LnBlog 0.9.0 beta 1

It's finally that time again. LnBlog 0.9.0 beta 1 is ready for those adventurous souls who feel like taking it for a spin. You can download it here. I actually hadn't intended to get to version 0.9.0 quite yet, but on the way to 0.8.3, I accumulated so many features and under-the-hood changes that a higher version number seemed justified.

If you want to upgrade to the beta version on a live web server, I strongly recommend backing up everything related to your existing LnBlog installation. That means your entire LnBlog directory and each one of your blog directories. I don't expect that anything will go wrong (it didn't for me), but there are a lot of changes in this version and I'd hate to see anyone lose data because of it.

In addition, if you are upgrading from a previous release, please note that you will need to run an upgrade on each of your blogs. You probably won't forget this because there is now a helpful reminder in the sidebar under you logout link.

As for the changes and new features, here's the quick list:

  1. Entry, reply, and user data files have all been converted to XML format. Old files will still be read, so there is no need to convert.
  2. Support for running blogs on multiple subdomains from a single installation.
  3. Lots of those annoying wrapper scripts in the blog, entry, etc. directories have been removed. For existing blogs, the unused wrappers will be deleted when you run an upgrade.
  4. Support for saving draft entries to be published later.
  5. New Linksleeve anti-spam plugin.
  6. Lots of fixes to the blogging APIs. Note that the Blogger, MetaWeblog, and Pingback implementations are now combined in a single xmlrpc.php file, so adjust the URIs in your blogging client accordingly.
  7. Added a "manage replies" feature to view all replies for various levels of archives.

I'm not planning to add any more significant features to this release, otherwise it will drag on forever. However, I am a bit unsure about some of the user interface elements, and I would love any feedback people have on them.

My two big UI questions are the new feature in the entry editor to automatically add a link when you add a file to be uploaded. There is a checkbox in the entry options to turn that off, but I'm generally not satisfied with this. It would probably be better to pop up a prompt window, but that will wait for another release....

The other thing I'm unsure about is the new file writing setup page. It's significantly longer and more verbose than the previous version. That's partially because I added the subdomain options to it, and partially because I added file permission settings and some option buttons to help guide the choice. I'm not really happy with the final product, though. I'm thinking it would be better to break the different sections out into a multi-step wizard kind of interface. I'm also not sure I'm doing a good job explaining the options and issues with configuring file writing. I guess I'm just not sure how to explain the technical details of the the various possible permission, ownership, and safe mode configurations in a non-technical way.

As usual, any feedback is greatly appreciated - suggestions, bug reports, whatever. Leave a comment, send an e-mail, or use the SourceForge tracker. Unfortunately, I am currently unable to accept feedback via telepathy.

You can reply to this entry by leaving a comment below. This entry accepts Pingbacks from other blogs. You can follow comments on this entry by subscribing to the RSS feed.

Related entries

Comments #

    beta1 test

    Peter,

    I've installed 0.9.0beta in its own test directory; some success (subdomains function flawlessly), but also some very basic issues I somehow blame on rights issues, but I'm not yet sure how to solve them without making everything world writeable (which I'd rather like to avoid). I'd like to use the second option for file permissions, but seem to make some mistake:

    After I configured LnBlog and created a blog, I can administer the blog, but I can't reach LnBlog's administration panel. If I click the link (site administration), I get a login mask, when I log in there, I get referred back to the blog (the page I was previously viewing), but actually am logged *out*. To make this clear: I see every setup option I saw when I was logged in, but not the menu, just the page contents (like the blog's settings).

    Whatever happens here, am I right to think it's an issue with file permissions?

    Hard to say

    Hmm.... It *could* be file permissions, but for login problems, I would guess it's a cookie issue. Are the blog and the LnBlog directory on the same subdomain?

    First, let me get this straight. Your problem is:
    1) You log into the blog and everything works.
    2) You go to the main admin page and are prompted for a login.
    3) You get redirected back to the blog, but you have no administration section in the sidebar, i.e. you're logged out.

    After this, if you type the admin page URL into the address bar directly, are you still logged in there?

    The redirect to from the admin login page back to the blog is my fault. That page assumes that your login has expired and redirects you back to the referer. If, for some reason, you need to log in again, it doesn't account for that. I'll have to fix that.

    As for the login/logout, try checking your cookies or deleting them and trying again. The relevant cookies are named uName and uHash. I'm wondering if maybe the domain or path on them is wrong. They should be .yourdomain.com and / for the path. If you have any login options set in userconfig.cfg or userconfig.php (e.g. AUTH_USE_SESSION or LOGIN_EXPIRE_TIME), you might try unsetting those.

