Please read this before you look at rest of the thread
For the First Time readers especially. This Mod/hack has reached a version 1.0 (release date Nov. 11 , 2006). I am attaching the Zipped Folder with this Starting Post. It has all the Instructions, files required and explanations in it. This will save you lots of time and you do not have to read the discussion till the date 10th July, 2007. For discussion/issues post in the thread
The Contents of Zipped Folder are
It contains
1-- Most Simple Comment Spam protection for 1.doc (MS WORD version Manual)
2-- Most Simple Comment Spam protection.pdf (pdf version Manual)
3-- done.php file
4-- capimage.jpg File
5-- db_input2.php File ( its is a copy of original db_input.php file. It is renamed to db_input2.php and 3 extra code lines have been added to it)
5-- db_input.php File ( it is the original db_input.php file + 3 extra code lines have been added to it)
Features:
• This is a CAPTCHA Alternative which is independent of your hosting server setting.
• It is very simple and only 3 lines are added to the db_input.php file.No other core file is modified.
• If you want to disable this Hack, simply remove those 3 Lines added to db_input2.php.
• Other functions of coppermine gallery are not affected.
• No server side font Support is required.
• You can create your own image with code written on it and use with this Mod.
• No server side dynamic image generation support is required.
• It takes hardly 5-10 minutes to make this work properly.
• It easy to add and easy to remove and works 100% on any server.
• Special Thanks to all people who gave the feedback on the mod thread.
Read the instruction in doc Or PDF..and apply the Mod properly. Incase you need help post in this thread
Read the FIRST POST. Version 1.0 has been released .( dated Nov. 11 , 2006)
You do not need filesneeded02.zip now,so do not download filesneeded02.zip.
Hello pinpoint222
Really good idea, it works good... but....
...I have one problem - this protection also works when I add a new album and I want to write a description of this album (in album properties visible only in admin mode) and there's no field to write this code. Please help
HI
thank you for contacting..
This HACK/MOD is for comment system. You want to apply this hack for New albums etc. Applying it for other new albums etc will require new Thread. I am replying to your answer here.
http://forum.coppermine-gallery.net/index.php?topic=37752.0
Please discuss one topic per thread.
Note: This does apply to this hack, as installation of this hack affects the ability to edit album's properties. In other words, this is a bug report!
What tomeq11 asked, and I'm having the same problem...
Your hack messes up the ability to change album info! When I try to change my album properties, I get the comments error page!
When I edit an album's properties and click "Update Album", I get "Comments Could not be added. Redirecting. Please wait..."
So what we're asking is if you could modify your hack so it doesn't get rid of our ability to edit our albums! :)
Your hack works great to prevent spam though!
Thanks,
Kai
This step was dropped. Read the First Post of the Thread. All files and explanations written in that post now
Oh Please do Not apply the changes i mentioned in my last postI have made a working tested solution . IT IS CORE HACK FREE Solution. NO More messing with db_input.php file at All.Here is what you have to do..
1-- Simply make a copy of db_input.php file and name it as db_input2.php. Keep both files in the same folder.
2- Open db_input.php and remove these 3 lines u added before.
Quote
if ($_POST['thenum'] != '6B38'){
header('Location: done.php');
die();
}
Now db_input.php is back to its original form.
3- Now IN the theme.php file find this line
Quote<form method="post" name="post" action="db_input.php">
and now it to
Quote<form method="post" name="post" action="db_input2.php">
Thats it.i have tested it..so it is Working and Now my hack does not involve db_input.php file at all. All the changes will be done in db_input2.php file.
SO CORE FILES are NOT CHANGED at all.
The file db_input2.php which we created will be used Only to add comments.
So here is the Summary of this MOD Now for everyone 1-- Change Theme.php as described in the start of this thread
2-- Make a copy of original db_input.php file and name it db_input2.php
3-- Add the 3 LINES to db_input2.php file.
4-- Keep both db_input.php and db_input.php in the same folder
5-- Upload the image and done.php as described at the start of the thread.
6- All check .tested and go.
7-- The end
I think there should be no problem now. if it works or it it doesnt post please
Thanks
Hmmm, it is now allowing me to post comments no matter what code I put in!
