WordPress Google Forms V0.88-beta-2 Available

For the past week I have been working with WordPress.org to get my Google Forms plugin relisted.  They recommended a different approach to addressing the security concern than I had implemented.

It took a little longer than I expected to get their recommendation working but I have implemented the fixes recommended by the WordPress Security Team and am in the process of getting the plugin listed again.

I would like to enlist some additional testing besides my small suite of test cases with the updated code.

Google Forms Beta (54 downloads)

Google moves Form Downgrade Option

Google has moved the “Running Man” icon which I had been recommending to downgrade a new Google Form to the prior version required by the Google Forms plugin.  Initially it looked like Google had removed the option which I was worried about.  The option to downgrade a form is now in the lower right hand corner for the form editor under the question mark (?) icon.

2016-05-22_13-30-02

Google Changing Google Forms again?!?

Earlier today I was alerted to the possibility of Google changing Google Forms again.  Based on my reading, I think it is more than a possibility, it looks like a done deal to me.  This is a major change.

That doesn’t look very good.  Not only does it not look very good, it doesn’t work either.  I have no idea when Google will roll this out.  Almost certainly before I can update the plugin.  Based on my quick look at the HTML of the new form, it is very different than what Google has been generating for a number of years.

The biggest change is Google appears to be using their own custom DIV elements instead of real HTML INPUT elements for things like radio buttons and checkboxes.  I can’t think of why this could/would be a good thing but I am sure there is some rationale behind it. These news forms require Javascript from Google to work and it looks like the actual form submission process is also different.

So … it looks like a lot to figure out at a time when I  am really busy at work.  I am hoping this isn’t wide spread for a while as I don’t expect to have much free time until the Christmas holidays arrive and work will slow down a bit.

Dealing with login attacks

For the past month or so, my main site (this one) plus a couple others I have on the same hosting account have been under constant brute force login attack. A long time ago I had set up the Limit Login Attempts plugin and it seemed to be helping. But it doesn’t stop the attacks. It just makes the attackers change their IP addresses more frequently.

Like a lot of WordPress developers, I have a number of sites I’ve thrown together to show someone something or to test things out. I usually clean them up when I am done with them but every once in a while I forget about them. It looks like one of the really old ones I had forgotten about was compromised in early August. As a result I had some malware all over my hosting account. Bah. What a PITA to clean up.

I did a few things fairly quickly:

  1. I deleted all of the sites I no longer needed. I should have done this a long time ago as there was some really old stuff just sitting around in my hosting account.
  2. I installed a fresh copy of the latest WordPress release to overwrite any files which were infected.
  3. I installed Securi Scanner plugin which was pretty good and identifying a bunch of files which shouldn’t be present. Unfortunately it doesn’t handle the wp-content folder (where plugins, themes, and uploads all live by default).

These things cleaned up a lot. This left me to find what else was suspect. The suspect code had a pattern to it where the one or two variables, $qV[] and $sF[], was always present. I used a couple “find” commands to find all of the PHP files which contained these variables.  Some I found, some I edited, some I simply removed.


find . -type f -name '*.php' -exec grep -l '$sF' {} \;
vi `find . -type f -name '*.php' -exec grep -l '$sF' {} \;`
rm `find . -type f -name '*.php' -exec grep -l '$sF' {} \;`

Similarly, there was a suspect Javascript files.  In the end, it took me the several hours a day across 2-3 days to clean up the mess.  Yuch.  Since this happened I’ve installed Sucuri Security and it seems to have helped.  The one downside I ran into was using some of the “hardening” features seems to have created a .htaccess file in the wp-includes folder which prevented the Visual Editor from working.  That took a little while to track down.

 

Understanding Email Users Options

Periodically I get support questions (on the WordPress Support forum) or comments here on my web site asking why Email Users doesn’t send email to some or all users as the plugin user expects it to.

Sometimes a user is dealing with an odd server restriction (e.g. email limits per hour, too many email addresses in the BCC field and others) but more frequently the target recipients don’t have their Email Users permissions set correctly.  This most frequently happens on a site where Email Users is added to a site that  already has a large set of users.

