Galleon Forums inside Mango Blog

Requirement: Using Mango Blog as the base system, incorporate a forum. Logging into site should auto login to forum. All user management must be done via Mango Blog's user system.

Form: After some research (went for riaforge.org), Galleon Forums was chosen.

Solution: My first issue was.. How do I display Galleon forums in a Mango Blog page? Well.. this, as it turned out, was the easy part. I grabbed a plug-in called addcfcode. This plug-in allows for the inclusion of outside code into a Mango Blog page. With this I was then easily able to get Galleon forums to display in mango blog. Next up, figure out the user system.

First, I had to understand the workings of Mango blog's login and user system. I then had to take that knowledge and compare it to how Galleon Forums user security works. This was, for the most part, not that difficult. The data structure was pretty basic and straight forward. The part that tripped me up was how roles worked. That took a little more time to figure out. Now that I was able to map the security my next goal was to figure out user creation and updating. This was because I was handling all user management via Mango Blog. I looked into the Mango blog code to try and have it cross update users in both the Galleon tables and Mango tables at the same time. This would require me editing the Mango blog core code. I decided against this and took a different approach.

What I ended up doing for user management was database triggers. I added triggers to the base user tables for Mango blog so that any insert/update/ delete would also be reflected in the Galleon tables. This was a new experience for me as I had never written triggers for MySQL before. I have written them for SQL Server so I was familiar with the techniques. Once I got passed the nuances I was good to go. The main part in making this work was to have like roles in both Mango and Galleon. This made the security marry up perfectly from one to the next.

[More]

Magno Blog plug-in - roleSecure

I have been working on doing some alterations to Mango Blog. One of my main requirements was to make certain sections only viewable to certain users. I did some digging and only fond one plug-in that would come close to accomplishing this, Authors Only. However, it had a couple draw backs. It only required the user to be logged in. Also, it protected the entire site not just certain areas.

So, using the Authors Only plug-in as a base I created a new plug-in I called, roleSecure. What this does is secure pages/posts by user role. It is very straight forward to use and requires no alteration to your current setup. All you have to do is this...

  • Add a custom field to a page/post where the label and key are named "secure".
  • Add a value to this field that is the name of a role.

If a user hits one of these pages they will be presented with a log in instead of the content. They also receive a friendly message if they are logged in but their role does not match the roles on the page/post.

There are some limitations and I am still working on making it more robust. Let me know if you find any issues or problems with it.

Click the download link below to get the plug-in.

Till next time...

--Dave

MangoBlog Log files exposed

So, in today's podcast (Show #35 - Year end wrap and Committees) I talked about how MangoBlog writes log files in html format to a web accessible directory. This was also blogged about by John Mason.

It seems that people may be unaware of this fact. The log files contain raw dumps of the error, as well as other potentially harmful information. The logs are stored in blog\components\utilities\logs directory. They are created by blog\components\utilities\logger.cfc.

I am hoping that the folks at MangoBlog will put out a patch for this so that it can be easily disabled. However in the mean time, there are a few things you can do to prevent people from reading them.

1: Stop MangoBlog from writing the logs. This can be done by just commenting out the cffile write in the cfc mentioned above. The write is in a function named "logMessage".
2: Disable read access to the log directory through your web server config. This will keep Mango the way it is and still allow the logs to be created.
3: Alter where the logs are written to. Instead of commenting out the cffile write change the write location.

If anyone else has some other methods please let me know.

Till next time...

--Dave

CFhour.com Failure to launch

For those of you looking at the site or following me on twitter (@dfgrumpy) already know some of this. Yesterday (12/27/09) we switched our podcast site (cfhour.com) from BlogCFC to Mango Blog. After a couple weeks of getting everything ready the push went well. Site was down for only a couple minutes and the new site was up.

Once the site was up I sent a message on twitter that we changed the site. Within minutes I received multiple messages that users were getting an error screen. After digging for about an hour I found what I thought was the issue.

I then sent out another tweet that I fixed it. A little while later I received another message that the site was still having issues. This is where I went crazy. As with the error before all I was seeing on the site was a message that said "error:". No details, no nothing. This time the log generated by Mango was blank (more on this in a bit).

[More]