As i said in my first post i’d really like two plugins for Wordpress from Andrew but they need, for me, some ameliorations, so i decide to do the work by myself…
here are the modifications i done on Wordspew
- internationalization of plugin (by a PO file)
- I add a little sound alert when someone post a message in the shoutbox (the option can be enable/disable in admin panel of the shoutbox)
- i scan the three fields (message, user url, and name) for spam and don’t permit to post if there’s some banned words
- the list of banned words works with Options –> Discussion –> Comments moderation list. It works with/without Javascript enabled. All you have to do is to add new banned words as soon as a spammer find a way to bypass your list.
- number of spams blocked in the plugin configuration title
- automatic transformation of email address in clickable link
- automatic transformation of links, if links go outside of your blog then open in a new window otherwise open in same window
- show the banned word in the alert box to the user. Like this, regular user can adapt their sentence to the filter rules.
- for those who use Wordpress 2.x, i correctly define user name and path to smileys
- as the function CheckSpam is in the header it’s reflect immediatly words added in the moderation list
- + 05-10-2006 :
i add a new constraint to block bots. Users (who are not registered) have to enter a random string (all the 30 days) to «identify" themself as "human" :). After what they can play with the shoutbox. I hope it will be a good protection (one more ;)) against that f*****g spammers (in heavier version).
Fusion of the two versions…
- + 05-14-2006 :
it will be hardier for spammers to bypass filters now, because i permit only one url by message (with/without javascript). Correction of a little bug. I forgot to convert the banned words list into lowercase before compare it to posted text (in non javascript environment).
- + 05-17-2006 :
As
Mänu ask me, i add a new functionality. Before, only the admin was able to decide if he add a sound alert or not when someone post a message. Now, it’s a per user choice. You can enable/disable the sound by yourself
(eg : if you are at work ;))
- + 05-18-2006 : version 1.6
correction of little bug for those who use Wordpress 2.xx when they clicked on "Save" button the message "The requested URL /wp-admin/edit.php was not found on this server." appeared.
- + 05-20-2006 :
Optimization of code to open as late as possible the connection to the database. I’m searching first for more than one url (more than 95% of spams bots post more than one url) before to open a connection to retrieve the list of banned words. So, if i found more than one, the script never go further and block spammers before any database connection (lighter for server resources…). Hopping having been clear (sorry, but english is not my native language)
- + 06-01-2006 : version 1.7
replacement of function RippS by the function pluralize, more flexible for internationals releases (all languages don’t take a "s" in their plural form). Technicals informations deported in the "readme.txt" and the instructions of installation have been copied in it.
- + 06-05-2006 : version 1.8
the little sound alert is
now no more scrolling down with the content of shoutbox (little bug in IE). If you decide to only let your registered users to be able to chat, the shoutbox will refresh in real time for everybody (before you have to refresh the window to show new messages when you were not log in).
Can now work as a widget !! as Chris M. Wilson ask me.
For the heavier version, on a request of JohnPuPu, now i place the advertisement panel under the shoutbox. BTW, users are able to follow the discussion in real time without entering the random string. Correction of a little bug for registered users who have deactivate javascript they were unable to post message. Fusion of the two versions…
- + 06-15-2006 : version 2.0
Fusion of the two versions. Too heavy to continue to develop the two separates… Use of database to count blocked spams (too much problems with the
"spam.txt" file), the per user sound setting will be kept (on/off), before, it was available only for the session, and as
they succeeded to bypass the filters two times this week (arrgh :evil:),
i modified the script in consequence. So, now, if you uncheck the "
Use URL field" checkbox, like me,
it will be impossible to post an URL 
(before the field was just hidden but it was possible to send it with the name). Add the possibility to ban IP addresses. If you want to ban a single address click on
"Spam" button near the field with the bad IP address. If you want to ban a range of IP, use this syntax (for this example i can say good bye to
Vsevolod Stetsinsky) : 195.225.176/179.* where slash means from 176 to 179 and * from 0 to 255. BTW i ban IP addresses from 195.225.176.0 to 195.225.179.255. You can mix the two options… For the moment, i like the challenge
. Correction of a little bug for users with particulars caracters in their names (like êéàâ), when javascript was disabled the names were showing weird caracters. Correction of a little javascript bug with http in the message i didn’t verify the case, thanks to
Andrei. Correction of a little bug in the "
CheckSpam" function when the banned word list was empty (on some configurations), thanks to
Simos for his disponibility, good advice and more
- + 06-17-2006 :
little correction. If a user have fill the URL field and send a message with an other URL the shoutbox showed : "Your IP address have been banned from this blog, if you feel this is in error please contact the webmaster." incomprehensible for user. So, now if a user try to send two url : one in the URL field and one in the message i send to him an alert telling him "Sorry, but you can post only one url by message…" more explicit ;).
- + 06-18-2006 : version 2.1.
Retrieve the smileys informations directly from Wordpress environment, no more need to edit "manually" the list. Thanks to
Chris M. Wilson. Correction of a little bug in automatic conversion of email addresses. I forgot that some domains names contains
4 letters (eg: .info). Correction of a bug
for users with Wordpress 2.x the IPs were not added in the comment moderation list, thanks to
EmptySpace.
- + 08-15-2006 : version 2.2.
Correction of a little bug with the smileys list. If one or more smileys contained two particulars symbols like |) or () it generated a javascript error. Remove the use of HTTP_X_FORWARDED_FOR and HTTP_VIA, rarely correctly retrieved, the only method used now is REMOTE_ADDR. Little correction for XHTML validation thanks to
Tammy. Addition of two sound icons in the archive for those of you who use a visual theme with black colors. Extract all the archive in your
wordspew folder and rename the files "
sound_1black.gif" in "
sound_1.gif" and "
sound_0black.gif" in "
sound_0.gif"
- + 09-11-2006 : version 2.3.
Little addition, to fight stupid spammers (where name=text ;)) as ask me
Tom. Nothing very special but permit to speed up the process for them
- + 09-24-2006 : version 2.31.