Email Users employs two options settings at the user level.  No matter what the settings are, any user within WordPress can always sent an email IF they are the only recipient.  This is by design.

The two settings are:

  • Allow Mass Emails:  Mass emails means that the user will accept email (Dashboard > Emails Users > Send to Users or Dasboard > Email Users > Send to Groups) where the resulting recipient list has more than one (1) recipient.  For a user in the WordPress database to receive email this permission must be enabled.
  • Allow Notifications:  Email Users has the ability to generate a notification email from a Post or Page (custom post types as well).  When using post or page notifications, only those users who have Notifications enabled will receive it.

Email Users has a default setting for these values which the WordPress admin can control.  It is on the plugin settings page (Dashboard > Settings > Email Users).

Email-Users-User-Options-1

These settings apply to all new users and when the plugin is activated the first time, are applied to all existing users.  The third option allows users to change their own settings by visiting their profile page.  When this option is enabled and a user visits their profile page, the following options are available for the user to change.

Email-Users-User-Options-2

 

The easiest way for the site administrator to review and change users’ settings, particularly on a site which has a lot of users, is to visit the User Settings Page (Dashboard > Email Users > User Settings).  This page will present all of the users (the number of users per page is set on the plugin settings page – see the image above for User Settings Table Rows) and their current settings.  The ability to perform bulk actions on a group of users is offered on this page.

Email-Users-User-Options-3

 

So if your users aren’t receiving emails, check their settings before heading down the debug path, often the solution is as simply as turning on the Mass Email option for the various users.

Google Forms v0.73-beta-3 available

This morning I released beta-3 of Google Forms v0.73. This beta build addresses a request recently posted on the WordPress Support Forum to allow the notification email to be sent to multiple email addresses.

This request has been implemented – multiple notification email addresses may be entered, they should be separated by a semicolon character (;).

Unless there is a an issue reported in the next day or so, I plan to release v0.73 shortly.

Google Forms Beta (54 downloads)

I can’t stand people who recline their seats on airplanes

I haven’t had a good travel rant in a while.  However the recent debate over the Knee Defender and the incident on a flight from Newark to Denver which has been in the news, reminded of a situation I was personally involved in back in February.

For the most part travel is what it is.  A necessary evil.  Maybe I am jaded having flown so much over the years but there isn’t anything glamorous about it.  Full flights, competition for overhead bin space, delays, minimal service – I am not sure why anyone would think flying is glamorous.

There was an opinion piece in today’s Raleigh News and Observer from Froma Harrop that caught my eye.  As I read Ms. Harrop’s opinion piece I sat there and shook my head and concluded Ms. Harrop must not travel much.  If she does, she and I are 180 degrees out of phase.

In my opinion, Ms. Harrop couldn’t be more wrong.  After reading her article I wondered who she is (a syndicated columnist) and found her web site where she had another post about the Knee Defender.  This post contained a link to the story in the NY Times by Josh Barro.  Ms. Harrop had stated in her post that Mr. Barro defended the Knee Defender user but that isn’t how I read his article but that is besides the point.

Maybe Ms. Harrop would have a different opinion of seat recliners had her computer been damaged by an over zealous seat recliner like mine was on a US Air flight back in February.

I’ve read a bunch of articles and comments I am squarely on the side of the Knee Defender user and firmly believe that people who reline their seats to the max and/or without consideration are simply rude.  Particularly those who do it without concern to who or what might be behind them.

My job requires me to travel.  Over the 20+ years of doing what I do for a living, I have flown in excess of 3,000,000  (yes million) air miles.  Most of it is on American Airlines (by far my favorite airline) but for the past 5-6 years I’ve mostly flown on United  (starting with Continental until the merger).  USAir had been part of the Star Alliance (their participation ended at the ended of March due to the AA merger) so I also had quite a few flights on USAir.  USAir via Charlotte is by far the best (and cheapest) way for me to get to Phoenix from Raleigh which I’ve been doing 8-10 times a year for the past few years.

