Anyway, I wanted to know how to prevent spammers from spamming my blog posts.
Thank!
Full Version: Anti-spam comments
I came back to the forums to find the help with CAPTCHA and comments but they're all gone?
Anyway, I wanted to know how to prevent spammers from spamming my blog posts.
Thank!
Anyway, I wanted to know how to prevent spammers from spamming my blog posts.
Thank!
What do you mean, they're all gone?
They're all still there for me. Make sure you select "show all" in the drop down menu at the bottom of the tutorials forum - currently it limits the forum to 30 days' worth of posts so as to speed up loading times and such.
Edit: no need to even do that - there's a very recent thread about this...
Here are some threads which may be useful to you: captcha implementation and JS protection.
They're all still there for me. Make sure you select "show all" in the drop down menu at the bottom of the tutorials forum - currently it limits the forum to 30 days' worth of posts so as to speed up loading times and such.
Edit: no need to even do that - there's a very recent thread about this...
Here are some threads which may be useful to you: captcha implementation and JS protection.
Since the original captcha thread is locked, I thought I'd try replying here... I've been using the build a blog tutorial, and it's wonderful, truly, but I too keep getting those spam comments... I tried the JS implement, but it didn't do the trick.
So I tried using captcha instead. However, using the code for process.php provided in the topic referred to, it doesn't work - I get connection errors. Which is logical, considering there's no place in that code where process.php is provided with the info to connect to my database. I've tried putting in the info below the captcha code, where it was placed in the pre-captcha process.php, but it still doesn't work.
Here's the error I get:
Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'aicon'@'localhost' (using password: NO) in /path/colligo/process.php on line 53
aicon is not my username, so I'm assuming it's some default. Here's what my process.php looks like now (obviously I've exchanged the mysql connection info with my own):
<?php
if (isset($_POST['submit_comment'])) {
function verifycaptcha() {
@session_start();
$verifyimage = trim(strip_tags($_POST['verifyimage']));
if (isset($_SESSION['encoded_string']) && $verifyimage == $_SESSION['encoded_string']) {
$verifiedimg = true;
}
else {
$verifiedimg = false;
}
return $verifiedimg;
}
if (!verifycaptcha()) {
if (isset($_SESSION['encoded_string']) && isset($_COOKIE[session_name()])) {
setcookie(session_name(), '', time()-36000, '/');
$_SESSION = array();
session_destroy();
}
include("header.php");
echo "<h2>Error</h2>\n\n<p>Wrong image verification text entered. Please go back, refresh the page, and try again.</p>";
include("footer.php");
exit;
}
if (isset($_SESSION['encoded_string']) && isset($_COOKIE[session_name()])) {
setcookie(session_name(), '', time()-36000, '/');
$_SESSION = array();
session_destroy();
}
if (empty($_POST['name']) || empty($_POST['email']) || empty($_POST['comment'])) {
die("You have forgotten to fill in one of the required fields! Please make sure you submit a name, e-mail address and comment.");
}
$entry = htmlspecialchars(strip_tags($_POST['entry']));
$timestamp = htmlspecialchars(strip_tags($_POST['timestamp']));
$name = htmlspecialchars(strip_tags($_POST['name']));
$email = htmlspecialchars(strip_tags($_POST['email']));
$url = htmlspecialchars(strip_tags($_POST['url']));
$comment = htmlspecialchars(strip_tags($_POST['comment']));
$comment = nl2br($comment);
if (get_magic_quotes_gpc()) {
$comment = stripslashes($comment);
$name = stripslashes($name);
$email = stripslashes($email);
$url = stripslashes($url);
$timestamp = stripslashes($timestamp);
$entry = stripslashes($entry);
}
$comment = mysql_real_escape_string($comment);
$name = mysql_real_escape_string($name);
$email = mysql_real_escape_string($email);
$url = mysql_real_escape_string($url);
$timestamp = mysql_real_escape_string($timestamp);
$entry = mysql_real_escape_string($entry);
if (!eregi("^([_a-z0-9-]+)(\.[_a-z0-9-]+)*@([a-z0-9-]+)(\.[a-z0-9-]+)*(\.[a-z]{2,4})$", $email)) {
die("The e-mail address you submitted does not appear to be valid. Please go back and correct it.");
}
mysql_connect ('localhost', 'username', 'password');
mysql_select_db ('database');
$result = mysql_query("INSERT INTO $comments (entry, timestamp, name, email, url, comment) VALUES ('$entry','$timestamp','$name','$email','$url','$comment')") or die("Could not add comment: " . mysql_error());
header("Location: Entry.php?id=" . $entry);
}
else {
die("Error: you cannot access this page directly.");
}
?>
It might be some obvious error, but I know nothing about this sort of thing, so please bear with me.
So I tried using captcha instead. However, using the code for process.php provided in the topic referred to, it doesn't work - I get connection errors. Which is logical, considering there's no place in that code where process.php is provided with the info to connect to my database. I've tried putting in the info below the captcha code, where it was placed in the pre-captcha process.php, but it still doesn't work.