Little modification in the way of retrieving the smileys list and little correction in the function filter_smilies to escape the * sign who cause an error if the sign exist in the smileys list.
- + 10-09-2006 : version 2.32.
As
Kenzo requested, all the strings longers than 16 characters (except the urls and emails addresses) are split now. It permit to avoid the horizontals scrollbars in your box.
Waiting for regex gurus for this implementation…
Found her !!!
A GREAT thanks to
Maren who helps me to correct and optimize the regex part. I also add a trimming to IP addresses clicked as spam because i’ve noticed, on some users blogs, that sometimes there was additionnals (and not desired ;)) spaces added at the end of IP. I corrected too, with the expert advice and example from
Maren, a bug with the parse of emails addresses from sub-domains (eg :
username@domain.co.eu).
- + 10-25-2006 : version 2.5.
Thanks to Kenzo who made the harder part of it, you have, now, the opportunity to download the same shoutbox that before but with one more functionality : who is online. You were numerous to ask me to add the Ruddo’s code part, so now (thanks again to Kenzo) it’s done. I add code to internationalize that part too. For the moment, It miss some translation parts for Spanish, Danish and Swedish files.
New release by the fusion of the two versions (with/without users online). You have now the possibility to choose to show or not users online on real time. All you have to do is to check/uncheck a checkbox. I add a checkbox too for those of you (like Kenzo ;)) use XHTML strict. If you want use it (eg : the links outside of your blog with target="_blank" are not XHTML conform) you just have to check the "
use XHTML strict" checkbox. Modification of the name of the field
shoutboxurl to make more difficult to use it by bots. Modification of the functions
CheckSpam (javascript and php) to permit to send an url in the message part
and in the url field (before the fucntions permited only one link one in the url field
or one in the message part). Correction of a little bug for users who refuse all cookies, messages weren’t show in real time to them.
- + 11-05-2006 : version 2.6.
As some of you have probably noticed, since the 2.5 changes, some "compliments"
appear in our boxs. Like :
Very good site. Thanks,
Cool site. Thank you etc. It’s because some spammer’s bots finding shoutbox on our blogs continue to post messages in it, thinking that the URL field still exists… So we can see their "congratulations" but not the link who goes with it :). So, i modify the script to test if they try to send datas by the old, inexistant, shoubox url field and if it’s the case i stop the process and treat it as spam :). As
Aden suggest me i show the actual version in the admin interface (just near the title).
- + 11-12-2006 : version 2.7.
New protection from stupids spammers who try to send mails by using our shoutbox. Correction of two little "bugs".
- + 12-23-2006 : version 2.8.
As
Andrew suggest me, i corrected my code to do a "htmlspecialchars" on the three fields (Name, URL and text) by the way there’s no more possibility to send html datas in the box.
- + 12-26-2006 : version 2.85.
Correction of
Sang-un bug. Now, multi-bytes caracters are correctly displayed in the box :).
- + 12-27-2006 : version 2.9.
As Sang-un ask me yesterday, i’ve added the possibility to show the smileys list (from WP). For that, you just have to check the checkbox in your shoutbox admin console, then users will be able to show/hide the smileys list by clicking on the + or - sign. Their parameters will be kept for further visits ;).
- + 01-13-2007 : version 2.91.
Correction of a little bug that
Dave has detect with the URL field. Now users can let their blog urls begin with www or write their email addresses in the URL/email field
- + 02-04-2007 : version 2.92.
Correction of bug
otezz talk me about. In case of a fresh install and due to the change on user roles the tables were never been created. For the same reason users on version 2.x were unable to change otpions nor to show the option page… Sorry for that :). The plugin is now really compatible with WP from version 1.5.x to 2.x
- + 02-06-2007 : version 2.93.
Correction of bug i create by myself :$ during code modification… I move two importants lines in the jal_install_shout function who helded up modifications in the structure of the liveshoutbox table. So, users who migrate from the Andrew’s version were unable to use their shoutbox. Excuse me for that… Nobody’s perfect
- + 02-17-2007 : version 2.94.
I change the button "Spam" to "Ban this IP" more explicit. I modify some code to be sure that there’s always at least one message in the shoutbox, it prevent some display errors (like "You must have at least one message in your shoutbox"). I change some code because i realize that the spam message addressed to spammers was not correctly shown for the banned IP. And again i had to to correct the code in the edit, delete and truncate functions because i forgot to implement the user role in these functions…
- + 03-10-2007 : version 2.95.
Little correction in fatAjax.php to always show who’s online. I tried to limit the bandwith by refreshing only when someone was "logging" or posting but it was not a true real time feature… So, i "get back" for that
- + 06-17-2007 : version 3.0.
Compatible with WP 2.2 (thanks to
Manuel and
William). You can now configure how much messages will be shown in your shoutbox and decide if you want to show the number of blocked spams
Attention : there’s a new line in the "css.php" file to ajust the look of number of blocked spams
- + 06-22-2007 : version 3.01.
Little correction in the jal_deleteOld function. The number of comments was not correctly retrieved so old messages were not erased :$…
- + 07-11-2007 : version 3.02.
Control by javascript to prevent anonymous users to use the name of registred users.
- + 07-16-2007 : version 3.021.
Like most of you talk me about that "problem" i changed the script a little for usernames and it’s now case insensitive. So, if a registered user have choose John as pseudonym, an anonymous user will not be able to use jOhN, john, JOHN, John etc.
P.S. Be conscious that it’s only a javascript control. So, an anonymous user, with bad intensions, will always be able to use a name of a registered user…
- + 07-24-2007 : version 3.022.
As Utopia notify me about this little "bug" i correct it. Now, an anonymous user, with bad intensions, will not be able to add ALT 255 (indivisible space) before, in, or at the end of a registered username. but the P.S. above is still true…
- + 08-01-2007 : version 3.1.
No more problem with accents in the WP 2.x releases !!
Sometimes, when you’re too close to something you miss some clearness :)… So, big thanks to Utopia (again) he show me the way :mrgreen:. Now, i test for the presence of the DB_CHARSET constant. If it’s present, then, i do some UTF-8 encoding/decoding, otherwise i let the existing code do its work.
