is part of the data and not meant to be interpreted by the database.

As with filtering input, when I refer to escaping output , I am really describing three different steps:

Identifying output

Escaping output

Distinguishing between escaped and unescaped data

It is important to escape only filtered data. Although escaping alone can prevent many common security vulnerabilities, it should never be regarded as a substitute for filtering input. Tainted data must be first filtered and then escaped.






To escape output, you must first identify output. In general, this is much easier than identifying input because it relies on an action that you take. For example, to identify output being sent to the client, you can search for strings such as the following in your code:

echo

print

printf

Welcome back, {$html['username']}.

";

?>



The htmlspecialchars( ) function is almost identical to htmlentities( ). It accepts the same arguments, and the only difference is that it is less exhaustive.






By using $html['username'] when sending the username to the client, you can be sure that special characters are not interpreted by the browser. If the username contains only alphanumeric characters, the escaping is not actually necessary, but it is a practice that adheres to Defense in Depth. Consistently escaping all output is a good habit that dramatically increases the security of your applications.

Another popular destination is a database. When possible, you should escape data used in an SQL query with an escaping function native to your database. For MySQL users, the best escaping function is mysql_real_escape_string( ). If there is no native escaping function for your database, addslashes( ) can be used as a last resort.

The following example demonstrates the proper escaping technique for a MySQL database:




Essential PHP Security - Principles

1.2. Principles
You can adopt many principles to develop more secure applications. I have chosen a small, focused list of the principles that I consider to be most important to a PHP developer.

These principles are intentionally abstract and theoretical in nature. Their purpose is to provide a broad perspective that can guide you as you focus on the details. Consider them your road map.

1.2.1. Defense in Depth
Defense in Depth is a well-known principle among security professionals. It describes the fact that there is value in redundant safeguards, and history supports this.

The principle of Defense in Depth extends beyond programming. A skydiver who has ever needed to use a reserve canopy can attest to the value in having a redundant safeguard. After all, the main canopy is never meant to fail. A redundant safeguard can potentially save the day when the primary safeguard fails.

In the context of programming, adhering to Defense in Depth requires that you always have a backup plan. If a particular safeguard fails, there should be another to offer some protection. For example, it is a good practice to prompt a user to reauthenticate before performing some important action, even if there are no known flaws in your authentication logic. If an unauthenticated user is somehow impersonating another user, prompting for the user's password can potentially prevent the unauthenticated (and therefore unauthorized) user from performing a critical action.

Although Defense in Depth is a sound principle, be aware that security safeguards become more expensive and less valuable as they are accrued.






1.2.2. Least Privilege
I used to drive a car that had a valet key. This key worked only in the ignition, so it could not be used to unlock the console, the trunk, or even the doorsit could be used only to start the car. I could give this key to someone parking my car (or simply leave it in the ignition), and I was assured that the key could be used for no other purpose.

It makes sense to give a key to a parking attendant that cannot be used to open the console or trunk. After all, you might want to lock your valuables in these locations. What didn't make sense to me immediately was why the valet key cannot open the doors. Of course, this is because my perspective was that of revoking privilegeI was considering why the parking attendant should be denied the privilege of opening the doors. This is not a good perspective to take when developing web applications. Instead, you should consider why a particular privilege is necessary, and provide all entities with the least amount of privilege required for them to fulfill their respective responsibilities.

One reason why the valet key cannot open the doors is that the key can be copied. Such a copy can be used to steal the car at a later date. This situation might seem unlikely (it is), but this illustrates why granting an unnecessary privilege can increase your risk, even if the increase is slight. Minimizing risk is a key component of secure application development.

It is not necessary that you be able to think of all of the ways that a particular privilege can be exploited. In fact, it is practically impossible for you to be able to predict the actions of every potential attacker. What is important is that you grant only least privilege. This minimizes risk and increases security.

1.2.3. Simple Is Beautiful
Complication breeds mistakes, and mistakes can create security vulnerabilities. This simple truth is why simplicity is such an important characteristic of a secure application. Unnecessary complexity is as bad as an unnecessary risk.

For example, consider the following code taken from a recent security vulnerability notice:





This approach can obscure the fact that $search is tainted, particularly for inexperienced developers. Contrast this with the following:





The approach is identical, but one line in particular now draws much attention:

search = $_GET['search'];



Without altering the logic in any way, it is now more obvious whether $search is tainted and under what condition.

1.2.4. Minimize Exposure
PHP applications require frequent communication between PHP and remote sources. The primary remote sources are HTTP clients (browsers) and databases. If you properly track data, you should be able to identify when data is exposed. The primary source of exposure is the Internet, and you want to be particularly mindful of data that is exposed over the Internet because it is a very public network.

Data exposure isn't always a security risk. However, the exposure of sensitive data should be minimized as much as possible. For example, if a user enters payment information, you should use SSL to protect the credit card information as it travels from the client to your server. If you display this credit card number on a verification page, you are actually sending it back to the client, so this page should also be protected with SSL.

In this particular scenario, displaying the credit card number to the user increases its exposure. SSL does mitigate the risk, but a better approach is to eliminate the exposure altogether by displaying only the last four digits (or any similar approach).

In order to minimize the exposure of sensitive data, you must identify what data is sensitive, keep track of it, and eliminate all unnecessary exposure. In this book, I demonstrate some techniques that can help you minimize the exposure of many common types of sensitive data.

Essential PHP Security - PHP Features

1.1. PHP Features
PHP has many unique features that make it very well-suited for web development. Common tasks that are cumbersome in other languages are a cinch in PHP, and this has both advantages and disadvantages. One feature in particular has attracted more attention than any other, and that feature is register_globals.

1.1.1. Register Globals
If you remember writing CGI applications in C in your early days of web application development, you know how tedious form processing can be. With PHP's register_globals directive enabled, the complexity of parsing raw form data is taken care of for you, and global variables are created from numerous remote sources. This makes writing PHP applications very easy and convenient, but it also poses a security risk.

In truth, register_globals is unfairly maligned. Alone, it does not create a security vulnerabilitya developer must make a mistake. However, two primary reasons you should develop and deploy applications with register_globals disabled are that it:

Can increase the magnitude of a security vulnerability

Hides the origin of data, conflicting with a developer's responsibility to keep track of data at all times

All examples in this book assume register_globals to be disabled. Instead, I use superglobal arrays such as $_GET and $_POST. Using these arrays is nearly as convenient as relying on register_globals, and the slight lack of convenience is well worth the increase in security.

If you must develop an application that might be deployed in an environment in which register_globals is enabled, it is very important that you initialize all variables and set error_reporting to E_ALL (or E_ALL | E_STRICT) to alert yourself to the use of uninitialized variables. Any use of an uninitialized variable is almost certainly a security vulnerability when register_globals is enabled.






1.1.2. Error Reporting
Every developer makes mistakes, and PHP's error reporting features can help you identify and locate these mistakes. However, the detailed information that PHP provides can be displayed to a malicious attacker, and this is undesirable. It is important to make sure that this information is never shown to the general public. This is as simple as setting display_errors to Off. Of course, you want to be notified of errors, so you should set log_errors to On and indicate the desired location of the log with error_log.

Because the level of error reporting can cause some errors to be hidden, you should turn up PHP's default error_reporting setting to at least E_ALL (E_ALL | E_STRICT is the highest setting, offering suggestions for forward compatibility, such as deprecation notices).

All error-reporting behavior can be modified at any level, so if you are on a shared host or are otherwise unable to make changes to files such as php.ini, httpd.conf, or .htaccess, you can implement these recommendations with code similar to the following:





http://php.net/manual/ini.php is a good resource for checking where php.ini directives can be modified.






PHP also allows you to handle your own errors with the set_error_handler( ) function:





This allows you to define your own function (my_error_handler( )) to handle errors; the following is an example implementation:





PHP 5 allows you to pass a second argument to set_error_handler( ) that restricts the errors to which your custom function applies. For example, you can create a function that handles only warnings:





PHP 5 also provides support for exceptions . See http://php.net/exceptions for more information.

Essential PHP Security - Chapter 1 Introduction

Chapter 1. Introduction
PHP has grown from a set of tools for personal home page development to the world's most popular web programming language, and it now powers many of the Web's most frequented destinations. Along with such a transition comes new concerns, such as performance, maintainability, scalability, reliability, and (most importantly) security .

Unlike language features such as conditional expressions and looping constructs, security is abstract. In fact, security is not a characteristic of a language as much as it is a characteristic of a developer. No language can prevent insecure code, although there are language features that can aid or hinder a security-conscious developer.

This book focuses on PHP and shows you how to write secure code by leveraging PHP's unique features. The concepts in this book, however, are applicable to any web development platform.

Web application security is a young and evolving discipline. This book teaches best practices that are theoretically sound, so that you can sleep at night instead of worrying about the new attacks and techniques that are constantly being developed by those with malicious intentions. However, it is wise to keep yourself informed of new advances in the field, and there are a few resources that can help:



http://phpsecurity.org/

This book's companion web site



http://phpsec.org/

The PHP Security Consortium



http://shiflett.org/

My personal web site and blog

This chapter provides the foundation for the rest of the book. It focuses on teaching you the principles and practices that are prerequisities for the lessons that follow.

Essential PHP Security - Style Conventions

Style Conventions
Items appearing in the book are sometimes given a special appearance to set them apart from the regular text. Here's how they look:



Italic

Used for citations to books and articles, commands, email addresses, URIs, filenames, emphasized text, and first references to terms.



Constant width

Used for literals, constant values, code listings, and XML markup.



Constant width italic

Used for replaceable parameter and variable names.




Constant width bold

Used to highlight the portion of a code listing being discussed.

This icon signifies a tip, suggestion, or general note.






This icon indicates a warning or caution.

Essential PHP Security - What's Inside

What's Inside
The book is organized into chapters that address specific topics related to PHP development. Each chapter is further divided into sections that cover the most common attacks related to a particular topic, and you are shown both how the attacks are initiated and how to protect your applications from them.



Chapter 1, Introduction

Gives an overview of security principles and best practices. This chapter provides the foundation for the rest of the book.



Chapter 2, Forms and URLs

Covers form processing and attacks such as cross-site scripting and cross-site request forgeries.



Chapter 3, Databases and SQL

Focuses on using databases and attacks such as SQL injection.



Chapter 4, Sessions and Cookies

Explains PHP's session support and shows you how to protect your applications from attacks such as session fixation and session hijacking.



Chapter 5, Includes

Covers the risks associated with the use of includes, such as backdoor URLs and code injection.



Chapter 6, Files and Commands

Discusses attacks such as filesystem traversal and command injection.



Chapter 7, Authentication and Authorization

Helps you create secure authentication and authorization mechanisms and protect your applications from things like brute force attacks and replay attacks.