I get a lot of work done on the plane.  I find it very productive time and actually look forward to being disconnected from my phone and the Internet for an extended period to work on something without interruption.  For me time on the plane isn’t down time and it isn’t fun time.  It is work time just like if I were in the office.

About the only time I recline my seat is when flying on the red-eye.  Why?  Because I think it is rude and discourteous to lean my seat back into someone’s face.  I am also fully aware that a lot of people, particularly those who don’t travel much, feel it is their birth right to recline their seat.

Some people are fairly reasonable – if you ask them if if it is really necessary to fully recline their seat, most will accommodate the request and recline partially.  Of course some won’t.  I’ve dealt with obnoxious people over the years.

Yes, it is your right to lean your seat back but if you must do it, and I really don’t think you do, at least be courteous about it.  Look before you lean back.  Lean back slowly.  Ask if it is ok.  I’m fairly tall, 6’2″, so on some flights a reclined seat results in my knees in the back of the seat.  Does that bother you Mr. or Ms. Seat Recliner?  Too bad.  I don’t like it either but you are the one who chose to recline your seat.

So what happened to my computer?  As I was working away on a flight from Charlotte to Phoenix, the woman in front of me reclined her seat very quickly and very forcefully.  I am usually aware of seat recliners because I am worried about my laptop.  However this woman surprised me and I wasn’t ready.  When she leaned her seat back, the corner of her seat where the tray table sites caught the corner of my laptop and stopped the seat from reclining.  I guess I had my laptop at just the right angle because instead of moving the lid one way or other, the force of the seat coming back compressed the screen and hinge to point where it broke.  Because her seat recline was temporarily impeded by my laptop screen, she began really pushing it back almost as if she were bouncing against it.  This caused the screen to bend and an audible crack was heard as part of it broke.

This all happened in a matter of seconds and I immediately yelled “stop it” and put my hand on the back of the seat and pushed it back forward.  This made the woman very upset and resulted in a minor scene.  Needless to say I was upset – the damage to my laptop was obvious and the screen immediately showed a entire area of dead pixels and vertical lines.  The woman kept going on about how she was “entitled” to recline her seat.

She wasn’t the least bit sorry that her recline had damaged my laptop.  She was offended that I was upset.  I was dumbfounded as to how she could be so selfish as I would (a) never had done what she did and (b) if I were involved in a similar incident, I would have apologized for being negligent.

Accidents happen and had this woman shown any remorse what so ever, I would have chalked it up to one of those things which happens if you fly enough.  The only thing she was worried about was her right to recline her seat which she was “entitled” to.  She then said to me “you must not travel much” which left me almost speechless.  Almost.  I told her I travel plenty and I would never do anything as rude and inconsiderate as what she had done.  Ever.

The flight attendant was actually pretty helpful as he told the woman to calm down and be reasonable.  He also gave me some information to take to US Air customer service once I got to Phoenix.  He dodn’t know what they would do but he said it was worth a shot to make a claim.

In Phoenix I visited customer service and even though it took a while, the woman I spoke to said there was a chance US Air would do something.  After several weeks of phone calls, faxes, and emails, I actually got in touch with someone at US Air who seemed to have the authority to do something.  Much to my surprise, US Air paid to have my laptop repaired although it took a lot of my time to chase it down.  The repair costs was about $350.

Personally I’d like to see all seats be fixed so they can’t recline like the seats in front of the emergency exit row.  I think it it would prevent quite a bit of in flight aggravation and eliminate the need for devices like the Knee Defender.

So Ms. Harrop, you’re absolutely entitled to your opinion.  I just think you’re wrong.  I felt that way years ago and I definitely reaffirmed my opinion back in February dealing with the “entitled” seat recliner.  I hope the hour of recline that woman had was worth it – her selfish act probably resulted in 20 hours of legwork and follow up for me with US Air to get my computer fixed.

Working with Rails

Last fall I had written a post where I noted that I had a problem to solve at work which I thought might be well suited for Ruby on Rails.  Like a lot of side projects, this one never went anywhere but I did end up playing around with RoR enough to get an idea of how it works and how quickly things can be developed with it.

