50th Article – A CallamMcMillan.com Update

In a little over seven months CallamMcMillan.com has published 50 articles on a wide range of topics, ranging from the technical – Cisco discussions and the like, to the bizarre, such as the terminally stupid, via everything in between. Unlike some of the articles which made the previous version of my website, I have tried to make these more considered and more on a single topic! So for the 50th article I thought I’d do a summary of my latest changes and take a look at where the site will go next.

At the moment I am working on two aspects of the site. The first was a simple change in order to cut down the amount of spam on the comments pages, some days I was having to reject every post as spam, and the amount of spam comments outnumbered the non-spam comments, all of them trying to pedal fake drugs and the like. I have resolved this issue by using Google’s ReCaptcha system, something I never previously considered because of my aversion to 3rd party software and not wanting to add the complexity. I was however pleasantly surprised at the simplicity of the setup.

I went to the ReCaptcha site at http://www.google.com/recaptcha which is linked to my Google account and generated a key pair to use the service.

I then downloaded their PHP module into my site and uploaded it to my web server. To actually use the ReCaptcha function I include the recaptchalib.php file and call the recaptcha_get_html function, passing my public key as a parameter.

Also required, but trivial to implement is a message to let the user know when their post failed because they did not successfully complete the challenge. There, done! That was all that’s needed on the client side. For the server side the process is equally simple. Having included the library in the posting script and defining the private key, this is passed along with the challenge and response to the recaptcha_check_answer function.

The returned object can then be interrogated to see if the response is valid and act accordingly. Put together this produces the box in the comments section allowing me to cut out virtually all spam.

Once comments are submitted, I want to be able to verify the reputation of the post (This is the second part of the comments issue.) In order to do this I collect three useful bits of information; a name, email address and IP address. To turn this data into useful information I use http://www.stopforumspam.com.

When a comment is posted it will be rated using their API and my administrative console I am building will tell me whether any of their details have previously be associated with spam. To do this I connect to the following address:

http://www.stopforumspam.com/api?ip=[IP]&email=[EMAIL]&username=[NAME]

This will return an XML container with details of:

  • Parameter Type;
  • whether it appears;
  • when it was last seen;
  • how many times it has been seen.

I will then write a function to parse this container to format a table of comments requiring moderation. What this system will not do however is automatically block comments, so even if it is marked as spam I can still approve it for display.

The other major project I am working on is the Domain Security Model (DSM) which is a role-based security system for the site. In terms of necessity, there is little call for this level of access control, however from a research/coding perspective, it is an interesting challenge.

The DSM works like the windows permissions system and consists of Users, Roles and Domains:

    • A user is anybody with a username and password
  • Users may be aggregated into a Group.
    • Users or Groups are assigned to a Role.
  • A Role defines one or more actions an authorised User or Group my perform on a Domain.
    • A Domain is a group of objects such as users or blogs.
  • Roles assigned to a domain can be delegated to the Sub-domains
  • Sub-domain/User grants (of permissions) will always override a Domain/Group grant.

This idea is currently in the very early stages, however as I flesh it out and get more functionality working, I shall provide more details on the structure and implementation of the DSM.

Share

Leave a Comment

Your email address will not be published. Required fields are marked *