I need a CMS that allow me to interact with people anonymousely... The site will present some video, some picture... but i need to :
Let ANYBODY without registering send video, post and picture. those media will fall into a queue for approval by real persont that manage the site, and send that to the right category !
So if you know plugin or extension for joomla, drupal or wordpress that do that or another cms that will allow the flexibility to do that...
Dont tell me it's dangerous to let anybody upload photo, i can get porn, but it will be filter by human, and registering under false name do the same thing
Sure, that's easily enough done in Drupal.
Set up standard drupal. Get CCK, and the video modules necessary for how you want to handle video - filefield/imagefield is probably pretty close to what you need.
Set up the content types you want the users to be able to create. Give the anonymous user role the create permissions for the types you want anonymous users to use. Unset the published check box in the content type forms, so that new nodes will not be published.
I would then snag a copy of the workflow module, which will allow you to define states for the nodes to be in (such as 'waiting for review', 'approved', or 'rejected') and set up roles for your moderator(s) to review the content and approve. Workflow's a pretty easy module to get working.
And there you go - anyone can create a new node, but the node won't be seen by visitors to the site until after it's been approved by a moderator.
A final thought - including a module like spam or mollom might work with preventing new nodes that are only spam from bothering your moderators. Captcha might be helpful too, although that does get bypassed at times.
Related
i'm developing a tumblr theme that hinges a lot on the user being able to add redirect pages, but when you create a new tumblr account that option is unavailable at first. the only official word on this that i can get is:
"In order to prevent spam and other types of abuse on Tumblr, that
feature is locked on new accounts. After you’ve used the account for
awhile to do things like following other blogs and choosing your
blog’s appearance, the feature will be unlocked so you can use it. We
apologize for the inconvenience."
i understand why they are purposefully vague but i need to know so i can tell clients what to do in order to use my theme!
anyone know what it takes?
How websites like Facebook and Twitter are protected against bot during registration? I mean, there's no captcha at all on the signup form?
I want to create a signup form for a project, and I don't want bot during registration and Captchas are often ugly..
edit:
My question is really during the registration because I know Facebook uses Captchas once registred for the first time.
Facebook uses some sort of hidden spam protection, if you view source of sign-up form you will see things like:
class="hidden_elem"><div class="fsl fwb">Security Check</div>This is a standard security test that we use to prevent spammers from creating fake accounts and spamming users.
so capture becomes visible when javascript will think that you are a bot.
Where is few methods of making it harder for bots to complete registration without capture, things
like timing to fill out form, originators of mouse clicks events ect.
also random session based values in form (to privent direct submissions without downloading of the form first)
also some people use hidden form elements with common names like 'email' that is styled invisible in css but common simple bots will try to fill out all form fields and so you can block them if this hidden element have any value
twitter and fb spend lot of time on developing tecniques to block spammers i don't think they will made it public as it will be counter productive for them to fight the spammers.
But all the client side javascripts you can download from fb or twitter and study them if you want, because most of the protection will happen inside client not on server.
server could only issue some random session variable, check for valid headers in request, overall time etc. its really limited.
some sites are also use ajax exchanges between server and client during the time when user is filling out the form , mostly just to make it harder for bot developer to do simular fake exchanges of data.
Anyway, unfortunatelly where is no easy solution to do decent protection , espesially without captcha or some kind of question
also,
for submit button you can use image map instead of button,
you can dynamically create big image with a submit botton image drawn on it at random position using things like GDI in PHP and using css to display only portion of that image with the actuall button, and on server side check X and Y position of where mouse was clicked, this will be hard for bots to break.
Unless they use real browsers and just emulate keyboard and mouse. Anyway , as i said unfortunatelly where is no easy solution.
One way would be to send a verification to the user's email address or cell phone and obtain verification (so in that case, you would have to allow only one email address or cell phone per account)
Another option is to use "Negative CAPTCHA" or "Honeypot Captcha"
I don't know how Facebook and Twitter do it, but if you want to create something simple and that doesn't interfere with your site aesthetics, I know that some websites just ask the user to enter an answer to a simple math problem like "what is 2 + 3?". This is not the most secure way to do it, but it's just a thought.
Well you can always deploy hardware solutions as well to create Layer 4-7 firewall rules. You can create specific rules to look for the well known agents of bots crawling the web. However to stop newly created bots you need to know what agent they are using for the bot.
Since you don't want CAPTCHA, you can use Keypic - keypic.com - which is an invisible protection, no CAPTCHA needed. It's an efficient antispam method for any web form. Site users don't pass any tests which is good for the site as it improves the quality of the user experience and thus raises user engagement. The solution is a kind of an expert system which analyses the behaviour of the users and checks the databases, then makes a conclusion if the request comes from a legitimate user or a robot.
BTW, Twitter and Facebook still use CAPTCHA for password verification which is a very disputable method in terms of efficiency of such protection.
I had a problem with tons of bots signing up for my Nintendo site so I put a single image of Mario on the sign-up page (making sure nothing in the image data said "Mario") with the text "Who is this? Answer in one word." Haven't had a single bot sign-up since. Not sure if this is actually a good solution though, not sure how smart bots are. I'm kind of surprised that it worked.
In theory it might be keeping out a few legitimate users, but it is hard to imagine many legitimate users of a Nintendo site not knowing who Mario is...
I've been thinking about an online idea for about 3-4 years now and can't get it out of my head so I've decided to act upon it and see if I can get it working. Currently working a POC and design layout which I plan to tender for development.
The main part of the portal and most important component involves user sub-sites. I am unsure how to tackle the process for a user to create a sub-site during the registration process and/or what path to take.
