Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
Guardian2003
Site Admin


Joined: Aug 28, 2003
Posts: 6793
Location: Ha Noi, Viet Nam

PostPosted: Mon Aug 13, 2007 2:39 am Reply with quote

Feel, free to tweak Comments Module as you see fit, I just don't have time to play with it (or anything else for that matter) for the next couple of months or so. Raven has already tweaked it for XHTML Compliance ( v 0.02)
 
View user's profile Send private message Send e-mail
Gremmie
Former Moderator in Good Standing


Joined: Apr 06, 2006
Posts: 2415
Location: Iowa, USA

PostPosted: Mon Aug 13, 2007 7:51 am Reply with quote

I installed it on my test site and it looked good. My users have asked me for a "display the last X posts from the forums" so maybe we could add that too in addition to the surveys comments.

I found a define INDEX_FILE in the admin/index.php and it was making right blocks appear on not only it's admin section but some other modules too (I suppose because of the way Nuke include's everyone's case.php file or something -- I didn't look into it further). Removing that fixed it.

Thanks Guardian!

_________________
Only registered users can see links on this board! Get registered or login! - An Event Calendar for PHP-Nuke
Only registered users can see links on this board! Get registered or login! - A Google Maps Nuke Module 
View user's profile Send private message
Guardian2003
PostPosted: Mon Aug 13, 2007 11:22 am Reply with quote

Oops, yes Montego did advise me of that error some time ago, I must have missed fixing it somewhere down the line, my apologies!
 
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9456
Location: Arizona

PostPosted: Tue Aug 14, 2007 6:19 am Reply with quote

... and, as you can see, I had forgotten it also... otherwise I would have mentioned it as well. Embarassed

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
montego
PostPosted: Tue Aug 14, 2007 6:30 am Reply with quote

Actually, in the original version, I had fixed it as follows:

=== OPEN ===

modules/Comments/admin/case.php

=== FIND ===

Code:


   if ($row2['radminsuper'] == 1 || $auth_user == 1) {
   $module_name = 'Comments';
   $inddex_file= dirname(__FILE__) .'/'. 'index.php'; //deliberate typo :)
   $language_location = dirname(__FILE__) .'/'. 'language/lang-'.$currentlang.'.php';
   include_once("$language_location");
   include_once("$inddex_file"); // no typo its deliberate

   switch($op) {
      case 'ca_comments_main':
      case 'ca_news_comments':
      case 'ca_reviews_comments':
      case 'ca_poll_comments':
      break;
         }
   }


=== REPLACE WITH ===

Code:


   if ($row2['radminsuper'] == 1 || $auth_user == 1) {
   $module_name = "Comments";
   $inddex_file= dirname(__FILE__) ."/". "index.php"; //deliberate typo :)
   $language_location = dirname(__FILE__) ."/". "language/lang-".$currentlang.".php";
   include_once("$language_location");

   switch($op) {
      case "ca_comments_main":
      case "ca_news_comments":
      case "ca_reviews_comments":
      case "ca_poll_comments":
      include_once("$inddex_file"); // no typo its deliberate
      break;
         }
   }


The include_one of the index file needed to be within the switches I think.
 
Gremmie
PostPosted: Thu Aug 16, 2007 9:26 am Reply with quote

The guy came back today, tried to log in. However his user agent was

Mozilla/5.0 (compatible; Yahoo! Slurp; Only registered users can see links on this board! Get registered or login!

and his IP address was 74.6.29.35, which according to dnsstuff.com is a Yahoo Inktomi address. Confused
 
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17086

PostPosted: Thu Aug 16, 2007 11:57 am Reply with quote

Just as an fyi I received permission from John back on 6/28/2007 to include it in the next release. So, we can either include it as it is or someone can work on it to tweak it. Let me know. Actually, if someone takes ownership then just open up a Mantis issue.
 
View user's profile Send private message
Gremmie
PostPosted: Thu Aug 16, 2007 7:22 pm Reply with quote

I think I'd be interested in picking up the Comments module and running with it if it is okay with everyone.
 
