Jump to content

Resolved - Product reviews & Spam


kalyncomputers

Recommended Posts

Hi all,

 

Updated site to 5.2.2 and suddenly started to get lots of spam reviews, as the client is not really interested in reviews, I would like to turn them off. I have searched store settings and can't see anything relating to product reviews, either turning them off or on.

 

Am I missing something or looking in the wrong place?

 

TIA

 

Tim

Link to comment
Share on other sites

  • 6 months later...

I'm getting hammered with SPAM reviews right now. Disabling reviews hides all the good reviews I currently have.  I'd be willing to enable a captcha for the reviews but I don't want to put that roadblock up on orders. I'd, grudgingly, be willing to disable the creation of new reviews, if I could still display the current ones. This is something CubeCart needs to address.

Link to comment
Share on other sites

"If I could restrict product reviews to people with accounts that would solve the problem."

 

We need to discover if the fake reviews are being submitted by a robot or by an individual.

 

If by a robot, then the reCaptcha (however ineffective it may be) might stop that.

 

If by a person, then getting hundreds of fake reviews means you have a very prolific reviewer.

 

So, let's assume the reviews are being submitted by a robot, not logged in, that can figure out the reCaptcha.

 

In the file /classes/cubecart.class.php, find near line 2190:

private function _product() {
  /* !Product */

A few lines down, change this:

if (isset($_POST['review']) && is_array($_POST['review'])) {

to this:

if ( isset($_POST['review']) && is_array($_POST['review']) && $GLOBALS['user']->is() ) {

Adding the test for a logged-in user, if false, means no review gets in the database.

 

Let's also fix the skin so that a non-logged-in guest won't even see the review entry form. In the template file content.product.php, find:

<div id="review_write" style="display: none;">
  <h3>{$LANG.catalogue.write_review}</h3>
  <form action="{$VAL_SELF}#reviews_write" method="post">

Change that to:

<div id="review_write" style="display: none;">
{if !$IS_USER}
  <h3>You must be logged in to write a review.</h3>
  <input type="button" onclick="$('#review_read').slideToggle(); $('#review_write').slideToggle();" value="{$LANG.common.cancel}" class="button_default" />
{else}
  <h3>{$LANG.catalogue.write_review}</h3>
  <form action="{$VAL_SELF}#reviews_write" method="post">

and also, about 20 lines later, from:

  </form>
  </div>
</div>
{/if}

to:

  </form>{/if}
  </div>
</div>
{/if}


 

Link to comment
Share on other sites

Also, we need a way to delete all these fraudulent reviews. I've got hundreds of them and deleting them all one by one in the control panel would take many hours.

 

The only way I know of is to use phpMyAdmin, so you can check off the ones you need to delete in _reviews and then delete all at once - unless they are doing a lot of reviews with the same name. Then a Query might delete many at a time, without you having to read each one to decide.

Link to comment
Share on other sites

Thanks bsmither, I've implimented your code. I hope it doesn't lead to fake user registrations, but if not it should fix my problem. I havent' gotten any fake reviews in the last couple hours so that's a good sign. :yeahhh:

 

"If I could restrict product reviews to people with accounts that would solve the problem."

 

We need to discover if the fake reviews are being submitted by a robot or by an individual.

Link to comment
Share on other sites

Hey Dirty Butter. I've used PHPMyAmin on occasion but the tricks are deleting only the bad reviews and deleting everything associated with the bad reviews so that I don't leave fragments in the database. If you wanted to tell me how to do that I'd appreciate it, but it may go over my head pretty quickly.

 

I don't understand why the ability to check multiple reviews to approve them in one shot is built in, but I can't do the same to delete a few at a time. I can't be the only one getting these fake reviews (I've seen a couple of these threads around) and disabling reviews to "solve" the problems seems like throwing the baby out with the bath water.

 

Should I file a bug report or make a feature request or anything like that?

 

The only way I know of is to use phpMyAdmin, so you can check off the ones you need to delete in _reviews and then delete all at once - unless they are doing a lot of reviews with the same name. Then a Query might delete many at a time, without you having to read each one to decide.

 

Link to comment
Share on other sites

I don't get "hundreds of reviews", because our store is small, and the products we sell don't lend themselves to reviews. But you should be able to use the checkbox by each table entry in _reviews and delete the ones you want all at once - the way you SHOULD be able to do from Admin.

