Discussion Module Causing Spam

I have had to shut down the Discussion Module because the usual aholes who want to ride on the backs of folks who have done the work have been spamming me with bullst links hoping I’d actually publish them. Too bad isn’t it? Maybe I should feel honored that my site is attractive to these idiots.

IMO I think only registered users should be able to comment. And these would be actual customers to a product aswell. Not an anonymous user.

Maybe this could be a solution.

Add the code in red to /customer/addons/send_to_friend.tpl


{$lang.your_message}:
*
[COLOR="Red"]{*Check if customer is allowed to modify email body*}
{if $auth.user_id}[/COLOR]

[COLOR="Red"]{$lang.send_to_friend_notice}[/COLOR]
{$notes_data|escape:html}
[COLOR="red"]{else}

{$lang.send_to_friend_notice}
{$notes_data|escape:html}
{/if}[/COLOR]

Add a new language variable {$lang.send_to_friend_notice} and put in the messsage you like to show in the textarea.

You have to be logged in to add text in the message box.

Peter

It’s not really a question of registered or not. I receive emails about the posts and have to either approve or disapprove them before they go live and of course I delete them. So it is not really a problem of security, only an exploited module that causes more work than it may be worth.

[quote name=‘roban’]It’s not really a question of registered or not. I receive emails about the posts and have to either approve or disapprove them before they go live and of course I delete them. So it is not really a problem of security, only an exploited module that causes more work than it may be worth.[/QUOTE]



If you would only allow registered users to post you wouldn’t get any email notifications from the spamposts. Unless the spammer decided to register.

[quote name=‘Zyles’]If you would only allow registered users to post you wouldn’t get any email notifications from the spamposts. Unless the spammer decided to register.[/QUOTE]



I’m not really sure how to do that. The Discussion module doesn’t have that option.

[quote name=‘roban’]I’m not really sure how to do that. The Discussion module doesn’t have that option.[/QUOTE]



It’s not possible without modding either the template or the module because CS-Cart didn’t implement it. I was saying “This is how it’s supposed to be”. :wink:

Understood. I am getting about 20 of these hits per day so I am shutting down the module. I tried Grennixs’ fix but that didn’t seem to do anything at all.



Thanks for the responses.

[quote name=‘Zyles’]It’s not possible without modding either the template or the module because CS-Cart didn’t implement it.[/QUOTE]



I’m not 100% sure that this is what you are after but alas, you tell me

Admin // Settings // Modules // Discussion



I understand there is the options of “Any customer”, “Only Anonymous”, “No approval needed”



Help anyone?

[quote name=‘JesseLeeStringer’]Help anyone?[/QUOTE]



This doesn’t stop people from submitting posts. I believe you could modify the template to just check if the user is logged in, else hide the form and say “You need to login to comment” or something similiar.

My mistake, the mod was for the Send to friend, to stop people to send anonymous mail to other people.



Try this for reviews if that is your problem area.

\customer\addons\discussion\discussion.tpl

  1. This mod removes the textbox but not to add reviews.

    Add the red code

```php

[COLOR=“Red”]{if $auth.user_id}[/COLOR]

{if $discussion.type == ‘C’ || $discussion.type == ‘B’}


{$lang.your_message}:



{/if}



{include file="buttons/button.tpl" but_text=$lang.submit but_onclick="javascript: document.add_post_form.submit();"}
[COLOR="Red"]

{else}

{$lang.your_message}:
{$lang.error_not_logged_reviews}


{/if}[/COLOR]


{/if}

{/capture}
```

2. This mod if remove the possibility to add reviews without to log in.
add the code in red

```php


[COLOR="red"]{if $auth.user_id}[/COLOR]
{if 'CRB'|strpos:$discussion.type !== false}
{include file="common_templates/subheader.tpl" title=$lang.add_new_post}














{if $discussion.type == 'R' || $discussion.type == 'B'}




{/if}

{if $discussion.type == 'C' || $discussion.type == 'B'}




{/if}




{$lang.your_name}:
{$lang.your_rating}:

{$lang.excellent}
{$lang.very_good}
{$lang.average}
{$lang.fair}
{$lang.poor}
{$lang.your_message}:

{include file="buttons/button.tpl" but_text=$lang.submit but_onclick="javascript: document.add_post_form.submit();"}


{/if}
[COLOR="Red"]{else}




{$lang.error_not_logged_reviews}

{/if}[/COLOR]
{/capture}

```

You also have to add a language variable to show your message, "error_not_logged_reviews"

It´s probably better to fix it in the admin product page, but this is a quick fix.
It works on my local installed shop.
Peter

Thanks Peter. I’ll give that a shot.