- + 08-01-2007 : version 3.15.
Correction of two bugs. One during the first install of the shoutbox under WP 2.x, the default values were not defined in the options table. Before the WP 2.x release when you called the function
add_option you had the possibility to use only two parameters, now it’s more restricting and you have to fill 4 values or the function call is ignored…
The second bug is old, but no one talk me about it
the message to spammers (those you’ve banned IP addresses) was not shown in a javascript environment.
- + 08-02-2007 : version 3.16.
Correction of a little bug. If your comment moderation list contained one or more blank lines (carriage return) it was impossible for users to post something in the box. They always get the message No, sorry you used a banned word!.
- + 08-05-2007 : version 3.2.
Complete modification of the function who splited words longer than 16 caracters (ignoring url addresses and emails). A really big thank to
Jean-Luc Lacroix who help me for that
- + 08-10-2007 : version 3.3.
Big modification of the tables structure (wp_liveshoutbox and wp_liveshoutbox_useronline) to change the encoding to UTF-8. So, now, and normally ;), there will not anymore problem with specials caracters (like àéùëèทดสอบあ야 이 시발놈 etc.)
IMPORTANT !! Don’t forget to deactivate and reactivate the plugin to apply the changes !!
- + 08-11-2007 : version 3.31.
Addition of two lines to redifine the characters set to ‘latin1′ (in functions jal_get_shoutbox and jal_get_useronline_engine) if the DB_CHARSET constant is not found in wp-config.php. Otherwise, it corrupted accented characters.
- + 09-11-2007 : version 3.32.
Correction of a little vicious bug. If you had unchecked the checkbox "Convert emoticons…" in Options -> Writing it caused an error in fatAjax.php with this message : var smilies=[<br /> <b>Warning</b>: natsort() [<a href=’function.natsort’>function.natsort</a>]: The argument should be an array […] ]. So now, before going further i check if the variable $wpsmiliestrans is an array ;).
- + 10-03-2007 : version 3.33.
Correction of SQL syntax who caused some problems, it should work now ;). Auto-detection of the WP version to give the right path to the "upgrade-functions.php" file who changed in WP 2.3.
- + 10-09-2007 : version 3.34.
Correction of SQL syntax who caused some problems, it works now! Thanks to
Alessandro who help me by testing a few SQL syntaxes :). Correction of bug who appears in particulars environments with session_start().
- + 10-12-2007 : version 3.5.
Better management of error messages and count of blocked spams. Correction of bug who appears in particular environments with session_start(), possibility to add (or not) a simple captcha (in fact a simple operation of addition) with a private sentence for md5 encoding of the answer. Addition of a filter to stop automatically bots who attack directly the wordspew.php file. In the admin interface (like in the shoutbox environment) you can now show time ellapsed since each comment by placing your mouse over user names. Display of an information message to ask users to resolve the addition (only if they never post in the shoutbox) before posting. Usernames with apostrophe are now correctly shown. It’s now impossible to use a name of a registered user, even with javascript disabled.
PS. I voluntarily removed all my banned words list (except blackjack) and permit the url field to test the efficiency of the captcha
- + 10-19-2007 : version 3.51.
Correction of a little bug who ask users to resolve the operation even if the operation was not shown :roll:…
- + 10-22-2007 : version 3.52.
Like some of you don’t like to expose their users list, i added the possibility to hide it from the header (and from a "view-source"). Correction of a little bug to not display the message asking to resolve the operation when you check "Only allow registered users" (useless). The cookie jalCaptcha is now define only if you use the captcha and user has resolved at least one time the addition ;).
- - 10-31-2007 : version 3.6.
You can, now, personnalize the rendered of registered users by a css file (users.css). Example : i add, under my "wordspew" folder, a directory named "img" where i put an icon of Tux Dark vador :). By default registered users appear in bold but you can custom the render to fit your needs. Just edit "users.css" and add your own rules. Thanks to
Kardjo who suggest me the users customization.
- - 11-28-2007 : version 3.7.
As
Robert suggest me, i have, now, add a full RSS support to the shoutbox. By the way, regulars users can suscribe to the feed and stay inform of shouts in their favourite RSS reader
- - 11-29-2007 : version 3.71.
Just a little correction, i forget to add the marker pubDate at the top of the RSS document. Deletion of the comment part in the header of wordspew-rss.php who added an entry in the plugins page of WP as it was an independant plugin causing errors during activation.
- - 02-08-2008 : version 3.72.
Correction of the possibility of a SQL injection in the wordspew-rss.php file. Thanks to Jérôme who informs me and
S@BUN who discover the bug (but who don’t alert me
)
- - 03-17-2008 : version 3.73.
Security issue was not 100% corrected in the last release, so SQL injection was possible, in certain case, by the wordspew-rss.php file. Big thanks to Bob
who informed me and gave me the solution to correct it
Have a try on it and give me some feedback please
If you want to see the CheckSpam function in action, try to send the word
blackjack in the shoutbox
Installation : use the software of your choice to extract, from the archive, the folder
wordspew in your
plugins directory.
If english is not your native language, download the PO-MO files of your need below, and extract them in the
wordspew folder of the plugin.
You can
eventually modify the translation if you want adapt it using a PO file editor such as :
- KBabel (Linux) should be available as a package for your Linux distribution, so install the package.
- poEdit (Linux/Windows) available from http://www.poedit.net/.
Attention, it’s the
wordspew-xx_XX.mo file that you have to put in the
wordspew folder, the PO file is just here to generate the MO translation file…
Then, activate it on the
plugins page. If you have a 1.5.x release of Wordpress or a version who don’t use Widgets, call the function (usually in the
sidebar.php file) by this way :
<?php if (function_exists('jal_get_shoutbox')) { jal_get_shoutbox(); } ?>
Otherwise, go in Presentation -> Widgets and drop the shoutbox where you want it.
If you make an update, don’t forget to deactivate/reactivate the plugin.
