Comment posting issues

[philmoz]

topic split from
http://snewscms.com/forum/index.php?topic=7186.0

And a big error: I used a copied phrase for speeding up posting many comments. If I have a second comment with diferent author but THE SAME CONTENT (long phrase, anyway), comment not validate!!!

Content is being compared to what has already been posted in an attempt to reduce mass repetitive flooding. Change one character and comment will post. Granted, that will make it difficult for visitors to echo kudos and the like (I know what I mean)..
**thinking out loud** will need to compare content and author to ensure, plus maybe set session key on post to prevent something like this.

Will try out on 1.6 as well -- just in case it resides there as well.

[philmoz]

And a big error: I used a copied phrase for speeding up posting many comments. If I have a second

comment with diferent author but THE SAME CONTENT (long phrase, anyway), comment not validate!!!

Content is being compared to what has already been posted in an attempt to reduce mass repetitive
flooding. Change one character and comment will post. Granted, that will make it difficult for
visitors to echo kudos and the like (I know what I mean)..
**thinking out loud** will need to compare content and author to ensure, plus maybe set session
key on post to prevent something like this.

I have a time delay alteration to aid in preventing accidental double postings, as opposed to the
current comparison of post content via
    $doublecheck = retrieve('id', 'comments', 'comment', $comment);
Why I think it should be changed...

Scenario: a personal site, author writes of the birth of first child.
Visitors all wish to offer congratulations.
Once one person makes a post containing only the word 'Congratulations', no-one else may do the
same. They would need to find an alternative. (Also the notification doesn't explian the issue,
but that's another fix )

Would like to know if this is more appropriate, although it potentially allows multiple posting if
poster changes the name. (previously, poster only needed to alter content by one
character in message to do the same.)

function comment($freeze_status) locate $doublecheck and replace with

Code:

$doublecheck = $_SESSION['poster']==="$name:|:$comment:|:$post_article_id"&&(time()-$_SESSION['time'])<45?0:1;//requires 45 seconds before accepting exact post a second time.

alter the next line to

Code:

if ($ip == $_SERVER['REMOTE_ADDR'] && $comment && $name && $post_article_id && is_numeric($_POST['calc']) && mathCaptcha($_POST['calc'], $_POST['sum']) && $doublecheck==1) {

finally, after mysql_query($query); place this line.

Code:

$_SESSION['poster']="$name:|:$comment:|:$post_article_id";$_SESSION['time']= time();####this is to set session for checking multiple postings.

Of course you can raise or lower the time between repost. Generally no-one should require repetitive posting, so you could make it a very large number indeed

Thoughts?

[funlw65]

Excellent! It was a must! Now, sNews is smart  . I can talk with him 
I will test it...

And, according with my obsession, I will put that value in admin panel (in my 1.6....)

[funlw65]

After testings....

1.I can post the same comment as visitor if I change the name....not good, I had in past same spam comments with different names....and they can make changes if they(programmers) read this forum ...
We need that message, telling us is possible to post same comment after 45 seconds in order to prevent spam...maybe in comment form.... to prevent loosing entire message and annoying commenter.

2.I have same restrictions as admin... I don`t want restrictions... I am the boss  and if I decide to `spam` my own site....maybe some visitors don`t get the point and you must repeat that message

2.I have same restrictions as admin... I don`t want restrictions... I am the boss  and if I decide to `spam` my own site....maybe some visitors don`t get the point and you must repeat that message

 

[philmoz]

the problem is,
on an article:
- test for identical name and content (which fails if either is altered - bots can be set up to bypass either)
- forbid identical content (stops valid posts with identical content)

will look into putting timer on identical content alone, as well as name/content check.

as for admin issue,
make

Code:

$doublecheck = $_SESSION['poster']==="$name:|:$comment:|:$post_article_id"&&(time()-$_SESSION['time'])<45?0:1;//requires 45 seconds before accepting exact post a second time.

like

Code:

if ($_SESSION[_SITE.'Logged_In'] == token()){$doublecheck = 1;}else{
$doublecheck = $_SESSION['poster']==="$name:|:$comment:|:$post_article_id"&&(time()-$_SESSION['time'])<45?0:1;}

NOTE above is corrected. $_SESSION[_SITE.'Logged_In'] == token()

[funlw65]

Working good, no restrictions for admin...

