[RFC] Contact Page

These requests for comments/change have lead to an implemented feature that has been successfully merged into the 3.1/Ascraeus branch. Everything listed in this forum will be available in phpBB 3.1.
Post Reply
User avatar
Dog Cow
Registered User
Posts: 271
Joined: Wed May 25, 2005 2:14 pm

Re: [RFC] Contact Page

Post by Dog Cow » Thu Nov 10, 2011 4:48 pm

nickvergessen wrote:Because when captchas are broken or you cant solve them (blind) you still need to be able to contact the admin, to tell him captcha is broken or you are blind and cant solve?
So then you're going to have to whois the domain and pray that the contact email address is valid and monitored. :?

User avatar
callumacrae
Former Team Member
Posts: 1046
Joined: Tue Apr 27, 2010 9:37 am
Location: England
Contact:

Re: [RFC] Contact Page

Post by callumacrae » Thu Nov 10, 2011 6:16 pm

I can't remember whether I have already said this, but the two main captchas (QA and recaptcha) are fine for blind people.
Made by developers, for developers!
My blog

User avatar
MichaelC
Development Team
Development Team
Posts: 889
Joined: Thu Jan 28, 2010 6:29 pm

Re: [RFC] Contact Page

Post by MichaelC » Tue Dec 20, 2011 5:51 pm

If you have a problem with the CAPTCHA (one of the bigger reasons on why to have a contact form) how do you contact the board admin if its on the contact form?
Formerly known as Unknown Bliss
psoTFX wrote: I went with Olympus because as I said to the teams ... "It's been one hell of a hill to climb"
No unsolicited PMs please except for quotes.

User avatar
Ger
Registered User
Posts: 289
Joined: Mon Jul 26, 2010 1:55 pm
Location: 192.168.1.100
Contact:

Re: [RFC] Contact Page

Post by Ger » Thu Jan 05, 2012 9:06 am

Jut to I guess it should be rather simple to add this. RMcGirr and Evil<3 (IgworW) had made an excellent contact form MOD:Contact Board Administration. I guess this could easily be inserted in the core, not?
Above message may contain errors in grammar, spelling or wrongly chosen words. This is because I'm not a native speaker. My apologies in advance.

doktornotor
Registered User
Posts: 27
Joined: Wed Dec 21, 2011 5:34 pm

Re: [RFC] Contact Page

Post by doktornotor » Thu Jan 05, 2012 10:19 am

Ger wrote:Jut to I guess it should be rather simple to add this. RMcGirr and Evil<3 (IgworW) had made an excellent contact form MOD:Contact Board Administration. I guess this could easily be inserted in the core, not?
Yeah exactly... works a treat. Also has the captcha completely configurable (always on, for guests only, disable altogether.)

User avatar
keith10456
Registered User
Posts: 523
Joined: Sat Apr 22, 2006 10:29 pm
Contact:

Re: [RFC] Contact Page

Post by keith10456 » Thu Jan 05, 2012 7:54 pm

Ger wrote:Jut to I guess it should be rather simple to add this. RMcGirr and Evil<3 (IgworW) had made an excellent contact form MOD:Contact Board Administration. I guess this could easily be inserted in the core, not?
+1

I use this mod and it's great!

User avatar
brunoais
Registered User
Posts: 964
Joined: Fri Dec 18, 2009 3:55 pm

Re: [RFC] Contact Page

Post by brunoais » Fri Jan 27, 2012 3:40 pm

Well... there are anti bot systems that might work without captcha.

Make a tree thingy in the form tag.
Make CSS so that the last div inside the form tag is not displayed (no inline @class or @style)
Put that div inside the form (it's the last child of the form)
Inside that div:
Place 2 inputs.
1 input has a default value
The system chooses some characters from a list randomly to place in the @value
The system saves which one was in the $_SESSION variable.
When the form is submitted it compares. If they are different, an error is returned (just make up an error, don't push yourself)

The other input is empty. If it contains any text in it, then this is a bot.

For a cherry in the cake, place a selectbox. The user just need to say (between some options) if he's a bot or not.
The correct answer (option tag) is not always the one with the same @value but it's the one with the same text content (I need to investigate if <span> is allowed inside <option> to see if we can add random text invisible to the user).


Well... I think this way the bot must be really smart to get though. It must know CSS and know how to process CSS properly to decide about those two inputs. As an icing in the cake the select would also create quite a challenge to the thing to decide what to do with a selectbox.

User avatar
naderman
Consultant
Posts: 1727
Joined: Sun Jan 11, 2004 2:11 am
Location: Karlsruhe, Germany
Contact:

Re: [RFC] Contact Page

Post by naderman » Fri Jan 27, 2012 5:51 pm

That is entirely useless, the bot doesn't need to know any CSS at all. It just needs to know that we do that, and it can just send us the right HTTP request. You seem to forget that bots target phpbb, it's not just about bots that randomly fill all fields.

User avatar
brunoais
Registered User
Posts: 964
Joined: Fri Dec 18, 2009 3:55 pm

Re: [RFC] Contact Page

Post by brunoais » Fri Jan 27, 2012 8:37 pm

naderman wrote:That is entirely useless, the bot doesn't need to know any CSS at all. It just needs to know that we do that, and it can just send us the right HTTP request. You seem to forget that bots target phpbb, it's not just about bots that randomly fill all fields.
That's because there's that randomizer for the <select>. If we're able to do it ok we possibly can do that so that a bot cannot discover it.
We can also use an extra field for a simple question that is randomly selected and setted by the forum admin.
We can make things to make the process hard for the bots but, it's not possible to make it impossible for them because their makers have access to the source code.

MartinTruckenbrodt
Posts: 171
Joined: Sun Jan 29, 2006 1:00 pm
Location: Germany
Contact:

Re: [RFC] Contact Page

Post by MartinTruckenbrodt » Fri Mar 16, 2012 7:43 pm

Hello,
very good discussion! ;) BTW: For me it's a little bit strange to see people posting for Akismet which have been posting against other blacklists in past very often. Sorry, for this tiny off-topic. Okay, now back to this discussion.

For the very good Contact Board Administration MOD IMO only one feature is missing: Different recipients for different subjects or tasks.

My strategy:
1. Block spam posts and spam user account registrations done by spambots and human spammers!!! with blacklists. Redirect the very rare false positives to the contact page.
2. Protect the contact page with CAPTCHAs (or with another good different feature(s)).

If a contact page would been added to phpBB core so then please add an impress page, too! :)

Bye Martin
Last edited by MartinTruckenbrodt on Fri Mar 16, 2012 9:02 pm, edited 1 time in total.
Advanced Block MOD 1.1.1 has been released! - Prevent spam on your phpBB3 board with Stop Forum Spam, BotScout, Akismet, Project Honey Pot and several IP-RBL and Domain-RBL DNS blacklists! - My MODs

Post Reply