Here's the error I get:
Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'aicon'@'localhost' (using password: NO) in /path/colligo/process.php on line 53
aicon is not my username, so I'm assuming it's some default. Here's what my process.php looks like now (obviously I've exchanged the mysql connection info with my own):
CODE
<?php
if (isset($_POST['submit_comment'])) {
function verifycaptcha() {
@session_start();
$verifyimage = trim(strip_tags($_POST['verifyimage']));
if (isset($_SESSION['encoded_string']) && $verifyimage == $_SESSION['encoded_string']) {
$verifiedimg = true;
}
else {
$verifiedimg = false;
}
return $verifiedimg;
}
if (!verifycaptcha()) {
if (isset($_SESSION['encoded_string']) && isset($_COOKIE[session_name()])) {
setcookie(session_name(), '', time()-36000, '/');
$_SESSION = array();
session_destroy();
}
include("header.php");
echo "<h2>Error</h2>\n\n<p>Wrong image verification text entered. Please go back, refresh the page, and try again.</p>";
include("footer.php");
exit;
}
if (isset($_SESSION['encoded_string']) && isset($_COOKIE[session_name()])) {
setcookie(session_name(), '', time()-36000, '/');
$_SESSION = array();
session_destroy();
}
if (empty($_POST['name']) || empty($_POST['email']) || empty($_POST['comment'])) {
die("You have forgotten to fill in one of the required fields! Please make sure you submit a name, e-mail address and comment.");
}
$entry = htmlspecialchars(strip_tags($_POST['entry']));
$timestamp = htmlspecialchars(strip_tags($_POST['timestamp']));
$name = htmlspecialchars(strip_tags($_POST['name']));
$email = htmlspecialchars(strip_tags($_POST['email']));
$url = htmlspecialchars(strip_tags($_POST['url']));
$comment = htmlspecialchars(strip_tags($_POST['comment']));
$comment = nl2br($comment);
if (get_magic_quotes_gpc()) {
$comment = stripslashes($comment);
$name = stripslashes($name);
$email = stripslashes($email);
$url = stripslashes($url);
$timestamp = stripslashes($timestamp);
$entry = stripslashes($entry);
}
$comment = mysql_real_escape_string($comment);
$name = mysql_real_escape_string($name);
$email = mysql_real_escape_string($email);
$url = mysql_real_escape_string($url);
$timestamp = mysql_real_escape_string($timestamp);
$entry = mysql_real_escape_string($entry);
if (!eregi("^([_a-z0-9-]+)(\.[_a-z0-9-]+)*@([a-z0-9-]+)(\.[a-z0-9-]+)*(\.[a-z]{2,4})$", $email)) {
die("The e-mail address you submitted does not appear to be valid. Please go back and correct it.");
}
mysql_connect ('localhost', 'username', 'password');
mysql_select_db ('database');
$result = mysql_query("INSERT INTO $comments (entry, timestamp, name, email, url, comment) VALUES ('$entry','$timestamp','$name','$email','$url','$comment')") or die("Could not add comment: " . mysql_error());
header("Location: Entry.php?id=" . $entry);
}
else {
die("Error: you cannot access this page directly.");
}
?>
It might be some obvious error, but I know nothing about this sort of thing, so please bear with me.
Either place your MySQL connection information at the top of process.php, or change this bit:
...change all those mysql_real_escape_string parts to addslashes.
CODE
$comment = mysql_real_escape_string($comment);
$name = mysql_real_escape_string($name);
$email = mysql_real_escape_string($email);
$url = mysql_real_escape_string($url);
$timestamp = mysql_real_escape_string($timestamp);
$entry = mysql_real_escape_string($entry);
$name = mysql_real_escape_string($name);
$email = mysql_real_escape_string($email);
$url = mysql_real_escape_string($url);
$timestamp = mysql_real_escape_string($timestamp);
$entry = mysql_real_escape_string($entry);
...change all those mysql_real_escape_string parts to addslashes.
I tried changing mysql_real_escape_string to addslashes, and got this error when trying to send a comment:
Could not add comment: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '(entry, timestamp, name, email, url, comment) VALUES ('4','1177451097','Renate',' at line 1
I get the same syntax error if I move the MySQL connection info to the top.
Could not add comment: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '(entry, timestamp, name, email, url, comment) VALUES ('4','1177451097','Renate',' at line 1
I get the same syntax error if I move the MySQL connection info to the top.
When you move the MySQL information to the top, did you leave those parts as mysql_real_escape_string? If not, change them back to that and see if it works.
Oh, actually I think I see what the problem is - you don't have a $comments variable (where it says INSERT INTO $comments (entry, timestamp etc.). Change the $comments part to the name of your comments table, e.g. php_blog_comments and it should work.
Oh, actually I think I see what the problem is - you don't have a $comments variable (where it says INSERT INTO $comments (entry, timestamp etc.). Change the $comments part to the name of your comments table, e.g. php_blog_comments and it should work.
Amelie, you're a star! 
It works like a charm now. Thank you!
It works like a charm now. Thank you!
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.