I can edit my photo albums again though!
Oh, maybe it has to do with the fact that I had already added the greendummy line... duh! I'll check that out and report back!
yes.. all the steps in the dummygreen post are no longer needed now.
OK, all set! Thanks!
I use your spam protection and it looks good.
There is only one thing, why do i have now 2 white squares up and below the "OK" button ?
Thanks
Quote from: ceesjoore on November 05, 2006, 12:41:05 PM
I use your spam protection and it looks good.
There is only one thing, why do i have now 2 white squares up and below the "OK" button ?
Thanks
Sorry here is the link http://www.ceesjoore.nl/coppermine/displayimage.php?album=lastup&cat=-32&pos=0
Quote
I use your spam protection and it looks good.
There is only one thing, why do i have now 2 white squares up and below the "OK" button ?
Thanks
Sorry here is the link http://www.ceesjoore.nl/coppermine/displayimage.php?album=lastup&cat=-32&pos=0
Re:
Thats related to template... try this fix
find these lines
Quote
<td align="left">
<input type="hidden" name="event" value="comment" />
<input type="hidden" name="pid" value="194" />
<input type="submit" class="comment_button" name="submit" value="OK" />
</td>
and replace them with this
Quote
<td class="tableb_compact" align="left">
<input type="hidden" name="event" value="comment" />
<input type="hidden" name="pid" value="194" />
<input type="submit" class="comment_button" name="submit" value="OK" />
</td>
it should work ..let me know..thanks
Ok that worked fine.
Is there also a way to change the size of the fonts, because they are bigger now and not on one line ?
Thanks
..Yes ofcos.
font size color etc are controlled by "Class" (CSS) files... in this hack i used "class=tableb_compact"..u can replace it whatever class u like...
For ur website..
find this
Quote<td class="tableb_compact" align="left">
and change it to
Quote<td class="tableh2_compact" align="left">
it will fix the size n color.hope it helps.
Quote from: pinpoint222 on November 05, 2006, 03:45:59 PM
..Yes ofcos.
font size color etc are controlled by "Class" (CSS) files... in this hack i used "class=tableb_compact"..u can replace it whatever class u like...
For ur website..
find this
and change it to
it will fix the size n color.hope it helps.
The fonts stay the same size with this fix, they change when i change the font size in the menu bar from explorer bij view.
All the other fonts stay the same size only the one added with the captcha hack are react on the exporer option. :-\
example http://www.ceesjoore.nl/coppermine/displayimage.php?album=32&pos=1
Quote from: ceesjoore on November 05, 2006, 05:52:24 PM
The fonts stay the same size with this fix, they change when i change the font size in the menu bar from explorer bij view.
All the other fonts stay the same size only the one added with the captcha hack are react on the exporer option. :-\
example http://www.ceesjoore.nl/coppermine/displayimage.php?album=32&pos=1
I have removed the text behind the box and now it looks good.
Thanks for helping
No. To make font size permanent and not changing u need simply open theme.php find this
Quote<!-- BEGIN CAPTCHA Image -->
<tr>
<td colspan="1">
<table width="100%" cellpadding="0" cellspacing="0">
<tr bgcolor="#FFFFFF">
<td class="tableb_compact" align="right"><font size="2" face="Verdana, Arial, Helvetica,
sans-serif"><b>Enter this Code <img src="http://www.yoursite.com/CPG/Themes/classic/images/capimage.jpg"> in the
Box</b></font></td>
<td class="tableb_compact" align="left">
<font size="2" face="Verdana, Arial, Helvetica, sans-serif">
<input name="thenum" type="text" id="checkit" > Type Four Letter Code
</font></td>
<td align="left">
<input type="hidden" name="event" value="comment" />
<input type="hidden" name="pid" value="{PIC_ID}" />
<input type="submit" class="comment_button" name="submit" value="{OK}" />
</td>
</tr>
</table>
</td>
</tr>
<!-- END CAPTCHA Image -->
Then remove this line ( it comes twice)
Quote<font size="2" face="Verdana, Arial, Helvetica, sans-serif">
And now ur font size wont change even if u use explorer.
