Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

Blog Module /

Discuss the Blog Module.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Turn off spam protection ONLY when logged in, or after reaching a trusted member status


Go to End
Reply


12 Posts   1430 Views

Avatar
johnmblack

Community Member, 61 Posts

26 October 2011 at 6:56am

I cannot figure out how turn off spam protection for comments only when the user is logged in. We don't need spam protection for blog comments at this time, because the user will be logged in and we are moderating new user registrations.

I don't want to turn off spam protection completely across the whole system, because there are other things I need it for. I would have thought the page comment interface would have checked for valid user before running the spam protection, but that does not seem to be the case.

Avatar
JonoM

Community Member, 103 Posts

26 October 2011 at 9:26am

Something like this in your _config.php might work:

if (!Member::currentUserID()) {
   //Code to enable spam protection
}

Avatar
johnmblack

Community Member, 61 Posts

26 October 2011 at 10:22am

Hi JonoM,

This throws errors in Convert::raw2sql() --
Fatal error: Call to a member function addslashes() on a non-object in ..../sapphire/core/Convert.php on line 122

DB::getConn() is returning a NULL value here. I think this means that the DB doesn't exist yet, as if doing such a thing in _config.php is too early.

Avatar
JonoM

Community Member, 103 Posts

26 October 2011 at 10:32am

Oh okay. I wonder if you could try putting that code in your page.php's init function instead of _config.php? Then it might be too late in the pipeline but worth a shot I suppose.

Avatar
johnmblack

Community Member, 61 Posts

26 October 2011 at 11:12am

I think I solved this with a few changes to the spamprotector module. Hint hint, I think this could be a useful change for others. :-)

SpamProtectorManager.php

class SpamProtectorManager {
   ...
   private static $protect_when_logged_in = true;
   ...
   /**
    * Tell the spam protector manager whether it should enforce protection even when there is a known user
    */
   public static function set_protect_when_logged_in($b=true) {
      self::$protect_when_logged_in = $b;
   }
   /**
    * Returns current setting for whether it should enforce protection even when there is a known user
    */
   public static function get_protect_when_logged_in() {
      return self::$protect_when_logged_in;
   }
   ...
}

inside method SpamProtectorManager::update_form() (at the very top of the method)
      // Don't do anything if we're not supposed to protect when a user is logged in, and there is a valid user
      if (!self::get_protect_when_logged_in() && Member::currentUserID()) return false;

so now my _config.php looks like:

SpamProtectorManager::set_spam_protector('RecaptchaProtector');
SpamProtectorManager::set_protect_when_logged_in(false);

Avatar
johnmblack

Community Member, 61 Posts

26 October 2011 at 11:35am

hmmm... Now I'm thinking I should copy some of the logic from PageCommentInterface::set_comments_require_permission() to here. I'd love to say "after a user gets to a certain trusted level, then bypass spam protection."

Avatar
JonoM

Community Member, 103 Posts

26 October 2011 at 11:35am

That does look useful! As far as I know the best way to get your changes seen/included is to fork the project at github and submit a pull request to include your alts. https://github.com/silverstripe/silverstripe-spamprotection

Avatar
Willr

Forum Moderator, 5513 Posts

31 October 2011 at 8:34pm

@johnmblack, JonoM - rather than the solution provided, would it make more sense to put this on the new commenting api configuration as an option? (https://github.com/silverstripe/silverstripe-comments/blob/master/code/Commenting.php#L25)

I can think from my experience a couple cases where you still want members to be given recaptchas, one being this forum. We get a large amount of spam getting through the signup that is manual (we've tried all sorts of honey pots!) so then we still would like people to fill out recaptchas.

Actually reading your last post, I like the idea of some sort of trusted level that disables spam protection. That would be suitable for the spam protection module. The challenge would be to design a 'nice' API for people to configure the levels, perhaps a permission code which then people could assign to groups or members?

Pull requests welcome!

Go to Top