Okay, so maybe that's not enough. With the above hack when you go to your edit tab and select a post to edit the comments that are not published will have a 'Publish' button along with the standard 'Edit' and 'Delete' buttons. Problem is if you hit the link in your email message saying you got a new comment you won't have the 'Publish' option because you're in edit_comment mode. On that page you will see that the status is 'draft' but won't have any easy way to do anything about it. That's bad, but this additional hackage gives you a radio button to publish the comment.

Open admin/_edit_form.php and find this:

if ($action == "editcomment")
{
?>
	<fieldset>
		<legend><?php echo T_('Comment info') ?></legend>
		<p><strong><?php echo T_('Author') ?>:</strong> <?php echo $edited_Comment->author() ?></p>
		<p><strong><?php echo T_('Type') ?>:</strong> <?php echo $commentdata["comment_type"]; ?></p>
		<p><strong><?php echo T_('Status') ?>:</strong> <?php echo $commentdata["comment_status"]; ?></p>
		<p><strong><?php echo T_('IP address') ?>:</strong> <?php echo $commentdata["comment_author_IP"]; ?></p>

<?php
}
/* elseif ($action == "edit")
{
// 		<p><strong>Pings:</strong> <?php echo in_array( 'pingsdone', $postdata["Flags"] ) ? 'Done':'Not done yet';
}*/

and change it to this:

if ($action == "editcomment")
{
?>
	<fieldset>
		<legend><?php echo T_('Comment info') ?></legend>
		<p><strong><?php echo T_('Author') ?>:</strong> <?php echo $edited_Comment->author() ?></p>
		<p><strong><?php echo T_('Type') ?>:</strong> <?php echo $commentdata["comment_type"]; ?></p>
		<p><strong><?php echo T_('Status') ?>:</strong> <?php echo $commentdata["comment_status"]; ?></p>
		<p><strong><?php echo T_('IP address') ?>:</strong> <?php echo $commentdata["comment_author_IP"]; ?></p>

<?php
} ?>

	<fieldset>
		<legend><?php echo T_('Status') ?></legend>

		<?php
		if( $current_User->check_perm( 'blog_post_statuses', 'published', false, $blog ) )
		{
		?>
		<label title="<?php echo T_('Publish this Comment') ?>"><input type="radio" name="comment_status" value="published" class="checkbox" />
		<?php echo T_('Publish this Comment') ?></label><br />
		<?php
		}
		?>
	</fieldset>

<?php 
/* elseif ($action == "edit")
{
// 		<p><strong>Pings:</strong> <?php echo in_array( 'pingsdone', $postdata["Flags"] ) ? 'Done':'Not done yet';
}*/

Now you've got a button, so edit admin/edit_actions.php again to make it work. Find this bit:

		if( $edit_date && $current_User->check_perm( 'edit_timestamp' ))
		{	// We use user date
			$edited_Comment->set( 'date', date('Y-m-d H:i:s', mktime( $hh, $mn, $ss, $mm, $jj, $aa ) ) );
		}

		$edited_Comment->dbupdate();	// Commit update to the DB

	 	$comment_post_ID = $edited_Comment->Item->ID;
		header ("Location: b2browse.php?blog=$blog&p=$comment_post_ID&c=1#comments"); //?a=ec");
		exit();

and change it to this:

		if( $edit_date && $current_User->check_perm( 'edit_timestamp' ))
		{	// We use user date
			$edited_Comment->set( 'date', date('Y-m-d H:i:s', mktime( $hh, $mn, $ss, $mm, $jj, $aa ) ) );
		}

		$edited_Comment->dbupdate();	// Commit update to the DB

		if( $comment_status == 'published' )
		{	// change comment from draft to published
			$sql = "UPDATE $tablecomments SET comment_status = 'published' WHERE comment_ID = $comment_ID";
			$DB->query( $sql );
		}

	 	$comment_post_ID = $edited_Comment->Item->ID;
		header ("Location: b2browse.php?blog=$blog&p=$comment_post_ID&c=1#comments"); //?a=ec");
		exit();

Now you have moderated comments that the post author can delete or publish two different ways.