Chapter 8, Shared Hosting

Explains the inherent risks associated with a shared hosting environment. You are shown how to avoid the exposure of your source code and session data, as well as how to protect your applications from attracks such as session injection.



Appendix A, Configuration Directives

Provides a short and focused list of configuration directives that deserve particular attention.



Appendix B, Functions

Offers a brief list of functions with which you should be concerned.



Appendix C, Cryptography

Focuses on symmetric cryptography and shows you how to safely store passwords and encrypt data in a database or session data store.

Essential PHP Security - Table of Contents

Essential PHP Security
By Chris Shiflett
...............................................
Publisher: O'Reilly
Pub Date: October 2005
ISBN: 0-596-00656-X
Pages: 124





Table of Contents | Index

Copyright
Foreword
Preface
What's Inside
Style Conventions
Comments and Questions
Safari Enabled
Acknowledgments
Chapter 1. Introduction
Section 1.1. PHP Features
Section 1.2. Principles
Section 1.3. Practices
Chapter 2. Forms and URLs
Section 2.1. Forms and Data
Section 2.2. Semantic URL Attacks
Section 2.3. File Upload Attacks
Section 2.4. Cross-Site Scripting
Section 2.5. Cross-Site Request Forgeries
Section 2.6. Spoofed Form Submissions
Section 2.7. Spoofed HTTP Requests
Chapter 3. Databases and SQL
Section 3.1. Exposed Access Credentials
Section 3.2. SQL Injection
Section 3.3. Exposed Data
Chapter 4. Sessions and Cookies
Section 4.1. Cookie Theft
Section 4.2. Exposed Session Data
Section 4.3. Session Fixation
Section 4.4. Session Hijacking
Chapter 5. Includes
Section 5.1. Exposed Source Code
Section 5.2. Backdoor URLs
Section 5.3. Filename Manipulation
Section 5.4. Code Injection
Chapter 6. Files and Commands
Section 6.1. Traversing the Filesystem
Section 6.2. Remote File Risks
Section 6.3. Command Injection
Chapter 7. Authentication and Authorization
Section 7.1. Brute Force Attacks
Section 7.2. Password Sniffing
Section 7.3. Replay Attacks
Section 7.4. Persistent Logins
Chapter 8. Shared Hosting
Section 8.1. Exposed Source Code
Section 8.2. Exposed Session Data
Section 8.3. Session Injection
Section 8.4. Filesystem Browsing
Section 8.5. Safe Mode
Appendix A. Configuration Directives
Section A.1. allow_url_fopen
Section A.2. disable_functions
Section A.3. display_errors
Section A.4. enable_dl
Section A.5. error_reporting
Section A.6. file_uploads
Section A.7. log_errors
Section A.8. magic_quotes_gpc
Section A.9. memory_limit
Section A.10. open_basedir
Section A.11. register_globals
Section A.12. safe_mode
Appendix B. Functions
Section B.1. eval( )
Section B.2. exec( )
Section B.3. file( )
Section B.4. file_get_contents( )
Section B.5. fopen( )
Section B.6. include
Section B.7. passthru( )
Section B.8. phpinfo( )
Section B.9. popen( )
Section B.10. preg_replace( )
Section B.11. proc_open( )
Section B.12. readfile( )
Section B.13. require
Section B.14. shell_exec( )
Section B.15. system( )
Appendix C. Cryptography
Section C.1. Storing Passwords
Section C.2. Using mcrypt
Section C.3. Storing Credit Card Numbers
Section C.4. Encrypting Session Data
About the Author
Colophon
Index

Essential PHP Security

Essential PHP Security
By Chris Shiflett
...............................................
Publisher: O'Reilly
Pub Date: October 2005
ISBN: 0-596-00656-X
Pages: 124





Table of Contents | Index

Being highly flexible in building dynamic, database-driven web applications makes the PHP programming language one of the most popular web development tools in use today. It also works beautifully with other open source tools, such as the MySQL database and the Apache web server. However, as more web sites are developed in PHP, they become targets for malicious attackers, and developers need to prepare for the attacks.



Security is an issue that demands attention, given the growing frequency of attacks on web sites. Essential PHP Security explains the most common types of attacks and how to write code that isn't susceptible to them. By examining specific attacks and the techniques used to protect against them, you will have a deeper understanding and appreciation of the safeguards you are about to learn in this book.



In the much-needed (and highly-requested) Essential PHP Security, each chapter covers an aspect of a web application (such as form processing, database programming, session management, and authentication). Chapters describe potential attacks with examples and then explain techniques to help you prevent those attacks.



Topics covered include:


Preventing cross-site scripting (XSS) vulnerabilities


Protecting against SQL injection attacks


Complicating session hijacking attempts



You are in good hands with author Chris Shiflett, an internationally-recognized expert in the field of PHP security. Shiflett is also the founder and President of Brain Bulb, a PHP consultancy that offers a variety of services to clients around the world.

Index of Building Online Communities with Drupal,PHP BB and wordpress

Index
■Symbols
$access_check variable, 209
& (ampersand) in path aliases, 84

(break tag), 476
tag, 475–477
tag, 476
>> (breadcrumb links), 159
? (question mark) in path aliases, 84
/ (slash) in path aliases, 84
■A
paraccess
accessing database abstraction layer,
335–338
Drupal rules for, 36–38
Image Assist module settings for, 111
rights for database servers, 6
site, 8–9
activating
group blocks, 132
IImage Browser plug-in, 410–411
RSS Link List plug-in, 424
WP-DB Backup plug-in, 490
Admin Configuration panel (phpBB 2.0), 235,
236–237
administering. See also administrators;
Database Administration module
Administer Nodes permission, 135
administrative password for WordPress,
389–390
blocks, 39–40
Drupal site settings, 21–30
Drupal user accounts, 30–32, 33–34
phpBB groups, 283–285
phpBB options for, 224–225, 241–244
polls, 85–86
user profiles, 277
Administration panel (phpBB 2.0), 241–244
about, 241–242
forum administration options, 242–243
general administration options, 243
group administration options, 243
styles administration options, 243–244
top-level options, 242
user administration options, 244
Administration panel (phpBB 3.0), 256–257
administrators. See also administering
admin user (Drupal), 11–12
approving comments in WordPress, 396
auditing, 296–297
Advanced Editing mode (WordPress)
Advanced options in, 405–406, 408–409
previewing posts in, 409
using Custom Fields, 409
Advanced Mode (phpBB)
announcement forum permissions in, 304
group permissions in, 307
setting permission in, 303–304
user permissions in, 305
Aggregator module, 61–64
adding feeds, 63
categorizing feeds, 64
function of, 61–62
identifying feeds for subscription, 62
setting permissions, 64
viewing options for feeds, 64
aggregators, 375
aliased domains, 191
aliases to Drupal paths, 84–85
ampersand (in path aliases), 84
animation in posts, 287
announcement forums, 247, 304
announcements
global, 287
permissions for, 270–271
removing, 315
Anonymous User role (Drupal), 34, 35
Apache web servers
Drupal files directory for, 12
phpBB system requirements for, 231
virtual hosting, 190
append_sid() function, 340
appointing moderators, 296
Archive module, 64
archiving posts, 314
articles
paging links for, 477–478
teasers for longer, 475–477
attaching
files to posts, 287
listing attachments posted in threads, 289
polls to topics, 271–272

