Recent Topics

1 May 11, 2006 23:42    

I've never seen b2evolution before, but I have a friend for whom somebody else set up a b2evolution site.

He got spammed and I logged in to find out what to do about it.

The first thing I wanted to do was make all new posts default to having comments 'closed' instead of 'open'. I didn't find a way to do this, so I decided to see what the code looked like.

In b2edit.php and edit_actions.php, I found four(!!!!) separate lines that looked like this:
param( 'post_comments', 'string', 'open' );

First of all, that should say "closed" instead of 'open'. Yes, I realize I'm a newbie user (non-user, really) showing up in somebody else's forums, with an attitude, expressing a contrary opinion. But seriously, everybody knows that the best security comes from allowing nothing until you've identified all the things you want to allow. We're not looking for the "best" security here, but SPAM is an enormous problem, so we could at least do better than choosing "open" as a default here.

And since that line is so beautifully and cleanly hard-coded, I concluded that there is no mechanism by which I can change the configuration and make the default be 'closed'. So I edited four(!!!!) lines that looked just like that, and they now look like this:
param( 'post_comments', 'string', 'closed' );

But wouldn't it be nice if the param() function, perhaps, called another function named something like "configuration()", which could take a configuration item name and return the default, as specified in the configuration? Then you wouldn't have to distribute your defaults all over the place in hard-code, and you could instead do something (roughly) like:


function param($paramname='', $reset=false) {
  if (empty($paramname)) { error("Bad coder! Bad coder!"); }
  if ($reset) {
    $mysettings_or_whatever[$paramname] = fetch_config($paramname);
  }
}

I also logged into mysql directly and altered the evo_comments table to default post_comments to 'closed', and I updated all the existing rows accordingly.

Now, I haven't even bothered to look carefully at the existing param() function, or any of the other code at all. Maybe I've grossly misunderstood what's going on here, etc. If so I apologize for my tone, which is clearly somewhere in the key of "arrogant rant".

I hope this is helpful, and not a duplicate of 50 other posts all discussing the same issue (of defaults and configurability).

2 May 11, 2006 23:54

OK, so I thought I understood by the tooltip what 'closed' meant, but I was wrong. I'm not sure yet how anybody can post comments when post_comments='closed'. ("Closed" would seem to indicate that nobody can post comments...)

So what we need is another setting for post_comments, maybe something like 'users', which means that anybody who has an account on the site can post comments.

Then you can have the usual SPAM-prevention measures around Basic User account creation, etc.

So this has probably all been discussed 100 times and there are probably lots of reasons why things are the way they are. But these are my two cents.

3 May 12, 2006 09:04

What version of b2evo are you dealing with ?
I know that in the new version 1.6 alpha en 1.8 cvs, the 'status' of the comments is to be set in the backoffice. So you can 'easily' not allow comments on a blog. It's still on a per blog base. That's good. Because I use it like that to automaticly allow comments on 1 of my 7 blogs (the others are comments not allowed.

There is a hugh/big difference between 0.9.x and 1.x version.

A lot/all of the code is rewritten, and a lot of the variables are now in only a few config files or are in the backoffice.

I'm not in the dev-team (only the forum admin) so I can't tell you more, but the info you are giving sound like you could be very valuable for the devteam.

If you feel like contributing... tell us...


Form is loading...