Thank you so much for this moderation hack. I'm overseeing my school's website blog (http://www.loganelementary.com) and it's very nice to be able to screen comments before they reach the students.

This was quite an involved hack, though. I'm very impressed that you were able to pull this off. Thanks again!

Hello there EdB,

I too am very thankful for this hack. It is wonderful.
I've implemeneted the code you supplied and been over it several times.
Everything seems to work pretty well except for the fact that when I change from 'Draft' status to 'Published' in the back office the comment_content field in my database is being stripped.

Do you have any ideas as to why this would be happening?

Thanks much. :)

johnnyeng

No clue! This, like most of the hacks I do, is something I don't actually use. Most of the time I do a pretty good job of testing my stuff, but I can only test on one server with one configuration. Not that I'm saying it's a server issue!

Give me a bit of a clue here. You mean the comment content is actually disappearing from the database? Like, you still have a comment but it is completely empty? What happens when you visit your blog after approving a comment? Do you see that a comment exists but that there is no comment content? IIRC b2evolution won't allow an empty comment, but that doesn't mean my hack isn't eating content.

I am still in the process of replacing my computer after the last one blew up. I don't have a local copy of my webs and I haven't figured out how to make filezilla work again, but as soon as I can I'll re-do this hack and make sure to test it with a specific eye towards seeing if the comment content gets wiped out.

Thanks for the reply EdB. :)

Yes, the content is actually disappearing from the database.
When the comment is first submitted, the database is populated correctly. The comment_content is there, while in draft format.
The weirdness happens when I try to edit the comment.
When I am here:

'../b2browse.php?blog=8&p=44&c=1#comments' 

and hit the edit button,
the content seems to disappear, or at least does not show up in the Comment Text box here:

'../b2edit.php?action=editcomment&comment=18'

Somehow it's getting stripped. When I look at the database it's just gone. The comment_content field is totally empty.

Also, the comment does exist when I visit the blog after approval, it just does not have any content. Something like this:

Comments:
Comment from: johnnyeng [Visitor]
Posted on: October 17, 2005 @ 17:52 CST

Again thanks for your help with this EdB, I really appreciate it.

johnnyeng

After upgrading to 1.6 I'd like to reapply this comment moderation hack. Do you know if it will still work as shown here?

Hi Nate, I can't be sure if it will work with the new version.
The blog I have it running on is 0.9.1 "Dawn"

Sorry I couldn't be of more help.

johnnyeng

How bout some code that requires the user to be a member of the blog that the post is in to allow the user to comment?
Would be great!

Oh and i love the sayings that you throw into your code:
//Live long and prosper
//If you remove this, the sky will fall down on your head - Kubrick2evo

Keep it up ;)

I would also like to know if there is any way for this hack to work in the new version.
I had it working on the old ver. but don't how on the new.

I just want people to have to register before they leave a comment.

Thanks

Ok the codes in the first post do work with the new version 1.6

Cool! Thanks for testing and sharing what you learned.

In the code below from admin/_edit_form.php does not change the status if one saves the comment. One must use the Publish button, why?

if ($action == "editcomment")
{
?>
   <fieldset>
      <legend><?php echo T_('Comment info') ?></legend>
      <p><strong><?php echo T_('Author') ?>:</strong> <?php echo $edited_Comment->author() ?></p>
      <p><strong><?php echo T_('Type') ?>:</strong> <?php echo $commentdata["comment_type"]; ?></p>
      <p><strong><?php echo T_('Status') ?>:</strong> <?php echo $commentdata["comment_status"]; ?></p>
      <p><strong><?php echo T_('IP address') ?>:</strong> <?php echo $commentdata["comment_author_IP"]; ?></p>