Special thanks to :
Mänu and
Rita for German translation,
800A for Italian,
Pedro for Spanish,
Andrei for Romanian,
Gumbah for Dutch,
Pica for Hungarian,
Zulan for Swedish,
Piotr for Danish,
Xavi for Catalan,
sain†sinner for Ukrainian and Russian,
Tzafrir for Hebrew,
Emil for Norwegian,
Tinh Linh for Vietnamian,
Xu Cong For Chinese,
Mika For Finnish,
Zafer for Turkish,
Rodrigo for Portuguese,
Joca for Serbian.
Cet article a été publié
le Mardi 28 février 2006 à 2.57 et est classé dans Plugins.
Vous pouvez en suivre les commentaires par le biais du flux
RSS 2.0.
Les commentaires sont fermés, mais vous pouvez faire un trackback depuis votre propre site.
2006-04-07 à 1.51 Hi Pierre,
I’m using your (edited) plugins.
I want to put words "Actually xx spams blocked" under the shoutbox
so, every visitor can see that. How do I do that ?
thanks anyway,
-bw
2006-04-25 à 4.14 Hi Pierre,
why the plugins is not working against the spamwords that already entered in Options > Discussion ?
2006-04-25 à 11.13 hi boy, to answer to your question, you have to add by yourself the new banned word as soon as a spammer bypass your list. By the way you’ll get less and less spam in you shoutbox.
2006-04-27 à 1.27 Pierre
I can’t get the sound to work
can you say which code you edited to make this?
where do I look for the problem
2006-04-27 à 1.38 Tez,
hard to reply without any link to have a look ;). I’ve tested the sound alert on IE 6, Opera 8.x and FF without any problem. Perhaps a plugin problem if you use FF as browser.
2006-04-28 à 2.53 Pierre, is it possible you email me?
2006-04-29 à 10.37 Pierre I get the following errors when viewing my site from a mac running FF. Also similar errors from a pc internet explorer which seemed to go away when I reduced the size of the shout box. I also would like to change the default noise - is this as simple as changing msg.wav?
Warning: strpos(): Empty delimiter. in /volume1/web/wp-content/plugins/wordspew/wordspew.php on line 387
Warning: Cannot modify header information - headers already sent by (output started at /volume1/web/wp-content/plugins/wordspew/wordspew.php:387) in /volume1/web/wp-content/plugins/wordspew/wordspew.php on line 425
Warning: Cannot modify header information - headers already sent by (output started at /volume1/web/wp-content/plugins/wordspew/wordspew.php:387) in /volume1/web/wp-content/plugins/wordspew/wordspew.php on line 426
Warning: Cannot modify header information - headers already sent by (output started at /volume1/web/wp-content/plugins/wordspew/wordspew.php:387) in /volume1/web/wp-content/plugins/wordspew/wordspew.php on line 428
2006-04-29 à 11.43 Hello Tez,
1/ I don’t know why, i’ve never seen that kind of error. Perhaps a corruption of wordspew.php ?
2/ yes you can change sound by adding your own pop alert. Keep attention of size (in kilobits) of the wav file and rename it "msg.wav" in the wordspew directory, that’s it. Now you’ve got your personalized sound alert
2006-05-13 à 9.25 I couldn’t get the plug in to show up in the plug ins list. I do not know why this is happening.
2006-05-14 à 1.42 Shoutbox back online! So. Pierre sei Dank gibt’s meine Shoutbox wieder. Er hat das Original-Plugin von Andrew Sutherland mit einigen Spamblock-Funktionen nachgerüstet. Ich bin jetzt mal gespannt, wie sich das bewährt. …
2006-05-14 à 2.54
You rock, my good man, you rock. Thank you again. I’m just over here givin’ you some love for all your hard work ;) So far so good.
2006-05-14 à 3.09 hi, please do not confuse me with Aimee, anyway, I was browsing ard the net for more wordspew variations and I saw this: http://rudd-o.com/projects/wordspew/
it mentioned about the sql injection problem which sounds pretty dangerous (?).
Also, I like the feature where it tells you who is online at the board at the moment which is quite cool..
Is it possible for you to implement this?
I was trying to but I realised my knowledge in PHP is too weak…
2006-05-14 à 3.19 Sorry Mänus i don’t understand at all deutch :(…
2006-05-14 à 3.21 Thank you Aimee you’re sweet
2006-05-14 à 4.25 Hi Pierre,
that was a trackback from my own blog, that’s why it is german. All I said there is that I found your modified version of the shoutbox and that I installed it. I won’t translate it into english now, because Aimee has already said it all
2006-05-14 à 6.08 haha pierre’s a great guy.. i bet he spent at least an hour on my blog trying to figure out wads wrong with my box (though both of us still unable to fix it)… but i really appreciated that.. :)
2006-05-15 à 12.45 Good work Dingyan,
you finish by founding it, by yourself :D. It was just a buggy wordpress theme ;). Now i let you appreciate your brand new shoutbox !
2006-05-15 à 3.36 thx for the tip and you have done a great work !
2006-05-15 à 6.52 Thank you hefebreo
i let you play with it now
2006-05-16 à 4.08 Hi Pierre,
thanks for stopping by & letting me know of your newer version shoutbox.
I downloaded heavier ver. just like I wanted all this time to fight spammers.
Haven’t tried it yet but one question :
If that’s successfully installed, does it reduce the need of spamwords we’ve put in ?
I don’t have registered user.
thanks for your hardwork mate,
-bw
2006-05-16 à 5.53 Hi boy,
you can lighten your banned word list (no need to add http in it for example) but it’s one more security
2006-05-17 à 12.15 Thanks for stopping by and letting me know about your enhancements to the Wordspew plugin, Pierre, and I thought that door-to-door salemen were a thing of the past
2006-05-17 à 4.56 Hi Rusty,
you know i have nothing to sell
2006-05-18 à 12.23
After being bombarded with bot spam over the past few days, I finally found your plugin. It took me seconds to install, and it works fine.
I just wanted to thank you for doing the modification.