audience
finding new blog readers, 505
selecting for posts, 133–134
theme’s communication to, 433–434
auditing in phpBB 3.0, 321
auth() function, 340–342
Authenticated User role (Drupal), 34, 35
authentication plug-ins (phpBB 3.0), 321
Authors & Users page (WordPress), 422
automated Drupal tasks, 185–189
automatic pruning, 249, 315–316
Avatar control panel (phpBB 2.0), 276
avatar pictures
enabling Drupal, 32, 52
showing on group home page, 133
uploading and changing phpBB, 276–277
■B
b2/cafelog blogging software, 377
backups, 200–203
backing up phpBB during upgrades, 301
before modifying phpBB, 327–328
Drupal database, 200, 201–202
file system, 200, 202–203
goals for, 200–201
moving, 203
need for, 185
needed before pruning, 323
phpBB database, 317–318, 324
storing in compressed form, 492
template.php file, 318
unattended WordPress, 493–494
WordPress table, 490–493
ban lists, 309–310
Ban panel (phpBB 2.0), 310
bandwidth
monitoring, 499–501
need for, 379
banning. See blocking
Barger, Jon, 370
Barrett, Cameron, 371
base URLs. See also URLs
base URL variable for settings.php, 192
setting up Drupal, 7–8
troubleshooting incorrect $base_url,
10–11
Basic Configuration panel (phpBB 2.0), 235,
236
Bayesian filters, 98, 136
BBCode
embedding animation in posts, 287
formatting posts with, 268–269
styling phpBB templates with, 361
Berners-Lee, Tim, 369–370
beta testing hacks, 345
Block Lottery, 42
Block module, 65
blocking
comments in WordPress, 396–397
phpBB users, 309
user access in Drupal, 33–34, 36–38, 89
blocks, 39–42
activating group, 132
adding, 41
book navigation, 69
creating Block Lottery, 42
customizing block regions for themes,
176–177
Drupal, 17, 39
enabling event, 122
managing with Block module, 65
phpBB template engine support for,
356–357
setting visibility of, 39–40
showing menu, 82
throttling traffic to, 91–92
TinyMCE formats, 103
using random colors for, 171
block.tpl.php file, 161–162
blog crawlers, 374
Blog module, 65–66
Blog Theme module, 181
BlogAPI module
configuring, 66
using, 65
XML-RPC publishing tools used with,
66–67
blogging
comments, 373
origin of, 369–371
software for, 371–372
blogrolls, 374
blogs. See also designing blog layout;
maintaining, blogs; posts, WordPress
accessing, 66
adjusting list of links, 447–448
assigning user permissions, 421–423
category descriptions on, 414–415
changing templates for, 444–445
checking links, 501–504
Classic and Default themes, 435
comment feeds, 419
comments and pings for posts, 406
communicating with themes, 433–434
configuring, 65
creating content pages on, 424–426
database backup and restore for, 489–496
designing to fit users, 461–463
Drupal for, 3
editing and deleting comments, 417–418
encouraging contributors, 505
finding new readers for, 428–431, 505
508 ■INDEX
image placement in wider layouts,
478–481
including new posts, 504–505
keeping interest in, 505
keywords for search engines, 430–431
moderating comments, 418–419
modifying theme images, 442–444
modular design for themes, 463–469
multiple author postings, 419–423
multiple pages for articles, 477–478
pages with RSS feeds, 423–428, 445–446
publishing posts, 404–405
registration and login links, 448–449
saving drafts and private posts, 405
security, 505
self-registering users for, 420–421
subscribing to comments, 470–474
teasers for longer articles, 475–477
themes for, 436–438
timestamping posts, 408–409
uploading images to posts, 409–410
using stylesheets in themes, 439
viewing comments on, 417–418, 450–453
WordPress themes for, 434–436
Bluemarine theme
adding block region to, 176–177
overriding, 159
overriding themable functions in, 158–159
passing extra variables to template, 170
Board Defaults panel (phpBB 3.0), 257–258
Board Index (phpBB 3.0), 286
Board Settings panel (phpBB 3.0), 258–259
Book module, 67–69
book pages
alternative views for, 69
navigation block for, 69
permissions for, 68
using, 67–68
viewing in outline, 68
bots, 308
box.tpl.php file, 162–163
breadcrumb links (>>), 159
break tag (
), 476
Bryght hosting service, 14
building search index, 89
bulletin boards. See also forums
avoiding downtime of, 328
configuring phpBB security, 246
customizing pages of, 360
FAQs feature, 285
integrating themes with headers/footers,
359–360
making cosmetic changes in phpBB,
245–246
member lists, 285
notifying members of modifications, 328
performance with search feature, 282
planning structure of forum, 247
prehacked, 334
private messaging, 278–280
running with phpBB, 219
setting preferred themes, 363–365
uploading and changing avatar images,
276–277
Who’s Online feature, 285
buttons for TinyMCE module, 102
■C
c2_get_recent_comments function, 455
c3ro mask theme, 441–442
cache settings for Drupal sites, 27
calendars
displaying in WordPress, 392
Drupal archives, 64
selecting Event module views for, 122
viewing Event module, 123–127
calling cron.php file, 187–189
Carlevato, Chris, 441
Cascading Style Sheets. See CSS
categories, 53–59
adding vocabulary and terms, 55–56
AND/OR operators in search strings for
tids, 58
categorizing feeds in Aggregator module,
64
creating for forum, 246–247
defined, 53
finding term IDs, 57–59
replaced by sub-forums in phpBB 3.0,
259–262
setting up forum, 74
subcategories in WordPress, 415–416
vocabularies and terms, 53–54
WordPress link, 481–482
WordPress post, 403–404, 413–416
Chameleon engine, 152, 153, 158
CivicSpace Labs, 13, 201
Classic theme (WordPress), 435
clean URLs, 23, 25
CMS (content management systems), 3
Codefilter module, 36
coding conventions for phpBB, 335–343
comment blacklist, 396–397
comment feeds in WordPress, 419
Comment module, 70
comment spam
avoiding, 395–397
cleaning out, 497–498
commenting sidebars in and out of themes,
467–468
■INDEX 509
comments
Drupal, 19
adding in Comment module, 70
filtering, 138
managing comment approval queue, 50
options for displaying and posting,
49–50
phpBB 2.0 templates, 357
WordPress
blog, 373
configuring, 394, 395–397, 406
editing and deleting, 417–418
introduction to blogs, 371
moderating, 418–419
providing comment feeds, 419
subscribing to, 470–474
viewing blog, 417–418, 450–453
comment.tpl.php file, 163–164
compression
enabling GZip, 247
software needed for WordPress, 380
storing backups in compressed form, 492
Concurrent Versions System (CVS)
repository, 97, 207, 213
config.php write permissions, 239
configuration files for subSilver template, 351
configuring Drupal, 21–60
administering user accounts, 33–34
blocking user access, 36–38
cache settings, 27
categories, 53–59
content, 42–48
date settings, 29–30
defining General Settings, 22–25
discard logs, 27
downloading methods, 27–28
e-mail settings, 31
error handling, 25–27
filtering content, 45–48
image handling settings, 28
managing comments, 49–50
password recovery, 33
paths for accessing areas discussed, 59
reporting errors, 26
roles and permissions, 34–36
RSS feed settings, 29
site settings, 21–30
string handling, 30
themes, 16, 50–52
uploading avatar pictures, 32
user accounts, 30–32
using modules, 17–18, 38–39
viewing, searching, and updating content,
48
connections for Drupal database, 9–10
Contact module, 70
contact us link, 70
containers, 73–74
content. See also posts
adding blog posts regularly, 504–505
blocks, 17, 39
book pages, 67–68
changing Drupal front page, 15–16
configuring Drupal, 42–45
configuring site to aggregate syndicated,
62
creating blog pages, 424–426
designating number of URLs allowed in,
139
detecting spam, 136–137
Drupal permissions to access, 36
filtering Drupal, 45–48
improving visibility for search engines,
428
menu links added to, 82
news stories added to Drupal site, 14–15
nodes, 18–19
notifying Ping-O-Matic of new, 85
omitted content types for groups, 134
publishing options for Drupal, 43–44, 48
RSS’ influence on, 61
spam filter settings for content types, 138
viewing, searching, and updating Drupal,
48
content management systems (CMS), 3
/contrib directory (phpBB 2.0), 238
contributed modules, 97–147. See also core
modules; modules; and specific
modules
about, 97–98
Blog Theme, 181
Database Administration, 98, 141–144
deactivating before updating, 209
Developer Tools, 98, 144–146
Event, 98, 120–128
files for, 97–147
Flexinode, 98, 114–120
Image, 107–109
Image Assist, 109–114
installing, 98–99
inventorying before updating Drupal,
208–209
listing of, 97
Location, 98, 128–131
Organic Groups, 98, 131–135
Poormanscron, 187–188
Sections, 182
Spam, 98, 135–141
Taxonomy_theme, 183
Theme Editor, 182
Themedev, 181–182
theme-related, 181–183
510 ■INDEX
TinyMCE, 99–107
updating, 211
contributors to blogs, 505
conversation layout for blogs, 469–474
conversion library for Image module,
107–108
converting tags to styles, 104
cookies, 267–268
copying database to test site, 205
core modules. See also contributed modules;
modules; and specific modules
Aggregator, 61–64
Archive, 64
Block, 65
Blog, 65–66
BlogAPI, 66–67
Book, 67–69
Comment, 70
Contact, 70
Drupal module, 71–72
Filter, 73
Forum, 73–74
Help, 75
Help Edit, 75
Img_assist, 94
Legacy, 75
Locale, 75–79
Menu, 79–83
Node, 83
Page and Story, 83
Path, 83–85
Pathauto, 85
Ping, 85
Poll, 85–86
Profile, 86–88
reliance on cron.php file, 186
Search, 88–89
Statistics, 89–90
System, 90
Tagadelic, 56
Taxonomy, 19–20, 91
Throttle, 91–92
Tracker, 92
Upload, 92–94
User, 94
Watchdog, 94–95
core themes, 153–154. See also themes
country location, 129, 130
cp command for GNU/Linux backups, 203
Create new forum button (phpBB 2.0),
249–250
Create new forum panel (phpBB 2.0), 249
Create new forum panel (phpBB 3.0), 261
cron.php file
calling, 187–189
core modules relying on, 186
scheduling tasks with, 185, 187
security and, 187
CSS (Cascading Style Sheets)
building themes on CSS files, 153, 178–179
cleaning up style rules in code, 456–458
custom style sheets for TinyMCE, 105–107
customizing themes with, 177–181
Drupal.css file, 179–181
settings for TinyMCE, 104–105
stylesheets in WordPress themes, 439
using with themes, 152
CSS Zen Garden, 440
Custom Visibility Settings (Drupal), 40
Customizable Comment Listings plug-in,
450–453
customizing
custom style sheets for TinyMCE, 105–107
Drupal logo, 51
Drupal menus, 81–82
phpBB, 225–226
profile fields, 86–87
subSilver template, 358–359
themes, 155–181. See also templates
about, 155
breadcrumb links, 159
creating custom favicon.ico file, 181
CSS for, 177–181
custom block regions, 176–177
themable functions, 155–159, 172–176
using site-specific themes, 193–194
using template files, 159–171
CVS (Concurrent Versions System)
repository, 97, 207, 213
■D
Dashboard for WordPress, 388–389
database abstraction layer
accessing, 335–338
methods for, 337
Database Administration module, 141–144
about, 98, 141
backup SQL database dumps with, 142
database integrity checks, 142–143
installing, 141
making backups with, 201
permissions for, 142
running queries and scripts, 144
using, 143–144
Database Configuration panel (phpBB 2.0),
235, 236
database servers
database setup in Drupal, 6–7
recommended Drupal, 5
unable to connect Drupal to, 9–10
database template caching, 319
database URLs, 7–8
■INDEX 511
databases
acquiring hacks for phpBB, 328–330
backing up, 200, 201–202, 317–318
copying to test site, 205
creating for WordPress, 381–382
defining SQL for different, 335–338
emptying cache, 146
help for damaged, 494
integrity checks, 142–143
maintaining phpBB forum, 316–318
making backup SQL dumps of, 142
optimizing and repairing tables, 316–317
queries and scripts with Database
Administration module, 144
recommended hack, 329
restoring, 317–318, 324
running updated Drupal script, 210–211
searching for untranslated strings in, 79
setting up
for phpBB, 233–234
prefixed tables, 195–196
sharing
among multiple sites, 194–199
prefixed tables, 196–197
tables across, 199–200
user-related tables, 198
SQL_LAYER values for, 336
support for phpBB, 223
tools for making backups, 201–202
date settings for Drupal, 29–30
dba module. See Database Administration
module
Dbs Administer Database permission, 142
ddebug_backtrace() function, 146
deactivating
contributed modules, 209
Organic Groups module, 133
Debian installation scripts for Drupal, 14
Default 403 page, 26
Default 404 page, 26, 180
default bulletin board themes, 364
Default theme (WordPress), 435
deleting
config.php write permissions, 239
custom menus, 83
Drupal.css file, 180–181
phpBB /install and /contrib directories,
238
topics, 311
user accounts, 34
WordPress categories, 416
WordPress comments, 417–418
designing blog layout, 461–487
considering what user does, 461–463
creating conversation layout, 469–474