<?php
} ?>

   <fieldset>
      <legend><?php echo T_('Status') ?></legend>

      <?php
      if( $current_User->check_perm( 'blog_post_statuses', 'published', false, $blog ) )
      {
      ?>
      <label title="<?php echo T_('Publish this Comment') ?>"><input type="radio" name="comment_status" value="published" class="checkbox" />
      <?php echo T_('Publish this Comment') ?></label><br />
      <?php
      }
      ?>
   </fieldset>

<?php
/* elseif ($action == "edit")
{
//       <p><strong>Pings:</strong> <?php echo in_array( 'pingsdone', $postdata["Flags"] ) ? 'Done':'Not done yet';
}*/

EdB -- what file contains this?

There is another way to moderate comments that doesn't require registration and logging in: Just change the default status of comments from 'published' to 'draft', then hack it up so that the author of a post can decide to publish any given comment. This method depends on the post author being notified of comments (profile setting), or regularly checking to see if a new comment exists. Whatever! Using phpmyadmin you do

Code:
ALTER TABLE `evo_comments` CHANGE `comment_status` `comment_status` ENUM( 'published', 'deprecated', 'protected', 'private', 'draft' ) NOT NULL DEFAULT 'draft'
to accomplish that.

also i got the error after following the instructions above.
Fatal error: Call to a member function on a non-object in /home/httpd/vhosts/blogcommscope.com/httpdocs/b2evolution/admin/_edit_showposts.php on line 168

ver. 0.9.0.11

That bit doesn't get put in any file - you use something like phpmyadmin to alter your mysql database.

Thanks,
Would that be what is causing the error I described above?
It appears when going to edit/delete the comment on the Admin screen.

Thanks Again,
Paisley
:>

ok... ran the query in PHPMyAdmin...

MySQL returned an empty result set (i.e. zero rows). (Query took 0.0047 sec)
SQL query:
ALTER TABLE `evo_comments` CHANGE `comment_status` `comment_status` ENUM( 'published', 'deprecated', 'protected', 'private', 'draft' ) NOT NULL DEFAULT 'draft'

still get this error.... any suggestions...

Fatal error: Call to a member function on a non-object in /home/httpd/vhosts/blogcommscope.com/httpdocs/b2evolution/admin/_edit_showposts.php on line 169

I've added you first hack. But the spammers seem to bypass the restrictions. They post comments even they're not registered- butstrangely enough only on one of my blogs.
I still use 0.9.0.12 but I'm going to upgrade this afternoon

First, thank you so much for the work.

I wanted to add some updates for those running 1.6 (I’m on 1.6 Alpha). I added the moderated comments and it worked like a champ, but there are some file name changes and code locations that have changed.

Going in order, and only pointing out the things that have changed:

1)

a) b2evocore/_class_comment.php is now b2evocore/_comment.class.php

b) there is another function there called msgform_link between "function delete_link" and "function permalink" and I placed the function msgform_link after this

2) admin/_edit_form.php is now admin/comment.form.php.

Look for:

<div class="right_col">

<fieldset>
<legend><?php echo T_('Comment info') ?></legend>
<p><strong><?php echo T_('Author') ?>:</strong> <?php echo $edited_Comment->author() ?></p>
<p><strong><?php echo T_('Type') ?>:</strong> <?php echo $edited_Comment->type; ?></p>
<p><strong><?php echo T_('Status') ?>:</strong> <?php echo $edited_Comment->status; ?></p>
<p><strong><?php echo T_('IP address') ?>:</strong> <?php echo $edited_Comment->author_IP; ?></p>
</fieldset>

</div>

<div class="clear"></div>

<?php
$Form->end_form();

And change to:

<div class="right_col">

<fieldset>
<legend><?php echo T_('Comment info') ?></legend>
<p><strong><?php echo T_('Author') ?>:</strong> <?php echo $edited_Comment->author() ?></p>
<p><strong><?php echo T_('Type') ?>:</strong> <?php echo $edited_Comment->type; ?></p>
<p><strong><?php echo T_('Status') ?>:</strong> <?php echo $edited_Comment->status; ?></p>
<p><strong><?php echo T_('IP address') ?>:</strong> <?php echo $edited_Comment->author_IP; ?></p>
</fieldset>