2006-05-19 à 1.45 Hi Pierre - so I finally installed the new plugin, it works like a charm. I was not having any spam problems at all with the oroginal version (maybe akismet was catching them all?) Or maybe we were just lucky…. At any rate, I like the mods you added, particularly the sound notifiation. It works perfectly! The only thing I had to do was add a little padding to the em#responseTime css to keep it from clipping the sound on/off image off on the top and it was good to go. Thanks Pierre!
2006-05-21 à 11.57 Hi Pierre, I appreciate seeing your modifications here.
The shoutbox is a great addition to our blog site, but spam has been an increasing problem. I have also made some modifications and have a couple of other ones in mind. I’ll mention them here, in case they are of use to you or others:
1) Limit the number of links per message
At the start of the jal_addData function, add the following three lines:
$max_links = 3; $pattern = "`(http|ftp)+(s)?:(//)((\w|\.|\-|_)+)(/)?(\S+)?`i";
preg_match_all($pattern, $jal_user_text, $html_matches);
if (count($html_matches[0]) > $max_links) { return; }
2) Block messages with the URL field in the $_POST array
Uncheck the "use URL field" in the shoutbox settings and then block all spam POSTs that include the URL field:
Also in the jal_addData function:
if ($jal_user_url != "http://") { if ($jal_user_url != "") { return; }}
3) MD5 Hash field
Something I have thought about but not yet implemented is to include a hidden field in the shoutbox, the value of which is a MD5 hash key of something definable, which changes every day. The id of the field could also change if desired.
For example:
$hidden_field_id = md5(date("dmy")."randomstring");
$hidden_field_value = md5(date("dmy")."randomstring2");
This way, the key would change every day and its presence in the $_POST array could be checked before allowing each message through. A potential issue would be where a user opened the web page with the shoutbox before midnight and then submitted a post after midnight, as the dates will then be different. To prevent this problem, the script should also check for the md5 key for yesterday’s date.
This approach would prevent mass-spam being sent out to all sites with shoutboxes. The spammer would need to know the md5 key for that day, or write code that would automatically read it. Different methods could be used to make the latter more difficult.
Any thoughts?
2006-05-22 à 3.47 Hi,
you know i have already implement such things in my release ;). And by the way, all the bloggers who adopt it are happy with it and all works fine. It’s extremly rare (but you can’t say never :() that spammers arrived to bypass all the filters ;). Have a try on it, i let you judge :D.
2006-05-23 à 12.29 OK… so I’m road-testing your modified version.
Is it my imagination, or are your extra steps likely to slow the page-loads by any perceivable amount?
Also, I can’t seem to get rid of the horizontal scrollbar - even though I’ve tried to change the ‘Horizontal Scrollbar Killer’ in the CSS file. Any suggestions?
Thanks,
Prem.
2006-05-23 à 1.42 Hi,
the shoutbox have never fundamentaly change, so the ‘Horizontal Scrollbar Killer’ is always in the CSS file. Try "restoring" your css.php file. But don’t forget that if your shoutbox contains a very long sentence made by a suite of characters (like aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa or by script code, like on your shoutbox your example with $pattern = "`(http|ftp)+(s)?:(//)((\w|\.|\-|_)+)(/)?(\S+)?`i";
It’s absolutely normal that the horizontal scrollbar appears permetting to users to read the rest of the "hidden" content. For the extra steps… sorry but during the page load there no particular script able to slow down it. The only process who is able to slow down the "load" is when you post a new comment if you’ve got an old PC with a processor less than an athlon 800 (i done test with it, without any slow down performance) and the admin has add a very big list of banned words. In that case, like the javascript is execute on a "slow" machine, yes this is possible
2006-05-23 à 10.36 Of course! I was overlooking the line of code in the shoutbox. Thanks for your reply, Pierre.
2006-06-04 à 4.23 […] the day before yesterday , i found a new nekobe's AJAX shoutbox and Pierre's AJAx shoutbox . […]
2006-06-10 à 4.25 Hey there Pierre, Love your shoutbox…I’ve been dying to use it but I keep getting this annoying error that’s stopping me from using your wonderful shoutbox..
Warning: chmod(): Operation not permitted in /home/mazzie/public_html/blog/wp-content/plugins/wordspew/wordspew.php on line 34
I have CHMODded the wordspew dir to 777, the wordspew.php to 777 and even the spam.txt to 777 just to allow anything to be changed from the CHMOD operation inside wordspew.php but it is still not working…some help would be nice
2006-06-10 à 10.45 Hi Ahmaz, i had a look on your blog but you have installed the "wordspew.php" file from the Ruddo version and the "fatAjax.php" from mine… So the call of CheckSpam in sendComment function make impossible the sending of message in normal way. Have you try to just chmod the "spam.txt" file to 666 ? Actually i can’t do any test with the mixed plugin you have installed…
2006-06-10 à 1.11 I have removed Rudd O’s and uploaded yours even with the error…now I get a new error in front of my blog..
Warning: Cannot modify header information - headers already sent by (output started at /home/mazzie/public_html/blog/wp-content/themes/tarski/header.php:18) in /home/mazzie/public_html/blog/wp-content/plugins/wordspew/wordspew.php on line 556
I am at a total lost at what to do…I have CHMOD the spam.txt to 666, I still get the error. Do you have MSN/instant message service so we can talk?
2006-06-10 à 11.02 ok, Sorry Ahmaz, i just read your message now… I’m gone on your blog and all was working fine. I think you have find the solution. Like it’s a particular case, do not hesitate to share info with us
2006-06-11 à 2.54 Actually, it still isn’t fixed O.o that modify header information error is still there…maybe only I can see it…it’s weird though…I do not want to do any edits just yet until I can clear the errors…
2006-06-13 à 11.00 Pierre, I’ve tried your normal version and so far, its working nicely
I have a question though. Did you remove the User Online script from the shoutbox? is it possible to have it in? I would like to see how many ppl are viewing my blog lol.
2006-06-13 à 6.01 I have the same problem as Ahmaz. And its weird because after seeing you last comment I checked on another computer. The error seems to only show up for the admin.
