Can anyone give me an overview as to what the security tokens are all about and how they work? I am looking at the code trying to figure them out but am not really seeing enough info to catch on.

Jeremy

A brief overview is in the News article about XOOPS 2.0.10 where this feature was introduced.

Ah! That is a very handy feature. I actually implemented that in my custom blog module on Life with Christ (http://lifewithchrist.org) because it allows anonymous comments and that soon got way out of hand with spammers.

I also added two other things that *really* helped out.

1. Before posting anyonymous comments, it checks the time that is stored in the user session as to when they viewed the page. If that time is less than 5 seconds (who can read a story, type a response and hit the submit button in less than 5 seconds but a bot?)
2. It checks the subject for common spam phrases (almost 1,000 of them are in there now)
3. It checks the body of the comment for common spam URLs (tons of them).

Anyway, what you've done with the security tokens is a much appriciated addition, thanks for the pointer!

Jeremy
http://lifewithchrist.org