@pinpoint222
Ok now it looks good all text in one line now :D
Thanks for helping me out.
Quote from: ceesjoore on November 05, 2006, 06:33:50 PM
@pinpoint222
Ok now it looks good all text in one line now :D
Thanks for helping me out.
Now i have a different problem when i put a comment by a photo like this http://www.ceesjoore.nl/coppermine/displayimage.php?album=32&pos=12
the comment is added by this photo http://www.ceesjoore.nl/coppermine/displayimage.php?pos=-194
I am very confused ???
Hi
Solution is here
Yes . i tried it on ur site ..but i found the problem seems to be the wayCoppermine memorizes data or saves it in the cookies.(correct me if i am wrong please)..so the previous data is also posted along with new data ..
what i did i Flushed the memory before sending new data..now it wont double post or cross post.
1- Open theme.php and find this
Quote// HTML template for the form to add comments
$template_add_your_comment = <<<EOT
<form method="post" name="post" action="db_input2.php">
<table align="center" width="{WIDTH}" cellspacing="1" cellpadding="0" class="maintable" bgcolor="#FFFFFF">
<tr>
<td width="100%" class="tableh2_compact"><b>{ADD_YOUR_COMMENT}</b></td>
2-- Replace it with this
Quote// HTML template for the form to add comments
$template_add_your_comment = <<<EOT
<!-- Start flushing the previous data memory-->
<?php
$msg_author = "";
$msg_body ="";
$toxic = "";
?>
<!-- end flushing the previous data memory -->
<form method="post" name="post" action="db_input2.php">
<table align="center" width="{WIDTH}" cellspacing="1" cellpadding="0" class="maintable" bgcolor="#FFFFFF">
<tr>
<td width="100%" class="tableh2_compact"><b>{ADD_YOUR_COMMENT}</b></td>
Thats it. SO now all the previous name ..comments in the memory(cookies??) will be flushed empty and when the visiter will click OK. it will carry only new data. and also visitor will not be able to comment on same image more than once...
It will work.. just edit theme.php..
Quote from: pinpoint222 on November 05, 2006, 08:04:15 PM
Hi
Solution is here
Yes . i tried it on ur site ..but i found the problem seems to be the wayCoppermine memorizes data or saves it in the cookies.(correct me if i am wrong please)..so the previous data is also posted along with new data ..
what i did i Flushed the memory before sending new data..now it wont double post or cross post.
1- Open theme.php and find this
2-- Replace it with this
Thats it. SO now all the previous name ..comments in the memory(cookies??) will be flushed empty and when the visiter will click OK. it will carry only new data. and also visitor will not be able to comment on same image more than once...
It will work.. just edit theme.php..
The problem stays, all the comments are added by this picture http://www.ceesjoore.nl/coppermine/displayimage.php?pos=-194
Brother.. it seems that is ur coppermine gallery database problem.. that is why u are having this problem. it is not caused by my hack at all. My hack doesnt target any specific image or URL. either it affects all or it affects none.
ask for that comment posting problem with cp developer team in the miscellenouse section.
I have check it on my testing domain gallery too.this hack doesnt cross post comments.
u can check it at my testing domain ..Domain url is in the image attached..
Ok thanks for helping.
ah!.. improper theme.php changes led to your issue. I shall Sum up the whole mod into a zip file and attach here soon SO confusion and errors donot occur for readers reading this mod.
Here is the MOD complete with full n final with instructions
Simply download and unzip the attachment.
It contains
1-- Most Simple Comment Spam protection for 1.doc (MS WORD version Manual)
2-- Most Simple Comment Spam protection.pdf (pdf version Manual)
3-- done.php file
4-- capimage.jpg File
5-- db_input2.php File
Read the instruction in doc Or PDF..and apply the Mod. :)
Thanks for God :)
Awesome!! Thanks very much, seems to be working great...
http://www.oneuk.f2s.com/photos/
Well almost working. Still getting some spam. I guess someone is posting manually..?!
To all the readers of this mod. Here is something i have discovered
Spam bots read the URLs and Store the absoulte URLs information for Spamming.