Raven
PostPosted: Thu Aug 16, 2007 8:26 pm Reply with quote

Fine by me Smile
 
Guardian2003
PostPosted: Fri Aug 17, 2007 12:23 am Reply with quote

Knock yourself out Smile
It would be a shame to let it stagnate and deprive RN users of it's usefulness until I can get the time to do anything more with it.
 
montego
PostPosted: Fri Aug 17, 2007 6:15 am Reply with quote

Fine by me too. "G" can always pull the latest from the SVN repository when we gets settled down in his new country of residence and pick it up from there. Sounds like a win-win to me.
 
Gremmie
PostPosted: Fri Aug 17, 2007 6:54 am Reply with quote

I was thinking about having it display a form instead of showing comments when you enter it. The form would say: "Please show me the last X comments from Y" where X and Y would be drop down boxes. X would be something like 10, 20, 50, 100 and Y would be News, Reviews, Surveys, Forums.

Thoughts?
 
Guardian2003
PostPosted: Fri Aug 17, 2007 12:11 pm Reply with quote

That might be beneficial for very busy sites where lots of comments might be made and save the possible need for pagination.
The only important aspect is to ensure 'ordering' is by the date the relevant comment was made and NOT the date of the data which the comment was made against as this would negate it's usefulness for spotting comments to old news items etc which spammers seem to have a penchant for.

Might also be good if there was also a search by username or something? For example you spot a spam comment in a review item by a user - might be useful to be able to then 'list' all comments or whatever for that user to see what else they have been up to.
 
Gremmie
PostPosted: Fri Aug 17, 2007 12:39 pm Reply with quote

It also occured to me that a search by user would be useful.

And yes, we are on the same page about searching by the date of the comment itself. I want to watch for new spam comments.
 
Guardian2003
PostPosted: Fri Aug 17, 2007 2:56 pm Reply with quote

Sounds good to me. As you can see, I threw what's there together very quickly purely to address the problem of old news post comment spamming that the community was experiencing a while ago. Most of the code is just re-jigged existing core functions.

I look forward to your improvements Smile
 
fkelly
Former Moderator in Good Standing


Joined: Aug 30, 2005
Posts: 3312
Location: near Albany NY

PostPosted: Fri Aug 17, 2007 3:54 pm Reply with quote

I have been working on a Your Account hack to allow search by users. One place you may want to look is in the existing Search index.php. It is not apparent but there is a user search in there. I stripped some of the code out of that and am planning to use it in Your Account. I already have a drop down box that lists users (username and email) and you can pick one from the list (there was a hack like that posted here a while back). The drop down works fine even on a site with say 1000 users (like my own site) but I think that on something like Raven's with 14000 users it would get unwieldy. My thought is to also have a search icon which will open a search window and allow you to search on all or part of a username or email and maybe some other criteria.

It might be useful if we developed the user search so that it could be accessed "independently" from anywhere in the system ... I don't know if it should be an include file or a class or a function.

Code:
                  $res_n3 = $db->sql_query('SELECT user_id, username, name from '.$user_prefix.'_users where (username like \'%'.$query.'%\' OR name like \'%'.$query.'%\' OR bio like \'%'.$query.'%\') order by username ASC limit '.$min.','.$offset);

                $nrows = $db->sql_numrows($res_n3);
                $x=0;
                if (!empty($query)) {
                    echo '<br /><hr noshade="noshade" size="1" /><center><b>'._SEARCHRESULTS.'</b></center><br /><br />';
                    echo '<table width="99%" cellspacing="0" cellpadding="0" border="0">';
                    if ($nrows>0) {
                        while($rown3 = $db->sql_fetchrow($res_n3)) {
                            $uid = intval($rown3['user_id']);
                            $uname = stripslashes($rown3['username']);
                            $name = stripslashes($rown3['name']);
                            $furl = 'modules.php?name=Your_Account&amp;op=userinfo&amp;username='.$uname;
                            if (empty($name)) {
                                $name = _NONAME;
                            }
                            echo '<tr><td><img src="images/folders.gif" border="0" alt="" />&nbsp;<font class="option"><a href="'.$furl.'"><b>'.$uname.'</b></a></font><font class="content"> ('.$name.')';
                            if (is_admin($admin)) {
                                echo ' [ <a href="'.$admin_file.'.php?chng_uid='.$uname.'&amp;op=modifyUser">'._EDIT.'</a> | <a href="'.$admin_file.'.php?op=delUser&amp;chng_uid='.$uid.'">'._DELETE.'</a> ]';
                            }
                            echo '</font></td></tr>';
                            $x++;
                        }


That's the code I extracted from the search module. Obviously it's just a starting point but something is sometimes better than nothing.
 
