Frog CMS

I have an idea for a simple, non-invasive anti-bot solution. I'lll not give details just yet, but ya. It ought to be quite effective. I can think of two classes of robot it will not foil. Luckily, I do not know of many bots meeting this criteria. :D

I could go into detail as to why CAPTCHAs suck. In fact, I have recently written a lengthy post regarding the subject, on another forum. I will gladly link it, provided both that Philippe is OK with the external link and that can find it in my post history on the site! ;)

But, generally, CAPTCHAs are a bad thing. I humbly request that Philippe not entertain the idea of them. :D

I'll dig up the link this evening some time. I'll have to sift through a few thousand of my posts to find it. :(

And I hope to find the time to finish my form-mailer in the next day or two. The solution that I'm working on for it could easily be adapted to the comments form.

There is one circumstance where you get CAPTCHA-like functionality from the solution. This circumstance will rarely be hit by a live user, but it should always be hit by a bot. Due to the rarity of live users hitting this "pseudo-CAPTCHA", it will have a static value that can be defined either globally, or on a page-by-page basis. Since bots won't know for sure what they're looking for, this solution should work fairly well.

Since I'm not getting paid for any of the projects I'm doing at the moment, I'm prioritizing by number of people demanding them. So, my Frog stuff is currently lower-priority than my app. ;)

Ok I do believe there needs to be an Observer Event for me to interrupt the comment process.

An Akismet plugin would be nice right about now…

Akismet is excellent. It just works. Cpatchas are just plain annoying :) Akismet support has been suggested before too.

So… what’s stopping you guys from doing an Akismet plugin? ;-)

I developed a half-baked Akismet plugin for my own cms (wich I plan to replace with Frog). I guess I can port it to Frog, but I have to figure out how the comment plugin works. I’ll look at it when I have the time.

Thanks for the tips, Martijn. I don’t plan to change the comment plugin and I’m aware that this possible plugin might be useful for others like pingback/trackback and contact form.

However, I had to mess with the comment plugin in order to make it work in my setup: Apache, sqlite3 and php 5.2. It seems that sqlite doesn’t like some things, in special, rowCount always returns 0 for SELECT. I have it working now and I can provide the changes if you want.

Now I have a testbed to start to work in the Akismet plugin. I’ll look at the observer thing.

Well, here are my (not so good) hacks:

The problem with comment plugin and sqlite occurs in the backend. It was showing a blank page instead of the comments list, but the documentation and settings pages were working fine. This is because sqlite doesn’t like blank WHERE clauses. I changed the file plugins/comment/Comment.php replacing the lines 60 and 61:

$sql = "SELECT * FROM $tablename AS comment " .
    "WHERE $where $order_by_string $limit_string";

with this:

if ($where == '') {
        $sql = "SELECT * FROM $tablename AS comment " .
            "$order_by_string $limit_string";
    } else {
        $sql = "SELECT * FROM $tablename AS comment " .
            "WHERE $where $order_by_string $limit_string";
    }

It can be written in a shortest way, but I prefer readability when I’m testing code. Now, the plugin shows the lists, but it thinks that there are no comments in the database because sqlite always returns 0 for a SELECT clause using statement->prepare(). So, I modified the code to use query() as proposed in the PHP manual:

In file plugins/comment/views/index.php, replace lines 42-46:

$sql = "SELECT * FROM ".TABLE_PREFIX."comment WHERE is_approved = 1";
$stmt = $__FROG_CONN__->prepare($sql);
$stmt->execute();

$comments_count = $stmt->rowCount();

with this:

$driver = strtolower($__FROG_CONN__->getAttribute(Record::ATTR_DRIVER_NAME));
if ($driver == 'sqlite') {
  $sql = "SELECT COUNT(*) FROM ".TABLE_PREFIX."comment WHERE is_approved = 1";
  $stmt = $__FROG_CONN__->query($sql);
  $comments_count = $stmt->fetchColumn();
} else {
  $sql = "SELECT * FROM ".TABLE_PREFIX."comment WHERE is_approved = 1";
  $stmt = $__FROG_CONN__->prepare($sql);
  $stmt->execute();
  $comments_count = $stmt->rowCount();
}

In file plugins/comments/views/moderation.php, replace lines 41-45:

$sql = "SELECT * FROM " . TABLE_PREFIX . "comment WHERE is_approved = 0";
$stmt = $__FROG_CONN__->prepare($sql);
$stmt->execute();

$comments_count = $stmt->rowCount();

with this:

$driver = strtolower($__FROG_CONN__->getAttribute(Record::ATTR_DRIVER_NAME));
if ($driver == 'sqlite') {
  $sql = "SELECT COUNT(*) FROM ".TABLE_PREFIX."comment WHERE is_approved = 0";
  $stmt = $__FROG_CONN__->query($sql);
  $comments_count = $stmt->fetchColumn();
} else {
  $sql = "SELECT * FROM ".TABLE_PREFIX."comment WHERE is_approved = 0";
  $stmt = $__FROG_CONN__->prepare($sql);
  $stmt->execute();
  $comments_count = $stmt->rowCount();
}

Theoretically, the query()/fetchColumn() approach can be used with the MySQL driver too, so the two later changes can be writen in a shorter way avoiding the if / else structure.

I hope this can be helpful in someway.