Webform support

I have created a patch for webform support in Mollom. The problem with the former patch was that it just did the plain captcha protection and didn't offer the possibility to assign the proper fields of your webform to the proper title/name/mail/body/... submission data of mollom.

With this patch you get an extra tab under the Mollom settings where you can map your webform fields to the data mollom will send as name, mail, body, ...

Only after you have enabled the form there (enable checkbox in its row), your webform will appear under "Spam protection settings" in the general Mollom settings.

I know the interface isn't superb, but it should do the job for now.

Note to Dries and others who wrote this module... Why isn't this module implemented hooked so we can use our own modules to add protection for our own fields? Full Drupal style that is :)

Nevertheless Mollom is awesome ;)

Apply this patch to the latest CVS version.

I have the same issue with protecting webforms. I tried the two patches.

The first didn't had any effect and all submissions went through.

The second produced the following error message on the settings page:

warning: Invalid argument supplied for foreach() in /var/www/vhosts/imagexmedia.com/subdomains/myprogrammer/httpdocs/sites/default/modules/mollom/mollom.module on line 212.

It also showed the CAPTCHA on every form submission, clean text or not, and if the CAPTCHA was entered the form did not submit.

I hope this issue can be resolved soon as the Mollom service is very good and helpful.

Subscribing. Our company would like to standardize on Mollom rather than captcha and this is the issue stopping us. If/when we are able to put resources into adding Mollom support to Webform this thread will be updated.

Subscribing as well...

I rolled another version of the patch which now supports both Webform 1 and Webform 2 and should address the invalid argument problem mentioned in #2 (had to do with the different versions of webform handling their component data structure a bit differently).

I made some improvements to the usability of the settings page to explain what the different fields are, fixed a security issue with some tainted user submitted output, and added a validation form hook to require each webform has at least a body field specified.

While this patch will work (and with some re-factoring and usability improvements could be the sort of thing that could be rolled into the module for real real) I do think the best solution is to create a more flexible framework to allow other modules to hook in and use Mollom's validation.

hook_mollom() anyone?

The next steps I propose here is to (a) create a better way to handle the configuration data about each form. Putting them in the variables table has some performance implications and can be done much cleaner and (b) improve the administrative interface to handle cases where the component title is pretty long and the page will run off the screen and (c) remove the duplication of webform "protect" option since you have to enable on both the main and the webform specific screens.

+1 for this functionality and populist's approach. We expect to be testing this patch within a few days.

^{benjamin, Agaric Design Collective}

Any chance of a patch getting rolled against 6.x-1.5, Ill take a look at this myself anyhow, any advice?

subscribe

subscribing

subscribing
be nice to see this rolled into mollom

subscribe

Hi
How do I use the patch? do I replace the code in mollom.module with that in the patch?
Thanks
Phil

Following. Let me know if any help is needed on the Webform side.

I wonder if we can make this more generic so that it will work with _any_ form, not just webform forms. If not for Drupal 6, we should certainly improve the form API in Drupal 7 to help make this possible. What we'd need is (a) a form registry and (b) the ability to inspect every form in the registry.

Dries, that would be even better. But for now a mollom hook would be great. I think we need to fix this for Drupal 6 now too.

So, we have the maintainers of Mollom and Webform posting, but what now?

This functionality is desperately needed! Webform is almost useless without this... and I can't imagine imposing a CAPTCHA on our prospective clients.

subscribing

It is high on our TODO list. I've also asked Wim Leers to look at this as soon he has some time.

Subscribe for D6 version

Subscribe for D6

I get the following with the patch in comment #5:

Hunk #1 FAILED at 83.
Hunk #2 FAILED at 96.
Hunk #3 succeeded at 206 with fuzz 1 (offset 10 lines).
Hunk #4 FAILED at 711.
Hunk #5 succeeded at 987 with fuzz 1 (offset 238 lines).
Hunk #6 FAILED at 1063.
4 out of 6 hunks FAILED -- saving rejects to file mollom.module.rej

On our site, we put together a little hack for our webforms. We tried to make it general, defining three new hooks so arbitrary forms can use mollom:

hook_mollom_form($form_id): What kind of mollom analysis should be done on this form?
hook_mollom_data(&$form, $form_state, $form_id): Map form data to mollom request data (post_title, post_body, etc)
hook_mollom_form_op($form_id, $form_state): Is this form action a preview, or a submission?

Here's an example of using these hooks in a custom module.

