Help & Support

Your Cbox embed code is available at your control panel. You need this code to install your Cbox on your website.

Also on that page is your Quick Link — a URL which you can use to access your Cbox directly in your browser or on your mobile device.

Once you have created your Cbox account, go to the Publish page of your control panel. The code and steps for embedding your Cbox are provided there for a number of common platforms.

If you install your Cbox and all you see is code, or nothing at all, your web host may be removing or otherwise interfering with the HTML iframe tags that Cbox uses. Your Cbox code needs to be pasted into an area of your site that accepts HTML without modification. This may mean switching your editor from "rich text" or "WYSIWYG" mode into HTML-editing or "raw" mode, or you may need to open your template files in a plain-text editor like Notepad.

Remember that you always have the option of posting or sharing your Cbox Quick Link — this gives visitors direct access to your Cbox in a full-screen layout, so it's perfect as a mobile option or for stand-alone use.

Go to the Theme editor in your control panel. There you can specify the fonts and colours of your Cbox, using a point-and-click editor. You can always reset your theme to one of the preset defaults there, if you would like to start again.

If you have a Premium or Pro Cbox you can edit CSS, which gives you complete control over presentation.

If you have a Premium or Pro Cbox, you can create a moderator name for yourself at your Users page, and then log in on your Cbox using the "profile" link. You will see a delete icon [x] next to each message in your Cbox, and you will not have to log in at your control panel at all to delete messages.

Alternatively, visit your Messages page to delete messages individually or in bulk. Deleted messages are removed from your public Cbox history, but are preserved in your Archives.

Yes. In the Theme editor, simply delete the colour codes for the main and form background ("BG") elements. This will make the Cbox transparent, allowing whatever is behind the Cbox to show through.

Note that any pop-ups generated by a transparent Cbox will have the default background colour — usually white. If your font colour is light, it may be invisible in popups. You can fix this by editing the CSS to introduce a background-color rule for popups.

If you have installed the Cbox HTML embed code on your site, delete the code there. Then, you can close your Cbox account in your control panel at this page. Note that your account name will remain reserved on our system. If you want to create a new account with the same name, change the name on the old one before deleting it.

You can enable avatars for your Cbox at your Posting options page (under "Message options").

Once enabled, your users can upload their chosen images to any image hosting provider, and then enter the link to them in the email / url input box of your Cbox. Any URL ending .gif, .jpg or .png will be accepted.

Note that if you are accessing your Cbox over HTTPS, then your users' avatars will need to be hosted at a provider that supports HTTPS; otherwise, the browser will not show them.

Avatars will be resized by the browser. You can change the size of avatars with Premium Cbox by editing the CSS. The class that controls avatars is called .pic. Edit the width and height properties to change the dimensions.

To integrate avatars with your user system, see Extended Integration at your User Integration page.

First decide whether the messages appear to be automated, or coming from an individual user.

Cbox works hard to prevent automated spam from reaching your Cbox. However if you are having trouble with such spam, you can require all users to solve a CAPTCHA before posting, by changing your CAPTCHA setting to "Strict" at your Settings page.

For spam from an individual user, first try banning the user. At your Messages page, select the unwanted messages and click "Ban". With a paid Cbox, you can ban the user from within your Cbox by logging in as a mod user.

Abusive users may attempt to evade bans by accessing your Cbox from behind an anonymizing proxy, via a VPN, Tor, or similar service. With a Pro Cbox, you can enable "Auto-ban proxies" at your Settings. You can also enable "Strong bans" there, which makes bans more resilient against changing IP addresses. However, it also increases the risk of bans affecting other users.

You can also strengthen individual bans by selecting them in your Blocked users list and clicking "Strengthen". This "widens the net" on an IP ban. Note that this can prevent other users of the same ISP from accessing your Cbox, so you should ensure the duration is short on such bans.

If you have a Premium or Pro Cbox, you have more access control options. It's recommended to always enable the option "Users must be registered to post". Normally, you would also enable "Users can password-protect their names" so that they can register themselves; for more control, you can disable this option and register users manually.

You can also choose to disable new registrations temporarily to "lock down" your Cbox. Existing users will still be able to log in and post.

Finally, if you disable the option "Users can password-protect their names" you can still enable "Users can authenticate via Facebook" — now new users can join your Cbox via Facebook, but if they are banned then their Facebook identity is also blocked.

Some other things you can do if you experience recurring abuse of your Cbox:

• Delegate moderator authority (Premium and Pro) to trusted users who are able to monitor your Cbox during times you are not.
• Use Moderated Chat mode (Pro) to prevent users posting directly to public chat. Their messages will need to be approved by a mod.
• Place your Cbox in a members-only or private area of your site, such that users must log in to your site before they can see your Cbox.
• Implement User Integration (Cbox Pro), which ensures that only users who are registered on your own site can post.
• Configure and enable the Site whitelist (Premium and Pro). This prevents your Cbox embed code from being displayed on any other site.
• Generate a new Security tag and republish your Cbox embed code. This revokes access for any user who may have a link to your Cbox but no longer has access to the page it is embedded on.
• Disable the Quick link. This will prevent users from being able to access your Cbox except via the page you have embedded it on.