developing learning layout, 474–487
ideas for other layouts, 487
modular design for themes, 463–469
desktop link checking tools, 502–504
desktop-based blogging software, 371
Devel module, 144–146
about, 98, 144
configuring, 145
emptying cache, 146
installing, 144–145
using developer functions, 146
viewing timer and query log information,
145–146
developers
useful functions in Devel module for, 146
using Drupal, 3
devel_variable() function, 146
directing requests for multiple sites, 190–191
directories. See also paths
creating, sites subdirectory, 191–193
creating. test_site subdirectory, 205
deleting phpBB /install and /contrib, 238
holding phpBB 3.0 backups in /store, 324
structure of
Location module, 129
TinyMCE module, 100
disabling private messaging, 278, 279
disallowing usernames, 309
discard logs, 27
Discussion Options page (WordPress),
392–395
disk space for WordPress, 497
display options for TinyMCE, 102
distances in Location module, 130
distributed authentication, 71
Distributed Server Boycott List, 137, 138
DocBook XML view, 69
domains
alias or parked, 191
banning, 309
blocking users from, 37–38
site subdirectories and base URLs for, 192
dothtaccess.txt file, 384
downloading
changed files for phpBB, 299–300
Drupal, 6, 207
phpBB, 233
private and public methods for, 27–28
themes for phpBB, 347–348
WordPress, 380
dprint_r($arr) function, 146
dprint($str) function, 146
Drupal, 3–215. See also maintaining, Drupal
sites; modules; themes
about, 3
accessing site, 8–9
administering user accounts, 33–34
512 ■INDEX
blocking user access, 33–34, 36–38, 89
blocks, 17, 39–42
building URLs, 24–25
cache settings, 27
categories, 53–59
CivicSpace installation script for, 13
clean URLs, 23, 25
comments, 19, 49–50
creating
admin user, 11–12
content, 14–16
user accounts, 32–33
database and base URLs, 7–8
database setup in, 6–7
date settings, 29–30
Default 403 and Default 404 pages, 26
disabling user login block, 17
downloading, 6, 207
e-mail settings, 31
error handling, 25–27
Fantastico and Debian installation scripts
for, 14
files directory, 12–13, 21–22
finding
directory for incoming URLs, 193
themes, 153–154
General Settings configuration for, 22–25
getting support for, 212–213
image handling settings, 28
incorrect $base_url, 10–11
installing, 4–5
mail servers, 5
modules, 17–18, 38–39
nodes, 18–19
obtaining, 6
online community of users, 3, 214–215
password recovery, 33
performing updates, 208–212
PHP requirements for, 4–5
recommended database servers, 5
reporting errors, 26
RSS feed settings for, 29
string handling, 30
system requirements, 4
testing updated version, 208
themes, 16, 50–52
tracking changes to, 206–207
turnkey managed hosting for, 14
unable to connect to database server, 9–10
updating, 206–212
user accounts, 20–38
user roles and permissions, 34–36
who should use, 3
WYSIWYG editors for, 99
Drupal.css file, 179–181
Drupal module, 71–72
DrupalDocs, 213
dynamic publishing of weblogs, 372–373
■E
Eaton, Brigitte, 371
Edit Permalink Structure page (WordPress),
429
editing
permalink structure, 429
posts, 272
WordPress comments, 417–418
WordPress configuration file, 383–384
editors
Drupal WYSIWYG, 99
suggested WordPress text, 380
using with phpBB, 332, 349
e-mail
banning phpBB users by mail address, 309
configuring
Drupal settings, 31
WordPress, 394–395
denying access to accounts, 37–38
errors sending to Windows’ administrator
account, 12
notifying reader of new blog comment,
473
embedding
Flash animation in posts, 287
PHP in phpBB template pages, 357, 365
emoticons, 269–270
emptying Drupal database cache, 146
enabling
contact us link, 70
Drupal clean URLs, 23
Drupal module, 72
event blocks, 122
group blocks, 132
GZip compression for phpBB, 247
page timer and query log with Devel
module, 145
RSS syndication, 22
search box, 89
themes, 51
translations, 76–77
visual confirmation, 308–309
encryption of Drupal password, 33
error handling
adding for WordPress plug-ins, 454–456
configuring Drupal, 25–27
phpBB installation, 238
reporting errors, 26
■INDEX 513
Event module, 120–128
about, 98
configuring, 121–122
creating flexinode types for events, 123
enabling event blocks, 122
exporting event information, 127
installing, 121
selecting calendar views for, 122
events
creating flexinode types for, 123
defined, 120
event URL variables, 125–127
exporting Drupal event information, 127
viewing calendar of, 123–127
excerpts of posts, 407
expanded/unexpanded menus, 81
exporting translations, 79
extracting compressed WordPress files, 383
■F
Fantastico installation scripts for Drupal, 14
FAQs feature, 285
favicon.ico file, 181
feed readers, 375
feedback forum, 247
feeds. See also RSS feeds
syndication, 375
viewing options for, 64
WordPress comment feeds, 419
fields
adding to flexinode content type, 117–119
viewing public or private profile, 87
file attachments to posts, 287
file system backups, 200, 202–203
files. See also cron.php file; subSilver
template; templates; and specific
files by name
backing up template.php, 318
breaking theme files into modules,
463–469
contributed module, 97–147
copying to test_site subdirectory, 205
derivative sizes of Image module
uploaded, 108
Drupal.css, 179–181
editing
phpBB with text editors, 332
WordPress configuration, 383–384
expanding downloaded phpBB, 300–301
extracting compressed WordPress, 383
favicon.ico, 181
index.php, 439
maintaining subSilver.css, 358
making phpBB configuration file writable,
234–235
opening hack, 330
phpBB patch, 302
PHPTemplate template, 161–170
provided by PHPTemplate engine, 159
setting WordPress permissions for,
385–386
size of phpBB changed, 299
subSilver theme, 349–355
transferring from WordPress to server,
384–385
update instructions for removing, 210
uploading, 92–94
using template, 159–160
files directory
setting up in Drupal, 12–13, 21–22
update instructions for removing files, 210
Filesystem Backup module, 202–203
Filter module, 73
filters, 45–48
about Drupal, 45
Bayesian, 98
detecting spam with, 136
HTML, 46–47
line break converter and PHP evaluator, 47
managing content with Filter module, 73
managing URL, 139–140
modules and, 46
ordering, 48
search filters, 48
finders, 434
finding
blog themes, 436–438
forum searches, 280–282
ID numbers for terms, 57–59
new blog readers, 505
phpBB 3.0 searches, 293
phpMyAdmin location, 296
searching Drupal content, 48
special phpBB searches, 282
themable function overrides, 157–158
flat-file template caching, 318–319
Flexinode module, 114–120
about, 98
adding fields to content type, 117–119
creating flexinode type, 115–117
installing, 114–115
viewing flexinode content in table view,
119–120
flexinodes. See also nodes
about, 114
adding fields to content type, 117–119
creating custom types, 115–117
creating for events, 123
illustrated, 116
viewing content in table view, 119–120
514 ■INDEX
folders
for phpBB 3.0 private messaging, 290, 291
setting WordPress permissions for,
385–386
footer message for front page, 22–23, 24
forcing default bulletin board themes,
364–365
formatting. See also CSS; templates; themes
hack, 331
posts with BBCode, 268–269
TinyMCE options, 102
Forum Administration panel (phpBB 2.0),
248, 249, 250, 304
Forum Index page (phpBB 2.0), 267, 286
Forum module, 73–74
Forum Permissions panel (phpBB 2.0), 250
forums. See also bulletin boards;
maintenance for phpBB forums
advanced phpBB permissions for, 303–304
announcement, 247, 304
configuring, 73–74
creating
phpBB 2.0, 248–250
phpBB 3.0, 259–262
Drupal, 212
Forum Index page, 267
managing database for, 316–318
marking posts as read, 267–268
moderating, 310–314
organizing, 220
permissions for, 250, 262–264
phpBB administration options for,
242–243
planning, 247
previewing, 251
private staff, 247, 251
pruning dead posts, 314–316, 323
running, 219, 220–221
searching, 280–282
setting up categories, 74
terms for, 219–220
test, 264
watching topics, 268
working with multiple topics, 312–313
Francey, 437
free tagging (Drupal), 20, 55
Friends and Foes feature (phpBB 3.0), 289
front page
changing Drupal, 15–16
configuring path to default, 23
slogans, mission, and footer on, 22–23, 24
FTP software, 380
functions
append_sid(), 340
auth(), 340–342
c2_get_recent_comments, 455
ddebug_backtrace(), 146
devel_variable(), 146
dprint_r($arr), 146
dprint($str), 146
get_userdata(), 340
is_single, 469
message_die, 342–343
overriding themable, 158–159
phpinfo(), 10
quicktag, 402
_rsLinksList, 445–446
themable, 155–158, 172–176, 183
Unspammer, 498
■G
Garret, Jesse James, 371
General Configuration panel (phpBB 2.0),
244–247
interface settings on, 245–246
security settings on, 246
validating user accounts, 308
General Options page (WordPress), 390–392
get_userdata() function, 340
global announcements, 287
global template variables, 355
GNU
backing up with cp command, 203
calling cron.php file in, 188–189
database dumps for, 201
graphics. See also images
changing template, 360
language-neutral template files, 352–353
language-sensitive template files, 354
providing translations for edited, 360
Green Marinée theme, 150
Group Administration panel (phpBB 2.0), 283
Group Information section (phpBB 2.0), 285
Group Permissions Control (phpBB 2.0), 306
groups
activating group blocks, 132
configuring group photo albums, 134
creating, 134–135
managing, 135
moderators of, 135
modifying and removing phpBB, 284–285
omitted content types for, 134
phpBB 2.0 features for, 282–285
phpBB administration options for, 243
phpBB permissions, 306–307
providing submission guidelines for, 133
selecting audience for posts, 133–134
setting permissions for phpBB 3.0, 262
setting up phpBB, 283–284
viewing phpBB, 284
■INDEX 515
■H
hack databases, 329
hack template, 343–345
hacks, 334–345
acquiring for phpBB databases, 328–330
avoiding excessive downtime with, 328
avoiding prehacked boards, 334
before coding, 334–335
formatting of, 331
installing, 330–333
opening files, 330
Quick Reply box, 332–333
recommended, 329–330
submitting finished, 345
template for, 343–345
testing, 335, 345
troubleshooting installation of, 333
headers/footers for phpBB templates,
359–360
Heiliemann, Michael, 378
Help Edit module, 75
Help module, 75
helper programs for WordPress, 380
hosting services
blogging software for, 372
gathering information from, 380
number of databases allowed by, 381
security for, 235
turnkey Drupal, 14
.htaccess file, 24, 384
HTML (Hypertext Markup Language)
code to be removed from index.php, 445
editing Image HTML template, 111
HTML filter, 46–47
using tags with Image Assist, 110
verifying input with TinyMCE module,
103
■I
iCal, 127
icons
customizing with favicon.ico file, 181
shortcut settings for, 51
IImage Browser plug-in (WordPress),
410–413
Image Assist module, 109–114
access settings for, 111
illustrated, 112
image output settings, 111
input formats for, 110–111
installing, 109
preview settings for, 112
setting permissions and input formats,
110
using, 112–114
Image module, 107–109
configuring, 107–109
conversion library for, 107–108
derivative sizes of uploaded files, 108
file paths for, 108
galleries, 108–109
installing, 107
uploading and viewing images, 109
using with image galleries for groups, 132
images. See also graphics; Image Assist
module; Image module
adjusting for wider blog layouts, 478–481
avatar pictures, 32, 52, 133, 276–277
changing template graphics, 360
Drupal settings for, 28
group photo albums, 134
modifying theme, 442–444
translations for edited, 360
uploading to posts, 409–410
using IImage Browser plug-in, 410–413
Img_assist module, 94
importing
CSS style sheets to TinyMCE, 105
database schema, 7
translations, 76–77
index.php file, 24
adjusting layout based on single-page test,
481
component of theme, 439
error protection with
c2_get_recent_comments function,
456
final version of recent comments code,
453
HTML code to be removed from, 445
HTML without class attributes in, 458
including new sidebar file in, 464
protecting against errors with rssLinkList
function, 455
registration and login links added to,
448–449
_rsLinksList added to, 445–446
setting up class variable in, 468
Insert Image link (WordPress), 411
/install directory (phpBB 2.0), 238
Installation screen (phpBB 2.0), 237
installing
contributed modules, 98–99
Database Administration module, 141
Drupal, 4–14
Event module, 121
Flexinode module, 114–115
hacks, 330–333
IImage Browser plug-in, 410–412
Image Assist module, 109
Image module, 107
516 ■INDEX
Location module, 128–129
Organic Groups module, 131–132
phpBB
themes, 362–363
updates, 298–299
version 2.0, 231–240
version 3.0, 252–255
RSS Link List plug-in, 424