This is by no means perfect! Some of the caveats:

• No GUI way to specify anything, it's all code. This is designed to be the lower-level of a more extensive system.
• hook_mollom_form is called on every form, perhaps it should be cached?
• There is still no good way to dynamically decide (based on the properties of $form) whether a form should be mollom-ized.
• The code includes some workarounds, pending resolution of bugs #332629: hook_mail should set $message['body'] to an array and #272059: Contact email not submitted after CAPTCHA is solved

I'm mostly just throwing this out for comments on the hook structure--do people like this as a way to extend mollom?

For what it's worth, I've been using Populist's #5 patch successfully so far.

I'm subscribing to this one too. Also need to figure out how to test patch, etc. so I can help out. BTW, love Mollom and have it working now on a Drupal 5 & 6 site in active use. Other than the Webforms in use on those sites, Mollom is working great in blocking spam...

Just to confirm that the patch by evolvingweb-vasi has been working very well for us.
Before getting Mollom setup with our webforms, I was getting 10 junk submissions a day being sent to my Blackberry.

It occurred to me that once people start submitting things other than comments to mollom for analysis, data privacy becomes an issue. Does Mollom's EULA say anything about this?

Why cant any of you reply and say how to use the patch. It is precisely this sort of unhelpfulness that makes Drupal hard to get to grips with. Perhaps it is obvious to you what to do with the patch but it is not for me.
Please can someone respond with a little helpful comment.

@AlpesInfo: there is plenty of helpful documentation about patching here - http://drupal.org/patch/apply

Subscribe for D6 version

Sorry to drop out of sight for a while, but I was diagnosed with breast cancer in October and its been no end of fun and games ever since! Recovering from surgery at the moment, and it appears (crossing fingers) as though all the cancer is gone. I'll know more after I see the cancer doctor later this month...

In any case, getting back to this subject I'm really confused! Appreciate the reminder link from Rowanw on how to test patches:
http://drupal.org/patch/apply

As this subject started with a post by populist back in May, with the cited version being Mollom v:5.x-1.3, can I assume all of these patches in this thread are for the Drupal 5, Mollom module?

Then there's the confusion over which patch to test.
The thread start was by populist
Comment #1 by Davy Van Den Bremt has an update for that patch
Comment #5 by populist has a newer patch to fix issues mentioned in #1
Comment #23 by evolvingweb-vasi has yet another patch with something on the hook implementation (on which I'm rather lost!)

Bottom line is that I see two different patches that need testing. The one in Comment #5, and the one in Comment #23. If I'm wrong on this assessment, please correct me! My plan is to test both of these out - separately - on a development install here.

In Mollom 6.x-1.6, I have a checkbox for "Protect Webform forms." Is it safe to assume that Mollom does support Webform for D6 now?

@Irene Kraus,

Yes evolvingweb-vasi's patch in #23 is an entirely separate idea, based on providing hooks. It's based on Drupal 6.6
Feel free to call or email me if you need any clarification about what evolvingweb-vasi is doing.
All our contact info is at this page: http://evolvingweb.ca/contact-us
I wish you a speedy recovery!

@pcorbett,

No, unless you use the patch in #23. It's been working great for us. Out of the box, Mollom can protect the "Add a new Webform" node creation form.
Yes, it's quite misleading!

Does anyone have a Drupal 6 version of the patch?

I manually applied the code in the patch for 5x to my 6x installation, and it adds the fields but on submission I get the following error:

Fatal error: [] operator not supported for strings in C:\testingserver\pixelclever\sites\all\modules\mollom\mollom.module on line 274

It turns out the problem was caused because webform sends the body as a string rather than an array. I created this patch for Drupal 6 which does a check to see if the submission is coming from webform and if so add the link with .= instead of []. Now all works well for me.

Just to clarify, this patch is for Drupal 6 against Mollom 1.6

Update: There are some problems with this patch. Mollom is shown at all times rather than only when a suspect spam is sent and also the audio captcha doesn't work.

subscribing for D6

Is this still in progress? It's critical for us to have. We will subsidize the development of a patch, if there is a qualified developer out there who would create it but cannot afford to make time to do so.

subscribing for D6

Subscribe

Subscribe

@Digital Deployment: we plan to add this to Mollom 1.7 (next release) but we could use some help. We haven't started the work yet, but can broker this work.

I've been meaning to find time to test out the Drupal 5.x patch, but found out I had to undergo chemo treatments for the breast cancer. Not been feeling too hot!

Have gotten the TortoiseCVS mentioned on the page below for testing within a Windows system downloaded from here:
http://drupal.org/node/60179

Was going to take a shot at doing that later this week, if my eyes will cooperate so I can read. I've never worked with CVS before, and haven't had any luck in finding a 'beginner' tutorial on working that out. 'Course, I plan to test on a development install here first, just to confirm no impact on anything else on live site before it heads there. Was also planning on taking some screen shots and so-forth as I do, which could be used to supplement your documentation for that area. (To help out folks like me!)