[philmoz]

Ok, try this on.
It does not prevent identical content posting, it does not prevent the use of same name with identical content, it does not prevent use of different name with identical content.
What it does (I hope) is to set a timer if same ip on session tries to post too soon, changes name on same session, or posts with same name ALL on same article. Commenting on different article is not (read- should not) be hampered.


function comment($freeze_status) locate $doublecheck and replace with

Code:

if ($_SESSION[_SITE.'Logged_In'] == token()){$doublecheck = 1;$ident=1;}else{
$contentCheck= retrieve('id', 'comments', 'comment', $comment);
$ident = $contentCheck&&(time()-$_SESSION['time'])<45&&$_SESSION['ip']==$ip?0:1;
$doublecheck = $_SESSION['poster']==="$name:|:$post_article_id"&&(time()-$_SESSION['time'])<45?0:1;}

alter the next line to

Code:

if ($ip == $_SERVER['REMOTE_ADDR'] && $comment && $name && $post_article_id && is_numeric($_POST['calc']) && mathCaptcha($_POST['calc'], $_POST['sum']) && $doublecheck==1&&$ident==1) {

finally, after mysql_query($query); place this line.

Code:

$_SESSION['poster']="$name:|:$post_article_id";$_SESSION['time']= time();$_SESSION['ip']=$ip;####this is to set session for checking multiple postings.

Yes, it would also be good to get these timer values settable in admin, but first, need to prove the logic (bwahaha) of my code

Feedback welcome here
**NOTE** may split posts relevant to this issue from this thread very shortly.

[funlw65]

I made the modifications, nothing stopped me posting repeated comments as visitor ...

Code:

<?php

$post_article_id = (is_numeric($_POST['id']) && $_POST['id'] > 0) ? $_POST['id'] : null;
$ip = (strlen($_POST['ip']) < 16) ? clean(cleanXSS($_POST['ip'])) : null;
  //philMOD(  
//$doublecheck = retrieve('id', 'comments', 'comment', $comment);
  //$doublecheck = $_SESSION['poster']==="$name:|:$comment:|:$post_article_id"&&(time()-$_SESSION['time'])<45?0:1;//requires 45 seconds before accepting exact post a second time.  
  //if ($_SESSION[_SITE.'Logged_In'] == token()){$doublecheck = 1;}else{    $doublecheck = $_SESSION['poster']==="$name:|:$comment:|:$post_article_id"&&(time()-$_SESSION['time'])<45?0:1;}
    
    if ($_SESSION[_SITE.'Logged_In'] == token()){$doublecheck = 1;$ident=1;}else{
$contentCheck= retrieve('id', 'comments', 'comment', $comment);
$ident = $contentCheck&&(time()-$_SESSION['time'])<45&&$_SESSION['ip']==$ip?0:1;
$doublecheck = $_SESSION['poster']==="$name:|:$post_article_id"&&(time()-$_SESSION['time'])<45?0:1;}
//if ($ip == $_SERVER['REMOTE_ADDR'] && (time() - $now) > 4 && $comment && $name && $post_article_id && is_numeric($_POST['calc']) && mathCaptcha($_POST['calc'], $_POST['sum']) && !isset($doublecheck)) {
  // ) 
  //if ($ip == $_SERVER['REMOTE_ADDR'] && $comment && $name && $post_article_id && is_numeric($_POST['calc']) && mathCaptcha($_POST['calc'], $_POST['sum']) && $doublecheck==1)
   // {
   if ($ip == $_SERVER['REMOTE_ADDR'] && $comment && $name && $post_article_id && is_numeric($_POST['calc']) && mathCaptcha($_POST['calc'], $_POST['sum']) && $doublecheck==1&&$ident==1) {
   
