en français / in english
Many thanks to J. Roumagnac for this really efficient antispam trick for pixelpost 1.5 and previous versions.
This is my upgrade to pixelpost 1.6.
Most of spammers don't go on you site, they are using scripts to inject comments automatically, so they don't physically click on the "add comment" button.
The trick is to be sure that the button was clicked before recording. For that you need to add a hidden field in your comment form :
<input id='you_are' type='hidden' name='you_are'
value='afuckingspammer' />
Then you need to modify the submit button so that when someone click on that button a javascript command will change the value from "afuckingspammer" to "ahuman":
<input
class="input_submit" type='button' value='ADD COMMENT' onClick="document.getElementById('you_are').value='ahuman';
this.form.submit();" />
This is roughly what it should look like:
<form method='post' action='index.php?x=save_comment' name='commentform' accept-charset='UTF-8'>
<a name="addcomment">Any comments?</a><br />
<textarea name='message' rows='5' cols='80'></textarea><br /><br />
<label for="name">gotta name?</label><br />
<!-- ANTISPAM TRICK -->
<input id='you_are' type='hidden' name='you_are' value='afuckingspammer' />
<input type='text' name='name' class='input' value='<VINFO_NAME>' id="name"/><br /><br />
<label for="url">'http://'your web-site (if any)</label><br />
<input type='text' name='url' class='input' value='<VINFO_URL>' id="url"/><br /><br />
<label for="email">your e-mail (Elle sera cachée)</label><br />
<input class='input' type='text' name='email' value='<VINFO_EMAIL>' id="email"/><br /><br />
<input type='checkbox' value='set' name='vcookie' id="saveinfo" /> ... remember me... (Cookie)  
<!-- ANTISPAM BUTTON -->
<input class="input_submit" type='button' value='Post'
onClick="document.getElementById('you_are').value='ahuman'; this.form.submit();" />
<input type='hidden' name='parent_name' value='<IMAGE_NAME>' />
<input type='hidden' name='parent_id' value='<IMAGE_ID>' />
<input type='hidden' name='parent_name' value='<IMAGE_NAME>' />
</form>
Finally, you need to edit the file functions_comments.php from pixelpost directory ..\includes\ so that the line that records the comment must be surrounded by a verification of the previous hidden field value:
if ($_POST['you_are'] == "ahuman") { ***ligne du code enregistrant le commentaire*** }
... that´s how it must be:
<?php
// SVN file version:
// $Id: functions_comments.php 233 2007-04-08 07:20:51Z blinking8s $
// ##########################################################################################//
// SAVE COMMENT
// ##########################################################################################//
// variable which says if notification can be send (SPAM and problem free comment)
// by default it can't
$email_flag = 0;
// ANTI SPAM TRICK - J. ROUMAGNAC
if ($_POST['you_are'] == "ahuman")
{
if(isset($_GET['x'])&&$_GET['x'] == "save_comment")
{
// token check ..... etc.....
And as usual, far far lower in the code, do not forget to close this bloody ´if´-command - (otherwise nothing works anymore ;-\):
} // end if is not in the blacklist
else $extra_message = "$lang_message_banned_comment"
}
}
} // end if ANTI SPAM TRICK J. ROUMAGNAC
// ##########################################################################################//
// EMAIL NOTE ON COMMENTS
// ##########################################################################################//
Of course it doesn't stop the "manual spams", but this kinds of spams are unusual. If the spams suddenly start again, it is because they understood the trick and they are injecting the expected value "ahuman" with their scripts, so in this case, try to change this value by something else.