Please login or register.

Login with username, password and session length
Advanced search  

News:

Latest sNews - sNews 1.7 - with its own forums - for discussion and user mods.

Author Topic: Comment posting issues  (Read 8498 times)

philmoz

  • High flyer
  • ULTIMATE member
  • ******
  • Karma: 161
  • Posts: 1988
    • fiddle 'n fly
Comment posting issues
« on: April 05, 2008, 07:14:51 AM »

topic split from
http://snewscms.com/forum/index.php?topic=7186.0


And a big error: I used a copied phrase for speeding up posting many comments. If I have a second comment with diferent author but THE SAME CONTENT (long phrase, anyway), comment not validate!!!
Content is being compared to what has already been posted in an attempt to reduce mass repetitive flooding. Change one character and comment will post. Granted, that will make it difficult for visitors to echo kudos and the like (I know what I mean)..
**thinking out loud** will need to compare content and author to ensure, plus maybe set session key on post to prevent something like this.

Will try out on 1.6 as well -- just in case it resides there as well.
« Last Edit: April 11, 2008, 03:30:13 PM by philmoz »
Logged
Of all the things I have lost, it is my mind that I miss the most.

philmoz

  • High flyer
  • ULTIMATE member
  • ******
  • Karma: 161
  • Posts: 1988
    • fiddle 'n fly
Coment posting issues
« Reply #1 on: April 10, 2008, 08:12:15 AM »


And a big error: I used a copied phrase for speeding up posting many comments. If I have a second

comment with diferent author but THE SAME CONTENT (long phrase, anyway), comment not validate!!!
Content is being compared to what has already been posted in an attempt to reduce mass repetitive
flooding. Change one character and comment will post. Granted, that will make it difficult for
visitors to echo kudos and the like (I know what I mean)..
**thinking out loud** will need to compare content and author to ensure, plus maybe set session
key on post to prevent something like this.
I have a time delay alteration to aid in preventing accidental double postings, as opposed to the
current comparison of post content via
    $doublecheck = retrieve('id', 'comments', 'comment', $comment);
Why I think it should be changed...

Scenario: a personal site, author writes of the birth of first child.
Visitors all wish to offer congratulations.
Once one person makes a post containing only the word 'Congratulations', no-one else may do the
same. They would need to find an alternative. (Also the notification doesn't explian the issue,
but that's another fix ;) )

Would like to know if this is more appropriate, although it potentially allows multiple posting if
poster changes the name. (previously, poster only needed to alter content by one
character in message to do the same.)

function comment($freeze_status) locate $doublecheck and replace with
Code: [Select]
$doublecheck = $_SESSION['poster']==="$name:|:$comment:|:$post_article_id"&&(time()-$_SESSION['time'])<45?0:1;//requires 45 seconds before accepting exact post a second time.alter the next line to
Code: [Select]
if ($ip == $_SERVER['REMOTE_ADDR'] && $comment && $name && $post_article_id && is_numeric($_POST['calc']) && mathCaptcha($_POST['calc'], $_POST['sum']) && $doublecheck==1) {
finally, after mysql_query($query); place this line.
Code: [Select]
$_SESSION['poster']="$name:|:$comment:|:$post_article_id";$_SESSION['time']= time();####this is to set session for checking multiple postings.

Of course you can raise or lower the time between repost. Generally no-one should require repetitive posting, so you could make it a very large number indeed ;)

Thoughts?

« Last Edit: April 10, 2008, 08:14:40 AM by philmoz »
Logged
Of all the things I have lost, it is my mind that I miss the most.

funlw65

  • Hero Member
  • *****
  • Karma: 96
  • Posts: 771
    • Country Lab
Coment posting issues
« Reply #2 on: April 10, 2008, 08:46:11 AM »

Excellent! It was a must! Now, sNews is smart  ;D. I can talk with him  ;D
I will test it...

And, according with my obsession, I will put that value in admin panel :) (in my 1.6....)
« Last Edit: April 10, 2008, 08:51:56 AM by funlw65 »
Logged

funlw65

  • Hero Member
  • *****
  • Karma: 96
  • Posts: 771
    • Country Lab
Coment posting issues
« Reply #3 on: April 10, 2008, 09:25:49 AM »

After testings....

