WebRef   Sitemap · Experts · Tools · Services · Newsletters · About

home / programming / perl / simple comments

Simple Comments

A basic, Perl-based comment system for static Web pages

Developer News Google to Shake Up Browsers With Own Launch Mozilla's Ubquity Mashup: For The Masses? iPhone Users Just Want to Have Fun

By Dan Ragle

On this page is a collection of information pertaining to WebRef's Simple Comments Perl script that allows you to implement a basic comment posting system on the static pages of your Web site. Here you'll find the latest Simple Comments zipped distribution file, a link to the latest changelog (included in the distribution), basic features and requirements of the system, links to the individual release notes, and whatever else I can think of. To get started with Simple Comments, I recommend that you read this page in its entirety. While not mandatory, the release notes for the versions also provide some potentially helpful bits of information--especially from a developer's perspective--and may be beneficial both from an implementation and an educational perspective, i.e., even if you aren't interested in using the Simple Comments script, you may be interested in reading some of the developmental issues I've encountered while developing it; points that are elaborated upon in the release notes.

Contents:

Features

Requirements

Test Page

Downloads

Setup

Release Notes

Features

The key features and capabilities of the most recent version of Simple Comments include:

• Template-based design: You can craft the HTML output by the scripts by adjusting template files separately from the Perl code.

• Optional Visitor Registration: At the discrection of the administrator, visitors can register on the site and fill in basic information to be displayed on their profile pages. Administrators can force all visitors to register in order to submit comments, elect to simultaneously accept comments from both registered and unregistered visitors, or disable the visitor registration system entirely via configuration parameters. The administrator can also configure the system to force all display names to be unique; in which case visitors can login with their display names, as well (default is to login using their E-mail address).

• OpenID Support: For those implementations that do support visitor registrations, site visitors can login using their OpenIDs. This feature can be enabled or disabled when deploying the script (default is enabled).

• Basic HTML support: A few unadorned HTML tags are supported in comments; including bold text (<b></b>), italicized text (<i></i>),

  pre-formatted text

  (<pre></pre>), and links (<a href="blah"></a>). All other HTML tags will be converted to a literal representation. This feature can also be disabled so that no HTML tags are allowed.

• Separate administration: By default, Simple Comments requires that all comments submitted by users must be approved by an administrator before they're displayed on the site; the approval process itself is performed by a separate script from the display script, so it can be snugly tucked behind a password and SSL protected area of your site. You may also configure Simple Comments to allow user submitted comments to be displayed on the site immediately, without requiring administrator approval (but be warned: Simple Comments doesn't perform any automated content filtering on submitted comments). The administration script also allows you to search for and edit existing comments and visitor profiles (if the system is configured to accept visitor registrations).

• Article locking: Articles can be locked (I.E., comment submissions blocked) either automatically based on the age of the article in days, or as needed by the administrator.

• Simple inclusion: Once the system is set up, you can enable comments on a Web page by adding a single Server Side Include directive to the page.

• Comments-per-page option: Support for an administrator-defined number of comments displayed on each page (the display template can include "next" and "previous" links - allows the user to redisplay the selected Web page with the next or previous comments in the list).

• Support for Site Sections: You can configure separate areas of your site to be maintained by separate administrators; each site section can also have its own look and feel.

• Granular Administration Rights: Individual administrators can have separate access rights to the administration script. For example, one administrator might only be able to modify templates, while another can only approve and edit comments.

• Reply to capabilities and threaded displays: You can display your comments via a threaded display, in which replies are displayed beneath the original comment that triggered the reply. Each level of reply receives an identifier so you can apply separate template-based styling to each level of reply.

• Support for CAPTCHA authentication: via integration with the captchas.net or reCAPTCHA system (administrator configurable)

• Support for RSS formatted comment feeds

• Flat File Data Storage: A separate database application setup is unnecessary; approved (published) comments and visitor profiles are stored in XML files.

• Support for mod_perl: Simple Comments can be run in a mod_perl environment.

Requirements

To set up and use this system, you'll need Perl 5.6 or later installed on your server, the Apache Web Server with executable includes enabled (the ability to execute a Perl script when called in the HTML file as an include, see the setup instructions) access rights to create a directory outside the Web server's document root on your server, and access to place scripts into your cgi-bin. Basic Perl savvy and comfort in tossing files around on your Web server (as well as setting their access rights) will also be needed.

