I frakking hate comment spam on my blog. I’ve tried all sorts of tricks and plugins to help alleviate the amount I get. Akismet does a great job. And I have that Hot/Cold plugin on my site. I even changed the name of my comments.php file. But still, it comes.
What’s a blogger to do? Well, you could just remove all of the form code in the comments.php file so that there is simply no pipe for a spamBot to crawl down. But then users wouldn’t be able to comment either.
But wait, how about turning the comments form into a Flash form? That would do the trick. SpamBots would never be able to crawl over a SWF and figure out how to submit a comment.
What would we have to do to make this work?
- someone would have to figure out the MySQL code for inserting a comment into the database
- they would have to set up AMFPHP for the SWF to Database communication
- then create the Flash form – probably in Flex
- and use FlashVars to get a few bits of data from the PHP code into the SWF
- and with Flex we have the RichTextEditor. Cool, we can let users change fonts, font colors, underline, bold, italics, links. Man, that would be sweet!
- Oh, and use SharedObjects to store user info so they only have to type in their name, email, website once
- and since it’s Flash we should do something, you know, Flashy, that you can’t do with regular forms. Like, maybe make typewriter sounds when people type – with the obligatory Mute button of course
It would be so cool if some ultra-talented Flex developer would create something like that and give it away for others to use. Maybe even write a few tutorials on how it all works. And maybe the source code would look something like this.
Okay, seriously, I’ve commented the code pretty well. The comments are mainly for me because my code sucks and if I don’t comment I won’t be able to figure out what the hell I was doing when I try and update it later. So you won’t hurt my feelings if you find improvements.
The PHP file is in the source files but for some reason you can’t see the code in the source viewer. You’ll have to download the zip file to see it.
The only thing I can think of that’s missing is the code that triggers WordPress to notify the admin that a comment was submitted is missing. So the comments RSS isn’t being update, and I don’t think CommentLuv is working either. Hopefully someone can help me sort that out.
Take it for a spin, leave a comment.
The sound effects are super annoying. Other than that, it looks great, maybe have astericks for items that are required as well.
Nice :) I dont thing the sound are needed though, but hey, you included the mute button.. and also when you focus on the comment text area make the "disclaimer@ text go away on the CLICK, some people are lazy, just like mee :)
oohhh by the way, I entered my mail wrong on purpose and it did not validate it, I omit the "dot" befor the com :)
Nice form. What's with the typewriter sounds though!? My keyboard makes plety of noise as it is thanks ;-)
Not sure what happened then, all the text below on my last post got cut off!
Ummm, I keep entering multiline comments and they're being truncated.
Wow, no line breaks at all seem to work! Think you've got some issues with the new comment form…
@gabriel, I think the typewriter is a cool novelty, for about 5 seconds, then it's a bit annoying. :-) But there's a mute button and I'm using SharedObjects to remember your setting. So you'll never have to hear it again.
@Mario, I think I can lose the NOTE text now. It seems pretty reliable.
I'm not validating the email address. I know it's easy to do but sometimes people don't want to enter it. I'm not even going to require that you add one.
@Jason, thanks for discovering that the linebreaks were being cut off. The HTML text that the RichTextEditor produces is a little funky so I was massaging the String and didn't do a very good job. I went back and replaced my String.substr() code with RegEx and made it all better.
So I think that's fixed. See, new line. :-)
What a great idea! I wonder how well this will work in the long run.
Nice one!!
@Ian, I can't imagine that there will be any issues with spamBots. There is simply no code on the site here that one could use to access the DB.
@cisnky, thanks. It's always fun working on things like this.
Very interesting approach – here is hoping it doesn't become too popular ;) otherwise the spammers will quickly adapt!
Here's my 2 cents then:
- Honestly, get rid of that typewriter sound, you can't even justify it with flashyness, since sound isn't specific to Flash, last time I checked! (someone recently made a 909 using JavaScript, even if it doesn't come close to Hobnox)
Surely, we can think of something more appropriate than that "effect for the sake of itself, just because we can". That's how we, the flash platform ™ get a bad name, mister ;) Hey, I know: add a superduper intro animation!
- May I suggest you replace that sound with Grant Skinner's spell checker? (If you ask nicely, he might just donate it for such a good cause :) That's another standard feature (for some browser at least) that we have to compensate for in Flash.
OK, looks like I'm generous today, I'm going to tip more than 2 cents ;)
- woops, my frenchie keyboard layout is all mixed up for anything but the standard A-Z which is probably the good old WMODE bug which Firefox still hasn't fixed yet. So unless you have a real good reason for so.addParam("wmode", "transparent") may I suggest you leave it at the default setting? That'll do wonders for the mental health of every commenter using a non-QWERTY keyboard who also happens to use Firefox.
- I don't think it's the best idea to pass details like the IP via FlashVars (or even submit it with the form data at all) > too easily spoofed. Why not just detect the IP in your PHP?
@Patrick, That's just 4 cents worth? You're selling yourself short. Your advice is worth much more than that. :-)
Huge thanks for the WMODE bug. I had no idea. I didn't even notice that I had set it to transparent. I guess that's what I get for copy/pasting code and not paying close attention.