Subscribe to Comments plug-in, 471
themes, 154–155
TinyMCE module, 100–101
WordPress, 386–387
WordPress themes, 439, 441–442
WP-DB Backup plug-in, 490
IP addresses
blocking, 38, 309
Distributed Server Boycott List, 137
tracking, 313–314
IP Information section (phpBB 2.0), 313
is_single function, 469
■J
Jaquith, Mark, 470
■K
King, Alex, 438
■L
language-neutral graphics, 352–353
language-sensitive graphics
providing translations for, 360
subSilver template files for, 354
Lean index.php file, 466
learners, 434
learning layout for blogs, 474–487
adjusting images for wider layouts,
478–481
illustrated, 479
multiple pages for articles, 477–478
sidebar adjustments, 481
using teasers and tag,
475–477
Legacy module, 75
limited main page sidebar, 486–487
limiting user account names, 37
link categories, 481–482
Link Manager, 481–482
Link Valet, 501–502
LinkChecker, 502, 503–504
links
adjusting WordPress, 447–448
blog registration and login, 448–449
breadcrumb, 159
checking blog, 501–504
contact us, 70
default paging, 477–478
listing in blog sidebar, 483–486
menu, 82
permalinks, 375, 429
to posts, 402–403
primary and secondary Drupal, 52
Linux
backing up with cp command, 203
calling cron.php file in, 188–189
database dumps for, 201
phpBB system requirements for, 231–232
rsync for remote copies of backups, 203
shipping with phpBB 2.0, 233
listing of contributed modules, 97
Little, Mike, 477
Locale module, 75–79
Location module, 128–131
about, 98
configuring, 129–131
installing, 128–129
node types enabling locations, 131
using, 128
location_API.txt file, 139
locations, node types enabling, 131
locking topics, 311
logging in
phpBB, 239–240
WordPress, 387–388
Login page (WordPress), 388
logs
Drupal discard, 27
size of Watchdog tables, 95
Loop, The, 439, 478
■M
macros for Image Assist module, 110
main-content.php file, 469, 478
maintaining
blogs, 489–506. See also WP-DB Backup
plug-in
adding new posts regularly, 504–505
backing up and restoring databases,
489–496
checking links, 501–504
encouraging contributors, 505
finding new readers for, 505
keeping site interesting, 505
monitoring storage space and
bandwidth, 496–501
security, 505
Drupal sites, 185–215
backing up sites, 200–203
calling cron.php file, 187–189
database backups, 201–202
getting Drupal support, 212–213
running multiple sites, 190–200
scheduling automated tasks, 185–189
■INDEX 517
sharing tables across databases,
199–200
test sites, 204–206
updating Drupal, 206–212
phpBB forums, 314–320
managing database, 316–318
phpBB 3.0, performance tuning, 322
pruning dead posts, 314–316
template caching, 318–319
Manage Categories page (WordPress), 413,
414
managing
ban lists, 309–310
groups, 135
private messages, 279, 290–291
WordPress categories, 413–416
about, 413
adding categories, 414–415
deleting categories, 416
Manage Categories page, 413, 414
subcategories, 415–416
using categories, 403–404
WordPress comments, 416–419
Marvin theme, 153
Mass Edit Mode link (WordPress), 417–418
Mass Spam Nuke function, 498
MD5 one-way algorithm, 298
memory for Drupal, 5
menu links, 82
menu maps for Drupal sites, 25
Menu module, 79–83
about, 79–80
modifying menus in, 80–81
menus
adding links to content in, 82
building custom Drupal, 17–18, 81–82
deleting custom, 83
expanded and unexpanded, 81
modifying with Menu module, 80–81
resetting to original state, 82–83
showing, 82
Merholz, Peter, 371
message_die function, 342–343
metadata services, 374
Microsoft Windows. See Windows
MIME type for Atom feeds, 62
Miscellaneous Options page (WordPress),
397–398
mission for front page, 22–23, 24
moblogging, 375
moderating
phpBB forums, 310–314
individual posts, 311–312
performing actions on multiple topics,
312–313
using IP manager, 313–314
WordPress comments, 418–419
Moderation Queue page (WordPress), 419
Moderator Control Panel (phpBB 2.0),
312–313
Moderator role (Drupal), 35–36
moderators
appointing and auditing phpBB, 296
comment moderation in WordPress, 396
Drupal group, 135
reporting offensive posts to, 287
modifying
phpBB, 327–346
accessing database abstraction layer,
335–338
acquiring hacks, 328–330
avoiding excessive downtime, 328
backing up before, 327–328
before coding hacks, 334–335
creating modifications, 334–345
getting user information, 340–342
giving user feedback, 342–343
installing hacks, 330–333
prehacked boards, 334
recommended hacks, 329–330
releasing modifications to community,
343–345
submitting finished hacks, 345
templates, 338–340
version 3.0, 346
working with phpBB sessions, 340
WordPress themes, 439–459
adding cleaner CSS code, 456–458
adding RSS feed, 445–446
adjusting list of links, 447–448
changing template, 444–445
cleaning up PHP code, 454–456
components of themes, 439–441
installing and copying theme, 441–442
modifying images, 442–444
recent comments plug-in, 450–453
registration and login links, 448–449
modules, 61–95. See also specific modules
about, 61, 95
Aggregator, 61–64
Archive, 64
avoiding node-level access, 131
Block, 65
Blog, 65–66
Blog Theme, 181
BlogAPI, 66–67
Book, 67–69
building custom menu, 17–18
Comment, 70
Contact, 70
content filtering for, 46
contributed, 97–98
Database Administration, 98, 141–144
Devel, 98, 144–146
518 ■INDEX
Drupal module, 71–72
Event, 98, 120–128
Filesystem Backup, 202–203
Filter, 73
Flexinode, 98, 114–120
Forum, 73–74
Help, 75
Help Edit, 75
Image, 107–109
Image Assist, 109–114
Img_assist, 94
Legacy, 75
listing of contributed, 97
Locale, 75–79
Location, 98, 128–131
Menu, 79–83
Node, 83
Node Privacy by Role, 131
Nodeperm Role, 131
Organic Groups, 98, 131–135
Page and Story, 83
Path, 83–85
Pathauto, 85
Ping, 85
Poll, 85–86
Poormanscron, 187–188
Profile, 86–88
relying on cron.php file, 186
Search, 88–89
Sections, 182
site-specific, 193–194
Spam, 98, 135–141
Statistics, 89–90
System, 90
Tagadelic, 56
Taxonomy, 19–20, 91
Taxonomy Access Control, 131
Taxonomy_theme, 183
Theme Editor, 182
Themedev, 181–182
Throttle, 91–92
TinyMCE, 99–107
Tracker, 92
Upload, 92–94
User, 94
using, 38–39
viewing available, 61
Watchdog, 94–95
monitoring
bandwidth, 499–501
blog storage space, 497
tag, 475–477
moving
backups, 203
code to new file, 463–469
topics, 311
Mueller, Joni, 438
Mullenweg, Matt, 377
multilingual web sites, 76
multiple author postings, 419–423
multiple Drupal web sites, 190–200
dctlparcreating sites subdirectory, 191–193
directing requests for, 190–191
running, 190
sharing database among, 194–199
site-specific modules and themes for,
193–194
MySQL
compatibility with phpBB, 232
configuring wp-config.php for, 383–384
Drupal support for, 5
■N
namespaces, 157–158
National Center for Supercomputing
Applications (NCSA), 370
navigation
building custom Drupal menus, 17–18
personal and sitewide contact forms, 70
phpBB Administration panel, 241–244
NCSA (National Center for Supercomputing
Applications), 370
Node module, 83
Node Privacy by Role module, 131
Nodeperm Role modules, 131
nodes. See also flexinodes
defined, 83
Drupal, 18–19
enabling locations with, 131
uploading files attached to, 93–94
node.tpl.php file, 165–167
tag, 476
■O
o’Caoimh, Donncha, 377
Occy theme, 150
online communities. See also blogs; forums
asking phpBB administrators for
modifications, 328
delegating power in, 295–296
Drupal, 3, 214–215
forming groups within, 131
getting help with phpBB templates, 362
registration for, 308
releasing phpBB modifications to, 343–345
online link checking services, 501–502
Open Office, 66
OPML view, 69
optimizing tables, 316–317
■INDEX 519
Organic Groups module, 131–135
about, 98, 131
activating group blocks, 132
avoiding node-level access modules with,
131
creating groups, 134–135
deactivating, 133
determining visibility of posts, 133
enabling access control for, 132
group photo albums, 134
installing, 131–132
managing groups, 135
omitted content types for groups, 134
providing submission guidelines, 133
setting audience for group posts, 133–134
organizing forums, 220
output buffers for phpBB pages, 338
overall_header.tpl, 358, 359
overriding themable functions, 157–159,
174–176
■P
Page Management page (WordPress), 427
Page module, 83
page timer, 145–146
Page-Specific Visibility Settings (Drupal), 40
page.tpl.php file, 167–170
paging links for WordPress articles, 477–478
parked domains, 191
passwords
changing WordPress administrative,
389–390
distributed authentication for, 71
guidelines for, 298
protecting WordPress posts with, 406–407
recovery in Drupal, 33
saving randomly generated WordPress,
386
Pastorale theme, 151
patches for phpBB 2.0, 233, 302
Path module, 83–85
creating custom paths for nodes, 82
creating path aliases, 84–85
significance of, 83–84
Pathauto module, 85
paths
aliases for, 84–85
custom paths for nodes, 82
Drupal, 25, 26
Drupal user registration page, 32–33
Image module, 108
location of TinyMCE, 102–103
redirecting with Legacy module, 75
performance
blog style rules and, 456–458
bulletin board searches, 282
enabling GZip compression for phpBB,
247
modifying search index for phpBB 3.0, 293
sharing tables between sites and, 198
size of Watchdog tables, 95
tuning phpBB 3.0, 322
permalinks, 375, 429–430
permissions
Administer Nodes, 135
assigning for WordPress posts, 421–423
book pages, 68
for bulletin board topics, 270–271
configuring TinyMCE, 101
Database Administration module, 142
Devel module, 145
Drupal, 35–36
feed, 64
forum, 250, 262–264, 303–304
Image Assist, 110
Image module, 107
managing in phpBB 3.0, 320
Organic Groups module, 132
per-user phpBB, 305–306
phpBB group, 306–307
removing config.php write, 239
Spam module, 138
Upload module, 93
Permissions panel (phpBB 3.0), 262
per-page template variables, 355
personal contact forms, 70
per-user permissions, 305–306
PHP
assigning output variables to template
variables, 338, 339
cleaning up theme and template code,
454–456
code in template files, 160–161
database abstraction layer methods, 337
directives for Drupal, 5
Drupal requirements for, 4–5
embedding in phpBB template pages, 357,
365
interpreter versions for phpBB 2.0, 232
Loop, The, 439, 478
troubleshooting restore script timeouts,
318
phpBB 2.0, 219–366. See also maintaining,
phpBB forums; modifying, phpBB;
securing phpBB
numadvantages of, 222–223
backing up
databases, 317–318
during upgrades, 301
ban lists, 309–310
coding conventions, 335–343
520 ■INDEX
configuring Administration panel,
241–244
customizability of, 225–226
database abstraction layer, 335–338
database setup for, 233–234
delegating power, 295–296
deleting /install and /contrib directories,
238
disallowing usernames, 309
downloading distribution packages, 233
editing
files with text editors, 332
posts, 272
emoticons, 269–270
evolution of, 221
expanding downloaded files, 300–301
FAQs, member lists, and Who’s Online
features, 285
features of, 223–226
formatting posts, 268–269
forums
creating, 248–250
Forum Index page, 267
moderating, 310–314
searching, 280–282
sub-forums, 265
General Configuration panel settings,
244–247
giving user feedback, 342–343
groups
features of, 282–285
modifying and removing, 284–285
permissions, 306–307
setting up, 283–284
illustrated, 222, 239, 240
installing, 231–240
troubleshooting, 238
interpreter versions for, 232
IP manager, 313–314
logging in, 239–240
making configuration file writable,
234–235
obtaining upgrades, 299
overview, 226–227
patch files, 302
permissions, 303–307
group, 306–307
per-user, 305–306
removing config.php write, 239
private messaging, 278–280
ranking users, 277–278
recommended editors for, 349
registrations, 307–310
running bulletin boards with, 219
scalability of, 226
scripts
running install, 235–238
running upgrade, 302
security features of, 225
sessions for, 340
special types of searches, 282
sticky topics, 270–271
supported SQL_LAYER values, 336
templates
getting help with, 362
template engine methods, 339
template variables, 354–356
testing, 361
working with, 349–357
themes
acquiring, 347–348
creating and modifying, 348–349
installing, 362–363
setting preferred, 363–365
subSilver content files, 350–351
updating, 298–299
uploading
avatar images, 276–277
to server, 234
user profiles, 273–278
phpBB 3.0, 252–265, 286–294, 320–324. See
also modifying, phpBB; securing
phpBB
Administration panel, 256–257
append_sid() function dropped in, 340
backing up
during upgrades, 301
and restoring databases, 324
basic configuration for, 254–255
Board Defaults panel, 257–258
Board Index, 286
Board Settings panel, 258–259
creating forums and sub-forums, 259–262,
286
delegating power, 295–296
editing files with text editors, 332
illustrated, 253, 254
installing, 252–255
modifying, 346