1.I can post the same comment as visitor if I change the name....not good, I had in past same spam comments with different names....and they can make changes if they(programmers) read this forum ...
We need that message, telling us is possible to post same comment after 45 seconds in order to prevent spam...maybe in comment form.... to prevent loosing entire message and annoying commenter.

2.I have same restrictions as admin... I don`t want restrictions... I am the boss  ;D and if I decide to `spam` my own site....maybe some visitors don`t get the point and you must repeat that message :D

2.I have same restrictions as admin... I don`t want restrictions... I am the boss  ;D and if I decide to `spam` my own site....maybe some visitors don`t get the point and you must repeat that message :D

 :P
« Last Edit: April 10, 2008, 09:30:24 AM by funlw65 »
Logged

philmoz

  • High flyer
  • ULTIMATE member
  • ******
  • Karma: 161
  • Posts: 1988
    • fiddle 'n fly
Coment posting issues
« Reply #4 on: April 10, 2008, 09:39:57 AM »

the problem is,
on an article:
- test for identical name and content (which fails if either is altered - bots can be set up to bypass either)
- forbid identical content (stops valid posts with identical content)

will look into putting timer on identical content alone, as well as name/content check.

as for admin issue,
make
Code: [Select]
$doublecheck = $_SESSION['poster']==="$name:|:$comment:|:$post_article_id"&&(time()-$_SESSION['time'])<45?0:1;//requires 45 seconds before accepting exact post a second time.like
Code: [Select]
if ($_SESSION[_SITE.'Logged_In'] == token()){$doublecheck = 1;}else{
$doublecheck = $_SESSION['poster']==="$name:|:$comment:|:$post_article_id"&&(time()-$_SESSION['time'])<45?0:1;}
NOTE above is corrected. $_SESSION[_SITE.'Logged_In'] == token()
« Last Edit: April 10, 2008, 10:08:27 AM by philmoz »
Logged
Of all the things I have lost, it is my mind that I miss the most.

funlw65

  • Hero Member
  • *****
  • Karma: 96
  • Posts: 771
    • Country Lab
Coment posting issues
« Reply #5 on: April 10, 2008, 12:03:33 PM »

Working good, no restrictions for admin...
Logged

philmoz

  • High flyer
  • ULTIMATE member
  • ******
  • Karma: 161
  • Posts: 1988
    • fiddle 'n fly
Comment posting issues
« Reply #6 on: April 11, 2008, 03:05:48 PM »

Ok, try this on.
It does not prevent identical content posting, it does not prevent the use of same name with identical content, it does not prevent use of different name with identical content.
What it does (I hope) is to set a timer if same ip on session tries to post too soon, changes name on same session, or posts with same name ALL on same article. Commenting on different article is not (read- should not) be hampered.


function comment($freeze_status) locate $doublecheck and replace with
Code: [Select]
if ($_SESSION[_SITE.'Logged_In'] == token()){$doublecheck = 1;$ident=1;}else{
$contentCheck= retrieve('id', 'comments', 'comment', $comment);
$ident = $contentCheck&&(time()-$_SESSION['time'])<45&&$_SESSION['ip']==$ip?0:1;
$doublecheck = $_SESSION['poster']==="$name:|:$post_article_id"&&(time()-$_SESSION['time'])<45?0:1;}

alter the next line to
Code: [Select]
if ($ip == $_SERVER['REMOTE_ADDR'] && $comment && $name && $post_article_id && is_numeric($_POST['calc']) && mathCaptcha($_POST['calc'], $_POST['sum']) && $doublecheck==1&&$ident==1) {
finally, after mysql_query($query); place this line.
Code: [Select]
$_SESSION['poster']="$name:|:$post_article_id";$_SESSION['time']= time();$_SESSION['ip']=$ip;####this is to set session for checking multiple postings.
Yes, it would also be good to get these timer values settable in admin, but first, need to prove the logic (bwahaha) of my code ;)

Feedback welcome here
**NOTE** may split posts relevant to this issue from this thread very shortly.
« Last Edit: April 11, 2008, 03:46:00 PM by philmoz »
Logged
Of all the things I have lost, it is my mind that I miss the most.

funlw65

  • Hero Member
  • *****
  • Karma: 96
  • Posts: 771
    • Country Lab
Re: Comment posting issues
« Reply #7 on: April 11, 2008, 05:13:35 PM »

I made the modifications, nothing stopped me posting repeated comments as visitor ...

