glFusion Development Update


We’ve been pretty busy the last couple of months working on all kinds of neat things for glFusion. Much of what we’ve been doing has centered on feedback from the glFusion community. We thought it would be a good idea let you know what we’ve been up to with glFusion v1.1.9. We hope to have v1.1.9 out the door sometime in April 2010. Read on to see what is coming!

Improved Defense in Depth Security Strategy

linksrcSurprisedrig alt:0
I could write a book on this one, but will try to sum it up in just a few words. We have migrated away from using the easily cracked MD5 hashing algorithm for passwords. We have re-engineered how the long term cookie works (this is the ‘Remember Me’ feature that allows you to automatically login for a period of time). We no longer use the hashed password value in the cookie (it is bad practice to expose the hashed password to the browser). Finally, we have implemented the requirement that a user must re-authenticate before accessing any administrative functions.  This means you must enter your password again the very first time you access any administrative function.  Even if you just logged into the site, if you hit the Command & Control link, you will need to re-authenticate.  We realize this is an additional burden, but we believe the protection it offers is well worth the minor inconvenience.  The key concept here is any good security strategy must be comprised of multiple layers of defense, i.e.; defense in depth.

 

Username Standards

linksrcSurprisedrig border:1 align:left link:2 alt:0
The handling of the username was anything but consistent in prior releases of glFusion. We have now standardized the username filtering and implemented the following rule. A username can contain any character except " < > $ % & * / characters.  We have implemented this standard throughout glFusion and its plugins to ensure a consistent handling of usernames.

 

Administrative Improvements

linksrcSurprisedrig border:1 align:left link:2 alt:0
Mark Howard has reworked many of the administrative screens to be much more user friendly and functional, as well as, much prettier. We’ve expanded the user editor to now include all attributes of the user, meaning you can now edit any field on the user’s record including plugin preferences. We’ve added the ability to define groups that will automatically be assigned to new users when they register. Last, but not least, we have implemented a new Global User Preference Editor which allows you to change certain user preferences for all users of the site.

 

Forum Enhancements

linksrcSurprisedrig border:1 align:left link:2 alt:0
We’ve received a lot of feature requests for the Forum Plugin. As a result, we’ve reworked the moderation screens to be much more user friendly and added the ability to merge posts into existing topics. We’ve redesigned the editor window to be a bit larger and moved the smileys into a hidden window that is only displayed when needed. We’ve added the ability to have URLs automatically become clickable links. Finally, we’ve given the user the ability to select which editor they prefer (if both the WYSIWYG editor and BBcode editor are available). These are just a few of the highlights for the upcoming Forum Plugin that is bundled with glFusion.

 

Improved Consistency

linksrcSurprisedrig border:1 align:left link:2 alt:0
We’ve spent a lot of time making sure features are implemented consistently throughout glFusion and its plugins. For example, all plugins will now support the ability to define which blocks (right, left, both, or none) display when showing a plugin’s content. We’ve updated the ‘login required’ handling to now display a login screen with the message that access to this portion of the site requires you to login.  Once the user enters their username and password, they will be automatically redirected to their original request. In the past a user might see the login screen or a message telling them to login or even an access denied message.

 

Improved Plugin Interaction

linksrcSurprisedrig border:1 align:left link:2 alt:0
We’ve enhanced the plugin application programming interface (API) to provide improved plugin to plugin communication and integration. While technically cool, it probably doesn’t excite you too much. Here is an example of how this can benefit you. If you use the Tag Plugin, the current version only supports tags in stories, static pages, and media gallery. With glFusion v1.1.9 (and the next Tag release which will be at the same time), you can now put tags in any plugin. This means you can have tags in your DokuWiki pages, calendar events, etc.  As new plugins are developed, as long as they take advantage of the standard glFusion plugin interfaces, they will be able to interact with the Tag plugin (or any other plugin that supports interaction) without any modifications.

 

Summary

This is just a quick overview of some of the new or enhanced features coming in glFusion v1.1.9. There are several other small tweaks and enhancements scattered throughout the system as well. Much of this work is a direct result of your feedback. We appreciate your continued support!


by Mark

Mark is the main developer on glFusion. When not doing his real job and playing with his family, he really enjoys working on glFusion and the collaboration with the glFusion community.

Share It

Thanks for your consistant great work, Mark and the GLFusion team!

 

Sam

Really looking forward to the upgrade I'll give it 10/10 even before I see it. Great work on the wiki tags Mark.

Tita

Yeaaa thanks guys for your hard work! I am really thankful, looking forward to this next release and I hope to see GLF grow more the coming years. Keep it up!

Looks like a lot of work has gone into this update. I'm especially looking forward to see the administrative improvements, but the other features also look good.

I was thinking of posting some more feedback (in the form of things I'd like to see), and this post gave me a bit of prompting to do that. Not now, though, as it's after 2am. I also want to ask some questions about development.

You guys Rock!!!

I am very happy to see consistent logins getting some attention. I receive common complaints about the registration process being difficult. Is glFusion looking in to token link activation? Basically in the email which emails a temporary password, instead an easy link which could be clicked on to activate the account.

This request is a fairly standard one. A vast majority of websites are employing it and users have learned this approach so it is comfortable and familiar. Here are a few links detailing the feature request:

Such a feature would greatly ease the human/admin help needed towards users who are registering a new account. Great job on all the new features. I have been following along and I am extremely pleased with the work that has been put in to the upcoming release.

 We decided this was such a good idea that we have implemented a new feature for v1.1.9 that allows the user to enter their own password and then receive a verification email, where they must select the validation link to activate the account.  Thanks for the feedback!

 

Ohh. These are some fantastic updates glFusion Coders - awesome to see.

Very cool!  Can't wait.  Thanks for keeping active with this project.  I am consistently impressed.

Hi,

I would like to say how impressed I am with glFusion and the excellent customer service received.

The updates look very good and I am really looking forward to seeing the next version.

Keep up the good work.

Lizard.

All these improvements and you are only calling it 1.1.9?   How humble... seems like 1.2 material (of course if you were a large company it would be 2.0 material

 Thanks for the kind words everyone! We're pretty excited as well! We appreciate the support and excitement!