performance tuning, 322
permission management in, 320
posting in, 286–287, 292–293
preview of, 227–229
private messaging, 289–292
pruning, 322–324
reauthentication with, 256
running upgrade scripts, 302
searching with, 293
template improvements, 365–366
updating, 298–299
User Control Panel, 288, 289
■INDEX 521
phpinfo() function, 10
phpMyAdmin
auditing moderators and administrators
with, 296–297
database backups, 202
database management functions with, 316
finding location of, 296
restoring WordPress database backup
using, 494–496
phpPgAdmin database backups, 202
PHPTemplate engine
about, 152, 153, 183
files provided by, 159
template files in, 161–170
ping notification
defined, 374
Drupal’s Ping module, 85
WordPress, 393–394, 406
Pingbacks
allowing for individual posts, 406
configuring, 393–394
defined, 374
placeholders for Drupal welcome e-mail, 31
Planet Drupal, 213
Planque, François, 377
Plesk control panel, 381, 382
plug-ins. See specific plug-ins
Plugins Management page (WordPress),
410–411
PO (Portable Object) files, 76
podcasting, 375
Poll module, 85–86
polls
administering, 85–86
attaching to topics, 271–272
creating
Drupal, 85
phpBB 3.0, 287
illustrated, 85
Poormanscron module, 187–188
Portable Object (PO) files, 76
post information for themes, 52
Post slug field (WordPress Advanced page),
408
PostgreSQL database servers, 5
posts. See also TrackBack
Drupal
comment postings, 49–50
configuring site, 44–45
counting URLs in, 137
determining visibility of Organic
Groups, 133
displaying information, 52
inserting images into, 110
previewing, 43
setting audience for group, 133–134
setting number and length of trimmed,
43
TinyMCE input formats for, 101
phpBB
appending custom signatures, 273
attaching polls to topics, 271–272
editing, 272
embedding Flash animation, 287
files attached to, 287
formatting with BBCode, 268–269
interface in phpBB 3.0, 292–293
listing attachments posted in threads,
289
making topics normal, sticky, or
announcements, 270–271
marking as read, 267–268
moderating individual, 311–312
in phpBB 3.0, 286–287
pruning dead, 314–316, 322–324
reporting offensive, 287
retrieving information from, 337, 338
returning phpBB search results as, 281
searching for unanswered, 282
smilies in, 269–270
working with multiple topics, 312–313
WordPress
adding images to, 409–413
Advanced Editing mode, 405–406
Advanced options, 405–406, 408–409
categories for, 403–404, 413–416
comments and pings in, 406
excerpts of, 407
making first post, 398–399
marking with quicktags, 401–403
password-protecting, 406–407
previewing, 409
publishing, 404–405, 408
saving drafts and private, 405, 408
subscribing to comments, 470–474
testing single-post views, 469–470
timestamping, 408–409
using Custom Fields, 409
Preferences section (phpBB 2.0), 274, 289
prefixed tables
database sharing with, 194–195
illustrated, 195
setting up, 195–196
sharing, 196–197
spam tables, 198–199
user information shared from, 198
prefixes
common template variable, 356
using to select databases, 199
Preformatted option for TinyMCE module,
103
preview settings for Image Assist module, 112
522 ■INDEX
previewing
Drupal posts, 43
forums, 251
WordPress posts, 409
primary and secondary links for themes, 52
private downloading, 28
private messaging, 278–280
disabling, 278, 279
phpBB 3.0, 289–292
private message boxes, 279, 290, 291, 292,
293
reading and managing messages, 279
rules for phpBB 3.0, 290, 291
sending messages, 280
private posts, 405
private staff forum, 247, 251
Profile Information section (phpBB 2.0), 273,
274
Profile module, 86–88
Profile page (WordPress), 390
profiles. See user profiles
Prune users control panel (phpBB 3.0), 324
pruning
backups before, 323
dead posts, 249, 314–316, 322–323
inactive users, 323–324
public downloading, 27–28
publishing
Drupal content, 43–44, 48
posts, 404–405
weblogs statically and dynamically,
372–373
XML-RPC publishing tools used with
BlogAPI module, 66–67
Pushbutton theme, 16, 153
■Q
queries
facilitating Drupal, 144
running administrator, 297
query log
enabling, 145
viewing, 145–146
question mark (?) in path aliases, 84
Quick Reply box, 332–333
quicktags, 401–403
■R
random colors for blocks, 171
Rank Administration panel (phpBB 2.0),
277–278
Rdc theme, 151
reading
posts in phpBB 3.0, 286–287
private messages, 279
ightreauthentication with phpBB 3.0, 256
recovery plans, 185
Registration Information section (phpBB
2.0), 273
registrations, 307–310
enabling visual confirmation, 308–309
requiring in community, 308
validating new phpBB user accounts, 308
Related Posts plug-in, 484
releasing phpBB modifications to, 343–345
removing
announcements and sticky posts, 315
phpBB groups, 284
repairing tables, 316–317
reporting
Drupal errors, 26
offensive posts to moderator, 287
Request New Password link (Drupal), 33
resetting menus to original state, 82–83
restoring
phpBB databases, 317–318, 324
WordPress databases, 494–496
RSS feeds
adding blog pages with, 423–428
adding to blog theme, 445–446
Aggregator module and, 61–62, 63
categorizing, 64
configuring Drupal, 29
defined, 62
enabling RSS syndication, 22
identifying URLs for subscription, 62
listing search results as, 59
MIME type for Atom, 62
setting permissions for, 64
RSS Link List plug-in (WordPress), 423–428
about, 423–424
error handling for, 454–456
installing and activating, 424
using on page, 426–428
rssLinkList function, 455
■S
sample listings
adding _rsLinksList to index.php, 445–446
checking topic permissions with auth(),
341–342
class variable in main-content.php, 469
cleaning up duplicated CSS rules, 456–457
complete sidebar-c.php, 485
CSS rules
for links added to style.css, 447
for Login and Register links added to
style.css, 449
for recent comments, 450
default block.tpl.php, 162
default box.tpl.php, 163
default comment.tpl.php, 164
■INDEX 523
default node.tpl.php, 166
defining SQL for different databases,
335–338
generating list of posts in sidebar-c.php,
484
get_recent_comments function, 451
HTML without class attributes in
index.php, 458
layout adjustments and single-page test,
481
Lean index.php file, 466
message_die, 343
MySQL settings in wp-config.php,
383–384
new CSS names in sidebar-b.php, 465
new style rules for floating images, 480
node-og.tpl.php, 167
only list category 1 in sidebar-a.php, 486
paging link code in main-content.php, 478
passing alternative teaser prompt to
the_content(), 476
phpBB hack template, 344–345
query to create new caching table, 319
recent comments code in index.php, 450,
453
reduced element selector in style.css, 458
renaming styles in styles.css, 464–465
restricting link list output to index.php,
447
retrieving post’s information
with phpBB abstraction layer, 338
with standard PHP, 337
right sidebar code to go in sidebar-b.php,
464
saving first category from post in sidebarc.
php, 484
selecting databases with prefixes, 199
setting up class variable in index.php, 468
sharing Zipcodes Table, 197
special class rules in style.css, 468
template variables, 339
theme meta-information in style.css, 441
saving
first category from post in sidebar-c.php,
484
WordPress drafts and private posts, 405
scalability of phpBB, 226
scheduling
automated tasks, 185–189
unattended backups, 493–494
schema, importing database, 7
scripts
database dumps for GNU/Linux users,
201
Drupal installation, 13–14
facilitating with Database Administration
module, 144
forum, 221
running
phpBB install, 235–238
phpBB upgrade, 302
WordPress install, 386–387
troubleshooting timeouts in restore, 318
updating Drupal, 210–211
search engines
generating permalinks for, 429–430
improving post’s visibility for, 428–431
presenting multiple views for, 428–429
selecting keywords for, 430–431
Search module, 88–89
Search Query form (phpBB 2.0), 281
searching. See also finding
Drupal content, 48
forums, 280–282
phpBB 3.0, 293
special phpBB searches, 282
Sections module, 182
securing phpBB, 295–314
about, 295
auditing moderators and administrators,
296–297
best practices for delegating power,
295–296
considering modifications before
upgrades, 301
disallowing usernames, 309
group permissions, 306–307
guidelines for passwords, 198
installing updates, 298–299
managing phpBB 3.0 permissions, 320
moderating forums, 310–314
registrations, 307–310
strengthened security in phpBB 3.0,
320–321
tracking IP addresses, 313–314
upgrading with changed files only,
299–300
visual confirmation of user accounts,
308–309
security. See also securing phpBB
configuring phpBB, 246
cron.php file and, 187
file attachments to posts, 287
handling IP addresses, 314
hosting service, 235
maintaining blog, 505
phpBB features, 225
prehacked boards, 334
preventing public use of Theme Editor
module, 182
strengthened phpBB 3.0, 320–321
524 ■INDEX
self-hosted blogging software, 372
self-registering blog users, 420–421
Server Settings control panel (phpBB 3.0),
322
settings.php
base URL variable for, 192
how Drupal finds, 193
showing/hiding blocks, 39–40
sidebar-a.php file, 486
sidebar-b.php file
new CSS names in, 465
right sidebar code to go in, 464
sidebar-c.php file
complete, 485
generating list of posts in, 484
saving first category from post in, 484
sidebars
adjusting for learning layout, 481
commenting in and out, 467–468
including new file in index.php, 464
limited main page, 486–487
listing links in, 483–486
new CSS names in sidebar-b.php, 465
renaming styles in styles.css, 464–465
right sidebar code to go in sidebar-b.php,
464
Simple Mode
group permissions in, 306
user permissions in, 305
simple_footer.tpl, 358
simple_header.tpl, 358
sites subdirectory, 191–193
sitewide contact forms, 70
slash (/) in path aliases, 84
slogans for front page, 22–23, 24
SmartFTP client, 234
smilies, 269–270
software. See also Drupal; phpBB; WordPress
about WordPress, 375–376
b2/cafelog blogging, 377
blogging, 371–372
helper programs needed for WordPress,
380
spam. See also Spam module
avoiding comment, 395–397
blogging comments as, 373
cleaning out comment, 497–498
configuring actions for identified, 139
defined, 135
designating number of URLs allowed in
content, 139
filters for detecting, 136
marking comments as, 419
sharing spam tables, 198–199
third-party filters for, 141
Spam module, 135–141
about, 98
actions for identified spam, 139
advanced configuration for, 139
configuring, 137–139
designating URL limits, 139
Distributed Server Boycott List, 137, 138
filtering by content type, 138
filters for detecting, 136, 140–141
installing, 137
managing URL filters, 139–140
permissions for, 138
URL counting, 137
Spam Nuker plug-in, 497–498
splitting topics, 311–312
SQL
defining for different databases, 335–338
Drupal support for, 5
making database backup dumps, 142
MySQL settings in wp-config.php,
383–384
supported phpBB SQL_LAYER values, 336
SQL query box (phpMyAdmin), 297
SQL_LAYER values, 336
static publishing of weblogs, 372
Statistics module, 89–90
sticky posts
permissions for, 270–271
removing, 315
/store directory, 324
Story module, 83
string translation, 77–79
Style Administration control panel
(phpBB 2.0), 363
style systems, 349
style.css file
about, 439
cleaning up duplicated information in,
456–458
defining sidebar width with class rules,
468
new rules for floating images, 480
reduced element selector in, 458
renaming styles in, 464–465
searching for in Drupal, 153, 178
theme meta-information in, 441
styles. See also CSS
building themes on CSS, 153, 178–179
converting tags to, 104
defined, 349
phpBB, 347–366
acquiring themes, 347–348
administration options for, 243–244
creating and modifying themes,
348–349
installing phpBB themes, 362–363
■INDEX 525
phpBB 3.0 template improvements,
365–366
setting preferred themes, 363–365
working with templates, 349–357
subcategories for WordPress posts, 415–416
sub-forums
rid phpBB 2.0, 265
support in phpBB 3.0 for, 259–262, 286
Subscribe to Comments plug-in, 470–474
customizing, 474
e-mail notifications, 472, 473
features of, 473, 474
installing, 471
subSilver template, 349–355
changing graphics, 360
configuration files, 351
customizing, 358–359, 360
installing and renaming copy of, 357–358
language-neutral images, 352–353
language-sensitive image files, 354
maintaining subSilver.css file, 358
theme content files, 350–351
using headers and footers, 359–360
supermoderators, 282, 307
suPHP, 12
syndication feeds, 375
System module, 90
system requirements
Drupal, 4
phpBB, 231–232
WordPress, 379
■T
tables
backing up WordPress, 490–493
optimizing and repairing, 316–317
setting up prefixed, 195–196
sharing
across databases, 199–200
prefixed, 196–197