Code: [Select]
<?php

$post_article_id = (is_numeric($_POST['id']) && $_POST['id'] > 0) ? $_POST['id'] : null;
$ip = (strlen($_POST['ip']) < 16) ? clean(cleanXSS($_POST['ip'])) : null;
  
//philMOD(  
//$doublecheck = retrieve('id', 'comments', 'comment', $comment);
  //$doublecheck = $_SESSION['poster']==="$name:|:$comment:|:$post_article_id"&&(time()-$_SESSION['time'])<45?0:1;//requires 45 seconds before accepting exact post a second time.  
  //if ($_SESSION[_SITE.'Logged_In'] == token()){$doublecheck = 1;}else{    $doublecheck = $_SESSION['poster']==="$name:|:$comment:|:$post_article_id"&&(time()-$_SESSION['time'])<45?0:1;}
    
    
if ($_SESSION[_SITE.'Logged_In'] == token()){$doublecheck 1;$ident=1;}else{
$contentCheckretrieve('id''comments''comment'$comment);
$ident $contentCheck&&(time()-$_SESSION['time'])<45&&$_SESSION['ip']==$ip?0:1;
$doublecheck $_SESSION['poster']==="$name:|:$post_article_id"&&(time()-$_SESSION['time'])<45?0:1;}
//if ($ip == $_SERVER['REMOTE_ADDR'] && (time() - $now) > 4 && $comment && $name && $post_article_id && is_numeric($_POST['calc']) && mathCaptcha($_POST['calc'], $_POST['sum']) && !isset($doublecheck)) {
  // ) 
  //if ($ip == $_SERVER['REMOTE_ADDR'] && $comment && $name && $post_article_id && is_numeric($_POST['calc']) && mathCaptcha($_POST['calc'], $_POST['sum']) && $doublecheck==1)
   // {
   
if ($ip == $_SERVER['REMOTE_ADDR'] && $comment && $name && $post_article_id && is_numeric($_POST['calc']) && mathCaptcha($_POST['calc'], $_POST['sum']) && $doublecheck==1&&$ident==1) {
   
$url preg_match('/((http)+(s)?:(\/\/)|(www\.))([a-z0-9_\-]+)/'$url) ? $url '';
$url substr($url03) == 'www' 'http://'.$url $url;
$time date('Y-m-d H:i:s');
if(s('approve_comments') != 'on') {$approved 'True';}
$query 'INSERT INTO '._PRE.'comments(articleid, name, url, comment, time, approved) VALUES'."('$post_article_id', '$name', '$url', '$comment', '$time', '$approved')";
mysql_query($query);
   
//$_SESSION['poster']="$name:|:$post_article_id";$_SESSION['time']= time();$_SESSION['ip']=$ip;####this is to set session for checking multiple postings.
      
   
$_SESSION['poster']="$name:|:$comment:|:$post_article_id";$_SESSION['time']= time();####this is to set session for checking multiple postings.   
$commentStatus s('approve_comments') == 'on' l('comment_sent_approve') : l('comment_sent');
}
else {$commentStatus l('comment_error'); $commentReason l('ce_reasons'); $fail true;}
echo '<h2>'.$commentStatus.'</h2>';

NOTE:
Here is also first modifications... I hope is correct....
« Last Edit: April 11, 2008, 05:17:29 PM by funlw65 »
Logged

philmoz

  • High flyer
  • ULTIMATE member
  • ******
  • Karma: 161
  • Posts: 1988
    • fiddle 'n fly
Re: Comment posting issues
« Reply #8 on: April 11, 2008, 05:53:09 PM »

you are setting the poster session with this
 $_SESSION['poster']="$name:|:$comment:|:$post_article_id";
but in $doublecheck you need to add the comment part as well, else the 2 will not be comparable.