Though optional (beginning with .910), access to a password protected area (via Apache access controls) within your cgi-bin is also recommended; preferably reachable via an SSL server.

You will also need the following Perl modules installed on your system:

• CGI
• XML::Simple (and XML::Parser)
• HTML::Entities
• HTML::Template
• POSIX
• URI
• URI::Escape
• Fcntl
• LWP::UserAgent
• Digest::MD5
• Time::Local
• MIME::Base64

All but the HTML::Template module are typically installed with your Perl distribution; HTML::Template (and any others that may be missing) you can pick up from CPAN. XML::Simple is sometimes missing; if so, you may need to install both XML::Simple and XML::Parser (which XML::Simple relies on).

The following modules are recommended for use with OpenIDs (i.e., if openid_enabled is set to 1), and may in fact be required for use with some OpenID providers:

• Math::BigInt
• Math::BigInt::GMP
• Digest::SHA

To use CAPTCHAs in your comment submission form, you need to decide whether you prefer to use the captchas.net system (see http://captchas.net) or the recaptcha system from Carnegie Mellon University (see http://recaptcha.net). If you select the captchas.net system, then you must first register with and receive a user-id and shared secret from http://captchas.net. If you select the recpatcha system, then register on the http://recaptcha.net site. Registration for both systems is free as of this writing; though both request that you warn them if your usage will be somewhat high (50k+ hits a day for captchas.net, or 100k+ hits a day for recaptcha.net). Once you've registered, you can then enable CAPTCHAS by including the appropriate _captcha and/or recaptcha_ parameter settings in the config.xml file.

To enable administrator notifications (the notify_admin_on_submit and notify_admin_on_visitor_confirm options) the Web user account (the account used by the Web server to perform system operations) must have access to sendmail. Additionally, sendmail access is required to enable the visitor registration system, since non-OpenID visitors are required to confirm their E-mail addresses as part of the registration process.

The comments script will work in both a standard and mod_perl enabled Web server.

Test Page

Want to submit a test comment? On most pages of our site (including this one) we'll only publish comments that actually pertain to the article, so you can't enter stuff like test comment or hello world. On our Test Page, however, we'll let you get away with those types of comments.

The test page also shows you what the comment display templates look like "out-of-the-box," i.e., the comments are displayed on the test page with the same templates in the Simple Comments distribution file (for the comments that appear on other pages of our site, we've modified the templates to match the WebRef look and feel). You can access the test page by clicking on the following link:

Simple Comments Test Page

Downloads

You can download the latest version of Simple Comments by clicking this link: comments.zip. The download is provided as a zipped file; use your favorite extractor to unzip it.

To view a list of changes from version to version, read the CHANGES.txt file.

Setting Up Simple Comments

Refer to the Readme.txt, included in the Zip distribution, for setup instructions.

Release Notes

These articles contain notes pertaining to each individual release of Simple Comments. Developers who are learning Perl may find these release notes of interest. The first release article (v.902) includes much of the information on this page, and also discusses the basic architecture of the scripts. Later release articles focus on new features, documentation of fixed bugs, and/or technical points of interest within the new release itself.

• v.960 (July 14, 2008)
  • Simple Comments and OpenID
• v.950 (November 14, 2007)
• v.930 (April 27, 2007)
• v.920 (December 26, 2006)
• v.910 (September 13, 2006)
• v.902 (July 5, 2006)

User Comments Submit | Register | Login

83. thomas 08/28/2008 01:43AM

issue installing Hi Dan, I'm having a bit of difficulty installing your perl script. perhaps you have come across this already and know the answer. The comments script comes up and apears to work. I can Review what I've entered. however when I use the Add, button the page goes blank. teh status indicator at the bottom of the page indicates 'done'. Bringing up the admin page seems to come up. however there are no comments to approve. I'd assumed I had a file permission error or something but a double check seemed to indiate all is well. also... the instructiosn indicate the "waiting_file.xml" should have a permision of RW, however this is not one of the files copied across from the zip file. I simply "touched" the file and set it up as indcated. Thank you Thomas

