New Somery is back on the table.

posted by voh 03:41, 18 September, 08


After seeing some more spam comments appear on a friend's somery blog, I've decided to pick up on Somery development once again. There are certain tricks to doing this, however, several ways of going at it, and so far I've only been considering the wrong ones. Read on for some information on what (in my opinion) Somery is currently doing wrong or lacks, and how I intend to fix it.

First off, the 'ways of going at it' are the following.

1) A complete rewrite from the ground up, along with an entirely new and much more efficient database layout.
2) A partial rewrite, replacing all deprecated code with new and keeping all worthywhile code.
3) Hack it to bits to make it work.

Obviously, what I've been doing since the first 0.4.x release came out, has been method 3. I've been hacking away at the code randomly, adding new features and fixing old errors. But that method isn't going to work anymore since 75% of all code in Somery is outdated and working on a completely wrong premise of "Ah, nobody will take advantage anyway."

Since Somery is based on B2 (not code-wise but design-wise) and uses an entirely similar system of approaching pages and posting comments, it's been really easy for spammers to adapt their code to attack somery in a way similar to B2 (I estimate the similarity reaches up to 90%, which is bad). Also, there have been some well-documented security issues with Somery that I neglected to fix for far too long.

Somery Vulnerability concerning $skindir variable link

Now, that has actually been fixed in a re-release of 0.4.6, but it was never really posted online. I personally run 0.4.7, and so does that friend who's getting spam at the moment.

So, obviously, current code base is flawed. What to do about it?

I envisioned using method 2 for far too long. But the monumental task of going through all this terrible code and replacing only the bits that weren't working well was looming over me, causing me to... not bother. Which is, of course, the worst solution.

It's been over 2 years since the last public release of Somery, and over a year since my own latest release. Drama still runs somery and gets surprisingly little spam after I added the content filter. Zach link coded his own CAPTCHA system to stop the spam, and added it to his SomeryC comic publishing platform as well.

Now comes the time for me to say what I want to change about somery, and why. This may be interesting to those who've used it in the past, but I'm fairly sure most of you won't give a rat's ass. Regardless, here I go.

Comments
Somery was designed to allow level 0 accounts, meaning users whose only rights are to comment, not post articles. The functionality to allow this properly was NEVER added to somery. There was code in mindset which allowed logged in users to post directly, where their profile information was pulled automatically from the database, so it IS possible with the current code, just not in a pretty way.

This would allow the administrator to only allow comments from users who have an account.

Proposed additions to how comments are allowed to be posted: Public (with CAPTCHA), Private (only by registered users) and screened comments (admin must approve all or only public comments).

Also, considering public comments, it may be important to add a flood protection system, so that a public commenter can't post more than 1 comment every 30 seconds (time is courtesy of admin's choice, of course).

Archive
The archive was a quickly hacked-together addition to somery, and has received no updates other than bugfixes in the time it's been there, amongst which have been the additional functions it was supposed to have (calendar, browsable, etc.). This will change. The new archive function will have to have all current functionality as well as all the previously promised functionality. It will be coded as a module, to be easily altered and shared with other users.

Search
Promised many times, and a beta search function was in place in a test version I ran myself, but it never worked properly. This time, it'll be a module, making it possible to enable/disable and allowign it to search articles, users, dates and categories.

Prevnext
Those who've used Somery know what this is. It's the code used to get the [previous x posts] and [next x posts] links you can find on the bottom of drama (or any Somery blog). Proposed additions: Make it possible to use prevnext correctly while viewing a category (so that the prevnext only shows that category's posts), make it possible to use prevnext in a single post, allowing you to scroll back and forth one post at a time.

Once again, module.

BB code
BB code, at the moment, is hardcoded. As was the idea for Adira, BB code will be a module, and it will be user-editable. This will also make it possible to use other markup systems. So if you want to use, say, [flash]url/blah.swf[/flash], you can do that easily by simply adding that to the list. This also allows easy use of smileys or a signature replace, so you don't have to type it constantly.

Templates
Mindset has it, somery 0.5.0 will have it. Database templates that are editable from your webbrowser. Templates can be exported or imported, and you can save multiple templates at the same time. You'll always be able to revert back to the default template or the original template if you mess up.

Also, the standard template will be a more modern and better base to build your site design on, though still text-only, to keep archive size down and not include images, as has been somery tradition for years now.

Bugs and output errors
Sometimes when posting a comment, there are error messages shown due to 'output already sent'. This is a cookie issue that has to do with shoddy template coding. Sadly, one of the affected templates is the standard Vijone template. This occurrs when engine.php isn't included on the top of the page and the browser has already received something to put on the screen. Cookies don't like that. New template won't have this error and since database templates will be used, it won't occurr anyway.

Conclusion
Somery 0.5.0 will be a total rewrite, but the database design is only going to change as much as is necessary to accommodate both the new features and some stupid design mistakes I made 6 years ago, when I started working on Somery.

Backwards compatibility is guaranteed, and an updater will be released together with the first somery 0.5.0 release, allowing you to update your somery to the new version as painlessly as possible.

If there are any other wishes, kindly post them, as right now I'm still able to work new things into the design document.

Thank you for reading this and I hope to hear from those interested soon :)

5 comments

go directly to post form


Zachary Lewis (mail/url) @ 18/09/2008 - 05:14


Not a real comment here, but you've got my hands/eyes if you need a bit of code rewritten/looked over/played with.

I assume a complete rewrite of SomeryC will appear as well. Damn you. :P

racheli (mail/url) @ 18/09/2008 - 15:36


Hrrrrmh. Isnt the summer over?

:<

odd (mail/url) @ 18/09/2008 - 16:34


'A friend' reporting. It was Void, wasn't it?

voh (mail/url) @ 18/09/2008 - 16:59


Yes.

odd (mail/url) @ 19/09/2008 - 08:41


Well, you're quite right - most of the things you mention annoy the snot out of me.

Post a comment - keep it tidy!


name
email
website
BB code tags you're allowed to use: [b], [i], [u], [email], [quote], [newurl] (opens in new window, OMIT http://)


all written content is (c) voh, 1999-2008, hosted by danwa.net - RSS.