Woodymon:
Beyond that I just discovered someone is spamming comments to a posted news article. Even though I configured the mod to allow comments from logged in users only, this person is not logging in when making comments (at least I see no account name with the name the spammer is using to post).
Whoops. Boy is my face red :oops:
It is fairly easy to fix good enough until such time as I get enough time to make an updated version with better comment spam protection. Though this + requiring login should work fairly well.
1. Open
includes/modules/pages/news_comments/header_php.php
2. Find the lines, approximately around line 50:
[php]// Oh posting the comments!
if (isset($_POST['action']) && ($_POST['action'] == 'process')) {[/php]
3. Directly
after those lines, add the following:
[php]
/**
* Prevent users from directly hitting the form when NEWS_COMMENTS_REQUIRE_CUSTOMER is true
*/
if ((NEWS_COMMENTS_REQUIRE_CUSTOMER == 'true') && !isset($_SESSION['customer_id'])) {
exit;
}[/php]
4. The final result should appear something like:
[php]// Oh posting the comments!
if (isset($_POST['action']) && ($_POST['action'] == 'process')) {
/**
* Prevent users from directly hitting the form when NEWS_COMMENTS_REQUIRE_CUSTOMER is true
*/
if ((NEWS_COMMENTS_REQUIRE_CUSTOMER == 'true') && !isset($_SESSION['customer_id'])) {
exit;
}[/php]
And that should stop anonymous spam when NEWS_COMMENTS_REQUIRE_CUSTOMER is true. :)