<fieldset>
<legend><?php echo T_('Status') ?></legend>

<?php
if( $current_User->check_perm( 'blog_post_statuses', 'published', false, $blog ) )
{
?>
<label title="<?php echo T_('Publish this Comment') ?>"><input type="radio" name="comment_status" value="published" class="checkbox" />
<?php echo T_('Publish this Comment') ?></label><br />
<?php
}
?>
</fieldset>
</div>

<div class="clear"></div>

<?php
$Form->end_form();

I hope this helps others. I didn't spend too much time on formatting and I'm quite tired, but I wanted to get this out before I forgot.

Cheers.

I changed both of my blogs to make it required that you register but one of them is still letting guest spammers in.

It's at www.allthingscrabby.com

Helllo, Thank you so much for the comment moderation Hack. We have been able to successfully filter out profane and inappropriate comments from the posts that appear in the webpages, but when you click on the RSS buttons, & atom, the bad posts still appear.

Any idea how to modify the RSS and Atom functionality so that only published posts get displayed there?

Any help would be appreciated.

Ron

I worked out a little piece of code today that seems so simple that I'm waiting for someone to tell me what's wrong with it.

If your goal is to only allow registered users to post comments, try this:

1. Open _main.php in your skin's folder

2. find this bit of code:

<?php // ------------- START OF INCLUDE FOR COMMENTS, TRACKBACK, PINGBACK, ETC. -------------
			$disp_comments = 1;					// Display the comments if requested
			$disp_comment_form = 1;			// Display the comments form if comments requested

3. And then change it to this:

<?php // ------------- START OF INCLUDE FOR COMMENTS, TRACKBACK, PINGBACK, ETC. -------------
			$show_comment_form = 0;
			if( is_logged_in() )
				{
				$show_comment_form = 1;
				}	

			$disp_comments = 1;					// Display the comments if requested
			$disp_comment_form = $show_comment_form;			// Display the comments form if comments requested

4. Believe it or not, that's it.

If the user is logged in, they can go ahead and comment; if not, they won't even be able to see the form for submitting comments. This should work no matter how the user got to the page (other hacks I tried in the past did not stop users who got to the page via permalink from commenting).

As long as I'm not crazy, this should be pretty much unbreakable, but I don't know much about php or how spammers work, so try it and let me know if it works. Unlike the other hacks mentioned on this thread, it's as easy to uninstall as it is to install, and it only affects one file (one with which the casual b2 user is comfortable, no less).

<?php // ------------- START OF INCLUDE FOR COMMENTS, TRACKBACK, PINGBACK, ETC. -------------
         $show_comment_form = is_logged_in() ? 1 : 0;
         $disp_comments = 1;               // Display the comments if requested
         $disp_comment_form = $show_comment_form;         // Display the comments form if comments requested 

Just makes your code a tad simplier, and yes it is that simple...

ALTHOUGH:
Bots can (and do/will) go straight for your comment posting php file, bypassing/simulating the actual post comment form action.
So you should also look at implementing this within whichever file the comment post form is being sent to.

EDIT:
But then again, i have this/a-similiar hack done on certain blogs on my site for at least a year now, and i've never had one spam on the blogs that use the above hack....

scottsforum wrote:

4. Believe it or not, that's it.

This will stop random people from leaving comments without being logged in, but spammers don't ever visit your web. As long as they can automatically access comment_post.php and feed the proper info to your server they'll be able to spam you. Open htsrv/comment_post.php and find this up near the top:

if( is_logged_in() )
{ // User is loggued in, we'll use his ID
	$author_ID = $current_User->ID;
	$author = NULL;
	$email = NULL;
	$url = NULL;
}
else
{	// User is not logged in, we need some id info from him:
	$author_ID = NULL;

	if ($require_name_email)
	{ // Blog wants Name and EMail with comments
		if( empty($author) ) errors_add( T_('Please fill in the name field') );
		if( empty($email) ) errors_add( T_('Please fill in the email field') );
	}

	if( !empty($author) && antispam_check( $author ) )
	{
		errors_add( T_('Supplied name is invalid') );
	}

	if( !empty($email)
		&& ( !is_email($email)|| antispam_check( $email ) ) )
	{
		errors_add( T_('Supplied email address is invalid') );
	}