2006-06-13 à 9.15 Hi Pp, as i answer to Ahmaz in his shoutbox, on the heavier version i try to write a cookie if it’s a registered user. And that’s the line who create the error… I think that on the other computer you were no loged in did you ? I investigate on that weird error…
2006-06-16 à 3.35 Heyo Pierre
Thanks for your great modifications! Though my question still stands, is it possible to add the users online script back like in Rudd O’s version? hehe.
2006-06-16 à 2.19 Hi Ahmaz, i’m really not sure to implement that part of code directly in the shoutbox (at least for the moment). For my part, i prefer to use a separate plugin available here. It, sure, don’t refresh by itself but, for the moment it suffice to my needs ;). Perhaps, i’ll add this functionnality later or someone else, as i do from the Andrew’s plugins, will do it by himself. we’ll see ;).
2006-06-16 à 6.34 Pierre,
Version 2.0 is working like a charm! Thanks!
I modified fatAjax.php so that now it pulls smilies in directly from Wordpress. Here is a link to fatAjax.php.txt on my site if you want the whole thing.
I only changed the var smilies section. I just removed the hard coded smilies and put in a little bit of PHP. Here is that snippet of code:
2006-06-16 à 10.29 […] Pierre has found a way to fix the Ajax Shoutbox plugin for WordPress. It stops the spammers cold, by making it use the banned words list that you can access in your WordPress blog by logging into your dashboard and going to options then discussion and look for comment moderation common spam words. You just add common spam words to it, and Voila, no more spam. […]
2006-06-16 à 10.48 Pierre is one awesome guy. He came to my site and stayed there until I got it working right. Thanks Pierre.
2006-06-17 à 12.15 Thanks Pierre for the update. The whois thing looks cool.
2006-06-17 à 12.32 Hi Little Wolf, the count of blocked spams are now stocked in database because i’ve got too much problems with the spam.txt file…
2006-06-17 à 4.35 I am still getting a weird error in my header. Warning: ob_start(): output handler ‘ob_gzhandler’ cannot be used after ‘URL-Rewriter’ in /home/staticbr/public_html/wp-includes/functions.php on line 829
can you help me fix me it?
2006-06-17 à 4.40 the weird thing is that it only happens when i am logged in to my admin area and viewing my site. if i log out i do not see it.
2006-06-17 à 1.52 Hi Static, i answer to you in your box. That kind of error is not a plugin error. It appears when you check the "WordPress should compress articles (gzip) if browsers ask for them" checkbox in Options -> Reading. It can be a random error, anyway, try to uncheck it, normally it correct that kind of error ;).
2006-06-18 à 8.22 Dear Pierre,
Do you know if it’s possible to get the sound to work in FireFox? I’ve installed the quicktime plugin, but I still get the message I need to install a plugin.
2006-06-18 à 10.24
Hi pierre, nice to meet ya.
I’m sorry, I really forgot how to make the smileys non-border..
You had tell me but I really forgot how to organize it once I use the new versions..
Can you give us some instructions to makes the smiley non-border?
2006-06-18 à 11.36 @Wouter, sorry but for me, the fact to add the quictime plugin make all works fine. It add "npqtplugin.dll" and the correct MIME-type "audio/wav". But i have Windows (XP) perhaps you use Linux… If someone know a simple package (Windows, Mac or Linux) or a particular tip to make the sound easily work for Wouter (and others), share, here, the information please ;). If you translate it, Wouter, don’t forget to share your translation with others :). For that you can contact me on the contact page or by the box i’ll download the file and make it available on my blog for everyone TIA.
@ikoko : if you have border around the smileys icons and want to remove them you’ll found #chatoutput .wp-smiley { vertical-align: middle; } line 55 of css.php add border: none; at this line and all will be ok. if you want to remove the border of the sound icon you’ll found an empty #JalSound { } line 56 of css.php add border: none; in it. that’s all
2006-06-18 à 11.42 Ok, thanks pierre.. I just made it successfully
2006-06-18 à 11.57 Hey, Thanks Pierre. I did what you said and unchecked the gzip and it stopped the error.
2006-06-20 à 7.42 Thanks for this great plugin~
2006-06-21 à 3.21 Merci beaucoup Pierre pour ce bon Plugin.
2006-06-22 à 12.37 I second that. Thanks alot Pierre for your wonderful support/plugin
2006-06-30 à 2.05 Hi, there I tried it on my site and it’s working great except for the fact that it doesn’t show the name of the person who tagged the tagboard, no idea why though, I didn’t change anything?
2006-06-30 à 2.27 Hi Diana, you’ve got a little problem, but i can’t help you without any URL… Can you let it to me in the box please
2006-07-01 à 2.50 Hi Pierre, Thanks for the fast reply but I got it figured out this morning. It’s a problem with my style and I fixed it. Thank you and the plugin is great
2006-07-16 à 8.32 Hi pierre, thanks for this great plugin! I just installed it for my friend and it’s working fine, except that it’s not showing the smileys. Also, if I update to a newer version, will it erase the old posts??
2006-07-17 à 3.23 Thanks Pierre, excellent plugin, solved my problem with spam.
2006-07-17 à 4.06 […] Update 3: So, nun ist endlich Ruhe mit dem Spam in der Chatbox! Der Pierre aus dem Heimatland des Kopfstoßes Frankreich hat das ursprüngliche Plugin ganz toll überarbeitet und kehrt hoffentlich Ruhe ein. Danke Pierre! […]
2006-07-21 à 12.14 […] Im übrigen handelt es sich bei der Quasselbox um das Plugin AJAX Shoutbox (with sound, without spam) von Pierre. I thank Pierre for this Plugin, it is very nice
2006-07-24 à 9.21
2006-07-24 à 2.11 Hello Pierre, can you help me with your newest version of wordspew.
When I have it installed I cant validate at the http://w3.org validator.
I get 13 errors having to do with ‘ phpsessionid ‘
So I got fed up and put in the previous version.
Then I get spam that I have to go in and remove.
Do you know of anyone else experiencing this prob?
I’ll put your newest version of wordspew back in.
So you can click on the valid xhtml link in the lower
right corner of my site and see for yourself the errors.