 

Yes, please put this in Suggestions and it would help to send a bug report via CC Support Sales Ticket.

Link to comment
Share on other sites

  • 2 weeks later...

So I've upgraded to 5.2.5 and see that it's supposed to have a bulk delete for SPAM reviews, but apparently I'm too dumb to find it. :-(

 

Anyone know where I can do that?

 

Sorry to keep leaning on you guys.

Link to comment
Share on other sites

In admin, Reviews (not the Pending Reviews tab on the Dashboard), at the bottom , there should be two text entry fields: Email and IP Address.

 

However, due to a bug in this new feature, you won't see the Email address of the reviewer.

 

For each review in the Product Reviews list, you will see, for example:

Test#1 » 25 Nov 2013, 09:58 - BSmither <[email protected]> 123.456.789.abc

 

The bold is the new info.

 

In the file /admin/skins/default/templates/products.reviews.php, near line 34, find:

{$review.date} - {$review.name} <<a href="mailto:{$review.email}">{$review.email}</a>> {$review.ip_address}
Change to:
{$review.date} - {$review.name} &lt;<a href="mailto:{$review.email}">{$review.email}</a>&gt; {$review.ip_address}
Link to comment
Share on other sites

Thanks for the responses guys. The good and the bad news is that those new fields have a display:none on them so I couldn't see them. Glad, it wasn't me missing something obvious. :-) I could try to find the code to get rid of that style, but I guess I'm curious why it's there or what I'm supposed to do to make them visible.

 

Also, for me the IP addressees and email address are visible under each of the reviews.

Link to comment
Share on other sites

Here's the problem:

<<a href="mailto:{$review.email}">{$review.email}</a>>

 

There is an <a> and </a> tag pair inside the < and >. The left angle and right angle denote a tag. So, tags inside a tag.

 

Now, maybe your browser is way too smart and recognizes the conundrum. If so, bravo for it.

 

But technically, < and > delineate an HTML tag and should be acted upon, not shown. Technically, to show a < and > that do not delineate a tag, the html_entity should be used, &lt; and &gt;.

 

As for a CSS style of display:none;, that's true but applies to the whole tab content:

<div id="reviews" class="tab_content">

is not displayed until javascript changes the display value -- when you click on a tab. That's how you get multiple screens of content in the same display.

 

I said, in post#17:

In admin, Reviews, at the bottom , there should be two text entry fields: Email and IP Address.

 

I apologize. That is not correct.

 

There will be a new tab:

[Product Reviews] [Bulk Delete] [Search]

 

On the Bulk Delete tab, there is simply the two text fields. (I would have preferred them on the Product Reviews list where I can see what I need to enter into the fields.

 

Then, if editing a review, there should be only a [Edit Review] tab.

Link to comment
Share on other sites

Stranger and stranger. I removed the extra <> angles as you mentioned and I found the code to display the new Bulk Delete Tab as such:

<div id="bulk_delete" class="tab_content">
<h3>{$LANG.reviews.title_bulk_delete}</h3>
<p>{$LANG.reviews.bulk_delete_desc}</p>
<fieldset>
 <div><label for="email">{$LANG.common.email}</label><span><input type="text" id="email" name="delete" class="textbox" /></span></div>
 <div><label for="ip_address">{$LANG.common.ip_address}</label><span><input type="text" id="ip_address" name="delete[ip_address]" class="textbox" /></span></div>
</fieldset>
  </div>

Bu that tab is still not rendering for me.

Link to comment
Share on other sites

Very strange.

 

In /admin/sources/products.reviews.inc.php, line 144 is a series of addTabControl() that gives to the template engine the data necessary for the Bulk Delete tab, as well as the other two.

 

My browser, Firefox v23, complained about a "bad character, probable cause: unescaped character", but did show the email enclosed in angles.

 

And I do have the Bulk Delete tab.

Link to comment
Share on other sites

hmmm. yup I found it here:

$GLOBALS['main']->addTabControl($lang['reviews']['title_reviews'], 'reviews');
$GLOBALS['main']->addTabControl($lang['reviews']['title_bulk_delete'], 'bulk_delete');
$GLOBALS['main']->addTabControl($lang['common']['search'], 'search');

But it still won't show up for me

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...