Now everyone knows that the URL of db_input.php will always be something like
pathtocpgfolder/db_input.php
So the spam bots simply call the db_input.php so the spam is posted easily as the location of db_input.php is always the root of cpg folder and its file name does not change.
SO the solution
1-- Apply this Mod from zipped folder carefully
2-- Open the db_input.php
Find this
Quoterequire('include/init.inc.php');
require('include/picmgmt.inc.php');
require('include/mailer.inc.php');
require('include/smilies.inc.php');
and change it to this
Quote
require('include/init.inc.php');
require('include/picmgmt.inc.php');
require('include/mailer.inc.php');
require('include/smilies.inc.php');
if ($_POST['msg_body'] != ''){
header('Location: done.php');
die();
}
And that is it.
What does it do.. for information
1-- msg_body means comment message posted(by spam bot most likely).
2-- this small script checks >>>>> whether msg_body has any data or not. if it has any data(comment) then that comment is not posted and the spam bot is taken to done.php page. if there is no data(comment) then the regular function of db_input.php continues.
3-- and that is all. we will deny the comment posting using db_input.php. Comments can only be posted using db_input2.php file which came with this mod.
Apply and i hope that stops the comments being postedby spam bot using db_input.php file.
BRAVO! i was right.
Just tested my concept using JohnM-Uk site and my site and i was absolutey right
The spam bots dont even have to come to coppermine gallery to post the spam comments. They simple POST the name value, comment value, PID value(picture id) and call the full url of db_input.php URL. and comments are added.
for readers and user of this Mod.. Apply the MOD from zipped folder and then add the New extra 3 Lines to db_input.php too. That will prevent remote spam posting through db_input.php
Quote from: pinpoint222 on November 11, 2006, 10:24:25 AM
The spam bots dont even have to come to coppermine gallery to post the spam comments. They simple POST the name value, comment value, PID value(picture id) and call the full url of db_input.php URL. and comments are added.
Congrats - you just discovered how bots work ;).
If a significant number of users apply your mod, the bot scripts will be re-written to reflect your change and you're back to where you started.
A real protection would make it mandatory to visit the page that contains the form by coming up with a unique pattern (session hash comes to mind) there and an additional check on the page that receives the data (db_input.php) that checks for the unique id.
Everything else will just be a workaround (like the suggested change of the filename).
Thank you for the appreciation.. GauGau
As long as it works No harm in using this simple Mod.
Next version of CPG(1.5x) will have built-in one (hope so)..So when it will come then ppl can switch to it very easily.Until THAT "real protection" comes there is nothing wrong in using this MOD.
Well I have now applied your latest code (in db_input) on my site. Let's hope it works..
Yes u have applied the code properly. I tried to post comment to ur gallery remotely but now i cannot.So it is working sofar.
I Hope this Zipped MOD + 3 new lines in db_input.php will prevent the total spam.
Give the feedback here after 2-3 days.
Peace :)
Version 1.0 of this MOD/Hack has been added to the Starting Post of this Thread on page 1.(dated Nov. 11, 2006).
1-- All instructions and Files required are in that zipped folder.
2-- All future versions shall be added to the First/Starting Post now to prevent duplicates and confusion.
Thanks for this mods, I have successfully installed on my cpg :)
I have no idea where the spambot came from :confused: as I got 1000 of spam just in 5 hours, but with this mods hopefully there's no spam anymore!
Mod version 1.0 is attached to the first post of this thread
By default.. db_input.php is open to spam in CPG ..Known issue. So protection is provided to db_input.php and db_input2.php in this mod.
instead of 6B38 code You can also use your own image with code written on it.That is optional.
Hello pinpoint222,
Good work. Is there a way to get random images with confirm code?
So it doesn't use the same code everytime?
Regards,
manne
i think static image rotation is possible. But i am not the php coder so will not be able to code that for you. This mod is for static single image confirmation. For dynamic see the other mods/Plugins in the Comment subforums.
okej!
thank you anyway..
be cool 8)
THANKS A LOT :) :) :) :) I am really greatful for those helpful stuff. Greetings.
I'm wondering if there's a php-varible in CPG, that allows to check if you are a "logged in user" or a "not logged in guest" !?
