February 14, 2006

Added simple comment spam protection

I've added simple comment spam protection to my bblog. Hopefully it will keep the spam bots from getting comments in that I need to moderate. I'll put installation instructions below.

First, we have to determine if your system supports FreeType fonts in GD or not. Do do that, download http://FuguTabetai.com/phptest.txt and put that on the root of your server's html files. Change the name to phptest.php, and go to that URL (change permissions to make it world readable, or at least readable by your apache process.) Check the section about "gd" and see whether you have FreeType support enabled. For example, I have "FreeType support: enabled, FreeType linkage: with freetype, FreeType version: 2.1.4". If you have FreeType, great. If not, you have to use the GD fonts version. Now download either http://fugutabetai.com/randomImage.txt if you have FreeType, or http://FuguTabetai.com/randomImageNoDG.txt if you do not, and put that on your sever. It can go anywhere, but I recommend the root of your html directory. Change the file to randomImage.php (I named it .txt so the server wouldn't interpret it.) In both cases, look through the file, and if you are using GD be sure to change the path to the .ttf file to one that exists on your server.

Now we have to make changes to two bBlog files. Open up 

BBLOG/inc/bBlog.class.php
and search for the lines
Code:
if(C_COMMENT_TIME_LIMIT >0) {
                $fromtime = $now - (C_COMMENT_TIME_LIMIT * 60);
                $this->query("select * from ".T_COMMENTS." where ip='$remaddr' and posttime > $fromtime");
                if($this->num_rows >0) {
                        $this->standalone_message("Comment Flood Protection", "Error adding comment. You have tried to make a comment too soon after your last one. Please try again later. This is a bBlog spam prevention mesaure");

                }
        }
After that, add this code:
Code:
if (md5($_POST['verification']) != $_SESSION['image_random_value']) {
          $this->standalone_message("Spam prevention", "There was an error verifying the characters from the image and the characters you typed in.  Please try again.");
        }

That is it for that file. Basically, the randomImage.php program generates an image with 8 random characters on it, and sets the session variable "random_image_value" to the md5 hash of the random characters. The bBlog.class.php file checks to make sure that the md5 hashes match on a new comment post, and errors out if not.

Now we have to add the comment fields into our post templates. Find the 

post.html
file for your template and a nice place to insert this code:
Code:
<div class="clear">&nbsp;</div>
<div class="formleft"><img src="/randomImage.php" alt="verification image"><br>Image verification:</div>
<div class="formright"><input name="verification" type="text" id="verification" /></div>

I put it after the website, and before the comment. Test things out. You should be golden.

There are some things you can (and should!) change around in the randomImage.php file. You have to give it the location of a good ttf file. I've only got some Japanese fonts installed that I doubt anyone here would have. Also, you can change colors, sizes, etc. Let me know if there are any questions, and I hope that this helps.

If no text shows up and you are using the FreeType version, check to make sure that the path to the font exists on your system. You should also try the GD version and see if that produces any output. If you have any questions, feel free to comment here, or drop me a line. You should also check out the post over on the bblog.com forums, since that is most likely more active: Bblog.com forums discussion of adding image verification to comments.

Comments

Provide your email address when commenting and Gravatar will provide general portable avatars, and if you haven't signed up with them, a cute procedural avatar with their implementation of Shamus Young's Wavatars.

Re: Added simple comment spam protection
vote. It is held in Afghanistan Tiffany Braceletsince the Tiffany Earringstaliban's second presidential Tiffany ringselection.Tiffany jewellers Xinhua/new methodAfghanistan's Tiffany jewelrypresidential election 20.Tiffany jewellery The poll, incumbent PresidentTiffany silver hamid karzai's ghdpopularity than rivals, GHD Darkreelection - ghd straightenersrisk.Besides,ghd hair straighteners this campaign has won ghd hair stylerthree Cheap GHDaspect, a "safeGHD pure", "terrorism", three redquin is GHD kiss"democracyGHD MK4 Black".See first GHD MK4 Pink"safe". The GHD MK4 Goldinternational GHD Purplesociety is concerned don ed hardyand security situationed hardy shoes in Afghanistan elections. Depending ed hardy apparelon the current situationed hardy men of American more for Afghaned hardy women's securityed hardy bag globally vane.Situation ed hardy tshirtis not optimisticugg boots. In the first uggshalf of thiswholesale ugg boots year, the data showedugg sheepskin boots that died in china wholesaleviolence wholesale digital camerasin the numbermp4 watches of AfghanWholesale Mp4 civilians 20% wholesale t shirtsincrease over Wholesale handbagsthe same month wholesale clothinglast year,Wholesale jewelry NATO's international wholesalesecurity assistance forceWholesale Jewelry, July is only 75 soldier diedWholesale fashion jewelry from terrorist attackWholesale costume jewelry, A few days ago, the election of the number of terrorist attacks in Afghanistan since from daily average 48 to 32.
Posted 14 years, 11 months ago by qqq • @wwwReply

Comments have now been turned off for this post