	// add 'http://' if no protocol defined for URL
	$url = ((!stristr($url, '://')) && ($url != '')) ? 'http://' . $url : $url;
	if( strlen($url) < 7 ){
		$url = '';
	}
	if( $error = validate_url( $url, $comments_allowed_uri_scheme ) )
	{
		errors_add( T_('Supplied URL is invalid: ') . $error );
	}
}

$user_ip = $_SERVER['REMOTE_ADDR'];

Now replace it with this:

if( is_logged_in() )
{ // User is loggued in, we'll use his ID
	$author_ID = $current_User->ID;
	$author = NULL;
	$email = NULL;
	$url = NULL;
}
else
{	// User is not logged in so we exit:
	exit; // copying tricks from yabba is cool
}

$user_ip = $_SERVER['REMOTE_ADDR'];

Or maybe this:

if( is_logged_in() )
{ // User is loggued in, we'll use his ID
	$author_ID = $current_User->ID;
	$author = NULL;
	$email = NULL;
	$url = NULL;
}
else
{	// User is not logged in so we return:
	return; // this file must be protected against automated comments
}

$user_ip = $_SERVER['REMOTE_ADDR'];

But like i said in my previous post EdB, i actually have not applied that hack which you just brought up, but rather just the removal of the comment form.

And for all blogs that this has been done their has been no spam attempts ( that have gotten through [hugs blacklist] ).

So yeh, doing that hack is recomended but not needed in my opinion....
Correct me if your experience has proven otherwise.

Edb, that's actually just what I was thinking of trying (sorry, I'm jumping back and forth between two threads on this). If that works, then it's still far easier than many of the other hacks I've read about. I'm just looking for simplicity because I only have a couple days worth of experience working with php code.

Thanks for the fast feedback.

Edit: Just tested that extra piece of code in comment_post.php. It works nicely, but it looks like it'd also be well advised to use it in tandem with the extra code in _main.php, so that unregistered users don't get confused and attempt to write a comment, only to have the page break on them.

Besides this hack is about moderation of comments. NOT requiring a visitor to be logged in before commenting. Two different things eh?

Hi

Thanks to Edb or Clang2 for the code that concentrates on the moderation of comments (feedback) from the public users who are not logged in. I have implemented this code in version 0.92 and it works a treat. I am able to choose whether or not to publish a comment which is good. Can I suggest this be a core function of the Blog. Perhaps you could choose to configure this option or not through the admin area - unless you have this functionality in the latest version?

Thank you very much.

Regards

dloren01 wrote:

Hi

Thanks to Edb or Clang2 for the code that concentrates on the moderation of comments (feedback) from the public users who are not logged in. I have implemented this code in version 0.92 and it works a treat. I am able to choose whether or not to publish a comment which is good. Can I suggest this be a core function of the Blog. Perhaps you could choose to configure this option or not through the admin area - unless you have this functionality in the latest version?

Thank you very much.

Regards

You're welcome, and this feature (with grown-up code instead of my childish hackery) is going to be a part of the next release. In fact it is "on" by default. Someone with appropriate permissions will be able to change the new feedback default from "draft" to "published" or "deprecated" on a blog-by-blog basis.

EdB wrote:

You're welcome, and this feature (with grown-up code instead of my childish hackery) is going to be a part of the next release. In fact it is "on" by default. Someone with appropriate permissions will be able to change the new feedback default from "draft" to "published" or "deprecated" on a blog-by-blog basis.