$url = preg_match('/((http)+(s)?:(\/\/)|(www\.))([a-z0-9_\-]+)/', $url) ? $url : '';
$url = substr($url, 0, 3) == 'www' ? 'http://'.$url : $url;
$time = date('Y-m-d H:i:s');
if(s('approve_comments') != 'on') {$approved = 'True';}
$query = 'INSERT INTO '._PRE.'comments(articleid, name, url, comment, time, approved) VALUES'."('$post_article_id', '$name', '$url', '$comment', '$time', '$approved')";
mysql_query($query);
   //$_SESSION['poster']="$name:|:$post_article_id";$_SESSION['time']= time();$_SESSION['ip']=$ip;####this is to set session for checking multiple postings.
      
   $_SESSION['poster']="$name:|:$comment:|:$post_article_id";$_SESSION['time']= time();####this is to set session for checking multiple postings.   
$commentStatus = s('approve_comments') == 'on' ? l('comment_sent_approve') : l('comment_sent');
}
else {$commentStatus = l('comment_error'); $commentReason = l('ce_reasons'); $fail = true;}
echo '<h2>'.$commentStatus.'</h2>';

NOTE:
Here is also first modifications... I hope is correct....

[philmoz]

you are setting the poster session with this
 $_SESSION['poster']="$name:|:$comment:|:$post_article_id";
but in $doublecheck you need to add the comment part as well, else the 2 will not be comparable.

As I see it, the $comment is mostly redundant here, as the best trigger is the article id. It may in fact be better to remove the $name component, and have the session hold only the article id, with $doublecheck testing time between last post on the article ny the ip (from $ident)

With this code, it doesn't stop repeated content, but adds an annoyance factor to it when posting to the same article, with/without name change, with without content change, all within a set timer period from same ip. There may be times where a duplicate reply is the most logical response.

I don't know if it is possible to totally prevent a persistant visitor from dropping crap into the comment, but by putting in the timer, may well reduce their inclination to sit and wait to do so. Note, the ip is not stored in system.
Just trying to find a balance between total lockout and total free-for-all

[funlw65]

you are setting the poster session with this
 $_SESSION['poster']="$name:|:$comment:|:$post_article_id";
but in $doublecheck you need to add the comment part as well, else the 2 will not be comparable.

Oops! Not checked....

With this code, it doesn't stop repeated content, but adds an annoyance factor to it when posting to the same article,

I mean this: repeated=fast posting many comments, identical or not...

I don't know if it is possible to totally prevent a persistant visitor from dropping crap into the comment, but by putting in the timer, may well reduce their inclination to sit and wait to do so.

It was the missing part...can be completed by a good captcha and/or other third party antispam tools....
Now, the admin must be very careful in setting the delay  . Is his fault if is too big or too small (too big=loosing commenters, too small=useless).

It works and I like the solution.

[philmoz]

Now, the admin must be very careful in setting the delay  . Is his fault if is too big or too small (too big=loosing commenters, too small=useless).

It works and I like the solution.

use possibly 2 different timer values maybe??

=========

anyone else trying this?

[funlw65]

where and why 2 timer values?

[philmoz]

good point..

$ident = $contentCheck&&(time()-$_SESSION['time'])<45&&$_SESSION['ip']==$ip?0:1;
$doublecheck = $_SESSION['poster']==="$name:|:$comment:|:$post_article_id"&&(time()-$_SESSION['time'])<45?0:1;}

you could drop one of them.

or you could set them differently...

[funlw65]

Today I tested this modification under my sNews1.6 and you right, is better to eliminate $name and $comment and let only $post_article_id. Also, I let the timer only for variable $ident... Is working good for visitor. But for admin not worked at all... until I changed _SITE with db() equivalent  - stupid me...

So, now that timer can be inserted in admin panel and also a warning message is needed (You can post on same article after $timer seconds  - not only in error message but also somewhere in comment form?)

You rigth, maybe we need more feedback on this from others...(I fill the same )

[philmoz]

anyone else looked at and tried this...

feedback important !!