84. Dan Ragle Admin 08/28/2008 11:26AM

29 total posts | view profile Hi Thomas, thanks for giving the script a try, and sorry it's giving you trouble. Do you have access to your server's error log? There's more than likely an indication there of the source of the problem. I just downloaded the .962 distribution and did a fresh install to make sure it's kosher, and it seems fine. Note the "waiting_file.xml" is a typo; it should be "waiting_comments.xml" (it's referred to correctly elsewhere in the docs; but is incorrect in the rights section). The system doesn't actually use "waiting_file.xml" (unless you've directly specified it as such in the config file). But note that that should not be the ultimate cause of the problem; since Simple Comments will actually create that file if it's missing, anyways. Is it just the add button that's a problem? I.E., are all the other screens working fine (for example, can you review the comment prior to adding it)? If so, then the template mechanism itself must be fine. And since you're not getting the comment actually written to the file (it's not showing on the article or in the admin screen), that narrows the problem down even further. Are you using the templates as shipped in the distribution (i.e., have you made any mods to the .tmpl files)? My knee-jerk guess would be a problem with the submit log. Check the submit_log setting in your config file, and make sure it points either to an existing file that the Web user has read/write access to; or to a directory that the Web user has read/write access to (so that it can create the file if necessary). As a test, you could also just turn off the submit threshold entirely by setting submit_threshold to 0 in the config file (or clearing the submit_log setting entirely). If you're still having trouble, then the easiest way to troubleshoot is to get access to that Web server error log. Let me know if you can get to it, and what error is being displayed. Good luck!

86. thomas 08/29/2008 02:08AM

to answer you previous qtn. oh, and yes I'm using the vanilla templates at this time. It seems to be so close to working... Thomas

87. Dan Ragle Admin 08/29/2008 11:38AM

29 total posts | view profile Hmmmmm... both problems would seem to be access related; i.e., the script is fine as long as it only needs to read data, but as soon as it tries to write something you get errors. Once you set the submit_threshold to 0 you bypassed the first file write, but the promptly received an error with the next write (which would have been to waiting_comments.xml). Are you sure the Web server's effective UID is what you think it is? Try dropping this script in your cgi-bin and then hitting it through your server: #!/usr/bin/perl -T use strict; use warnings; use CGI (); my $cgi = CGI->new(); print $cgi->header(); print '<h2>Real User: ', (getpwuid($<))[0], '</h2>', "\n"; print '<h2>Real Group ID(s): ', $(, '</h2>', "\n"; my $groupnames = join(', ', map { (getgrgid($_))[0] } (split(' ', $())); print '<h2>Real Group(s): ', $groupnames, '</h2>', "\n"; print '<h2>Effective User: ', (getpwuid($>))[0], '</h2>', "\n"; print '<h2>Effective Group ID(s): ', $), '</h2>', "\n"; $groupnames = join(', ', map { (getgrgid($_))[0] } (split(' ', $)))); print '<h2>Effective Group(s): ', $groupnames, '</h2>', "\n"; Be sure to adjust the Perl path and executable rights, of course. One other thing to try: On one of my systems here I seemed to be unable to access files in directories unless the directories were both readable and executable by everybody. So, you may need to mark your individual directories read/executable by owner, group, and others to be able to get to their files. You can always mark the individual files within the directories more strictly as necessary. Something else to try.

88. Thomas 08/29/2008 02:11PM

I think I have it. Hi Dan, I'm a smuck. The directories in which files are being created need to be executable. So chmod 700, and it seems to work. I'm not sure if you instructions called out the executible or not, if not may be worth an update. Thank you , very impressed so far on a couple levels. Thomas.

89. Dan Ragle Admin 08/29/2008 02:35PM

29 total posts | view profile Great, Thomas, glad it's working for you! Yeah, the executable directory thing is definitely worth mentioning in the access rights section of the docs. I'll see about making that adjustment for the next release.

85. Thomas 08/29/2008 02:04AM

your knee jerk guess seems close.. Hi Again Dan, error log entry: Cannot create user submission data log. [Note: I edited the above to remove server-specific information - Dan] The users direcctory is RW for the webservers UID. the file submit.log was not present, so I created it, making it RW as well for the web servers UID. but no joy. I set the submit_threshold to 0, and got an error indication on teh web (no error entry in the error.log file) The error page was : "Error in Comment Processing We're Sorry, but ... ERROR: could not store comment (wait) For your records, ..."