Just noticed that... How do you turn it off?

Admin > Blog > advanced --> default comment status or summat, you'll also want to look at admin > settings -> antispam for the different karma levels ;)

¥

Yeh is there anywhere i can read up on karma levels because i have no idea what they are....

urm, the comments in the source code, and the dev blog thing (http://dev.b2evolution.net or sumat)

¥

EdB wrote:

Over in the User Administration forum we have a hack that [url=http://forums.b2evolution.net/viewtopic.php?t=2438]requires a user be logged in if they want to comment[/url]. I should lock that thread so no one adds to it since it's a hack and therefore belongs here. Anyway the guts of it from me and clang2 goes like this:
edb wrote:

Every skin has a skinname, and every skins/skinname/ folder has a bunch of files in it. The skins/ folder tends to have the same file names. Open skins/_feedback.php and look down around line 140 for this

	if( $disp_comment_form ) 
	{	// We want to display the comments form: 
		if( $Item->can_comment() )
		{ // User can leave a comment

and change it to this

	if( $disp_comment_form && is_logged_in() ) 
	{	// We want to display the comments form to a registered member: 
		if( $Item->can_comment() )
		{ // User can leave a comment

Save the file and upload it. Live long and prosper.

clang2 wrote:

I added an extra code block just above the code that Ed mentions. The point of the code is just to display a message that you have to be logged in before leaving a comment:

   if( $disp_comment_form && !is_logged_in() )
   {
      echo "You must be logged in to add a comment.<br />";
   }

Just a little cleaner.

``````````

This is so great and works perfectly!!

It's exactly what I wanted; to allow viewing but no posting without an account. Thank you!

~ Kat does the Happy Happy Joy Joy dance around her desk ~

Oh no. :( I ran into a snag.

Although a visitor has to make an account to post with the above post codes I've pasted in, they are not having to wait for admin activation. They are seeming to go right into their new account and comment immediately.

How can it be made so that they can make an account but any first time posting privileges must be given by admin?

Thank you.

I have been unable to find this version of the hack for more current version of B2, so this may help those who need it.

In

/skins/_item_feedback.inc.php

there's a line that says

skin_include( '_item_comment_form.inc.php', $params );

This is around 198 for me.

Replace it with the condition for login and you get this:

if( !is_logged_in() )
print '<b>Halt!</b><br />Sorry, but you must log in to view comments.';
else
skin_include( '_item_comment_form.inc.php', $params );

If you want users to be more verified, I recommend you _user_funcs.php and create a version of is_logged_in that does a check on the users verified status by checking that binary in the DB.

JW

EDIT:

Note that the function get_login_url() and get_user_register_link() will give you a login and a register link, so you might want to give users a friendly login option right after they've been told they need to.

*removed

Inventr1 wrote:

I have been unable to find this version of the hack for more current version of B2, so this may help those who need it.

In

/skins/_item_feedback.inc.php

there's a line that says

skin_include( '_item_comment_form.inc.php', $params );

This is around 198 for me.

Replace it with the condition for login and you get this:

if( !is_logged_in() )
print '<b>Halt!</b><br />Sorry, but you must log in to view comments.';
else
skin_include( '_item_comment_form.inc.php', $params );

If you want users to be more verified, I recommend you _user_funcs.php and create a version of is_logged_in that does a check on the users verified status by checking that binary in the DB.

JW

EDIT:

Note that the function get_login_url() and get_user_register_link() will give you a login and a register link, so you might want to give users a friendly login option right after they've been told they need to.

Thank-you!
That worked great for me! :D

Maybe Im missing something; this is an obvious feature in Apprentice that Im sure is in MWS and I cant find it. When youre in Deck Edit mode, you see the comments for Land, Creatures and Spells. Either in Deck Edit or Library mode, is there a way preferably in Library mode to add your own custom comments in order to sort a deck. To be able to say something like:

You're definitely missing summat .. IQ by the looks of it :|

¥