As I see it, the $comment is mostly redundant here, as the best trigger is the article id. It may in fact be better to remove the $name component, and have the session hold only the article id, with $doublecheck testing time between last post on the article ny the ip (from $ident)

With this code, it doesn't stop repeated content, but adds an annoyance factor to it when posting to the same article, with/without name change, with without content change, all within a set timer period from same ip. There may be times where a duplicate reply is the most logical response.

I don't know if it is possible to totally prevent a persistant visitor from dropping crap into the comment, but by putting in the timer, may well reduce their inclination to sit and wait to do so. Note, the ip is not stored in system.
Just trying to find a balance between total lockout and total free-for-all ;)
Logged
Of all the things I have lost, it is my mind that I miss the most.

funlw65

  • Hero Member
  • *****
  • Karma: 96
  • Posts: 771
    • Country Lab
Re: Comment posting issues
« Reply #9 on: April 11, 2008, 06:36:51 PM »

Quote
you are setting the poster session with this
 $_SESSION['poster']="$name:|:$comment:|:$post_article_id";
but in $doublecheck you need to add the comment part as well, else the 2 will not be comparable.
Oops! Not checked....

Quote
With this code, it doesn't stop repeated content, but adds an annoyance factor to it when posting to the same article,
I mean this: repeated=fast posting many comments, identical or not...

Quote
I don't know if it is possible to totally prevent a persistant visitor from dropping crap into the comment, but by putting in the timer, may well reduce their inclination to sit and wait to do so.
It was the missing part...can be completed by a good captcha and/or other third party antispam tools....
Now, the admin must be very careful in setting the delay  ;D. Is his fault if is too big or too small (too big=loosing commenters, too small=useless).

It works and I like the solution.
Logged

philmoz

  • High flyer
  • ULTIMATE member
  • ******
  • Karma: 161
  • Posts: 1988
    • fiddle 'n fly
Re: Comment posting issues
« Reply #10 on: April 11, 2008, 11:42:35 PM »

Now, the admin must be very careful in setting the delay  ;D. Is his fault if is too big or too small (too big=loosing commenters, too small=useless).

It works and I like the solution.
use possibly 2 different timer values maybe??

=========

anyone else trying this?
« Last Edit: April 11, 2008, 11:59:37 PM by philmoz »
Logged
Of all the things I have lost, it is my mind that I miss the most.

funlw65

  • Hero Member
  • *****
  • Karma: 96
  • Posts: 771
    • Country Lab
Re: Comment posting issues
« Reply #11 on: April 13, 2008, 01:06:53 PM »

where and why 2 timer values?
Logged

philmoz

  • High flyer
  • ULTIMATE member
  • ******
  • Karma: 161
  • Posts: 1988
    • fiddle 'n fly
Re: Comment posting issues
« Reply #12 on: April 13, 2008, 01:28:55 PM »

good point..
Quote
$ident = $contentCheck&&(time()-$_SESSION['time'])<45&&$_SESSION['ip']==$ip?0:1;
$doublecheck = $_SESSION['poster']==="$name:|:$comment:|:$post_article_id"&&(time()-$_SESSION['time'])<45?0:1;}

you could drop one of them.

or you could set them differently...
Logged
Of all the things I have lost, it is my mind that I miss the most.

funlw65

  • Hero Member
  • *****
  • Karma: 96
  • Posts: 771
    • Country Lab
Re: Comment posting issues
« Reply #13 on: April 16, 2008, 09:09:14 PM »

Today I tested this modification under my sNews1.6 and you right, is better to eliminate $name and $comment and let only $post_article_id. Also, I let the timer only for variable $ident... Is working good for visitor. But for admin not worked at all... until I changed _SITE with db() equivalent  :P - stupid me...

So, now that timer can be inserted in admin panel and also a warning message is needed (You can post on same article after $timer seconds  - not only in error message but also somewhere in comment form?)

You rigth, maybe we need more feedback on this from others...(I fill the same :) )
Logged

philmoz

  • High flyer
  • ULTIMATE member
  • ******
  • Karma: 161
  • Posts: 1988
    • fiddle 'n fly
Re: Comment posting issues
« Reply #14 on: August 24, 2008, 07:55:55 AM »

anyone else looked at and tried this...

feedback important !!
Logged
Of all the things I have lost, it is my mind that I miss the most.