    Plausible

    I'll check the cookies and report back - since I have the LnBlog installation (still 0.8.1) on the same server, it's very probable that there'll be contradictions (it's a different subdomain, though). I'll be back with more information tomorrow.

    Long time since...

    Okay, I rechecked; the problem is that by logging into the admin panel OR the blog, I promptly get logged out from the other. Both function in their own right, but as an administrator of both, I seem to have two ways of access that exclude each other. It's consistent on all systems I tried it on, so it's got to have something to do with the installation. Cookies don't seem to be involved at all as far as the problem goes, though (I accessed from different systems, different browsers, and most of them get automatically reset any time the machines are booted - so, no cookies in the cache...). Except maybe that they don't get set - I did neither disable nor reject cookies from my site, but those you describe aren't there. I also accessed the blog from a freshly installed machine - same behaviour. And I didn't adjust the blog yet, so userconfig.cfg has no part in this (yet).

    I don't know if this rambling helps - I can clarify if need be...

    That's a weird one

    That is very strange. Authentication is all cookies and sessions, so if you're starting with clean cookies, it's hard to see how a problem like this could persist. I can't replicate that, either on my local machine or on my host, so I'm just going to throw out some ideas and information here.

    It might be a problem if you have the blog and your LnBlog installation on different subdomains. It that's the case, it's possible that the cookies are clobbering eachother, or that it's getting the cookies from the old version. I've managed to foul up my logins by experimenting with that. But if that were the case, deleting the cookies or switching to a different browser should fix it.

    As far as logins go, it's all just cookies and sessions. The only other thing that's required is that PHP be able to read your user files. LnBlog doesn't write anything to the server for login - the only thing that gets written is PHP's session data.

    You could always try setting AUTH_USE_SESSION = true in your userconfig.cfg and see if that makes a difference. That uses a slightly different authentication scheme, so it might be worth a shot. And, of course, it never hurts to crank up PHP's error_reporting to E_ALL, just in case there's an error message you're not seeing.

    Just for completeness, and in case it give you any ideas, here's how LnBlog handles authentication. There are two modes: one that uses PHP sessions and one that just uses cookies. The session mode is arguably more secure, but will cause your login to time-out when the session expires.

    The session mode is enabled when AUTH_USE_SESSION is enabled in userconfig.cfg and this writes three cookies: uName, lToken, and lastLTime. In this mode, the lToken is an authentication token based on the time you log in and your IP address, so when the server loses your login time, your login expires. In the non-session mode, which is the default, the cookies are uName and uHash. In this mode, the uHash is an authentication token based on your password hash and your IP address, so the login can last indefinitely.

    The cookies are all set to use '/' as the path. Also, if you gave a domain name in your initial setup, i.e. enabled subdomain support, then the cookie domain is set to your entire domain, such as ".skepticats.com", so that it is accessible to all subdomains.

    Subdomains

    I think the subdomain trace might actually be it; I've never worked with the subdomain feature before, and the blog actually has its own subdomain whereas LnBlog has not (just a subdirectory). The explanation actually might be that simple - I'll do a reinstallation omitting subdomain setting to look into that. The only strange thing that remains is that actually I didn't find any of those cookies yet - don't know why yet; but I'll have another go to see if the main issues can be fixed. However, this leads to the question if a blog on a subdomain should actually show the Site Administration link in its menu when logged in as site administrator. It actually doesn't have to, if you ask me... but then again, it'd be nice to have it.

    I agree, but...

    I agree, the subdomain blogs don't really *have* to show the administration link. But on the other hand, half the point of adding subdomain support is that it's a unified installation, so the same login should work the same on every subdomain.

    The cookie thing doesn't make any sense to me, though. If you don't have the cookies, then you shouldn't be logged in. It's that simple. They might be set for the subdomain or for the main domain, but if you're logged in, they should be there. I have no idea how you could be logged in without them.

    Reinstallation needed

    I'll do a complete reinstallation - actually, two of them, using beta2; the whole affair could well be due to a server quirk, so I'm doing one with a subdomain, one without, just to check. I'll report back next week (or maybe as early as Thursday night if I can manage to get some time away from ongoing stuff).

    I think you're on the right track with the whole thing, my proposal was just a weak attempt at solving a self-caused problem (at least most probably) ;)

Add your comments #

A comment body is required. No HTML code allowed. URLs starting with http:// or ftp:// will be automatically converted to hyperlinks.