Safe Web Comments: A Web Page Comment Form Protected from Spam Robots by Captcha & other Spam Traps
This software is at stage: Released Version 1.0. Please report bugs etc by email or in the comment form at bottom of page.
Introduction: SafeWebComments is utterly simple. Comment data are gathered through a Web Form, parsed into html and posted into an HTML Data file that is in fact just a text file. The comments are displayed by "including" the HTML Data via Server Side Includes into the originating web page. Protection from spamming web robots is effected by guarding access to the Web Form with the random image generator known as Captcha as well as a couple of anti spam tricks that make spam from robots almost impossible.
These general features have been incorporated:
These anti spam features have also been incorporated:
These features will be addressed:
Copyright: Swerdna's Open Source Software: GNU General Public License (GPL).
Download the Files: Download the package swc_r.1.0.tar.gz. Extract (untar) it anywhere. Use e.g. R-click and select "Extract here" in Konqueror or Nautilus or execute tar -xf swc_r.1.0.tar.gz. Installation instructions are in the contained file install.html and the files for SafeWebComments are in the folder named "swc_files".
Placing the files: For illustration, suppose you have a web page yourpage.html where you want to install SafeWebComments. SafeWebComments works on pages with extensions .html and .php, I haven't tried others. Create a folder called comments.php in the document root of your web server and inside comments.php create a folder named yourpage. Note that it must be named for the page yourpage.html. Copy all the contents from inside the download folder swc_files over into folder yourpage.
Permissions: One directory and four files need to be made writeable to allow PHP scripts to store comments and other dynamic data. They are the directory /comments.php/yourpage/b2evo_captcha_tmp and the four files with .html extensions in directory /comments.php/yourpage. To be precise: make b2evo_captcha_tmp to drwxrwxrwx and make buffer.html, config.html, data.html and includefile.html to -rw-rw-rw. These shell commands will do that:
Clean Out Old Data: Only copy unused download files. Even so, sometimes this advice is ignored and old files and directories are copied into directory /comments.php/yourpage/ instead of the unused download files. So make sure that directory /comments.php/yourpage/b2evo_captcha_tmp is empty and that old text data aren't copied across into "path.dat" or into "*.html".
Path Information: Create the file path.dat at /comments.php/yourpage/path.dat, open it in a text editor and insert the following line of path information:
This is a one-line comma separated list of the path to the web page (e.g. /yourpage.html) followed by the page's file extension (e.g. html or php; NB no spaces on the line & last character is a comma). This information is used in various ways to link back and forth between the web page and the utilities in the folder /comments.php/yourpage.
Server Side Includes: Now you enable Server Side Includes for the page yourpage.html and for the document root of your web server. To enable a page you set its execute bit by executing this shell command in a terminal:
To enable Includes in the document root you EITHER turn on the Directive Options Includes OR you add these two lines into the .htaccess file for the document root:
Next you add this line of code near the end of your html page yourpage.html:
But of course if using php, and yourpage.php then insert this into the html code instead:
The recommended location is above the </body> tag and preferably just above the final closing </div> tag defining the overall page container. You may need to experiment to find the best location. It will be very close to the closing </div> and </body> tags. NOTE that the path contains part of the filename of yourpage.html.
Run Setup Scripts: Before you run setup scripts you must have placed the files, set the folder permissions, cleaned out old files and set the path information in path.dat, as detailed above. Then: To install this software automatically you run the script "zerofiles.php" by entering the following address into your web browser (adjust for yourdomain.com and for yourpage):
This script will display a dialogue in your browser that confirms to you that it has executed and after a pause for you to register that fact, your browser will forward you to a Web Form that is a GUI configurator for personalising the styles for the commentary that appears in yourpage.html. The configurator is self explanatory, including an illustrative screenshot. You post the new configuration with a "Submit" button and can view the changed appearance on your web page. You might need to refresh the page in your browser to see the new styles.
You can now add comments to the page yourpage.html by addressing it in your web server at http://www.yourdomain.com/yourpage.html and clicking on the button to "add comments". You can change the styles at will by addressing the GUI configurator directly at:
The GUI configurator changes the styles for the comments while preserving them (comments and styles are kept in separate data files and blended magically, so you can change them separately)
You can get rid of your experiments in making comments by re-addressing the install script zerofiles.php in your browser. That script automatically deletes all comments and re-zeroes the installation. It re-installs the default styles too which is useful if you can't remember how to get them back.
