Personal tools
You are here: Home Luminescence (blog) Categories Plone - 3rd Party Product Tipline
« July 2008 »
Su Mo Tu We Th Fr Sa
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30 31    
Sobre este blog
Musings and meanderings on web technology. Primarily Open Source CMS and it's perks and pitfalls.
 
Document Actions

Plone - 3rd Party Product Tipline

Up one level
I use a lot of 3rd party products for Plone and am constantly testing and trying and manipulating them to do my bidding.

02/03/2007
Document Actions

Force login for COREBlog2 comments(to prevent spambots)

by Donna Snow publicado em 2007-02-03 04:40 last modified 2007-02-03 04:40

I've been busy with clients and the holiday since my last posting. I barely visit my own site because my clients sites take precedence over my own. So I just happened to be perusing my site today when I came across "gasp" - 100's and 100's of nasty, nasty comment spam on my TWO little entries!! Why? because CoreBlog2 is a trusting little product and it defaults to allowing anonymous to post comments to it's innocent little entries. Dirty spammers.


Well unfortunately for these lowly bots of destruction I had just locked down a client site from this very thing only a week ago. The trick? Force users to login to post a comment. It took me quite awhile to figure this out.. and so I share the solution with you.. so you don't have to dig for the answer yourself...


Step 1: Log in to your Plone Site

Step 2: Access your ZMI (Zope Management Interface) either by

  • going to "site setup" link in your personal toolbar
  • OR http://www.yoursite.com/plone_control_panel and clicking the Zope Management Interface Link
  • OR http://www.yoursite.com/manage

Step 3: Once you are inside your ZMI go to the "Security" tab and scroll down until you find all the CoreBlog2 permissions.. you only need to change 5 of the permissions (btw.. here is where I tell you not to monkey with the permissions unless you know what you are doing.. it's a serious, serious thing and unless you are a real Zope pro.. don't go checking and unchecking boxes with out some guidance..of course if you ARE a Zope pro.. you don't need this.. go away ;-))


Step 4:

COREBlog2: Add COREBlog2  - Uncheck Acquire and select "Manager" (if you want members to add COREBlog's as well then select "Member" too

COREBlog2: Add COREBlogCategory - Uncheck Acquire and select Manager

COREBlog2: Add COREBlogCategoryFolder - Uncheck Acquire and select Manager

COREBlog2 Add COREBlogComment - Uncheck Acquire and select Manager, Member, Owner and Reviewer

COREBlog2 Add COREBlogCommentFolder- Uncheck Acquire and select Manager and Owner

Step 5: Scroll down to the bottom and save your changes.


Now logout and view your site as anonymous. If you try to add a comment to a blog post there will be a button that states "login to add comment".



Categoria(s)
Plone - 3rd Party Product Tipline
O URL para efectuar trackback desta entrada é:
http://www.csquaredtech.com/luminescence/force-login-for-coreblog2-comments-to-prevent-spambots/tbping