Then it would be possible to force only "not logged in guests" to pass the Spam Protection...
For Example, in Joomla, you could use the variable $is_user in that case -
does CPG offer something similar?
Thanks in advance
;)
Just answered your identical question on the German support board (http://forum.coppermine-gallery.net/index.php?topic=39055.0). Please don't cross-post in the future, as this causes extra moderation effort.
The dev team doesn't recommend to use this mod, as it is based on a security-by-obscurity concept that we don't approve. We recommend using the captcha-mod or captcha-plugin instead, which comes with what you're up to (option to display the spam protection only for non-registered visitors aka guests).
As suggested in the thread subject, this mod is suppossed to be simple. If you need advanced stuff, go for the advanced mods.
Joachim
OK & Thanks a lot Joachim!
::)
Want to thank you for providing this.
Seem to have stopped the spam problem I had on my coppermine site.
Thanks for the help, everyone!
I'll know in a few hours if it works on the bots that say "Very Nice Picture. Do You Mind If I Invade Your Site and Take Your Last Beer?"
This fix has been working great for two weeks now, many thanks.
Quote from: pinpoint222 on September 14, 2006, 06:24:21 PM
Read the instruction in doc Or PDF..and apply the Mod properly. Incase you need help post in this thread
You might want to consider adding a simple plain txt version. I had a VERY hard time adding this piece of code to theme.php because of the strange sources (pdf and doc hardly work for code at all!)
Just consider adding it as txt.
Here's the code for theme.php (from Step 2) shortened for speed// HTML template for the form to add comments
$template_add_your_comment = <<<EOT
<form method="post" name="post" action="db_input2.php">
<?php
$msg_author = "";
$msg_body ="";
$toxic = "";
?>
<table align="center" width="{WIDTH}" cellspacing="1" cellpadding="0" class="maintable" bgcolor="#FFFFFF"><tr>
<td width="100%" class="tableh2_compact"><b>{ADD_YOUR_COMMENT}</b></td></tr><tr>
<td colspan="1"><table width="100%" cellpadding="0" cellspacing="0">
<tr><td class="tableb_compact">
{NAME}
</td><td class="tableb_compact">
<input type="text" class="textinput" name="msg_author" size="10" maxlength="20" value="{USER_NAME}" />
</td><td class="tableb_compact">
{COMMENT}
</td><td width="100%" class="tableb_compact">
<input type="text" class="textinput" id="message" name="msg_body" onselect="storeCaret_post(this);" onclick="storeCaret_post(this);" onkeyup="storeCaret_post(this);" maxlength="{MAX_COM_LENGTH}" style="width: 100%;" />
</td><td class="tableb_compact">
{COMMENT}
</td><td width="100%" class="tableb_compact">
<input type="text" class="textinput" id="message" name="msg_body" maxlength="{MAX_COM_LENGTH}" style="width: 100%;" />
</td>
<td class="tableb_compact"> </td></tr></table></td></tr>
<tr><td width="100%" class="tableb_compact">
{SMILIES}
</td></tr>
<tr><td colspan="1"><table width="100%" cellpadding="0" cellspacing="0">
<tr bgcolor="#FFFFFF"><td class="tableb_compact" align="right">
<b>Enter this Code <img src="http://www.yoursite.com/CPG/Themes/classic/images/capimage.jpg"> in the Box</b></font></td>
<td class="tableb_compact" align="left">
<input name="thenum" type="text" id="checkit" > Type Four Letter Code
</font></td><td class="tableb_compact" align="left">
<input type="hidden" name="event" value="comment" />
<input type="hidden" name="pid" value="{PIC_ID}" />
<input type="submit" class="comment_button" name="submit" value="{OK}" />
</td></tr></table></td></tr></table></form>
EOT;
Also, why this:
STEP5:Opendb_input2.phpfileandfindtheseLineinitinthebeginningofthefile
require('include/init.inc.php');
require('include/picmgmt.inc.php');
require('include/mailer.inc.php');
require('include/smilies.inc.php');
STEP6: AddthisjustbelowtheselinesSoitbecomes
require('include/init.inc.php');
require('include/picmgmt.inc.php');
require('include/mailer.inc.php');
require('include/smilies.inc.php');
if($_POST['thenum']!='6B38'){
header('Location:done.php');
die();
}
Step7:Savethedb_input2.phpfile.
