1.6 allows random surfers to email commenters???

« href=mailto: bug or "feature" [fixed] :: Invalid URL error given on valid URL »
Author Message
edb
Posted: Sat Dec 17, 2005 07:58     Topic subject: 1.6 allows random surfers to email commenters???

Sorry, but that bugs me to no end. The code works fine and all that, but it's unsufferable. I will be hacking that out immediately!

Back to top
 
edb
Posted: Sat Dec 17, 2005 08:06

For anyone else who thinks this violates the idea that the email will never be shared (which to me it implies the ability to email will not exist) here's how you hack it out. In your skins/_feedback.php file find this:

Code

$Comment->author();
            $Comment->msgform_link( $Blog->get('msgformurl') );
            $Comment->author_url( '', ' · ', '' );

Now replace it with this:

Code

$Comment->author();
            if( is_logged_in() ) {
              $Comment->msgform_link( $Blog->get('msgformurl') );
              }
            $Comment->author_url( '', ' · ', '' );

It is possible your skin has the guts of skins/_feedback.php inside the skins/skinname/_feedback.php file. If so you'll have to hack the _feedback.php file that has that particular bit in it. In this case it came from the 'custom' skin since I haven't tweaked my skins to live in the phoenix world.

Back to top
 
edb
Posted: Sat Dec 17, 2005 08:19

Here I go replying to my own thread AGAIN, but it seems to me the whole idea of an email link on posts and comments is an invitation to spammers. Isn't it reasonable for a spammer to decide to send spam by automatically hitting the message form email thing? I could be VERY wrong, but it seems to me that's a big giant hole, especially when you consider a comment that includes "pantyhose" won't get through the antispam filter.

Okay I'll stop now. I like this blog app and will continue to use it, but gee whiz: allowing visitorB to harass visitorA via email through my web is just horrible. It's even worse if the whole idea of an email form opens a brand new venue for spammers to harass bloggers.

Back to top
 
balupton
Posted: Sat Dec 17, 2005 10:38

I agree that the emails should be avaliable to everyone.
But mayb include a user option called 'Only show my email to registered users' and then skins go:

Code

//in author
function Email(){
if($this->ShowEveryoneMyEmail)
  return $this->Email;
else
  if($GLOBALS['USER']->IsLoggedIn())
   return $this->Email;
}
 
//in skin
$Email = $Author->Email();
if($Email != '')
echo 'Users\'s Email is: '.$Email;

Well thats how i would do it.

Also you would need to implement this into the Who's Online panel ;)[/code]

Back to top
 
edb
Posted: Sat Dec 17, 2005 19:39

I'm liking the "$this->ShowEveryoneMyEmail" idea, and thanks for pointing out the problem also exists in the who's online block. I was thinking I would build a bobobox for myself, but a blogger checkbox seems like a good default situation.

It occurs to me that my simple solution above wouldn't be enough to protect commenters if it was a default feature because spammers would then know to register and login and start sending spam-mail to all commenters. Therefore my little hack should be something like "if is_logged_in and is_member_of_blog then do message_form".

As soon as there is an official release of the phoenix generation I'm afraid the spammers will be all over these new features.

Back to top
 
balupton
Posted: Sat Dec 17, 2005 20:06

Well like you said in a previous post, sif spammers would be bothered to go after the small things, only the defaults or popular ;)

OMG, thanks for pointing out that is_member thing, found a flaw in login to comment thing.
It's meant to be so the user must be a member to post a comment but i was just doing is_logged_in ;)

Back to top
 
mrdav
Posted: Mon Dec 19, 2005 00:18

Where is the code for this for the Who's Online instance, and what would the new code be?

Also here

Code

$Item->msgform_link( $Blog->get('msgformurl') );

is the code for the post instance in the "custom" skin.

What would the proper code for it be?

They need a "hacker wish he was" emoticon.

Back to top
 
balupton
Posted: Mon Dec 19, 2005 00:23

Hmmm who ever decides to add this feature (or fix this bug), is going to have alot of work on their hands ;)

Mrdav, do you want the code to remove the email link from whos online now?
Or was that a suggestion?

PS. (I like your :hackerwannabe: recomendation ;) )

Back to top
 
mrdav
Posted: Mon Dec 19, 2005 00:34

balupton,

Yes, it would be nice to have the codee for who's online, and for the post instance too.