View user's profile Send private message Visit poster's website
montego
PostPosted: Sat Aug 18, 2007 9:13 am Reply with quote

I, too, like where this is going. We also need the ability to select with checkboxes some or all the comments on a particular page of comments.

I LOVE the userid idea. Wish there was also a way to do this via IP address, but not easy (would it require NukeSentinel?). Also, this would only be necessary for those folks who refuse to put comments behind registered user and/or the spam captcha.

I was also thinking of a potential SPAM notifier type tool (NukeSentinel candidate?) that could spot unusual post behavior in comments, forums, etc., but that is probably a completely different topic for another day.
 
Guardian2003
PostPosted: Sat Aug 18, 2007 11:24 am Reply with quote

I was going to add something like that to Spam Stopper whereby the POST var was checked for multiple links (e.g. checking for multiple instances of 'http' )but I believe Vin did something along these lines a while ago for an improved feedback module or something.
 
Gremmie
PostPosted: Sun Aug 19, 2007 10:26 am Reply with quote

For the admin part of the module, I am going to include a form with checkboxes by each comment so an admin can delete comments. I'm hesitant to do this for the forum posts....it might be a little tricky given all their tables and relationships. Since you can already admin the forums pretty well, should I punt on that or dig into it a little deeper? Or make it a rev 2 thing?
 
montego
PostPosted: Sun Aug 19, 2007 10:30 am Reply with quote

Gremmie, you are right and probably a "rev 2" thing.

Guardian2003, what Vin did, I thought, was to render the links inoperable. In otherwords, removes the "incentive" to spam. However, I am going on ancient history memory here. Laughing I hadn't really thought about the one spam message with multiple links in it. I was more concerned about getting NN number of comments being added in a short period of time or close in "pattern" to help spot "bot" behavior.
 
Gremmie
PostPosted: Sun Aug 19, 2007 10:35 am Reply with quote

phpBB may already have a "delete post" function that I could call, I suppose. I'll do a casual search and if I don't see anything obvious I'll leave it for rev 2. Wink
 
montego
PostPosted: Sun Aug 19, 2007 10:41 am Reply with quote

yeah, it definitely does have it and I am pretty sure that even if other posts have been made, it gets the dependencies right. Actually, not even really sure there are dependencies other than the topic id. I think it will order the posts based on their IDs.
 
Guardian2003
PostPosted: Sun Aug 19, 2007 10:46 am Reply with quote

Yes you are quite right M - I just thought that if someone is going to spam comments, to make it worth their while, they are highly likely to insert more than one link - though I do like the idea of some sort of 'flood' protection on the comments!!

You are right on Vin's approach too, I remember it now. While making the links useless does remove the incentive to spam, from a 'bot' perspective, the bot isn't going to know the links are useless (but it will stop crap from getting indexed by the SE's).

I have obviously been looking into anti-spamming techniques for a while and I'd just like to throw this thought of my 'nirvana' into the air to see what response there is;
How about an authentication for comments like the user registration?
e.g. User submits comment
comment data goes to a new table where it is held in 'pending'
script sends email with 'activation' link
link is clicked and 'pending' moves to the core table

That might be overly complicated and it's not exactly 'user-friendly' but comments are not really supposed to be used like a blog, there are forums for that, so a user is unlikely to make more than one comment I feel.

Gremmie - ypu I'd make forums a rev 2 (or whatever) thing.
There are already plenty of things a webmaster can use such as 'posts since last visit' , 'unanswered topics' etc and thats before you touch any admin stuff.
 
Gremmie
PostPosted: Mon Sep 03, 2007 4:43 pm Reply with quote

I've got some good time in on the new Comments module. You can see the last 10, 20, 50, 100, or 200 comments from Forums, News, Surveys, and Reviews. You can also show results by user with * wildcard. Smile

I just got to add the delete capability. Do you think I should build an admin section just to delete the comments, or just put the delete checkboxes right in the "user" part of the form (wrapped with is_admin() check)? Thanks.
 
fkelly
PostPosted: Mon Sep 03, 2007 6:31 pm Reply with quote

The latter.
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©