82. Dan Ragle Admin 07/29/2008 01:04PM

29 total posts | view profile v.962 Available v.962, with a single bug fix, is now available. The bug had to do with which display name was saved on new OpenID logins that used an OP identifier (for example, if the user provided yahoo.com as their OpenID, and then chose their actual OpenID to use when they authenticated to Yahoo). V.961 was using the originally provided ID (yahoo.com, in this example) as the user's display name, instead of the OpenID that the user selected when they logged in; which would then cause confusion for the next person who tried to login using yahoo.com.

81. Dan Ragle 07/23/2008 09:17AM

29 total posts | view profile V.960/V.961 now available Hi folks, Just a quick note to let you know v.960 (actually v.961 now) is now available. Key new features include OpenID support, header/footer templates, and support for article locking. Have a look, and enjoy! Simple Comments v.960 release notes

77. david 06/26/2008 03:15AM

visitor registration Hi Dan, congratulations on that impending 0.96. I recently found that visitors could register and log in BEFORE completing the registration by clicking on the confirmation code. Registration is set to automatic, meaning not requiring my approval. I have looked through your config and do not see anywhere that allows this to be a choice. Obviously this means that a visitor can use a spurious email to register. Can you confirm this?

78. Dan Ragle Admin 06/26/2008 03:51PM

29 total posts | view profile *sigh* That's another bug. The way it was supposed to work was that yes, the user could log in prior to confirmation (only if you have require_registration_approval set to 0); but they couldn't actually do anything as both view_profile and comment submissions were supposed to be blocked for the user. In retrospect it looks like view profile is behaving correctly (it just acts like the user doesn't exist) but comment submissions are allowed which is a definite error. I'll get that cleaned up in .960. In the mean time, if you wanted to prevent comment submissions from unconfirmed users you could just make this mod in Comments.pm: if (($visitor->status eq 'blocked') || ($visitor->status eq 'deleted')) { return 'Sorry, this account has been ' . $visitor->status . '. Please contact our administrator for assistance.'; } elsif ($visitor->status eq 'new') { return 'Sorry, this account has not yet been confirmed.'; } If you wanted to prevent them from logging in entirely, you could make mods to check_login in comments.pl; but you'd have to make several adjustments there.

79. david 06/26/2008 09:07PM

Dan, thanks again. I would suggest, if you are working on this, to disallow logging in if not active. This is because the visitor might not realize the need to activate until much later if they don't immediately comment. They log in just to ensure they are properly registered. By then the email for activation might have been lost. Another possibility is wrongly typed but valid email addresses. Registration goes through (they can log in) but they cannot find the activation email. Preventing these visitors from commenting is not a big deal - for some reason your program thinks they are not logged in and so the comments need my OK. I have publish on submit=0 and publish visitor comments on submit=1. This was how I caught the bug BTW. My main concern right now is that the system does not weed out wrongly typed but valid/spurious email addresses. Correcting these later is messy.

80. Dan Ragle Admin 06/27/2008 11:12AM

29 total posts | view profile Agreed; in retrospect I can't think of a good reason why non-active accounts should be allowed to login. I've already made the change in the .960 code. Cheers!

76. Dan Ragle Admin 06/25/2008 04:41PM

29 total posts | view profile Version .960 on tap Hay everybody, Just a quick note to let you know I've got version .960 up here on WebRef as a final test (the download version is still .950, but I'm running v.960 on the actual WebRef pages and on the test page). The primary new feature is OpenID support; but several other suggestions have been incorporated as well. I hope to have release notes and the download file available in the next week or so. Stay tuned!

71. nicku 06/19/2008 06:10PM

3 total posts | view profile Basic Authentication and Comment Submission Dear Dan, Thank you for a very nice piece of work. I have written a program (mm_htaccess) to generate password files from Mailman passwords. I would like to use Apache Basic authentication to authenticate people submitting comments. Do you have a suggestion on how to go about that? I was thinking of splitting comments.pl into two separate programs, one to display comments (to all visitors), and one to add new comments (made by authenticated visitors). Do you have any simpler suggestions?

