Blog Documentation Try Vanilla Cloud
Vanilla 1 is no longer supported or maintained. If you need a copy, you can get it here.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Options

GuestPost v1.3

1356

Comments

  • Options
    jpsloshuajpsloshua
    yeah for me too, a captcha is absolutly neccessary as i always have spam bots attempting to get through. I also dont think my users would just write their name in unless they were required.
  • Options
    mis-onemis-one
    Could this be made without Captcha to begin with, for those of us with smaller sites that are easy to moderate?
  • Options
    MinisweeperMinisweeper New
    I'd probably make captcha optional. If i could work out how.
  • Options
    Rasqual TwilightRasqual Twilight
    edited January 2007
    Installed a few days ago.
    1) Wonder why the DiscussionForm_SignOutGuest delegate tests for whether the user is logged in as Guest. The delegate is registered only if ($Context->Session->UserID <= 0).
    Edit: I see, it also logs users out if the test is left in. However, even if I set $GU with the constant value, the test always fails?

    Proposed fix:
    $Username = ForceIncomingString('Username', ''); $Password = ForceIncomingString('Password', ''); if ( $Username == '' ) { $Username = GuestUsername; $Password = GuestPassword; define('IS_GUEST', 1); }
    and
    if (defined('IS_GUEST')) { $DiscussionForm->Context->Session->End($DiscussionForm->Context->Authenticator); }

    2) At the time the comment is posted, the poster is auth'ed as Guest and if an error occurs, the top-right area shows Signed in as Guest. If DiscussionForm_SignOutGuest does not log the user out as pointed out in 1), the user is still logged in!
    3) Aside from issues raised by others above, what about spam protection as set in Application Settings (Members cannot post more than comments within x seconds)? Does it mean if two or more users post independently, they may see the blocking message?
  • Options
    antonio23antonio23
    no updates on this yet?
  • Options
    MinisweeperMinisweeper New
    Fraid not it keeps slipping my mind. Maybe I'll have a bash at it at work tonight if someone reminds me in about 18 hours...
  • Options
    mis-onemis-one
    Here is your reminder :)
  • Options
    MinisweeperMinisweeper New
    Hah cheers. Unfortunately (or not) work decided to give up being quiet at about midnight and a load of shit kicked off... I'll work on it.
  • Options
    jpsloshuajpsloshua
    Hi Minisweeper. Is there any time schedule when you could have the name field extension completed as my forum is now completely dead. I have more comments on my content items and am getting really desperate. I would even implement it without captcha at this point, anything to save my forum. It used to be so active but now people are always asking me what happened to my website?
  • Options
    MinisweeperMinisweeper New
    I just wrote the extra bit so it adds the name to the front of the comment, then I realised it'd only work if the comment was HTML formatted. Is that gonna be a problem?
  • Options
    MinisweeperMinisweeper New
    For those of who the above doesnt pose a problem, download the new source file and see how it goes. I still havent set up Captcha unfortunately.
  • Options
    jpsloshuajpsloshua
    edited January 2007
    Ok I installed it already and love it. Lets see if the spam bots pick up on it or not. Also, is there anyways to make it mandatory to fill in the username?
  • Options
    MinisweeperMinisweeper New
    Errr...well it will force the post to HTML formatting so whatever the guest chooses doesnt matter if that's what you mean?
  • Options
    MinisweeperMinisweeper New
    Further to Rasqual Twilight's comments (sorry it took a while),
    1) I'm not really sure what you mean...? It tests to see if the user is logged in as a guest so that if a user uses the forum to login to their account it doesnt log them out once the post is completed. Were you aware of that functionality? What did you mean by the test failing? At the point the delegate is called the user is 'registered' because they havent been logged out yet. I hope that covers your question cause otherwise i'm confused.
    2) Can't really think of a work-around for that yet but it is a bit of an issue...ideas anyone?
  • Options
    STE7130STE7130
    can you add a checkbox for human peoples? (The best spam filter i know) Because bots can´t klick checkboxes ;)
  • Options
    MinisweeperMinisweeper New
    Bots cant click checkboxes..?! Dont they just have to post the element with the form?
  • Options
    STE7130STE7130
    try it ... i know this trick from wordpress http://bueltge.de/wp-simpler-spamschutz-bei-kommentaren/169 (its german, but i think you can read the code)
  • Options
    bjrnbjrn
    I guess most bots don't send form data for elements they don't understand, so it relies on the writer of the bot not having made something to handle unforseen checkboxes like that.
  • Options
    antonio23antonio23
    hmm. with that checkbox would be interesting to know but it sounds a bit too easy for me. I mean, come on, the spambots are so sophisticated by now and change everyday that im sure they will be able to tick a checkbox. Also, if that would work i dont think everybody would be using a captcha system which is much more a hassle to use for users.
  • Options
    pircopirco
    i agree that spam is always an issue but wanted to just let you know there are situations where this is NOT an issue. our Vanilla forum is behind a firewall and part of an intranet. so we have total control over the system and don't want people to have to register. so, minisweeper's solution was the easiest and quickest outside of doing database/application logic surgery.
This discussion has been closed.