Blog Documentation Book a Demo
Vanilla 1 is no longer supported or maintained. If you need a copy, you can get it here.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

GuestPost v1.3

1235

Comments

  • DinoboffDinoboff
    You should tried to add a key to the form that is different for each user and hard to guess and that you save in the user session. To validate the post, compare the key that you received in the form with the one in the session. if it fail, the user didn't user the form. it is a bot. The now need to visit your pages. The one that visit your page and fill the form, can be cough with a honey-pot. You add field that you hide with css. The bot try to fill everything, if he fill the honey pot you know it is a bot.
  • WandererWanderer
    Dinoboff, the script I just sent Minisweeper does just that! (Apart from the CSS stuff)

    Posted: Thursday, 8 March 2007 at 8:52AM (AEDT)

  • MinisweeperMinisweeper New
    Errr, sorry Wanderer that email address i put in doesnt actually exist. Can you forward it to the one in my profile?
  • WandererWanderer
    image
    Doh, I knew that!
  • MinisweeperMinisweeper New
    Got it. I dont want to launch into this now cause i should be heading to bed soon but keep on my back about it...
  • WandererWanderer
    Quote: Myself
    This extension works well if the username and password boxes are left empty, or a valid combination is entered.
    However, an invalid username or password results in this error written to the top of the page...
    Warning: Missing argument 2 for forceincomingstring() in /forum/library/Framework/Framework.Functions.php on line 340
    I fixed, or rather avoided this problem by hiding the username and password fields, (using input type="hidden") this ensures nothing gets typed in them. Members know to sign in before they post.

    Posted: Thursday, 8 March 2007 at 12:26PM (AEDT)

  • jpsloshuajpsloshua
    Ok hope you got something to show soon because the spammers are back with a vengance. I have just closed my forum after deleting over 200 comments.
  • WandererWanderer
    Yes me too mate, SPAMmers are a scourge, banning their IP address using .htaccess does not work either.

    Posted: Wednesday, 14 March 2007 at 7:57PM (AEDT)

  • MinisweeperMinisweeper New
    So Wanderer out of the stuff you sent me which bits do i actually need and how do i validate that the input was correct?
  • WandererWanderer
    You really only need the js and the codes (gifs)

    How it works...
    The JavaScript (placed inside the form) displays a random code image and creates a hidden field (called "very" short for verify) containing the corresponding code.

    The validation compares the contents of the hidden field "very" with the input by the user.

    If they match, the form is submitted, if not... a polite "get stuffed" message is displayed.

    There's currently only 10 different code gifs to keep things simple but these could easily be increased.

    Posted: Thursday, 15 March 2007 at 12:32PM (AEDT)

  • MinisweeperMinisweeper New
    So i have to do the validation on the back end?
  • WandererWanderer
    Yes, wherever Vanilla does its stuff, that's where I fall down flat on my face.
    I'm able to create PHP code to validate but not integrate it with the Vanilla code. pic

    Posted: Thursday, 15 March 2007 at 12:46PM (AEDT)

  • MinisweeperMinisweeper New
    Lets take this official!
  • jpsloshuajpsloshua
    Love it. Thanks a million. One problem though. There seems to be some collision with the Notify 0.2 Extension. I could really care less though as i would rather have yours any day. Have a good rest.
  • sstawarzsstawarz
    Anyone still using this? When I try to hit a discussion that is marked for members only, and I'm not logged in: I get the following error: Notice: Trying to get property of non-object in /forum/extensions/GuestPost/default.php on line 32 Anyone have a suggestion?
  • MinisweeperMinisweeper New
    What do you mean marked for members only?
  • sstawarzsstawarz
    Certain discussion categories can be given access to various roles. so, I have a few discussion categories that are only available to members and not to the general public. So, when I am a guest in the guest role, I try to hit a post that is not available to the general, public I get that error.
  • MinisweeperMinisweeper New
    But surely if you're a guest you cant view the stuff which isnt available to the public anyway so you cant post in it?
  • HamedHamed
    yeah but i think he does not want to get the error he probably just wants a simple notice bar popping up ======================= anyway i can take off 'type in the following code? part of this extension?"
  • MinisweeperMinisweeper New
    I'm pretty sure I made that an optional thing didnt i? It's called a captcha.
This discussion has been closed.