Sorry if anyone's been holding their breath on me!

Running the patch and it invokes, but mollum admin buttons do not appear on webform submissions-- not sure how easy that would be because they are not stored as nodes. This, however, makes it difficult to report spam treated as ham, as spam. FWIW. Thanks.

@Irene

Sorry if anyone's been holding their breath on me!

There is no need to be sorry...

Life has it's priorities, and yours is nothing but your recovery.

Warm regards from sunny México!
:-)
Pepe

@Irene,

Ditto #44. Best wishes for your recovery.

Ken

Subscribing.

I rerolled my patch from #5 to patch against the latest webform version 1.7 for Drupal 5. I think the better solution here is to provide general hookability for Mollom to secure any Drupal form, but in the meantime here is a possible solution.

@Dries: any change this will be available for D6 1.8? If so, is there a date set for this release?

@All: Does someone has a working patch for D6 1.7, I have Captcha working for the moment based on #35 but I rather have the text analysis :p

Subscribing for D6 1.7

I'd like to add support for webforms to the next Mollom release for Drupal 6. I won't have the cycles to work on this until after DrupalCon DC but if a patch emerges, I'd probably be able to roll a new release. Any help for D6 is appreciated. Thanks.

Patch from #47, adapted for 6.x-1.7 with some minor changes to the validation of the mollom-webform-settings form. I'm new to this, so use with caution, if at all.

@Dries - could we setup a bounty? I noticed the bounty module and the donorge site are abandoned. I would chip in. Any recommendations for how we do this?

subscribe

#51 worked for Drupal 6, thank you smautf and populist.

Moving version.

#51 seems to work for me. Will watch it and see.

One gui hiccup though: using a fixed width theme, the webform component selection extends way off my main content under the right sidebar. This seems partly due to the popup menus auto-sizing to all to fit the largest text in that form.
For example - of 3 fields named Name, Email, and A Very Long Name That Causes The Problem. The 3rd field makes the first two popup menus size to its width and making the whole display wider than need be.
However, even without that very wide field, the 5 columns tend to be too wide for my (and probably many) fixed width themes.

You're right about the GUI problem - using this with a fixed width 960px theme with two sidebars looks terrible in most cases. If it extends under the right sidebar, where you may have text or other blocks, you could loose some functionality.

See also #412760: User interface brainstorming for some UI brainstorming that would assist with Webform integration.

Subscribing

Subscribing too

My workaround for hidden columns was to only show the first 15 characters of the longer fields, which is achieved by replacing

It's a hack but at least I can see the columns now.

subcribing

What about webforms where there is no real 'body' field? For example, we have some forms which are used for registrations, and contain name, URL, email, etc, but no textarea-like fields. The patch should contain some guidelines as to what to do in that case in the help text.

@deviantintegral - For some types of forms, it would be very difficult for Mollom to decipher what is spam vs. ham due to the lack of written content. For these cases, Mollom integration could simply be on or off (ie. show the captcha on this form 100% of the time). If it would make implementation simpler, perhaps this is what initial Mollom integration could look like?

Yeah, that might be the way to go. I have mollom enabled for these forms mainly because we're getting hit with bots filling in completely random characters. But if they ever get smarter, I can see us having to move to captcha-enforced down the line.

subscribing.

Subscribing

I tried the patch for 5.17 but it doesn't appear to be working. I can see it webform in the mollom settings but when I do a submission it doesn't block it.

Just a note after one year of this issue: the better, more complete, more Drupal and perhaps faster solution would be integration with CAPTCHA API.

The difference is that mollom only kicks in if it thinks the content is a spam, captcha is allways on. The biggest problem is that mollom doesn't really know how to interpret each field.

The patch from #51 seems to work, except that when I get a webform submission that is spam that Mollom let through, the link to 'report as inappropriate' takes me to an 'access denied' page... I can't find anywhere else to let Mollom know this submission is spam...
Can anyone else confirm this?

@BWPanda:

I had the same problem. The fault lay in mollom_menu() in the definition for the contact form:

The 'access arguments' value -- TRUE -- simply didn't work. Changing it to 'access content' did the trick for me.

@baroquem: Thanks for finding that bug. I filed a patch in #486798: Fix 'access arguments' to 'access callback' in mollom_menu().

I just committed #486798: Fix 'access arguments' to 'access callback' in mollom_menu() to the Drupal 6 development branch. Thanks baroquem and Dave Reid.

subscribing

Now that that bug's been fixed, we can mark #51's patch as RTBC.

Subscribing.