Good practise is to implement the MEMBERLIST mod as this ensures that only confirmed members appear on the list – so you will have a working email for the member.

Open your memberlist.php file, and go down to line 145. You will find a SQL query being built. We are going to modify this query the following one:

$sql = "SELECT username, user_id, user_viewemail, user_posts, user_regdate, user_from, user_website, user_email, user_icq, user_aim, user_yim, user_msnm, user_avatar, user_avatar_type, user_allowavatar 
	FROM " . USERS_TABLE . "
	WHERE user_id <> " . ANONYMOUS . "
	AND user_active = 1 
	ORDER BY $order_by"; 

To maintain the correct count of members, edit the count query on line 278 as follows:

$sql = "SELECT count(*) AS total
		FROM " . USERS_TABLE . "
		WHERE user_id <> " . ANONYMOUS . " AND user_active = 1"; 

Next, we are working on the following assumptions.

1. Spam bots know exactly what POST data to send your signup script to get themselves regsitered.
2. Spam bots are capable of downloading your signup page and identifying what POSTDATA should be provided.

To work around this – we need to provide POST data that the Spam bot cannot predict. This is difficult because of assumption 2 – the Spam bot can look at your page and try to identify what it needs to provide. So you can’t just bung in hidden elements of your own and expect everything to be hunky dory.

We move forward on the assumption that the Spam bot probably wont be so sophisticated that it can analyse encrypted javascript includes. So we will dynamically add the hidden elements to the form using an encrypted javascript include.

we adjust the script profile.php as follows:- insert on line 95 after:

else if ( $mode == 'editprofile' || $mode == 'register' ) 
{ 

# WEB ENGINEER BOT KILLER MOD START
if(isset($_POST['submit'])){
	$hack = false;
	if(!isset($_POST['iEatBotsForBreakfast']) || $_POST['iEatBotsForBreakfast']!='yesIdo'){ // you might want to customize these
		$hack = true;
	}
 
	if($hack){
		if(isset($_POST['website'])){
			header("Location: ".$_POST['website']);
		}
		exit;
	}
}
# WEB ENGINEER BOT KILLER MOD END 

All we need to do now is to ensure that our signup page includes our hidden elements.

So we make a javascript include called botkiller_src.js

The src of the file should be as follows:

if(document.forms.length>0){	
	newField = document.createElement("input");
	newField.type = "hidden";
	newField.name = "iEatBotsForBreakfast";
	newField.value = "yesIdo";
	for(var j=0; j<document.forms.length; j++){
		var frm = document.forms[j];
		frm.appendChild(newField);
	}
} 

This is NOT the file to upload!..

Next we want to encrypt the src. So go to the following website: http://javascript.about.com/library/blenc1.htm

.. you can copy and paste your javascript src into the encrypter and encrypt it. Then copy the encrypted text and save the file as botkiller.js

This file you can upload to your website root.

Next, go to http://javascript.about.com/library/blenc.htm and obtain the custom decrypter. You will need to enter your sites domain name, hit the decrypter button and copy and paste the new lot of encrypted text into a new javascript file called decrypt.js

Upload this file too your site root as well.

Almost there!

Now you need to modify the registration script to include these includes as follows.

Open the following phpBB template files as follows: forum_dir/templates/template_name/overall_header.tpl

and add the following code to the end of the document

<script src="/decrypt.js" language="JavaScript1.2" type="text/javascript"></script>

Then open forum_dir/templates/template_name/overall_footer.tpl and add the following to the end:

<script src="/botkiller.js" language="JavaScript1.2" type="text/javascript"></script>

Thats it! from now on, any page with a form in will get the botkilling code in it. If you need to check submissions, you can add the same submission logic on the appropriate pages if your forum is getting Spam attacks to other POST scripts.

For will -

[swf]http://69.9.170.242/barbitl.swf,384,288,5,#333300[/swf]

Removed this one as barbie was doing my head in…

Note – when linking to externall addresses it appears you need to feature http://, also you should always check that you have permission to do so! It is possable that externaly loaded swf’s may also fail for other reasons such as – if the movie loads in extra data, or the host/movie may be preconfigured to prevent leaching.

This post relates to a specific query with the following
http://www.web-engineer.co.uk/codex/?p=51

There is an issue with the coffie2code autolink plugin that can be fixed by changing the following line in swfEmbed.php updated version will follow soon…

add_filter('the_content', 'swfEmbed_preprocess',10); 

change to

add_filter('the_content', 'swfEmbed_preprocess',5); 

Overview

This plugin makes it quick and simple to insert flash movies into your worpress posts using a UBB style tag.

The syntax to insert a movie is as follows
[swf]src,width,height,ver,bgcol,alt[/swf]

• swf the address of your flash movie
• width the width of your movie – either the number of pixels or a percentage
• height the height of your movie – either the number of pixels or a percentage
• ver the version of the flash movie (defaults to 5)*
• bgcol the background colour of the movie (defaults to white)*
• alt the address of the graphic to use if the flash plugin is not found*

* optional

Examples

1) [swf]/images/addvrt.swf,170,170,5,#000000[/swf] gives

2) [swf]http://video.google.com/googleplayer.swf?docId=-3054014799466172915, 400, 326, 8, #ffffff[/swf] gives

if flash wasn’t installed or of high enough version the following would be shown

Installation instructions

1. Download the plugin from here
2. Unzip the archive and upload the contents to your plugins folder (ususally site root/wp-content/plugins
3. Goto your administration panel, choose plugins and enable the plugin

Install notes

The current version of wordpress (2.0.3 at time of writing) treats XHTML CDATA tags in an odd way, this has been submitted here as a bug, so this may be fixed in the future. There is a simple fix described here.

This plugin utilises Geoff Stearns swfObject, so if your already including the swfObject classes in your pages then comment out the following line (plugins/swfEmbed.php)

echo('<script type="text/javascript" src="'.get_settings('siteurl').'/wp-content/plugins/swfEmbed/swfobject.js"></script>'.chr(10)); 

:: UPDATED 0.7 ::
For war59312 – strips the <p> tags added by TinyMCE that upset the validator. Auto-hyperlink URLs plug-in compatability fix.

:: UPDATED 0.8 ::
Be nice to other plugins release – uses a cleaner two pass approach that improves compatability with third party plugins.

:: UPDATED 0.9 ::
Improved patern matching.