See it here:

http://remonstrans.net/

Back to top
 
balupton
Posted: Mon Dec 19, 2005 00:44

For the who's online change the call from:

Code

$Sessions->display_onliners();

To:

Code

if( is_logged_in() ) {
$Sessions->display_onliners();
}else{
$Sessions->display_online_users('<ul class="onlineUsers">', '</ul>', '<li class="onlineUser">$user_preferredname$</li>' );
$Sessions->display_online_guests();
}

Should work

For the post instance change:

Code

$Item->msgform_link( $Blog->get('msgformurl') );

To:

Code

if( is_logged_in() ) {
$Item->msgform_link( $Blog->get('msgformurl') );
}

Edit:
Also for your blog shouldnt the sidebar/sideitems/panels/panelcolumn (whatever you call em) have a white bg just like the posts......
Would look better i think...

Another Edit:
If you viewed this post before it's original post time +5minutes the code was wrong.

Back to top
 
mrdav
Posted: Mon Dec 19, 2005 01:00

Thanks, works great.

Well, it took me quite awhile to get it this good, and you know how it is trying to get major appearance changes by the committee.

;)

Now, maybe if I could get my grubby fingers on a...oh...let's say 'lightality' skin, you probably wouldn't recognize it after a week, and would probably ask for it back.

:lol:

Back to top
 
fplanque
Posted: Wed Dec 28, 2005 15:22

Well yes we do need to make this an option... It's in the todo list...

Back to top
 
sylv
Posted: Sat Oct 28, 2006 19:55

sorry guys to bring this old file back, but it seem the v1.8.2 has diferent file structure. I looked everywhere for a few hours, but I can't get it worked out. I have the 'plain' skin.

This is what I really like about these functions above:

1)- the choice to put the little envelop either in the 'who's there' or below the post, or both, or none.

2)- Only approved and active member users can see it.

I know there is a function on Serenity, but with it its all or nothing :'(

What a hack it would be !! (If only would know how....)

thank you

Back to top
 
balupton
Posted: Sat Oct 28, 2006 20:07

Open up /blogs/inc/MODEL/users/_user.class.php

add the following to line 900;

Code

if( !is_logged_in() )
    {  // The user is not logged in
      return false;
    }

so you should end up with something that looks like

Code

function get_msgform_link( $form_url = NULL, $before = ' ', $after = ' ', $text = '#', $title = '#', $class = '' )
  {
    if( !is_logged_in() )
    {  // The user is not logged in
      return false;
    }
    if( empty($this->email) )
    { // We have no email for this User :(
      return false;
    }

Edit: fixed a typo in the 2nd code sample above

Also, for the 'where to display the email button (the envelop)' thats a skin thing, so would be a bit different for each skin, so head over the the Docs/Manual on this site and check out the modding up your skins stuff, should be some stuff there to help you out.

Back to top
 
sylv
Posted: Sat Oct 28, 2006 21:06

Thank you Guru balupton :D

'ts working quite nicely.

Howerver........(s'gonna be one innit)
....it's the opposite I wanted to do:

Allow users to see the post mail only when they are logged in (whenever that is), and show my mail envelop (on 'who'se there) - to anyone - whenever I'm there (of course :roll: )

right now, with the code above, the mail below post (the post instance) can be seen at all time.

It's a way forward though

Thank you ! (+for the clue on skin impl.)[/url]

Back to top
 
balupton
Posted: Sat Oct 28, 2006 21:21

Ok just to clarify, you only want to see the mail button, when the current user is logged in, OR when it's your mail button they want to see.

Back to top
 
sylv
Posted: Sat Oct 28, 2006 21:48

here's alink to my blog if you want to have a look:

[url=http://www.biblebureau.com/biblemistranslations] HERE [/url]

On reflection, it doesn't actually look much different than before?

and that's how my file looks like:

* Template helper function: Get a link to a message form for this user.
*
* @param string url of the message form
* @param string to display before link
* @param string to display after link
* @param string link text
* @param string link title
* @param string class name
*/
function get_msgform_link( $form_url = NULL, $before = ' ', $after = ' ', $text = '#', $title = '#', $class = '' )
{
if( !is_logged_in() )
{ // The user is not logged in
return false;
}
if( empty($this->email) )
{ // We have no email for this User :(
return false;
}
if( empty($this->allow_msgform) )
{
return false;
}

if( is_null($form_url) )
{
global $Blog;
$form_url = isset($Blog) ? $Blog->get('msgformurl') : '';
}

Back to top
 
edb
Posted: Sat Oct 28, 2006 21:49

We're talking 1.8.2 now right?

I think the previous poster wants others to see the author's envelope when the viewer is logged in. That way only logged in people will be able to contact an author. In addition, the who's online block should show who's online to all visitors assuming the registered blogger is online and has elected to show that stuff in their profile.

Unless we're not talking 1.8.2!