user-related, 198
spam, 198–199
Tagadelic module, 56
tags
break, 476
converting tags to styles, 104
free tagging in Drupal, 20, 55
marking posts with quicktags, 401–403
, 475–477
, 476
template, 440
taxonomies
categories and, 53, 57
indicating depth for tids, 58–59
syntax for queries, 59
Taxonomy Access Control module, 131
Taxonomy module
about, 19, 91
setting up free tagging for pages, 20, 55
using with image galleries for groups, 132
Taxonomy_theme module, 183
teasers for blog articles, 475–477
template caching, 318–319
template engines
about, 349
support for blocks, 356–357
template tags, 440
template variables
assigning PHP output variables to, 338,
339
phpBB, 354–356
using, 339
template.php file, 318
templates, 159–171
adding WordPress registration and login
links to, 448–449
changing WordPress, 444–445
defined, 349
for Drupal themes, 152, 153
embedding PHP code in phpBB, 357
getting help with phpBB, 362
hack, 343–345
is_single function, 469
keeping administrative templates
unmodified, 349
limitations on using, 367
passing extra variables to, 170–171
PHP code used in, 160–161
phpBB 3.0 improvements, 365–366
RSS Link List plug-in as, 423
skills needed for phpBB 2.0, 348
template caching, 318–319
template engine methods, 339
testing phpBB, 361
testing with Mozilla Firefox extension, 361
using, 159–160
variables in, 161
term IDs. See tid
terminology
blogging, 373–375
forum, 219–220
terms
adding, 56
Drupal vocabularies and, 53–54
finding ID numbers for, 57–59
indicating depth for tids, 58–59
listing search results as page or feed, 59
Test Connection button (phpBB 3.0), 254, 255
test sites
adding files to test_site subdirectory, 205
copying site database, 205
creating test_site subdirectory, 205
updating configuration settings, 205–206
526 ■INDEX
testing
Drupal
sites, 211
versions, 208
hacks, 335, 345
phpBB
forums in 3.0, 264
installs in 3.0, 252–254
modifications, 328
templates, 361
single-post views, 469–470
text. See translating text
text editors
editing phpBB with, 332
WordPress, 380
themable functions, 155–159, 172–176
about, 155–156, 183
identifying, 172–174
overriding, 157–159, 174–176
primary, 156–157
Theme Editor module, 182
Theme Editor (WordPress), 444
theme engines, 152
Themedev module, 181–182
themes, 149–184. See also templates;
themable functions
Drupal
about, 16, 50, 149, 183–184
breadcrumb links, 159
building on CSS files, 178–179
components of, 152
customizing block regions, 176–177
customizing with CSS, 177–181
displaying postings, 52
enabling, 51
finding, 153–154
identifying themable functions,
172–174
illustrated, 150–151
installing, 154–155
primary and secondary links, 52
selecting logo, 51
shortcut icon settings, 51
themable function overrides, 157–159
themable functions, 155–157, 183
theme-related contributed modules,
181–183
toggling display settings, 52
using site-specific, 193–194
phpBB
acquiring, 347–348
creating and modifying, 348–349
creating phpBB, 357–361
defined, 349
installing, 362–363
preferred, 363–365
preventing switching of bulletin board,
364–365
subSilver theme content files, 350–351
using headers and footers, 359–360
WordPress
adding RSS feed, 445–446
adjusting list of links, 447–448
changing template, 444–445
Classic and Default, 435
communicating with, 433–434
finding and installing, 436–439
installing and copying, 441–442
modifying images, 442–444
modular design for themes, 463–469
selecting installed, 434–436
theme components, 439–441
theme_ prefix, 155, 156
Throttle module, 91–92
tid (term IDs)
defined, 57
indicating depth for, 58–59
searching for with AND/OR operators, 58
time
configuring in Event module, 121–122
formats for Drupal, 29–30
setting time zones for web servers, 29
setting WordPress, 391–392
timestamping blog posts, 408–409
timestamping blog posts, 408–409
TinyMCE module, 99–107
about, 97, 99–100
cleanup and output options for, 103–104
configuring, 101–105
CSS settings, 104–105
custom style sheets for, 105–107
customizing look of, 102–103
display and formatting options, 102
installing, 100–101
setting up role-based profiles, 102
tools for backups, 201–202
topics
attaching polls to, 271–272
checking permissions with auth(),
341–342
performing actions on multiple, 312–313
permission options for, 270–271
returning phpBB search results as, 281,
282
splitting, 311–312
watching, 268
TrackBack
about, 374
adding to posts, 404
configuring, 393–394, 408
Tracker module, 92
■INDEX 527
translating text, 75–79
enabling and importing translations,
76–77
exporting translations, 79
providing for language-sensitive graphics,
360
translating strings, 77–79
troubleshooting
disabling Drupal user login block, 17
Drupal Default 403 and Default 404 pages,
26
errors sending e-mail to Windows’
administrator account, 12
getting Drupal support, 212–213
hack installation, 333
help for damaged databases, 494
identifying attacks on server, 38
incorrect Drupal $base_url, 10–11
PHP restore script timeouts, 318
phpBB installation, 238
unable to connect Drupal to database
server, 9–10
■U
unanswered posts, 282
uninstalling template caching, 319
Unix-based systems. See GNU; Linux
unpublishing spam automatically, 139
Unspammer function, 498
updating
contributed modules, 211
Drupal code, 206–212
Drupal content, 48
phpBB, 298–299
test site configurations, 205–206
upgrading phpBB, 233, 299–302
Upload module, 92–94
uploading
Drupal avatar pictures, 32
images to blog posts, 409–410
images with Image module, 109
phpBB to server, 234
themes, 363
WordPress to web server, 384–385
URIs. See URLs
URLs (Uniform Resource Locators)
Drupal
base URL variable for settings.php, 192
building in, 24–25
calling URL of cron.php file, 188
clean, 23, 25
counting in posts, 137
creating path aliases, 84
designating number of in content, 139
directory for incoming, 193
event URL variables, 125–127
filtering spammer, 138
finding for feeds, 62
managing filters for, 139–140
path in, 26
posting, 15
setting database and base, 7–8
troubleshooting incorrect $base_url,
10–11
WordPress, 429
entering in quicktag, 402, 403
Permalinks, 429–430
TrackBack, 404
user accounts. See also avatar pictures
administering, 33–34
allowing self-registering blog, 420–421
assigning blog permissions, 421–423
assigning special ranks to, 277–278
banning, 89, 309–310
blocking access in Drupal, 33–34, 36–38,
89
collecting information on, 86–88, 130
configuring
Drupal, 30–32
roles and permissions, 34–36
creating
for blog authors, 419–420
Drupal, 32–33
Drupal admin, 11–12
disallowing usernames, 309
enabling anonymous Drupal, 23
notifying of watched topics, 268
password recovery, 33
permissions for posting comments, 50
phpBB
administration options for, 244
features for, 223–224
getting information in, 340–342
permissions for 3.0, 262
preferences for 3.0, 289
validating new accounts, 308
private messaging for, 278–280
profile listing pages for, 88
pruning inactive, 323–324
respecting forum, 220–221
tracking statistics of, 90
types of web site visitors, 434
uploading avatar pictures, 32, 276–277
user levels for WordPress permissions, 423
User Control Panel (phpBB 3.0), 288, 289
user groups. See groups
User module, 94
user pictures. See avatar pictures
user profiles, 273–278
adding information to, 273–274
administering, 277
avatar options for, 276–277
528 ■INDEX
enhancements in phpBB 3.0, 288
setting user preferences, 274–276
TinyMCE role-based, 102
viewing public or private fields, 87
usernames
banning, 309
disallowing, 309
distributed authentication for, 71
users. See user accounts
■V
Valdrighi, Michel, 377
validation options for phpBB 3.0, 321
variables
block.tpl.php, 162
box.tpl.php, 162–163
comment.tpl.php, 163–164
node.tpl.php, 165–166
page.tpl.php, 167–168
passing extra to template, 170–171
phpBB template, 354–356
setting up class, 468
template, 161
using class, 468
versions. See also updating
compatibility of Drupal themes and
theme engines, 154
Drupal, 206, 207
PHP interpreter, 232
phpBB, 221, 227–229
required PHP for Drupal, 4
updating phpBB, 298–299
WordPress releases, 377–378
viewing
available modules, 61
blocks of content on Drupal sites, 40–41
book outlines, 68
book pages, 69
calendar of events, 123–127
comment approval queue, 50
Drupal comments, 49
Drupal content, 48
flexinode content in table view, 119–120
images with Image module, 109
list of users, 33
options for feeds, 64
phpBB groups, 284
profile listing pages, 88
public or private profile fields, 87
recent blog comments, 450–453
WordPress comments, 417–418
virtual hosting, 190
visual confirmation of user accounts,
308–309
vocabularies, 53–54, 55–56
■W
wanderers, 434
Watchdog module, 94–95
watching topics, 268
web servers
configuring time zones for, 29
creating Drupal files directory for Apache,
12
Drupal mail servers, 5
moving backups off, 203
preparing for phpBB installation, 233–235
requirements for WordPress hosts, 379
running directory server, 72
system requirements for Drupal, 4
transferring WordPress files to, 384–385
web sites. See also maintaining, Drupal sites
accessing Drupal, 8–9
aggregator, 61
backing up, 200–203
book navigation blocks, 69
configuring
Drupal settings for, 21–30
site-wide content, 42–43
distributed authentication for mulitple, 71
etiquette for updating feeds, 63
finding
blog themes, 436–438
phpBB themes on, 347–348
pnummultilingual, 76
origins of publishing software for, 370
page caching for Drupal, 27
path aliases, 84
publishing options for Drupal content,
43–44, 48
running multiple Drupal, 190–200
slogans, mission, and footer on, 22–23, 24
test sites for, 204–206
testing with Mozilla Firefox extension, 361
throttling traffic to, 91–92
types of visitors, 434
World Wide Web Consortium, 369
Webalizer, 499–501
weblogs. See also blogging
dynamic publishing of, 372–373
origin of, 369–371
software for, 371–372
static publishing of, 372
wget tool, 188–189
Who’s Online feature, 285
Windows
errors sending e-mail to administrator’s
account, 12
phpBB system requirements for, 232
running prefix.sh script on, 196
Windows Task Scheduler, 189
■INDEX 529
WordPress, 369–500
about, 375–376
adding multiple authors, 419–423
adding registration and login links to
template, 448–449
adjusting list of links, 447–448
Advanced options in Advanced Editing
mode, 405–406, 408–409
categories
about, 413
adding, 414–415
deleting, 416
Manage Categories page, 413, 414
subcategories, 415–416
using, 403–404
changing
administrative password, 389–390
templates, 444–445
comments
avoiding comment spam, 395–397
blog, 373
configuring, 394, 395–397, 406
editing and deleting, 417–418
introduction to blogs, 371
moderating, 418–419
providing comment feeds, 419
subscribing to, 470–474
viewing blog, 417–418, 450–453
control panels for, 381, 382
creating content pages, 424–426
Dashboard for, 388–389
databases
backing up, 489–494
creating, 381–382
restoring, 494–496
editing configuration file, 383–384
extracting files to transfer to, 383
features of, 376–377
file upload options for, 397–398
gathering information from hosting
service, 380
helper programs needed for, 380
history of, 377
improving search engine visibility,
428–431
Link Manager, 481–482
logging in, 387–388
Loop, The, 439, 478
making first post, 398–399
monitoring storage space and bandwidth,
496–501
obtaining, 380
permalinks, 375, 429–430
posts
Advanced Editing mode for, 405–406
comments and pings for, 406
excerpts of, 407
marking with quicktags, 401–403
password-protecting, 406–407
permissions for, 421–423
timestamping, 408–409
presenting multiple views for search
engines, 428–429
RSS Link List plug-in, 423–428, 454–456
running install script, 386–387
scheduling unattended backups, 493–494
self-registering blog users, 420–421
setting up
Discussion Options page, 392–395
file and folder permissions, 385–386
General Options page, 390–392
system requirements for, 379
themes
adding RSS feed, 445–446
adjusting list of links, 447–448
changing template, 444–445
Classic and Default, 435
communicating with, 433–434
components of, 439–441
finding and installing, 436–439
installing and copying, 441–442
modifying images, 442–444
modular design for, 463–469
selecting installed, 434–436
transferring files to web server, 384–385
updating for blog security, 505
versions of, 377–378
World Wide Web Consortium, 369
wp-config.php, 383–384
WP-Cron plug-in, 493–494
WP-DB Backup plug-in, 490–493
backing up WordPress tables, 490–492
illustrated, 491, 492
installing and activating, 490
Write Page page (WordPress), 425
Write Post page (WordPress), 398, 401
WYSIWYG editors for Drupal, 99
■X
Xdebug, 144
XFN (XHTML Friends Network), 482
530 ■INDEX