*smiles*
Please and thank you for your help.
Have a great day ~ Julie
2006-07-29 à 1.54 […] Some of you may have noticed the shoutbox over on the side. I’ve been fighting an ongoing battle against spam in that thing, but I seem to have a handle on it thanks to Pierre. Here’s a conversation that just happened: LarisaLapina : Hello people. My name is Larisa I using internet and i think about dating with other person man from other country. I try find some dating site but i can’t write letters to man because i don’t have credit cart…. I post it mesage at this forum: I WANT FIND MAN TO LONG TIME RELATIONSHIP AND MARRID. I want tell some more information about me. I am single GIRL. if you want start correspondent with me please write to my e-mail address: «email» I will waiting you letter soon. […]
2006-07-31 à 12.09 Salut Pierre, i hope you can help me. I installed your Shoutbox. It works but if you post a comment you must refresh the page to see your comment. It didn’t akutalise self. Sorry my english is bad, hope you can understand. If i take the box from jack it works fine, but there is a lot of spam and i dont’t like this. Hope you can help me. Hugs Biene
2006-07-31 à 12.16 […] Ich habe die Shoutbox von Pierre Sie lässt keinen Spam durch. Leider aktualisiert sie bei mir nicht automatisch. Sowie man einen Beitrag schreibt muß man die ganze Seite aktualisieren bevor man den Eintrag sieht. Ich habe Pierre angeschrieben und hoffe er kann mir helfen. Mit Lexxy habe ich Gestern den ganzen Blog abgesucht nach der Ursache aber wir sind leider nicht dahinter gekommen. Trotzdem hier noch mal einen ganz lieben Dank an Lexxy das sie sich so viel Mühe mit meiner Box gemacht hat *knuddel* […]
2006-07-31 à 12.56 Now i take the fatajax.php from jack and it works, but there is no url-field. Hugs Biene
2006-08-04 à 12.33 […] Ich habe die Shoutbox von Pierre Sie lässt keinen Spam durch. Eine super tolle Box, die keinen Spam durchlässt und auch noch ploppt wenn eine neue Nachricht ankommt. Nach Problemen bei meinem Blog läuft sie jetzt einwandfrei. Ich hatte einen Fehler in der Datenbank. Posted by biene | […]
2006-08-04 à 11.27 Salut Pierre, i put my blog to a new database and now your shoutbox works very well. Thanks for looking at my blog. Hugs Biene
2006-08-10 à 3.29 […] It’s all due to Pierre’s Ajax Shoutbox plugin for Wordpress. […]
2006-08-15 à 10.49 […] Ohne Pierre’s Modifikation des Original-Plugin wäre die Quasselkiste zur Spamhöhle verkommen. Hoffentlich bleibt es so ruhig… […]
2006-08-16 à 9.28 […] Pierre […]
2006-08-16 à 9.43 Pierre, First let me Thanks for the hard work, you have done i.e. you have alomost changed the plugin to its entirity. I have implemented your version. I have some query’s, please reply me, as I have been victimized by some remote scripts, in the original wordspew and whosoever was behind had posted 20,000 messages with just name and links, till I disabled the plugin. I wanted your expert advice on the following issues: 1. As mentioned above about spaming of Shoutbox -what will be the best way to stop remote script posting messages with just Name and Links. 2. Is it possible to itegrate Authentication image code before accepting the comment. If yes, can you guide me “how to integrate Image Authentication code?”. Please advice. Regards, DG…
2006-08-20 à 7.04 Nicebox!
2006-08-24 à 12.17 hi… thanks for the worderful plugin. i knew this blog from frans (http://www.jejak-langkah.net). i used to install ajax live shoutbox but couldn’t stand the spam attack, so i uninstalled it…
2006-08-25 à 10.25 Hi Bagonk,
as i say on your blog, you just have to verify, that you don’t keep somewhere the old version of the Andrew’s plugin. Because you can be sure that, in its actual state, spammers will have a lot of difficulties to be able to do their "work" in the box
2006-08-27 à 9.17 […] […]
2006-08-28 à 4.42 […] Gillar ni min lilla chat ruta till vänster? Vill du ha en egen? I så fall kan du ladda ner den i från Pierres hemsida. Vill du dessutom har den på svenska så kan du ladda ner min översättning. Bara ladda ner den här filen och packa upp den rätt in i din wordspew katalog. […]
2006-09-01 à 7.56 PIerre, I must thank you for sharing your great work. I’ve just installed your version of wordspew and it’s a wonder! Thanks man and keep up the good work! Cheers!
2006-09-04 à 8.06 Thank you so much for your great work. The changes you have made are very nice and I appreciate your time spent on this.
2006-09-08 à 2.34 Nice improvements to the shoutbox!
I would recommend adding more CSS control or options to the layout instead of using certain options multiple ways…
Mr Papa
2006-09-17 à 8.13 […] Pierre was nice enough to leave a comment about his updated version of Jalenack’s shoutbox, which combines some of the IP blocking functionality of JohnPuPu, plus many other spam-fighting and bug-fix updates, and a few new features. […]
2006-09-21 à 4.39 […] die alte Shoutbox war nen bisschen Buggy. Manche Beiträge wurden gespeichert, andere nicht. Das suckt. Und nach ein paar Minuten Google war die Lösung gefunden. Hab das Ganze mal eingebunden und an’s Design angepasst; probiert’s doch mal aus […]
2006-09-22 à 1.56 To remove horrizoltal scrollbar, you can split the too long words. Look for "$jal_user_text" in "if(CheckSpam($SearchText.’ ‘.$SearchURL.’ ‘.$SearchName))". Replace it with:
$jal_user_text = preg_replace("/([^\s]{16})/","$1 ",jal_special_chars(trim(substr($jal_user_text,0,500))));
This will split every words more than 16 letters.
Tres jolie plugin Pierre
2006-09-23 à 4.02 Good try Kenzo ;), but what about url… ?
Bien essayé Kenzo ;), mais avec les url… ?