Back to top
 
balupton
Posted: Sat Oct 28, 2006 21:52

Ok so going with you only want to display the contact buttons if [the user is logged in or if its your contact button] then it would be;

Code

if( !is_logged_in && ( $this->id != 1 || !isset($GLOBALS['Sessions']->_registered_Users[1]) ) )
    {  // The current user is not logged in
      // AND
      // ( We are not getting the admins email button
      //    OR the admin is not online )
      // THEN kill the function
      return false;
    }

edit: just read the post below, updating now

edit 2: try that

Back to top
 
sylv
Posted: Sat Oct 28, 2006 21:53

EdB is right.

only registered can email me anytime, but visitors only when I'm online

(edit: when I'm online, that is still only through the 'who's online' function, unless logged in of course)

to make it simple:
- I'm there. all can see my email through the 'who's there function + those logged in also through posts
- I'm not there: only those logged in still see my email by the post

Back to top
 
balupton
Posted: Sat Oct 28, 2006 21:58

K try that (check previous post)

Back to top
 
sylv
Posted: Sat Oct 28, 2006 22:01

I go do

(give a little time though

Cheers

Back to top
 
sylv
Posted: Sat Oct 28, 2006 22:02

should I delete the previous code?

Back to top
 
balupton
Posted: Sat Oct 28, 2006 22:05

replace, so you end up with;

Code

function get_msgform_link( $form_url = NULL, $before = ' ', $after = ' ', $text = '#', $title = '#', $class = '' )
   {
if( !is_logged_in && ( $this->id != 1 || !isset($GLOBALS['Sessions']->_registered_Users[1]) ) )
      {   // The current user is not logged in
         // AND
         // ( We are not getting the admins email button
         //    OR the admin is not online )
         // THEN kill the function
         return false;
      }
      if( empty($this->email) )
      { // We have no email for this User :(
         return false;
      }
Back to top
 
sylv
Posted: Sat Oct 28, 2006 22:08

done.......but no change?

Back to top
 
sylv
Posted: Sat Oct 28, 2006 22:15

that what I've got done:

* @param string class name
*/
function get_msgform_link( $form_url = NULL, $before = ' ', $after = ' ', $text = '#', $title = '#', $class = '' )
{if( !is_logged_in && ( $this->id != 1 || !isset($GLOBALS['Sessions']->_registered_Users[1]) ) )
{ // The current user is not logged in
// AND
// ( We are not getting the admins email button
// OR the admin is not online )
// THEN kill the function
return false;
}
if( empty($this->email) )
{ // We have no email for this User :(
return false;
}
if( empty($this->allow_msgform) )
{
return false;
}

if( is_null($form_url) )
{
global $Blog;
$form_url = isset($Blog) ? $Blog->get('msgformurl') : '';

Back to top
 
balupton
Posted: Sun Oct 29, 2006 08:44

Change the if to;

Code

if( !is_logged_in && !isset($GLOBALS['Sessions']->_registered_Users[$this->id]) )
{ return false; }

That will do exactly what you wanted... If they are not logged in, and the user who's message button we want to show is not online then don't display the message button.

Back to top
 
sylv
Posted: Mon Oct 30, 2006 04:22

Do done, but no joy !

I tried this

Code

function get_msgform_link( $form_url = NULL, $before = ' ', $after = ' ', $text = '#', $title = '#', $class = '' )
{
if( !is_logged_in && !isset($GLOBALS['Sessions']->_registered_Users[$this->id]) )
{ return false; }
    if( empty($this->email) )
    { // We have no email for this User :(

AND

also this

Code

function get_msgform_link( $form_url = NULL, $before = ' ', $after = ' ', $text = '#', $title = '#', $class = '' )
{
if( !is_logged_in && !isset($GLOBALS['Sessions']->_registered_Users[$this->id]) )
      {   // The current user is not logged in
         // AND
         // ( We are not getting the admins email button
         //    OR the admin is not online )
         // THEN kill the function
         return false;
      }
    if( empty($this->email) )
    { // We have no email for this User :(

but no visible result.

maybe, instead of trying to get rid of the post email button itself, it can just be disabled as if there was no email, like the code that follows.

like: if not logged in: email empty

thank you

Back to top
 
sylv
Posted: Mon Oct 30, 2006 11:03

:lol: HHHHHHHHHHeehhhhhhhhhha !!!!! :lol:

Solved !

either I missed that bit somewhere, or you/I forgot to mention, but I also needed to add this code on _main.php:

Code

if( is_logged_in() ) {
$Item->msgform_link( $Blog->get('msgformurl') );
}

as you suggested earlier to mrdav.

It now works like a baby.

=> Thank you for your hard work

Back to top