***Security Alert*** – This should only be done where you 110% trust the proxy that is forwarded the client IP. It is quite easier to spoof an IP address using X-Forwarded-For headers.

If you have a couple of webservers behind a load blancer than you’ve probably noticed that your logs and many time web application incorrectly log the IP address of the load balancer.

This is totally expected behavior and is an important security feature in a standard Apache server.

However, it is also a pain.

Of course there is an easy way to solve the problem.

1. One enable the feature of your load balancer to turn on X-Forwarded-For headers. (The name is slightly different depending on the device so I’m not always sure about the specifics.)
2. Make sure that you are actually forwarding the additional header. I used my phpinfo() file to check you should see “HTTP_X_FORWARDED_FOR” in the apache environment section. If not than your load balancer is not correctly configured to pass the correct header. Troubleshoot until you can see this variable in the phpinfo().
   
3. Enable and configure the mod_rpaf module for your apache server.
4. Restart the webserver.
5. Check your phpinfo() file and you should now see the correct IP address in the “REMOTE_ADDR” section. You can also still see that the request came from in the “HTTP VIA” section.

You should now see the correct IP in WordPress comments and Moodle logs.

***Security Alert*** – This should only be done where you 110% trust the proxy that is forwarded the client IP. It is quite easier to spoof an IP address using X-Forwarded-For headers.

****No longer works in WP 3.0****

So I had a teacher who really wanted to use the Arras theme with their class. Unfortunately, it didn’t play nicely with WPMU.

I tinkered for a couple of hours and I think that I have a semi-workable solution.

Basically, I did two things:

1. I added the necessary WP includes so that you can use all of the regular WPMU functions.
2. I added some logic that made it work with a multiple blog setup.

***I am not a programmer by trade, so there may be major mistakes in my logic. Hopefully this will help you get started. ***

First, I added the WPMU includes to the top of the /library/timthumb.php

[code]
include('../../../../wp-blog-header.php');
include('../../../../wp-includes/general-template.php');
[/code]

This made it possible to use regular WPMU function calls.

Next, I went down to line 520 and added some code to the function using WPMU functions.

[code]
/**
* tidy up the image source url
*/
function cleanSource($src) {
//Added Globals for functions
global $current_blog, $current_site;

// remove slash from start of string
if(strpos($src, "/") == 0) {
$src = substr($src, -(strlen($src) - 1));
}

// remove http/ https/ ftp
$src = preg_replace("/^((ht|f)tp(s|):\/\/)/i", "", $src);
// remove domain name from the source url
//Changed path logic
$path = $current_blog->path;
$path = str_replace("/", "", $path);
$host = $_SERVER["HTTP_HOST"]. '/'. $path ;

$src = str_replace($host, "", $src);

//Added blogs.dir logic
$src = str_replace("/files/", "blogs.dir/". $current_blog->blog_id . "/files/", $src);
$host = str_replace("www.", "", $host);
$src = str_replace($host, "", $src);

// don't allow users the ability to use '../'
// in order to gain access to files below document root

// src should be specified relative to document root like:
// src=images/img.jpg or src=/images/img.jpg
// not like:
// src=../images/img.jpg
$src = preg_replace("/\.\.+\//", "", $src);

//print_r($_SERVER);

// get path to image on file system. Changed from original.
$src = $_SERVER['DOCUMENT_ROOT'] . '/wp-content/'. $src;

return $src;

// get path to image on file system. Appended 10/4
if ($current_blog->blog_id == 1) {
$src = $_SERVER['DOCUMENT_ROOT'] . '/wp-content/blogs.dir/1/'. $src;

return $src;

}else{

$src = $_SERVER['DOCUMENT_ROOT'] . '/wp-content/'. $src;

return $src;
}

}

[/code]

It worked for me and hopefully it will work for you. Here is the php timthumb that I used.

timthumb.php

Updated 10/4 – timthumb.php

It has been a long summer of silence and I’m excited to get writing again.

After finishing my Masters program his Spring, I needed a break to regain some enthusiasm and perspective. As fate would have it, a wonderful project has fallen into my lap and appears to be a great place to spend my “cognitive surplus” now that school is over.

My school district is using some calendaring software and a wiki to create an electronic curriculum guide. It is an exciting project because we are trying to take a number of great web-based tools to capture our district institutional knowledge. It is a pretty bold initiative, but so far it looks great and has incredible promise. I’ll talk more about it later as the details become more public.

At my individual site, we’ve made some great progress with teacher blog use and are now focusing on student blog use. While the staff isn’t ready to open the doors completely on student blogging, I’m currently developing a WordPressMU server as a structured portfolio for student writing. My eventual goal is to take the work that I’m doing and somehow turn it into a plugin. Initial testing suggests that the appropriate hooks are available to make this happen, but I have yet to determine if my programming skills are up to the the challenge of writing a plugin.

I would love to here from anybody that is interested in using WordPressMU for student portfolios.

At the conference, I presented the blogging project that has been active at my school for the last year. I talked about some the plugins we found very useful, but this post meant to gather them in one place. Read the rest of this entry »

Recently, I’ve been working quite extensively with WordPressMU. I’ve developed our school and teacher websites using it as the backbone. Recently, I started working with teachers to create project and topic specific blogs for instruction. The problem was there wasn’t a quick and easy way to import large numbers of users (i.e. classlists) into newly created blogs.

Dagon Design and Nicholas LaRacuente had developed a very nice plugin for importing users with just a username and emai. Unfortunately, this did not import existing blog users. I added a few lines of code to their work and now it adds both existing and new users during an import. This means you can dump classlists from you student info system and import right into your blogs.

This plugin comes without warrant. Use it at your own risk!

Edsysad mod of Dagon Design plugin