Security NB: After you are satisfied with the setup and the styles, move or remove the files guiconfig.php and zerofiles.php or password protect them, for obvious reasons. If you remove them you can temporarily restore them from the source package for occasional maintenance. You should also prohibit directory listings in browsers for /comments.php and its subdirectories. Setting the appropriate directive in Apache config files is preferred, but alternatively create an .htaccess file in /comments.php and add this line:
Errors -- Possible Causes
When you click to Add Comments on the web page, you don't see the Captcha graphic on the page you're taken to: the folder b2evo_captcha_tmp is not world writeable drwxrwxrwx.
The 10-second delayed redirect from the script zerofiles.php doesn't work and produces the error "object not found": The path data in the file path.dat are wrong.
"Existing Values" on the GUI configurator are not filled OR "New Values" contain no suggested values OR "New Values" that you post do not get recorded: Check the the file config.html has permissions -rw-rw-rw. And check the other three .html files are world writeable as well.
E-mail alerts to the webmaster do not arrive: These use the PHP function mail() which requires to be initialised correctly in php.ini and also requires sendmail to be installed. If you can't setup your server correctly, you can turn the E-mail function off in the GUI configurator.
You get no image on the Captcha form, just this error message:
PHP uses a GD library to create the image you normally see on the Captcha form. The software isn't installed. In openSUSE Linux 11.0, for ecample, it's the RPM php5-gd-5.2.5-66.1
Remember to be consistent with file extensions. In the example/s above I used .html. If you're using .php, you must make appropriate modifications to my examples.
Report any bugs, difficulties, ideas in the comment form.
Swerdna: 27 December 2007
Lately I developed an interest in programming in C, FreeBasic and PHP. I hope you find these interesting and/or useful.
Safe Web Comments: A web page comment form protected from spam robots by Captcha & heuristic spam traps.
Web Hit Counter: A system for recording and displaying web page hits in an Apache web server
Preview: A graph plotting utility for visualising two dimensional serial numerical data
Comments:
Add CommentsPosted: 26 December 2008 by rewrew
rrrewrqewqrewq
Posted: 10 December 2008 by test
test
Posted: 1 November 2008 by marcelo
Hola!!! spanish test
Posted: 8 July 2008 by Morris from Wpg Canada
Testing again
Posted: 8 July 2008 by Moe
test
Posted: 22 February 2008 by Ken from Georgetown IN
I'm seeing some possibilities for this little program on our website www.jkvetter.net Additionally, your website has been of great help to me in my learning to work with openSuSe. Thank you Ken
Posted: 22 January 2008 by Pam from Greenville USA
Checking out this demo.
Posted: 28 December 2007 by IE6 User from USA
I'm using Internet Explorer 6 & Windows 2000. Looks and works OK in IE
Posted: 28 December 2007 by Swerdna from Qld Oz
Thanks Jon. I'll use the str_replace function to swap angle brackets for < and > versions and in addition ask the author to edit before posting comments containing 'a href' or 'href=' or 'href ='. That breaks active links, scripts & html and allows like this sort of reference: http://www.swerdna.net.au
Posted: 28 December 2007 by Jon from UK
Personally, I'd probably block all html by changing the angle brackets to their ampersand equivalents. Script tags can be dangerous, other html can mess a page up. If I let any through, it would probably just be bold, italics, etc. If you really do want to find an HTML link, you might want to look up regular expressions.
Posted: 28 December 2007 by Swerdna
Hmmm?? Very true, thanks Jon. OK I can react to check three conditions; viz existence of a+> and href and <+a, what do you think of that? Or what would you suggest? -- Swerdna (hard to get these < and > symbols to pass through without being interpreted by PHP or Apache)
Posted: 28 December 2007 by Jon from UK
A link may be in upper, lower or mixed case. The URL may be quoted in single, double quotes or not at all. href need not be the first attribute, eg a name="link" href="site.com"...
Posted: 28 December 2007 by Swerdna
Thanks for that Jon from UK. Two problems for me to fix from your post: One is the escaped single quote, which I've fixed I hope (see the word I've and for good measure the "quotes round this"). The other is the active link in the main message, which I want to forbid, thought I had, but obviously not.
Posted: 27 December 2007 by Jon from Norfolk UK
Here\'s another comment. And a link
Posted: 27 December 2007 by Geoff
Well done! Hope you have a happy PHP new year :) /Geoff
Posted: 27 December 2007 by Swerdna from SE Qld Oz
This is a first test posting of a comment using the script SafeWebComments. Please post your comments here because the script is only at RC1 stage and is certain to contain bugs - so if you exercise the script by posting comments, then I'll have a chance to see what the problems are -- Thanks -- Swerdna