72. Dan Ragle Admin 06/20/2008 05:33PM

29 total posts | view profile Hi nicku, Do I understand you correctly in that you do not want visitor registrations (per se), you just want to force all submitters to pass through your Apache-based authentication prior to allowing comment submissions? Short of editing the code I can't think of a graceful solution. You would have to post two separate copies of the script, as you suggest, but if you only do that you would not stop the bad guys from submitting comments (from their own manually crafted forms) to the public copy of comments.pl (and they could probably find where it was easy enough; since various actions--such as RSS feeds--require it to be hit directly). So you would probably want to additionally make some slight modifications to the public version of the comments.pl, to make sure that only logged in users could submit comments. One idea that comes to mind is to just de-list the add, review, and submit actions; i.e., change this: my @all_actions = qw(add display review submit clear rss); to this: my @all_actions = qw(display rss); That's untested, but it should work. Unfortunately it will also disable user registrations in the public copy of the script; but if I'm reading you right you won't need those, anyways. The other trick is that you will need to adjust the comment submission form so that it points literally to the private copy of comments.pl; otherwise it will pull the location of the comments script from the config file (which you should have set to the public comments.pl) and therefore won't actually allow any comment submissions! Good luck!

73. nicku 06/21/2008 03:00PM

3 total posts | view profile Thanks Dan, I've done it now. Dear Dan, Thank you very much indeed for your help. I have done most of the work, and it seems to be working. I have more to do, and also intend to get the XHTML strict and CSS all validating again. I also fixed one bug in Comments.pm: get_article_name(), where I simply added /s to the regular expression to allow titles that cover more than one line. Can I make the code I have changed from yours available for download from my web site with attribution to you? May I make it available with a GPL license?

74. Dan Ragle Admin 06/23/2008 09:38AM

29 total posts | view profile Great, nicku, glad it's working for you. And thanks for the heads up on get_article_name, I hadn't considered multi-line titles. I should be able to get that fix added to the next release. For now, I'd prefer you just link back to this site for the attribution, as opposed to posting your own version, if you don't mind. As you can tell, we haven't really settled on a license scheme for the code yet, so I don't think it would be appropriate to post a GPL version somewhere else. I have nothing against the GPL, but this code belongs to my employer, and as such I cannot make any forward-looking promises pertaining to future licensing. Of course, if and when there is any change or concrete forward direction on licensing, I'll post it up here so that everybody will have the scoop.

75. nicku 06/23/2008 04:47PM

3 total posts | view profile Thanks again, Dan. Thank you for your response. And thanks for the good example of your code. I have learned much about using HTML::Template from your approach. I understand the nature of your problem with licensing and your employer, and you have my sympathies. Because I like to use free software, and to make available the code I use and write, I hope to write a totally new comment system to meet my rather simple requirements, and publish that instead. It's just that it will take a lot more effort.

68. david 06/08/2008 01:55AM

error message I have been consistently getting these error log messages recently: "Use of uninitialized value in string eq at /xchange/websites/www/cgi-bin/comments.pl line 1506". Using your original scripts made no difference, so I don't think it is because of changes I have introduced. Everything works, just has the error message in my error log. I don't have a similar error log message on my actual website (this error is on my home computer), leading me to think that this is because of a recent upgrade to perl 5.10. Any thoughts? ps: that global comments page worked nicely... :)

next comments

Please review our Comment Submission Policy before submitting comments to our site. Your name:  Your E-mail: * Your URL: * Your Subject: (Maximum characters allowed: 200) Your comment: (Maximum characters allowed: 5000) CAPTCHA Verification Please enter the code displayed to the right in the box below: Hear it!    * = optional field

home / programming / perl / simple comments

Search: Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia Jupitermedia Corporate Info Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy. Advertise | Newsletters | Tech Jobs | Shopping | E-mail Offers

The latest from WebReference.com Browse > Site Contents - - - - - Experts * 3D Animation * Design * DHTML * Graphics * HTML * JavaScript * Perl * XML - - - - - Web Resources * Authoring * Design * Internet * Multimedia * Programming * Promotion - - - - - Services * Interviews * Newsletters * Reviews * Search * Tools The Partial Function Application in JavaScript · Creating Dynamic RSS Feeds with Ajax · Performance Optimizations for High Speed JavaScript Sitemap · Experts · Tools · Services · Email a Colleague · Contact FREE Newsletters >   The latest from internet.com Cablevision Deploys More Hotspots for Commuters · Dell Joins the Netbook Movement with its Inspiron Mini 9 · It's Official: Dell Enters the Netbook Fray

Created: September 13, 2006
Revised: August 1, 2008

URL: http://webreference.com/programming/perl/comments/index.html