Let's say the main site is www.abc.net - the user would then register a sub-site based on the credentials they input. E.g. user1.abc.net, mysite.abc.net or joeblog.abc.net... whatever they want and so forth. No SEO required - The site templates are fairly basic and the sub-sites will be accessible through the main site. So the process to be:
User logs onto main site and registers
During registration, user enters details including sub-site name they want
Select the template they want - basically different colour schemes. Functionality to be the same for all templates
their site is created
when the user is logged on they get directed to their sub-site
Ability to edit their sub-site - add content and add extra pages, change details…. etc
General users (registered or anonymous) would be able to browse and search content to the sub-sites via the main site.
Each sub-site to be independent from each other - no content sharing. Basically they are separate websites hosted as sub-sites but need they need some type of editing available like a CMS. Not sure if a shared CMS is possible but the owner has to be able to modify content to their own sub-site.
So my question are…
Do I try and use a Drupal/Wordpress/Joomla CMS with multisite functionality?
Do I try a solution where I have a collection of simple sites that I use for sub-sites, each to have their own database and some type of CMS or WYSIWYG for editing? Is separate CMS even possible for each Sub-site?
Any input would be greatly appreciated.
As far as I know this would not be possible as the CMS would not have access to your server where the sub-domain is created.
It would be possible to offer something similer using Joomla as it offers the option to apply custom styles (templates) to different pages. You would however have to adopt the following URL convention www.yourdomain.com/userselectedtext.
You can then have a page where users register with your site and the cms creates their page.
User permissions in joomla can be set so only the owner of a particular page can view or edit it.
You can check out this source: http://www.drupalgardens.com/. Google what platform is it based on. Maybe you'll find some information. Read also about this extension: http://www.joomplace.com/administration-extensions/multisitescontrol.html. It's for Joomla sites. I used this component for multisites content management. Maybe it will help you too.
I would like to build a simple beta request signup page where the user is rewarded with an earlier reward when he is sharing the link to the application as much as possible.
A solution like this is seeable on
trenvy.com
User enters email
User gets unique link with his unique code
User shares this link on every signup its a +1 count on him
An admin method throws out the users emails which have shared the link and brought the most people in. I want to use this email list to use in CampaignMonitor.
Anyone knows what could be a good way to achieve this? Or someone wrote such a thing or knows a git repo that has this feature implemented as is to take a look at and learn?
I have already coded a unique code generator for the app that makes unique codes of 10 chars.
Now only this social media sharing is a bit unclear to me on how to approach this in rails, any ideas on that? thx!
Something like this can be achieved pretty easily in any framework, so I think I'll provide a general answer first, and if any specific gems occur to me, I'll mention them:
1) The unique code part is easy, it's just a parameter in a controller that checks the validity of the code — this would be a unique code that's added to the user model for ease of verification and created when the user first enters his email address.
2) Every time the link is visited, it's parsed by the controller and saves an event (don't just increment a field if you want maximum data out of the interaction, you could save IP for country of origin, time of the page hit, etc), just count the click events for that user for his +1s
3) Just write a quick admin site (i used twitter bootstrap for this recently) that lets you see the user's who've interacted with the system and sort by shares, and you can use the createsend gem to add them to whatever list you like.
There are no specific gems I can think of that'll speed this process up, Devise is overkill, you don't really need an activity monitor gem since you're not storing much info, definitely twitter_bootstrap for speeding up building the admin interface. Heroku lets you add an Sendgrid as a plugin, so you're covered there for mail sending.
Am i missing anything in your requirements? Seriously though this should be a 2-4 day dev effort, nothing fancy here.
I hope this is allowed but I have a number of questions regarding Facebook Connect, I'm quite unsure on how I should approach implementing it.
I am working on a live music type service and currently have user registration, etc. If I were to implement Facebook Connect alongside this, would I still be able to email the Facebook Connect users as if they were on my database?
Also, would it instead be possible to let users who have Facebook "link" their accounts once registered so I am able to give them the benefits of sharing via Facebook and inviting friends while still having an actual registered user on my system.
I have tried to read up answers to the above questions but what I've found is quite ambiguous.
Thanks, look forward to your views.
Facebook's documentation process is very poor, so don't feel bad about having a hard time getting started. Their wiki-style approach to documentation without any real official documents tends to leave the "process flow" tough to grasp, and requires piecing together parts of a bunch of randomly scattered docs.
Facebook has an obligation to protect privacy, so they never make a user's actual email address available to application developers, through Connect or normal applications. They do have a proxied email system in place that you can use, however, you must get explicit permission from a user in order to email them. There's a decent document on proxied email here. You can get permission by prompting for it; there's several methods for doing so linked in that document.
In regards to linking Facebook and local accounts, this would definitely be the way to go. Once a Connect user logs in, you want to store that fact for that user so you can provide the Facebook-specific functionality. I would simply create a normal user account in the database for every new Connect user that came by, with it's own local id, so that you don't have to do special handling of two different types of user accounts all over the site. That being said, the account would obviously have to be marked as a Facebook user's account (I use an externalId column in my users table), and any part of the site that relied on information you might otherwise have locally would have to handle the Facebook aspect properly (such as using proxied email instead of normal email).
For existing users, you could arrange an "account link" by having a process whereby they log into FB Connect after they've logged into the site already, and you could detect that and simply add their FB id to your users table. After that, they could log in through Connect in the future, or through your normal process. I've never done this, but it should be possible.
If you write the account handling code generically enough, your site will be able to function well no matter what kind of user you throw at it.