Step8:Fromthezippedfolder uploaddb_input.phptoyourserverandoverwritethe
previousdb_input.phpfile.
Andthatis it. YourSimplepersonalspamprotection is workingnow.
If it needs to be added to a file that is already in your package, why did you put this in your 'manual'?
Forgive me, but this is just VERY strange and hard to understand this way.
Could you explain the actuall steps needed?
Is there a way to edit posts in this forum?
OK, I found out there's a nice captcha plugin now, so disregard my previous messages. (Can I delete them?)
Quote from: jult on April 27, 2007, 07:24:01 PM
Is there a way to edit posts in this forum?
No.
Quote from: jult on April 27, 2007, 08:03:41 PM
so disregard my previous messages. (Can I delete them?)
No.
We don't want users to edit out their postings - they remain as reference. That's the whole point of a support board - postings remain for the benefit of others. That's why you can't edit nor delete your postings. Meta-discussions about forum permissions should not go into an announcement thread though.
Quote from: jult on April 27, 2007, 07:23:19 PM
Also, why this:
STEP5:Opendb_input2.phpfileandfindtheseLineinitinthebeginningofthefile
require('include/init.inc.php');
require('include/picmgmt.inc.php');
require('include/mailer.inc.php');
require('include/smilies.inc.php');
STEP6: AddthisjustbelowtheselinesSoitbecomes
require('include/init.inc.php');
require('include/picmgmt.inc.php');
require('include/mailer.inc.php');
require('include/smilies.inc.php');
if($_POST['thenum']!='6B38'){
header('Location:done.php');
die();
}
Step7:Savethedb_input2.phpfile.
Step8:Fromthezippedfolder uploaddb_input.phptoyourserverandoverwritethe
previousdb_input.phpfile.
Andthatis it. YourSimplepersonalspamprotection is workingnow.
If it needs to be added to a file that is already in your package, why did you put this in your 'manual'?
Forgive me, but this is just VERY strange and hard to understand this way.
Could you explain the actuall steps needed?
I know everything cooked can b thrown into zip folder .The Manual is everything.It has everything even if you do not have the files like db_input.php or db_input2.php You can create it using that manual. If you find any step already been done in the files that came with Zip folder then Just Consider that step done. you do not need to redo something which has already been done...
It is very important to explain how db_input2.php is created and how it is modified at what place. It is very simple if you simply follow the instructions. Explanation of all steps is full so
1-- one can follow it easily as novice
2-- One can/others can trouble shoot easily
3-- one can go back to original CPG system cancelling/suspending any modifications
4-- if future version of CPG files are changed then one must know what might affect working of this MOD
So far for the last 7 months i have found no spam since installation of this MOD and i can say that have not received spam complaints after its version 1.0 was released.
For Text version of Manual COPY all code from .DOC file and paste into a new Blank Notepad file and save that notepad file as "somefilename.txt" and you can have TEXT version of the manual.
I've tons of spams in the comments that I would like to remove. Any programs that I can use to completley remove these comments without destroying my albums?
Thanks!
Don't ask unrelated questions on a mod thread. Start your own after searching the board.
So all i really need is the info from the beginning of the post and i should be good to go
cause it gets confusing having to run through all these posts to see when or how it actually worked
i just want to complete working guide with all possible errors modified and updated
is that in the first post?
Quote from: deandre81 on July 07, 2007, 09:58:20 PM
So all i really need is the info from the beginning of the post and i should be good to go
cause it gets confusing having to run through all these posts to see when or how it actually worked
i just want to complete working guide with all possible errors modified and updated
is that in the first post?
Yes.Download the Zipped file from First Post.You do not have to read full thread and its content.
Read the instructions fully in the manual which comes within zipped folder. Then apply it .Always make a backup of your Theme folder before you change anything in it. That is universal safety advice.
If you face any problem which you cannot solve and is not answered in this thread at all then post in the thread.