If you read Molloms API documentation you can see that some calls have an (optional) parameter called author_ip. In PHP Mollom the IP-address is set automagically, so you don't have to worry. But the variable I used could be spoofed.
As you know getting the right IP-address is not that easy. If your application is running behind a reverse proxy $_SERVER['REMOTE_ADDR_HTTP'] contains the reverse proxy's IP. Or if your application is running on a cluster setup the clients IP-address is storred in $_SERVER['HTTP_X_CLUSTER_CLIENT_IP'].
But both of these variables can be spoofed by spammers, so we are not sure these values are right. So PHP Mollom needs to know the allowed IP-addreses for the reverse proxy's. I build in a function Mollom::setAllowedReverseProxyAddresses that accepts an array of allowed IP-addresses.
Please update your applications with the new version.
Reacties
Martin schreef:
15/07/08
I might be mistaken, but should the method setServerList have the first executable line as "$servers = ..."? To coerce the parameter into being an array?
public static function setServerList($servers)
{
// redefine
$server = (array) $servers;
// loop servers
foreach ($servers as $server) self::$serverList[] = $server;
}
The class is nice, but would be nicer if it were a proper object rather than a bunch of static methods.
tijs schreef:
15/07/08
@Martin: Why should it be an "proper" object? Why should I create multple instances of Mollom? Now you don't have to create an instance.
Btw, I can't see whats wrong with tha line. I redefine it, so I know for sure it is an array. Otherwise the foreach will trigger notices.
tijs schreef:
15/07/08
@Martin again: Maybe I should say why I choose to to use a static class in favor of instances.
WIth the static way you can require Mollom and add Mollom::set...Key in your init-object (or configfile).
Once that is done you can use Mollom everywhere in your application without passing instances or creating instance again.
I think this way Mollom is more flexible. But explain to me why I should use instances instead off a static class?
Martin schreef:
15/07/08
Sorry, I should have been more specific about what appears to be a slip. The line looks to me as if it ought to read $servers = (array) $servers; otherwise the code is setting a value for $server (without an s) which is then overwritten by the foreach loop.
Wholly static classes are inflexible and not very efficient. Ordinary objects will run faster than a set of static calls. But the important point is flexibility. For example, I want to embed the class in a substantial system that is most effectively done by subclassing your class. That can't be done with set of static methods. One thing I'd like to do in the subclass is to set the public and private keys in the constructor, using information held in a standard configuration. That way, users of the subclass do not need to know where to find the keys, or need to do anything about them. The system also has a mechanism for finding the IP address of the requestor, and I'd prefer to be able to override the given method (which is perfectly ok) with the system method for the sake of consistency. Also, I might be inclined to override an error raising method (if there were one).
Having done all that, it might be helpful to further subclass the subclass for specific applications so that use within an application is as simple as possible. And other people might have other ideas!
In this case, I'd not be too worried about creating multiple objects, since the data can still be class data (i.e. static). But it would still be possible to provide one or more static methods by turning the class into a singleton, while also providing for the flexibility and efficiency mentioned earlier.
I've actually adapted the class to avoid being static methods, and will gladly send it to you if you'd like. I'd much rather you carry on with the maintenance than me have to do it :)
tijs schreef:
15/07/08
@Martin: All methods throw errors when something wrong you can catch them using the try catch-structure.
The remark about the IP address is a nce one, I will add it in the next version. The things you want to do are also possible with the static methods so I don't think I'm going to change it into a non-static version.
Foreach Arrays schreef:
05/08/08
found your site on del.icio.us today and really liked it.. i bookmarked it and will be back to check it out some more later ..
chat schreef:
16/08/08
thanks..
Michiel van der Blonk schreef:
27/07/09
Is er ook een PHP4 versie van deze code?
Tijs Verkoyen schreef:
27/07/09
@Michiel: nee er is geen PHP4-versie. Aangezien PHP gestopt is met de support voor PHP zou ik je ook aanraden om te migreren naar PHP5. (http://us.php.net/manual/en/faq.migration5.php)
Sam Minnee schreef:
07/08/09
Hi Tijs,
I've been looking into the SilverStripe Mollom module, which makes use of your class, and there are a few bugs with it - in particular, it gets into an infinite loop if the Mollom servers are down.
To fix this, I can fork our copy of the Mollom class, however, it would be nicer if we could feed our changes back into a future release of PHP Mollom.
Do you have a place where I could submit patches? Perhaps it would be appropriate to set up a Google Code site for PHP Mollom?