Jump to:

1835 Posts in 1139 Topics by 554 members

Blog Module

SilverStripe Forums » Blog Module » Turn off spam protection ONLY when logged in, or after reaching a trusted member status

Discuss the Blog Module.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Page: 1 2
Go to End
Author Topic: 1127 Views
  • johnmblack
    Avatar
    Community Member
    61 Posts

    Turn off spam protection ONLY when logged in, or after reaching a trusted member status Link to this post

    I cannot figure out how turn off spam protection for comments only when the user is logged in. We don't need spam protection for blog comments at this time, because the user will be logged in and we are moderating new user registrations.

    I don't want to turn off spam protection completely across the whole system, because there are other things I need it for. I would have thought the page comment interface would have checked for valid user before running the spam protection, but that does not seem to be the case.

  • JonoM
    Avatar
    Community Member
    103 Posts

    Re: Turn off spam protection ONLY when logged in, or after reaching a trusted member status Link to this post

    Something like this in your _config.php might work:

    if (!Member::currentUserID()) {
       //Code to enable spam protection
    }

  • johnmblack
    Avatar
    Community Member
    61 Posts

    Re: Turn off spam protection ONLY when logged in, or after reaching a trusted member status Link to this post

    Hi JonoM,

    This throws errors in Convert::raw2sql() --
    Fatal error: Call to a member function addslashes() on a non-object in ..../sapphire/core/Convert.php on line 122

    DB::getConn() is returning a NULL value here. I think this means that the DB doesn't exist yet, as if doing such a thing in _config.php is too early.

  • JonoM
    Avatar
    Community Member
    103 Posts

    Re: Turn off spam protection ONLY when logged in, or after reaching a trusted member status Link to this post

    Oh okay. I wonder if you could try putting that code in your page.php's init function instead of _config.php? Then it might be too late in the pipeline but worth a shot I suppose.

  • johnmblack
    Avatar
    Community Member
    61 Posts

    Re: Turn off spam protection ONLY when logged in, or after reaching a trusted member status Link to this post

    I think I solved this with a few changes to the spamprotector module. Hint hint, I think this could be a useful change for others.

    SpamProtectorManager.php

    class SpamProtectorManager {
       ...
       private static $protect_when_logged_in = true;
       ...
       /**
        * Tell the spam protector manager whether it should enforce protection even when there is a known user
        */
       public static function set_protect_when_logged_in($b=true) {
          self::$protect_when_logged_in = $b;
       }
       /**
        * Returns current setting for whether it should enforce protection even when there is a known user
        */
       public static function get_protect_when_logged_in() {
          return self::$protect_when_logged_in;
       }
       ...
    }

    inside method SpamProtectorManager::update_form() (at the very top of the method)
          // Don't do anything if we're not supposed to protect when a user is logged in, and there is a valid user
          if (!self::get_protect_when_logged_in() && Member::currentUserID()) return false;

    so now my _config.php looks like:

    SpamProtectorManager::set_spam_protector('RecaptchaProtector');
    SpamProtectorManager::set_protect_when_logged_in(false);

  • johnmblack
    Avatar
    Community Member
    61 Posts

    Re: Turn off spam protection ONLY when logged in, or after reaching a trusted member status Link to this post

    hmmm... Now I'm thinking I should copy some of the logic from PageCommentInterface::set_comments_require_permission() to here. I'd love to say "after a user gets to a certain trusted level, then bypass spam protection."

  • JonoM
    Avatar
    Community Member
    103 Posts

    Re: Turn off spam protection ONLY when logged in, or after reaching a trusted member status Link to this post

    That does look useful! As far as I know the best way to get your changes seen/included is to fork the project at github and submit a pull request to include your alts. https://github.com/silverstripe/silverstripe-spamprotection

  • Willr
    Avatar
    Forum Moderator
    5462 Posts

    Re: Turn off spam protection ONLY when logged in, or after reaching a trusted member status Link to this post

    @johnmblack, JonoM - rather than the solution provided, would it make more sense to put this on the new commenting api configuration as an option? (https://github.com/silverstripe/silverstripe-comments/blob/master/code/Commenting.php#L25)

    I can think from my experience a couple cases where you still want members to be given recaptchas, one being this forum. We get a large amount of spam getting through the signup that is manual (we've tried all sorts of honey pots!) so then we still would like people to fill out recaptchas.

    Actually reading your last post, I like the idea of some sort of trusted level that disables spam protection. That would be suitable for the spam protection module. The challenge would be to design a 'nice' API for people to configure the levels, perhaps a permission code which then people could assign to groups or members?

    Pull requests welcome!

    1127 Views
Page: 1 2
Go to Top

Want to know more about the company that brought you SilverStripe? Then check out SilverStripe.com

Comments on this website? Please give feedback.