Finally, if abuse continues, you should contact us. We want to keep all Cboxes free from spam and abuse, and will do what we can to assist.

When boxcode is disabled in Posting options, it is only disabled for user messages. You will still be able to use it for your Sticky message and Custom filtering rules.

Cbox supports boxcode, which is a way to add markup to messages. You can also use it to style your Sticky message and Custom filtering replacement text.

The boxcodes supported by Cbox are:

• [color=#ff0000]hex colour[/color] or [color=forestgreen]named colour[/color]
• [color=#f00,#ff0]foreground and background[/color]
• [b]bold text[/b]
• [u]underlined text[/u]
• [i]italicized text[/i]
• [s]struck-out text[/s]
• [q]quoted text[/q]
• [sub]_subscript[/sub]
• [sup]^superscript[/sup]
• [center]centered text[/center]
• [br]
  (line break)
• [big]larger font[/big]
• [small]smaller font[/small]
• [class=custom]custom-styled text[/custom]
• [code]fixed-width text[/code]
• [url=https://address.com/hyperlink]link text[/url] or [url]https://address.com/hyperlink[/url]
• [img=https://address.com/image.jpg]image title[/img] or [img]https://address.com/image.jpg[/img]

Combining boxcode

Besides using boxcode in Custom filtering replacement text, you can also match boxcodes in filter rules. See more.

It's possible to combine boxcode by nesting it, with some caveats:

1. Tags must be nested in the correct order: [b][u]bold underline[/u][/b] is valid but [b][u]broken[/b][/u] is not.
2. The same tag cannot be nested. For example, [class=one][class=two]some text[/class][/class] will not work. To get the intended behaviour in this case, you could have a combined class instead: [class=onetwo]some text[/class].
3. The no-attribute form of [url] (e.g. without link text), and both forms of the [img] tag, must be the innermost element in any nested sequence.

Styling boxcode

Boxcode is translated internally to HTML. You can thus affect the presentation of boxcode by editing your CSS. For example, to change the presentation of the [s] tag:

s {
	text-decoration: none; /* reset default */
	opacity: 0.2;
}

[class] parameters must start with a letter, and are limited to 20 alphanumeric characters. [class=blink] is valid but [class=2] is not.

The [class] boxcode is intended for open-ended styling. It produces a span with no default CSS. You can create a corresponding class using a cc_ prefix. For example, for blurred text, copy this to your CSS:

.cc_blur {
	text-shadow: #000 0 0 0.5em;
	color: transparent;
}

Now users can blur the text in their messages: [class=blur]this will be blurred![/class].

Find out more about custom CSS.

You can register a bot user at your Users page. Bot users are like ordinary registered users, except that instead of a password they are issued an access token. You cannot log in via the normal profile dialog. Instead, you can use the token directly in HTTP requests to Cbox.

We do not currently support an official API, but to demonstrate how you might read and post to your Cbox using a bot, the proof-of-concept PHP script below takes a simple HTTP-based approach. Run this script on your own server, and your bot will post to your Cbox. After its initial message, it will poll for messages containing trigger words, to which it will respond.

You can run the script from a shell, or have it run automatically with a crontab entry. When it's running, test it by entering a message in your Cbox such as "hello bot", "time?", or "what is the weather in new york?"

#!/usr/bin/php
<?php
define('LISTEN', true);
define('PID_FILE', './cboxbot.pid');

// Edit these lines for your Cbox and bot user. 
$box = array('srv' => 7, 'id' => 1, 'tag' => 'bOxTag');
$bot = array('name' => 'mybot', 'token' => 'XJC-bottoken-asKC', 'url' => '');
$msg = 'Hello world!';


$callmap = array(
	'/\bhello bot\b/iu' => 'bot_greet',
	'/\btime\?/iu' => 'bot_time',
	'/\bweather in ([a-zA-Z-0-9 ,]+)/iu' => 'bot_weather',
);

// Basic reply
function bot_time ($msg) {
	return date("M d Y H:i:s");
}

// An example incorporating message data. 
function bot_greet ($msg) {
	return "Hello ".$msg['name'];
}

// An example calling an external API
function bot_weather ($msg, $matches) {
	$place = $matches[1];

	if (!$place) {
		return;
	}

	$query = 'select * from weather.forecast where woeid in (select woeid from geo.places(1) where text="'.addslashes($place).'")';

	$url = 'https://query.yahooapis.com/v1/public/yql?q='.urlencode($query).'&format=json&u=c&env=store%3A%2F%2Fdatatables.org%2Falltableswithkeys';

	$out = file_get_contents($url);

	if (!$out) {
		return;
	}

	$wobj = json_decode($out);

	if (!$wobj->query->results) {
		return;
	}

	$cond = $wobj->query->results->channel->item->condition;
	$desc = $wobj->query->results->channel->description;

	return "[b]".$cond->text." ".$cond->temp."F [/b] (".$desc." at ".$cond->date.")";
}


// Do not edit past this point. 

