Mahara

recaptcha for anonymous comments on public pages

Bug #1599241 reported by Stéphane on 2016-07-05

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	Mahara	Confirmed	Wishlist	Unassigned

Bug Description

While it was imperative to give public a voice if desired on selected public page, the fact that comments are anonymous let spammers do their unwanted actions.

It was added in https://bugs.launchpad.net/mahara/+bug/547384 the necessity to set a recaptcha feature in implementing public comment. I has not been done.

Hence the request :

If public comment is allowed on a page and the visitor is not authenticated, there should be a recaptcha feature to limit spam.

Aaron Wells (u-aaronw) on 2016-07-06

Changed in mahara:
status:	New → Confirmed
importance:	Undecided → Wishlist

Revision history for this message

Aaron Wells (u-aaronw) wrote on 2016-07-06:

Hi Stephane,

For what it's worth, reCaptcha did little to stop our spam problem at mahara.org. See Bug 1252098.

That said, I suppose adding it for public comments couldn't hurt. Mahara an API for adding captcha's to forms. You just add a "captcha" pieform element to it.

Unfortunately, I tried it just now, and adding this to the comment form didn't entirely work. It displays the reCAPTCHA okay the first time you load the page, but not after you submit a comment (successfully or not). I suspect this is because we're reloading the comments section via Ajax, and my recaptcha implementation wasn't clever enough to handle that.

If anyone wants to give it a try, the starting point is this:

diff --git htdocs/artefact/comment/lib.php htdocs/artefact/comment/lib.php
index d9d2ce1..846886b 100644
--- htdocs/artefact/comment/lib.php
+++ htdocs/artefact/comment/lib.php
@@ -931,6 +931,7 @@ class ArtefactTypeComment extends ArtefactType {
                     'required' => true,
                 ),
             );
+ $form['elements']['captcha'] = array('type' => 'captcha');
         }
         $form['elements']['message'] = array(
             'type' => 'wysiwyg',

Revision history for this message

Aaron Wells (u-aaronw) wrote on 2016-07-06:

... in other words in the file htdocs/artefact/comment/lib.php, you find the function "add_comment_form", which contains the definition for the comments form. In the "if (!$USER->is_logged_in())" block, you add $form['elements']['captcha'] = array('type' => 'captcha').

You'll also need to go to the Site Configuration page, enable recaptcha, and put in a recaptcha private & public key (you can get these at recaptcha.org). Once you've done that, recaptcha will show up on the comment form for logged-out users.

As mentioned above, though, this basic implementation of it doesn't completely work. I think you'd probably need to hook into Pieform's clumsy Javascript side of things to get the Javascript to properly load up the recaptcha after submitting the form. A starting point for that might be in the file htdocs/lib/form/elements/captcha.php, and looking at how we do it for TinyMCE (htdocs/lib/form/elements/wysiwyg.php) might be a useful starting point.

Cheers,
Aaron

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.