Quick fix to prevent comment spam

Our Geeklog Embedded photo gallery requires users to login to contribute and manage their own albums, but anyone can view them.

Problem: Some users didn't restrict comments to LOGGED-IN users, allowing spambots to spam some photos with porn comments.
Solution: Very Simple 1-line code fix to globally prevent anonymous (not logged in) viewers from adding comments.

You'd think an Administrator, while editing permissions, could just edit this single comment permission in the top level gallery album and apply for all sub-albums, unfortunately this unifies all child album props throughout the album tree, including ownership, who can add photos, etc. ...Not what I need at all...

To deal with this, a very simple patch was made to the "canAddComments" function in gallery/classes/User.php around line 276 which adds the requirement of a minimum of a LOGGED-IN user to post comments, even if the album accidentally permits EVERYONE to post comments.

For reference, the original canAddComments() method in gallery/classes/User.php around 276 is below:

    function canAddComments($album) {
        global $gallery;

        if($gallery->app->comments_enabled == 'no') {
            return false;
        }

        if ($this->isAdmin()) {
            return true;
        }

        if ($album->canAddComments($this->uid)) {
            return true;
        }

        return false;
    }

The patched method is below and surrounded by comments below:

    function canAddComments($album) {
        global $gallery;

        if($gallery->app->comments_enabled == 'no') {
            return false;
        }

        if ($this->isAdmin()) {
            return true;
        }

        // Added $this->isLoggedIn() check to prevent the "not logged in" 
        // anonymous user from posting comments, even if the album allows. 
        // Jeffrey A. Hare 2007-10-09  Gallery 1.5.7
        // --------------------------------------------------------------
        if ($album->canAddComments($this->uid) && $this->isLoggedIn()) {
            return true;
        }
        // --------------------------------------------------------------

        return false;
    }

To scan for spam comments, I simply use the search box and simply search for: @
This allows me to scroll through all the comments in the gallery.

Let me know if you found this solution useful.

-Jeff Hare

That's a question I've been wrestling with myself for years. The challenge is all about keeping the interface simple for the end gallery user. I'd like to be able to apply a minimum security template gallery wide though.

A form exactly like the permissions form (without the hierarchy checkbox) that lets an admin choose the minimum criteria/rule to globally apply for each permission might work just fine.

ie: for each kind of permission, be able to set a minimum user rule to:

Everyone, <<= unless album/photo restricts further, anyone can do/see this.
Logged-in, <<= unless album/photo restricts further, anyone logged-in can do/see this.
Owner, <<= unless album/photo restricts further, owners can do/see this.
Admin <<= unless album/photo restricts further, admins can do/see this.
NOBODY <<= to disable using that feature altogether?

I'd settle for a single gallery-wide minimum security level permission policy.

How might it work?
==================
If the Add Comments permission security RULE were set to LOGGED-IN as a minimum user for adding comments, anonymous people never see comment options but everyone else might depending on the album's settings.

If the owner changed the add comment setting to a list of her friends, then only those logged in friends would see comment options (like it is today).
On the other hand, the owner could still set it to NOBODY and hide comment options from everyone.

IMPLEMENTATION?
===============
It would seem like you should be able to follow an implementation strategy in the base User class similar to how I patched above. It would need to associate each permission with a class of user and test accordingly prior to calling the method in the derived class.

ie: isUserAllowed($some_permission) -> returns true if they are above the min. required user class level. This assumes that you can say: NOBODY, EVERYONE, LOGGED-IN, OWNER, ADMIN are in order of increasing permission authority.

Note that I spent less than 10 minutes total analyzing and patching in this comment spam solution (from the time I decided to do something about it), so there may be better ways of solving it. I really don't know the code at all. The fact that I figured this out so fast is a testament to the quality and structure of the product, not my skills.

Cheers!
-Jeff

Hello,

You need to upgrade to 1.5.7 and then disable commenting in the config

Jens
--
Last Gallery v1 Developer.
Tryout the TEST-Version of Gallery 1.6

Hello,

This is a setting per album.

Jens
--
Last Gallery v1 Developer.
Tryout the TEST-Version of Gallery 1.6

I still dont see how i can only allow 'logged in' users to comment on my photos. I can see how to change voting to only allow logged in users to vote, but cant see the same option for comments. Please guide me to the correcet part of either the ablum properties or the global config where i can change this.

Hello bignellrp,

The patch I listed above really boils down to adding the following extra test to the canAddComments function in file gallery/classes/User.php

This function asks three questions, and returns true if comments can be added and false if they should not be permitted.
If you just want to disable commenting all together, just change the name of the old function to OLD_canAddComments and add this very simple replacement function instead:

The step you mention only allows you to change all the album options from EVERYBODY to LOGGED IN.

It doesn't allow you to change one option, such as comments to LOGGED IN and leave the other options to EVERYBODY. I think i'll have to try the hack from above.