Corey Salzano

WP Plugin: Recent comments widget with excerpts
I wrote a WordPress plugin to modify the behavior of the recent comments widget. Since WP version 2.8.0, popular widgets have been included as core functionality. I don’t like how the recent comments widget works, so I changed it. Instead of displaying the post titles that received comments, my plugin shows comment excerpts. I made this graphic to show the difference between the default behavior and the effect of this plugin:

WordPress.org link

Visit this plugin’s page in the official WP plugin directory.

Installation Instructions

Download recent-comments-widget-with-excerpts.zip

Decompress the file contents

Upload the recent-comments-widget-with-excerpts folder to a WordPress plugins directory (/wp-content/plugins)

Activate the plugin from the Administration Dashboard

Open the Widgets page under the Appearance section

Drag the Recent Comments widget to the active sidebar

Enjoy!
November 9, 2010
Disable WordPress New User Email Notification
When a new user creates an account on a wordpress.org blog, the administrator is sent a notification email. Websites that have a large number of signups each day can generate a lot of emails announcing each new user.

I wrote a simple WordPress plugin to disable the new user notification email. Visit this plugin’s page in the official WP Plugins Directory.

Installation instructions

Download disable-wp-new-user-notification.zip

Decompress the file contents

Upload the disable-wp-new-user-notification folder to a WordPress plugins directory (/wp-content/plugins)

Activate the plugin from the Administration Dashboard
March 23, 2010
WordPress Sidebar Stats Widget
I wrote a WordPress plugin that displays a small collection of site stats in a sidebar widget. Here is a screen shot of sample output:

Widget options screen shot

The widget includes a control panel to change the title and format the HTML that is inserted before and after each numerical stat.

Installation Instructions

Download sidebar-stats-widget.zip

Decompress the file contents

Upload the sidebar-stats-widget folder to a WordPress plugins directory (/wp-content/plugins)

Activate the plugin from the Administration Dashboard

Open the Widgets page under the Appearance section

Drag the Sidebar Stats Widget to the active sidebar

Configure the widget options to suit your needs and click Save

WordPress.org plugin page

This plugin is in the official WordPress Plugin Directory here.
February 9, 2010
Clear default text from input boxes using Javascript

Providing labels is a great way to help users interact with your website properly. I like to put instructional text inside text boxes to save space. Users get annoyed when the text inside the box they click on does not disappear when they are ready to type. Users do not want to backspace default instructional text before typing in boxes, so some code is required to make this happen.

I would like to share two small Javascript functions. The first clears out default text box contents automatically when a user clicks on the box. The second restores the default instructional text if the user leaves the box empty.

Implement these functions using onfocus=”wash(this);” and onblur=”checkWash(this);” on your text input control. You may want to avoid the second function on text fields where input is optional, so the user can leave the text box blank.

function wash( anInput ){ if(anInput.value == anInput.defaultValue) anInput.value = ''; }
function checkWash( anInput ){ if(anInput.value == '') anInput.value = anInput.defaultValue; }

Try it

Look, I made a demo!

January 21, 2010
Get Longitude and Latitude from Bing Maps
To get longitude and latitude coordinates from Bing Maps, follow these steps:

Position the map center on your point of interest

Type this into your web browser’s address bar:
javascript:map.GetCenter()

Hit enter or click an appropriate button to query the address

If you are using a browser with a lot of built-in security roadblocks like Internet Explorer, you may have to acknowledge security warnings before javascript code will execute.
December 17, 2009
Why are craigslist ads flagged flowchart

Today, I made a simple flowchart to describe how and why craigslist ads are flagged and removed.

http://www.gliffy.com/publish/1892404/

November 13, 2009
Classic ASP and Server.GetLastError in IIS7

My classic ASP error logging scripts were dead in the water when I moved them to a Windows Server 2008 with IIS 7.0.

Some code like this is useful to record errors in a database:

dim objErrorInfo, errorStringStr set objErrorInfo = Server.GetLastError errorStringStr = objErrorInfo.File & ", line: " & objErrorInfo.Line & ", error: " & objErrorInfo.Number & " " & objErrorInfo.Description & ", " & objErrorInfo.ASPDescription & objErrorInfo.Category errorStringStr = replace( errorStringStr, "'", "''" )

Instead of using the default 500 item in the list, create a new handler for status code 500.100. Point this at your script, and you should be all set to log errors.

Another way is to enter the Error Pages module of the website profile, and click “Edit Feature Settings” on the right hand sidebar.

This screen will appear:

Configure yours in a similar fashion, and Server.GetLastError will start working in your script.

July 16, 2009
I made a Keyword Multiplier
While revamping a PPC advertising account last week, I discovered the lack of a convenient keyword multiplier. I am sure there is some fancy pants way of combining keyword lists in a spreadsheet application, but I find no fun in writing macros for some piece of software.

I installed the Google Adwords desktop editor because it has a built-in keyword multiplier. It sucks. The Goo’s multiplier only combines three lists at a time, and I wanted four. It also automatically removes keywords that have low Google search volume, so if you are using their tool for any other purpose it is rather useless.

I made my own keyword multiplier, and you can use it, too. Please try it out, and let me know if you find it to be a useful keyword tool.

Keyword Multiplier Features

Fast, easy and web-based

Apply PPC match types to result lists

No uploading your keywords to a third party

Try it yourself!
June 29, 2009
Disguise Email Addresses for online publishing
Disguise your email address or any text with this character obfuscation. This code corey@example.com will show up on a web page as [email protected] You can share your email address without worrying that it will be collected by a spam bot.

