Shopping Cart Community

Posted: **Thu May 17, 2012 5:41 pm**

Really quick one, we've been getting a lot of review spam of late, don't want to use CAPTCHA, so I'm just blocking the IP addresses of any spammers in our .htaccess. Anyway, current system doesn't record the IP of review posters, this quick bit of code changes that.

Open /includes/classes/class.review.php, look for:

Code: Select all

		// Save the review in the database
		$newReview = array(
			"revproductid" => (int)$reviewPostData['product_id'],
			"revfromname" => $reviewPostData['revfromname'],
			"revdate" => time(),
			"revrating" => max(1, min(5, $reviewPostData['revrating'])),
			"revtext" => $reviewPostData['revtext'],
			"revtitle" => $reviewPostData['revtitle'],
			"revstatus" => $status
		);

Change to:

Code: Select all

		// Save the review in the database
		$newReview = array(
			"revproductid" => (int)$reviewPostData['product_id'],
			"revfromname" => $reviewPostData['revfromname'],
			"revdate" => time(),
			"revrating" => max(1, min(5, $reviewPostData['revrating'])),
			"revtext" => $reviewPostData['revtext'],
			"revtitle" => $reviewPostData['revtitle'],
			"revstatus" => $status,
			"reviewip" => getIp()
		);

Then in your database, alter the isc_reviews table to include a column called 'reviewip'. You can now check who is spamming you before deleting their nonsense and banning them from accessing your site.

Posted: **Thu May 17, 2012 6:11 pm**

Just to note I've found the akismet mod I developed has kept most of that rubbish at bay considerably better than any Captcha...

Not 100% but still... useful...

Posted: **Fri May 18, 2012 2:05 pm**

Never saw that one i don't think/recall??

Posted: **Fri May 18, 2012 3:17 pm**

viewtopic.php?f=12&t=1223#p5340

I think I tweaked it a bit further and required the user to be logged in before they could leave a review and that resolved the last posts rant issue.

Posted: **Sun May 20, 2012 2:33 pm**

Martin wrote:viewtopic.php?f=12&t=1223#p5340

I think I tweaked it a bit further and required the user to be logged in before they could leave a review and that resolved the last posts rant issue.

Yep... that's what I did. With a small *twit*.

If the user is not logged in, the review form is hidden... but the form itself (and the form action) was still present in the HTML source. This allowed determined spammers to still access and submit reviews.

In response, I edited the template so that the form action needed to be inserted via a global variable. When a customer was logged-in, the correct URL for the submit-action was inserted into the form tag (for the visible form).

When not logged in the HIDDEN (but still accessible) form included a legitimate looking (but bogus) submit-action URL. If someone took the time to try and submit without being logged in (using the bogus url) they would simply receive a 404 error... and hopefully become discouraged enough to move on to another site.

This was my quick-and-easy fix... and it seems to have stopped the problem. (For now.)

Posted: **Tue Jan 08, 2013 10:23 pm**

Martin wrote:viewtopic.php?f=12&t=1223#p5340

I think I tweaked it a bit further and required the user to be logged in before they could leave a review and that resolved the last posts rant issue.

Any chance you could explain how to force users to login before leaving a review?

Posted: **Tue Jan 08, 2013 10:40 pm**

There's a function CustomerIsSignedIn()

...you can use that in the akismet modification...

I can't remember how it can all be coded in but it's a useful function to call...

Posted: **Tue Jan 08, 2013 10:58 pm**

Martin wrote:There's a function CustomerIsSignedIn()

...you can use that in the akismet modification...

I can't remember how it can all be coded in but it's a useful function to call...

That's the function that I used to modify my review form.

Here's a basic overview of what I did... but keep in mind that this is a quick reply and I'm NOT looking at my actual code. It's just a "concept-reply" and unless I get back to this later, I'll leave it to you to work out the details.

$loggedIn = "false"; // Initialize value
$GLOBALS['ReviewPostUrl'] = "" ; // Or some fake destination

$loggedIn = CustomerIsSignedIn(); // Is the customer logged in
if ($loggedIn == "true") {
$GLOBALS['ReviewPostUrl'] = "/real/address/for/formsubmit.php";
// you can also do other stuff here to hide the form submit button...
// or display an error message telling customer to log in.
// but even if you merely use a "display: none;" on the form, clever
// spammers can still submit to your formhandler.php (if they know its actual name)
// So, by inserting a dummy-name (or no name) for the formhandler
// you make it a little more difficult.
}

NEXT: The form template should be modified so that the post value is "%%GLOBAL_ReviewPostUrl%%

When a customer is logged in... the correct post value has been inserted into the form. For all others, there is NO destination (or a fake one) and you will eliminate spam from those who don't want to take the time to create an account.

Good luck.

Posted: **Wed Jan 09, 2013 12:54 am**

Much appreciate the quick replies, I'll have a play and see what I can come up with!

Posted: **Wed Jan 09, 2013 5:16 am**

CharlieFoxtrot wrote:
Martin wrote:There's a function CustomerIsSignedIn()

...you can use that in the akismet modification...

I can't remember how it can all be coded in but it's a useful function to call...
That's the function that I used to modify my review form.

Here's a basic overview of what I did... but keep in mind that this is a quick reply and I'm NOT looking at my actual code. It's just a "concept-reply" and unless I get back to this later, I'll leave it to you to work out the details.

$loggedIn = "false"; // Initialize value
$GLOBALS['ReviewPostUrl'] = "" ; // Or some fake destination

$loggedIn = CustomerIsSignedIn(); // Is the customer logged in
if ($loggedIn == "true") {
$GLOBALS['ReviewPostUrl'] = "/real/address/for/formsubmit.php";
// you can also do other stuff here to hide the form submit button...
// or display an error message telling customer to log in.
// but even if you merely use a "display: none;" on the form, clever
// spammers can still submit to your formhandler.php (if they know its actual name)
// So, by inserting a dummy-name (or no name) for the formhandler
// you make it a little more difficult.
}

NEXT: The form template should be modified so that the post value is "%%GLOBAL_ReviewPostUrl%%

When a customer is logged in... the correct post value has been inserted into the form. For all others, there is NO destination (or a fake one) and you will eliminate spam from those who don't want to take the time to create an account.

Good luck.

OK, I've wrapped my head around how this works, but I'm unsure where to place this code. I've tried adding it to javascript and php files but no luck.

I'm very much a front-end designer, so my PHP/Javascripting is very limited.

What I was thinking is to declare a function in common.js that will be called on from the onclick="" when you click the 'Write a Review' button. This would replace the function which is currently called upon there (show_product_review_form();).

Something like this:

Code: Select all

function review_login() 	{
	$loggedIn = CustomerIsSignedIn(); // Is the customer logged in
	if (!CustomerIsSignedIn() == "true") { 
		show_product_review_form();  //call the function to display the review form
	} else {
		document.location.href = "../login.php"; //redirect user to the login page
	}
}

Wishful thinking or is this possible?

Any further help is greatly appreciated.

Shopping Cart Community

Grab IP addresses of review spammers

Grab IP addresses of review spammers

Re: Grab IP addresses of review spammers

Re: Grab IP addresses of review spammers

Re: Grab IP addresses of review spammers

Re: Grab IP addresses of review spammers

Re: Grab IP addresses of review spammers

Re: Grab IP addresses of review spammers

Re: Grab IP addresses of review spammers

Re: Grab IP addresses of review spammers

Re: Grab IP addresses of review spammers