I do some volunteer work with our High School Booster Club and last year built them a WordPress based site which is largely used to facilitate the purchase of memberships.  While it seems like overkill, the plan is to use the web site to host more content relevant to the various athletic teams.

A couple months ago I was approached about how the Booster Club’s mobile app could be improved or replaced as the currently technology is being withdrawn and no longer supported.  I learned that the back end for the mobile app was extremely cumbersome to use and was a source of frustration for the people who maintain rosters, schedules, results, etc.

I am now working on a replacement for the Mobile App and the backend infrastructure.  Because we already have a WordPress site, I had considered using the WordPress site to host all of the data and leverage the WordPress JSON REST API plugin to serve content up to a Mobile App.  But I had some reservations.

jQueryMobileBookI’ve never done Mobile App development and in the interest of time, am not sure I want to take that on right now.  Based on my jQuery experience with WordPress, I thought a jQueryMobile web app might be a reasonable compromise.  I picked up a copy of jQuery Mobile Up and Running a while back when I had heard it referenced on a Podcast.  At the time I didn’t have an immediate application for it but it was interesting reading.  I dusted it off and realized jQuery Mobile would be a good solution for building a prototype mobile web app.

So now I have some thought in my head of a mobile web app I want to build but wasn’t sure about how to feed it.  While I could see putting all of the data in WordPress, I was worried about maintaining it.  I need something dead simple to enter rosters, teams, schedules, results, etc. into a system.  Ideally it should be accessible from a phone so scores can be quickly entered by unsophisticated users.

What I’ve decided to do is build a mobile first (maybe only) application using Ruby on Rails.  I have made all of my HTML views based on jQuery Mobile.  Within a week or so of working on it for a few hours a day, I have the basic application up and running on my Ubuntu VM.  I can set up teams, coaches, and athletes, and assign coaches and athletes to teams.  I have started on venues.  There is a ton left to do – events, schedules, user login, Google Maps, and a lot more.

While I am excited about how much progress I have made in a relatively short time frame, I am worried I am “doing it wrong” or have made a decision that will be difficult to unwind.  I’ve learned a fair amount about Rails in the past two weeks and much to my surprise, have not had to learn a whole lot of Ruby yet.

The ability to quickly add database columns and connections in RoR is pretty slick.  During my first couple of scaffold generations I was worried about getting the database “right” but having dropped some columns and added others, I’ve found it relatively painless.

While I am impressed with RoR, I am really impressed with jQuery Mobile.  It is pretty amazing how quickly a mobile web app can be assembled.  I’ve been using a regular web browser for developing my app and even using jQuery Mobile with a regular browser is pretty nice.  I had forgotten that the laptop I borrowed while my Vaio was being repaired has a touchscreen.  Using the app on Chrome with a touch screen is pretty effective at mimicking a mobile device.

I still have tons more to learn as I get ready to deploy the first build for some people to play with and populate with dummy data but I can already see other uses for Ruby on Rails.  I am still not a big fan of the Ruby syntax but I can live with it for the benefits and development efficiency I am seeing with Rails.

Google Forms v0.70-beta-1 available

This weekend I spent some time looking at adding support for regular expressions as part of the Google Forms validation functionality.  This seemed like a reasonable and useful request.  I was surprised to find that the jQuery Validation plugin doesn’t offer regular expressions as a standard check  however, I found a fairly simple solution on Stack Exchange.

It took me a little while to get it working as Saturday morning I went down a wrong path initially following another post I had found.  When I first read the post I linked to above, I convinced myself that I didn’t want to use the AddMethod solution.  I am not sure why, I guess it was because I haven’t been into the code in a while so I was trying to avoid it.  It turns out it is definitely the right answer and fairly easy to implement.

The beta build also contains a Serbo Croation translation provided by Borisa Djuraskovic
of www.webhostinghub.com.

To see the new functionality in action, check out my Validation Demo Form where the last entry field must begin with a capital letter.  The regular expression “[A-Z]” is used to match a capital letter when setting up the validation.

GForm_SS_72

Google Forms Beta (54 downloads)