2006-10-03 à 4.11 Wow! Pierre, I have to thank you, I just checked on my shoutbox.. and I’ve already blocked 4198 spam posts! Over 3000 are from just the past 3 or 4 days. Thank you thank you thank you!
2006-10-03 à 8.36 hi I installed your plugin on my blog cause I was going crazy because of the spambots, but it doesn’t seem to show the messages without reloading the page… i really like that feature (that the message appears without reloading) and I would apreciate very much if you can help me… PD: it would be nice if you add the feature of who is online on the shoutbox like in rudd-o’s wordpew http://rudd-o.com/projects/wordspew (the one i used before but as i said i couldn’t stand all the spam)
2006-10-04 à 7.32 @Justin, happy you like it Justin. @ May, sorry i’d like to be able to help you but when i go on your blog there’s no shoutbox… I think that like you’ve done an update from another shoutbox (Ruddo’s one i presume) you haven’t clean your browser cache ;). Like fatAjax.php change in its content it generate some errors when you don’t clean your cache. So the only thing i can do for the moment is to ask you, if you can do another try (after the browser cache cleaning ;))
2006-10-05 à 8.23 hi there, I am interested in using a shoutbox in a non-wordpress-site can I somehow implement your shoutbox? I only found 1 other product but they use iframe and said if I was looking for a non-irfame shoutbox to have a look at your shoutbox… thx ovidiu
2006-10-06 à 2.54 Hi Pierre, I do not have yet the solution for the links… I look for a regex (expression relational) to filter the word which do not begin with “http://”, but i do not find the keyword for the negation. You have a better idea =) ? @+
2006-10-09 à 4.45 @ovidiu, sorry ovidiu but the shoutbox (at least in his actual state) is only for Wordpress. But if you’re courageous, get in the code and adapt it to your needs ;). @Kenzo, ok i’ve implemented and corrected your code to split only text (and not urls). You can download the new release to see it in action ;).
2006-10-11 à 9.38 ok i tried cleaning the cache of my browser and it didn’t work I’ll leave it the way it is right now so you can try to fix it plz… i really like having a shoutbox in my blog and it doesn’t work without reloading
2006-10-16 à 9.16 All works fine now, May
2006-10-19 à 12.16 hello pierre, I have another question, I am trying to implement your shoutbox into a wpmu site, thats the multiuser version of wp and I ran out of luck. can you check out the site I linked to in the url field: http://zice.ro and see for yourself what the problem is? you click on send and nothing happens, any idea whats wrong?
2006-10-19 à 4.15 Hi ovidiu, i answer to you on your blog. But actually you use an other shoutbox (from freepress) so i can’t help you with that one ;).
2006-10-19 à 6.00 nice! finally great new feature pierre! merci de la mise à jour! (did I say that right?)
2006-10-19 à 6.07 You’re welcome joiz ;). And yes your french sentence is perfectly correct
2006-10-19 à 7.10 hi pierre, I am sorry for my post, about the problem with your shoutbox, but after I did not get it working in a couple of days, today I switched to freepress shoutbox and got it working. anyway maybe you should have a look at its specifications, there are a few interesting options there too. just to name one example it treats all comments in the shoutbox as real wordpres comments and feeds them through all psma filters available on the system aka akismet, spamkarma2 , etc.
2006-10-20 à 6.42 thx for checking, and yes I gave up on your shoutbox as I did on andrew’s
2006-10-21 à 6.32 I haven’t updated to Pierre’s version (yet), but feeding all the comments through the well-known antispam systems as akismet/spamkarma2 etc would be the best solution IMHO as each user can define custom settings for their blog, blacklisted entries will be not allowed at all etc… You think you can do it, Pierre?
2006-10-22 à 10.56 Hi Pierre, I wanted to take a look at the german .po-file in order to translate all untranslated strings, but I was not able to find any string that needs a translation. Can you point me to the file that contains all strings that need to be translated? Or has the german translation already been done? Greetings, Mänu
2006-10-23 à 8.58 Hi. I was using this great plugin without your spam mods. I use an other language and I downloaded your translation, but it didn’t work. I’ve put it on the wordspew dir. May I do some extra changes? Thank you.
2006-10-23 à 10.22 Hi Xavi, i do a copy and paste here of what i answer to you in your shoutbox ;).
2006-10-23 à 10.23 Hi Mänu, i’ve seen your comment on my blog. And that’s right i hadn’t posted the file with the missing part. It’s now done.
2006-10-23 à 10.35 Hey! I saw your comment! jeje! It’s curious because I had the correct name few minutes ago and didn’t work… maybe it was a cache lag… Now it’s working as expected. I’ve done a new translation for catalan language (it’s not spanish). Maybe you’ll find interesting to download the ZIP file for further catalan use (including the PO and MO files): http://www.ladragonera.com/extres/ca_ES.zip Thank you very much for your efford.
2006-10-23 à 10.38 And for the translation, maybe you’ll need a catalan flag
2006-10-23 à 10.55 Thank you, Xavi, it was exactly what i was searching for
2006-10-23 à 11.02 Pierre, I know my flag is very custom-made
2006-10-23 à 11.06 […] Direcció del plugin versió millorada: http://pierre.sudarovich.free.fr/index.php/2006/02/28/ajax-shoutbox/ […]
2006-10-24 à 11.00 Thank for the new version. The useronline feature is a great idea!
2006-10-24 à 11.13 Pierre: I have few questions: 1. how can I display all message on my shoutbox? (There have been %s messages in this shoutbox) 2. i can’t write link. Always have an error message: Sorry, but you can post only one url by message… 3. how can I link your useronline row to GaMerZ useronline page (http://blog.picaboy.com/useronline/) That’s all. For a while…
2006-10-24 à 12.23 Hi Pierre, you can find the translated files here: http://www.fritteli.ch/wp-content/plugins/wordspew/wordspew-de_DE.po and http://www.fritteli.ch/wp-content/plugins/wordspew/wordspew-de_DE.mo
2006-10-25 à 11.51 Pierre, you have the new catalan translation of your plugin stored at http://www.ladragonera.com/extres/ca_ES.zip as usual
2006-10-25 à 12.1