set_time_limit(0);


$id = cbox_post($msg, $bot, $box, $error);

if (!$id) {
	echo $error;
}
else {
	echo "Posted ID $id\n";
}

if (!LISTEN) {
	exit;
}

// Synchronization.
// PID file is not removed on exit, but it is unlocked. A locked file indicates a running process.
$fp = fopen(PID_FILE, 'a+');

if (!flock($fp, LOCK_EX | LOCK_NB)) {
	echo "Could not lock PID file. Process already running?\n"; 
	exit;
}

ftruncate($fp, 0);
fwrite($fp, posix_getpid()."\n");
fflush($fp);

do {

	$msgs = cbox_get_msgs($id, $bot, $box);

	if (!$msgs || !is_array($msgs)) {
		sleep(5);
		continue;
	}

	$id = (int)$msgs[0]['id'];

	for ($i = 0; $i < count($msgs); $i++) {
	
		if ($msgs[0]['name'] == $bot['name']) {
			continue;	// Ignore bot's own messages.
		}
	
		$msgtext = $msgs[$i]['message'];
		
		foreach ($callmap as $expr => $func) {
			$matches = array();
			
			if (preg_match($expr, $msgtext, $matches)) {
			
				$reply = call_user_func($func, $msgs[$i], $matches);
				
				if ($reply) {
					cbox_post($reply, $bot, $box, $error);
				}
			}
		}
	}
	
	sleep(2);
} while (true);


function cbox_get_msgs ($id, $user, $box, &$error = '') {
	$srv = $box['srv'];
	$boxid = $box['id'];
	$boxtag = $box['tag'];
	
	$host = "www$srv.cbox.ws";
	$path = "/box/?boxid=$boxid&boxtag=$boxtag&sec=archive";
	$port = 80;
	$timeout = 30;

	$get = array(
		'i' => (int)$id,
		'k' => $user['token'],
		'fwd' => 1,
		'aj' => 1
	);	

	$req = '';
	$res = '';
	
	foreach ($get as $k => $v) {
		$path .= "&$k=".urlencode($v);
	}
	
	$hdr  = "GET $path HTTP/1.1\r\n";
	$hdr .= "Host: $host\r\n\r\n";
	
	$fp = fsockopen ($host, $port, $errno, $errstr, $timeout);

	if (!$fp) {
		$error = "Could not open socket: $errno - $errstr\n";
		return;
	}

	fputs ($fp, $hdr);
	
	while (!feof($fp)) {
		$res .= fgets ($fp, 1024);
	}
	
	fclose ($fp);

	if (!$res || !strpos($res, "200 OK")) {
		$error = "Bad response:\r\n $res";
		return;
	}

	$matches = array();

	preg_match_all('/\n([^\t\n]*)\t([^\t]*)\t([^\t]*)\t([^\t]*)\t'
.'([^\t]*)\t([^\t]*)\t([^\t]*)\t([^\t]*)\t/', $res, $matches);

	$msgs = array();

	$map = array('id', 'time', 'date', 'name', 'group', 'url', 'message');

	for ($m = 0; $m < count($map); $m++) {
		for ($i = 0; $i < count($matches[$m+1]); $i++) {
			$msgs[$i][$map[$m]] = $matches[$m+1][$i];
		}
	}

	return $msgs;
}


function cbox_post ($msg, $user, $box, &$error = '') {
	$srv = $box['srv'];
	$boxid = $box['id'];
	$boxtag = $box['tag'];
	
	$host = "www$srv.cbox.ws";
	$path = "/box/?boxid=$boxid&boxtag=$boxtag&sec=submit";
	$port = 80;
	$timeout = 30;

	$post = array(
		'nme' => $user['name'],
		'key' => $user['token'],
		'eml' => $user['url'],
		'pst' => $msg,
		'aj' => '1'
	);	

	$req = '';
	$res = '';
	
	foreach ($post as $k => $v) {
		$req .= "$k=".urlencode($v)."&";
	}
	$req = substr($req, 0, -1);
	
	$hdr  = "POST $path HTTP/1.1\r\n";
	$hdr .= "Host: $host\r\n";
	$hdr .= "Content-Type: application/x-www-form-urlencoded\r\n";
	$hdr .= "Content-Length: ".strlen($req)."\r\n\r\n";
	
	$fp = fsockopen ($host, $port, $errno, $errstr, $timeout);

	if (!$fp) {
		$error = "Could not open socket: $errno - $errstr\n";
		return;
	}

	fputs ($fp, $hdr.$req);
	
	while (!feof($fp)) {
		$res .= fgets ($fp, 1024);
	}
	
	fclose ($fp);

	if (!$res || !strpos($res, "200 OK")) {
		$error = "Bad response:\r\n $res";
		return;
	}

	$matches = array();

	preg_match('/1(.*)\t(.*)\t(.*)\t(.*)\t(.*)\t(.*)/', $res, $matches);

	$err = $matches[1];
	$id = $matches[6];

	if ($err) {
		$error = "Got error from Cbox: $err";
		return;
	}

	return $id;
}
?>