Enter some plain text

Some losers send spam email for a living, and will send garbage to any email they can find online. Obfuscating email addresses in character codes cloaks them from some of the leeches. I decided to create code to automate this task.

Here is an ASP classic function that will convert a string to ASCII characters. PHP code below. These characters will display as normal text to the casual user. The difference between alphabet characters and ASCII characters is that encoded characters must be evaluated before they look like an email address. This thin veil of secrecy is enough to fight off some email harvesters.

public function asciiDisguise( string ) build = "" for i=1 to len( "" & string ) build = build & "&#" & asc( mid( string, i, 1 )) & ";" next asciiDisguise = build end function

Here is the same function in PHP.

function asciiDisguise( $str ){ $build = ""; for( $i=0;$i<strlen( $str );$i++ ){ $build .= "&#" . ord( substr( $str, $i, 1 )) . ";"; } return $build; }
March 19, 2009
Hide posts from WP home page
Hiding posts from showing up on the home page is something I have been thinking about all week. Last night I finally dug into the WP Codex and figured out how to make it happen. Hide WordPress posts from appearing on your home page by adding their post IDs to the following array (where you see 603 and 621), and place this code before the loop starts in your theme’s main index file.

<?php if( is_home()){ query_posts(array('post__not_in' => array(603,621))); } ?>

This code prevents posts from showing up on your home page, but allows them to be directly accessed and shown in views other than the home page like category archive. The posts will also be included in your RSS feed.

F.A.Q.

Where do I put this code?

Place the code before the loop starts in your theme’s index. To edit the index file, browse to Design > Theme Editor > Main Index Template. Place the code anywhere before this line: <?php if (have_posts()) ?>

How do I find the IDs of my posts?

Go to Manage > Posts and mouseover the titles of your posts. Look at the URL showing up in your browser’s status bar. The post ID will be at the end of the edit post link URL you see.

Most ‘hidden post’ tutorials explain to use a hidden category. The problem with the category approach is the need to hide the category from showing up in the sidebar and any other place it may appear. WP does not have built in hidden or secret categories. The idea of chasing out a category everywhere categories are shown on my WP is not an attractive idea.

This code lets me publish posts that are not intended for prime time viewing but work great as a post rather than a page.
January 30, 2009
Display WP Post Category without link

Here is a small piece of code that will display the category name of a WordPress post without a hyperlink to the category page. Typically, the category data is retrieved with the_category( ). This function is not useful for manipulating the category name in plain text. Displaying the category in plain text is easy with get_the_category( ), however.

<?php $category = get_the_category(); echo $category[0]->cat_name; ?>

January 20, 2009
How to: Stop Spam on your MediaWiki website
This past week I deleted a few hundred wiki pages and user accounts from the MediaWiki installation our company uses to track software features and technical issues. Here is how you can stop your public MediaWiki website from becoming the victim of relentless spam bots.

Limit exposure

My wiki was operating smoothly for about a year and a half before any spammer had found it. A publicly accessible and poorly secured website is always a sitting duck. Once the site was indexed by search engines, finding it became a lot easier. A simple search query like Powered by MediaWiki will list thousands of targets for wiki spammers. I am not sure how our wiki was found by search engine robots, but I certainly know when. Right before the onslaught of spam.

Limit exposure to software security holes

The very first change I made to my wiki was a complete update of the MediaWiki software running on the website. The longer software source code is available in the wild, the more likely that someone has found a security hole or method to exploit the scripts to allow outside manipulation.

The backup and upgrade procedures are very intimidating to the casual user. I downloaded a copy of all the website’s files, uploaded the files that make up the latest release, uploaded my old LocalSettings.php so it was not changed with the update, and then ran the installation script again. When you re-run the MediaWiki installer, it will recognize the existing database tables and update them accordingly.

Prevent Search Engines from indexing your MediaWiki

I am now using the REP to prevent robots from crawling the entire site. The robots.txt file in the root of the website directory looks like this:

User-agent: * Disallow: /

Our wiki is for our use within the office only, so we could care less if anyone else finds or reads the website’s contents via a search engine. If removing your wiki from search engines is not a viable course of action, you can still stop spammers by following the rest of these instructions.

Trip the bots

The most violent spammers that attack MediaWiki websites are automated scripts. These scripts assume that the MediaWiki is unmodified and vulnerable to its content creation routines. A simple CAPTCHA will trip the spam bots. Spammers don’t have time to figure out why they can’t pollute a certain MediaWiki website–they move on to easier targets. I installed the ConfirmEdit extension and configured it to require a simple arithmetic CAPTCHA before saving any edit.

Restrict user account creation and anonymous editing

Here are two lines of code I added to LocalSettings.php to prevent new user registrations and anonymous (IP address only) edits:

# Prevent new user registrations except by sysops $wgWhitelistAccount = array ( "user" => 0, "sysop" => 1, "developer" => 1 ); # Restrict anonymous editing $wgGroupPermissions['*']['edit'] = false;

Learn how to police new content

Within 30 days of the initial attack, my wiki had hundreds of new pages and user accounts. More garbage was being added to the wiki so quickly, that the Recent Changes page was not a sufficient monitor for me to see what was being added to my website. Here is a valuable page that outputs a list of every page on your wiki:

http://www.yourmediawiki.com/index.php?title=Special:AllPages

I also installed an extension called Nuke that facilitates quick mass deletion of any user’s contributions.

Larger or highly active wikis will naturally be harder to maintain as spam-free websites. I am very happy that I got to experience these spam bots only 18 months after launching the wiki. Using the AllPages script was only slightly painful because the the total number of good pages on my wiki at the time was in the low hundreds. If the spam bots find another way to plague my website, I will surely write a second chapter to this guide.
January 4, 2009