forums.apress.com
FOR PROFESSIONALS BY PROFESSIONALS™
JOIN THE APRESS FORUMS AND BE PART OF OUR COMMUNITY. You’ll find discussions that cover topics
of interest to IT professionals, programmers, and enthusiasts just like you. If you post a query to one of our
forums, you can expect that some of the best minds in the business—especially Apress authors, who all write
with The Expert’s Voice™—will chime in to help you. Why not aim to become one of our most valuable participants
(MVPs) and win cool stuff? Here’s a sampling of what you’ll find:
DATABASES
Data drives everything.
Share information, exchange ideas, and discuss any database
programming or administration issues.
INTERNET TECHNOLOGIES AND NETWORKING
Try living without plumbing (and eventually IPv6).
Talk about networking topics including protocols, design,
administration, wireless, wired, storage, backup, certifications,
trends, and new technologies.
JAVA
We’ve come a long way from the old Oak tree.
Hang out and discuss Java in whatever flavor you choose:
J2SE, J2EE, J2ME, Jakarta, and so on.
MAC OS X
All about the Zen of OS X.
OS X is both the present and the future for Mac apps. Make
suggestions, offer up ideas, or boast about your new hardware.
OPEN SOURCE
Source code is good; understanding (open) source is better.
Discuss open source technologies and related topics such as
PHP, MySQL, Linux, Perl, Apache, Python, and more.
PROGRAMMING/BUSINESS
Unfortunately, it is.
Talk about the Apress line of books that cover software
methodology, best practices, and how programmers interact with
the “suits.”
WEB DEVELOPMENT/DESIGN
Ugly doesn’t cut it anymore, and CGI is absurd.
Help is in sight for your site. Find design solutions for your
projects and get ideas for building an interactive Web site.
SECURITY
Lots of bad guys out there—the good guys need help.
Discuss computer and network security issues here. Just don’t let
anyone else know the answers!
TECHNOLOGY IN ACTION
Cool things. Fun things.
It’s after hours. It’s time to play. Whether you’re into LEGO®
MINDSTORMS™ or turning an old PC into a DVR, this is where
technology turns into fun.
WINDOWS
No defenestration here.
Ask questions about all aspects of Windows programming, get
help on Microsoft technologies covered in Apress books, or
provide feedback on any Apress Windows book.
HOW TO PARTICIPATE:
Go to the Apress Forums site at http://forums.apress.com/.
Click the New User link.