Okay, you're like the third person who said lose the sound effects. So I turned them off by default.
I have no idea why the IP is even in the database. I don't think it's used for anything. So, I wouldn't care if someone spoofed it or not.
Good idea about the spell check. But I'm not going to ask for it. And frak me is it expensive! If spelling is that important to someone they can write their comments in an HTML field and then copy/paste here. That's what I do with many of my tweets. :)
Now I really want to get the comment notification working again. I need to find a PHP/Wordpress guru to help me out with that.
Finally, I figured out the date problem. Unless this publishes above everything else. Then I'm still screwed. :-)
Ok, here's my multiline comments from before ;-)
The differences from a normal textarea in Firefox are:
- no autocomplete
- no spellcheck
- the textarea loses focus if you leave the page
I'm using WordPress as well and after installing the following plugins haven't had any issues with spam since:
Bad Behaviour – http://www.bad-behavior.ioerror.us/
SpamBam – http://www.thespanner.co.uk/category/spam-bam/
Simple Trackback Validation – http://sw-guide.de/wordpress/plugins/simple-trackback-validation/
As far as I know, logging the IP is necessary evil for a lot of potential legal trouble.
I won't go into into gory details, but basically YOU are the publisher of this site, yet you allow others to post content… which you are responsible for.
ok, here is one example (that really happened) to make my point: a sports forum thread had someone state in a comment that a particular world champion was on steroids. Comment was moderated and taken offline within a day. The champion wasn't happy, court made forum owner reveal IP and ISP reveal commenter's identity. Champion attacked commenter AND forum. Commenter lost case, forum successfully defended but still had lawyer to pay.
Now I hear you think that you would rather protect your commenters. Think again, because you will then be the sole target of pissed-off world champion's wrath ;)
Long story short: making sure you log the right IP may just be worth a couple of cents in attorney's fees ;)
Oh, you're welcome for the WMODE bug… If it's worth so much to you, I'll be sending you my invoice then ^^
I might even toss in a "Parts of Flex 3 are incompatible with FP 9.0.16" invoice (once I run it past the Flash Switcher tomorrow) … seeing as your SWFObject checks for major version only.
Testing new date code. I wasn't using UTC before and my comments were showing up before others that had already been entered.
@Jason, good points. I'm especially bummed about the spell check. It would be great if Adobe would buy that from Grant and wrap it into the Flex Framework – hint, hint. :)
@patrick, Thinks for the info about the IP address. I added it back to the DB. If it gets spoofed then so be it. Not going to care all that much.
All the comments here are out of sorts because I've been messing with the date format along the way. I think, I hope, I have it nailed now. I'll have to wait and see in a few days if comments seem to be displayed in the proper order.
I confirm that Flash Player 9.0.16 fails to initialize your Flex 3 form.
The fix is easy: ask SWF Object to require FP9.0.28 or later :)
cf.: http://icanhaz.com/Flex3FP916
@Patrick, I swear I changed the minor version yesterday. Must not have saved it. Thanks again for your help.
@patrick, I poked around I think the IP is there to help WordPress sort out if a comment is valid or coming from a spamBot. Since I'm bypassing all the stuff I don't need the IP.
Now I just need to get the date/dateGMT issue sorted out.
Did you find a workaround for your date issues?
If not, why not do it in a simpler way: just use the current server date at submission time in your PHP!
Although I'm a frontend developer, I am still convinced that backend logic is more secure – so if the same data (postID, currentTime, IP) is available on the server, then just use that.
@Patrick, I believe the date issue is solved. I'm using the same server side scripts that create the date – local and UTC – for the original comment submissions and passing those values to this comment tool via Flash vars.
I'll be the first to admit that UTC and date stuff confuses the hell out of me. :) It doesn't help that in php the date months are 1-12 and in Actionscript they are 0-11. I'm pretty sure someone is trying to mess with me. It's a conspiracy. I know it is. :)
Now the only thing left for me to fix is the comment count. The comment count here is almost correct. But in my next post about Magpie it says there are no comments but there are quite a few. I'm not really going to worry about it right now. WordPress 2.7 is going to be released soon and will have a new comment API. I'll look into adapting this tool to work there and hopefully get the comment count to work again.
Wow, very nice Dan. Hey I tried turning off the alpha on RTE bg and it didnt work.
You should put this in in the WP Codex. Im sure it will get great acceptance.
@Allen, Not sure what you mean by turning off the bg of the RTE. Do you mean that you were doing that in Flex Builder?
Thanks for the suggestion about the WP Codex. I want to make this compatible with WordPress 2.7 and then I'll submit it.
Very nice! I've often thought about doing the same thing. Sounds are… not fun when you've got headphones plugged in and the volume turned up…
@Taking it for a spin,
I'm going to make the code available soon and write about it on HackWordpress.com. So you'll be free to use it if you wish.
Originally the sounds were enabled by default. But I got nothing but grief for it. :)
Nice work, I am about to start delving into your code! '