Moderation for comments with Forum plugin

[jedidrew42]

hi Thomas, My name is Drew Norman, I work for IBM and we are using your forum plugin on our blog https://www.ibm.com/blogs/ask-an-architect. We want to know if you can expedite the requirement to add moderation so posts have to be approved. What would this cost in USD so that we could have this completed very soon? Another requirement would be a email notification that goes out to the moderator so that they know new comments is waiting for them to approve. Please get back to me ASAP with price. Thanks

https://www.ads-software.com/plugins/asgaros-forum/

[Asgaros]

Hello Drew Norman!

E-Mail notifications

This should be not so difficult at all. But who should get those notification mails? At the moment there is a new option for the website-administrator so he can get a mail when there is a new thread. Is it an option to send those “new posts”-mails to the website-administrator as well or should they only be send to one/all/specific moderators and/or persons?

Moderation

I could easily implement an approval-functionality inside the front-end. What are the exact requirements for this? Here are some thoughts I have in my mind:

• How will user comment on your forum? Can they create their own topics or are the forums closed so they can only comment in existing topics?
• Posts of administrators/moderators get approved by default, right?
• I could add new buttons to each post with the labels “dis/approve”. When you approve them, they will be visible to non-administrator/moderator users.

Do you have any further requirements/suggestions?

Thanks,
Thomas

[jedidrew42]

Hi Thomas
Moderation
We only want registered users who are approved to comment on existing topics. We don’t want subscribers the ability to make a new topic. Only Admin / Moderators should have that kind of access. Only Subscribers or Participant role would require approval in order for their question or comments to appear publically.

email notification
The email notification shall only go to the moderator of that topic. There should be a easy on/off button to switch off if they want to disable. I don’t want the administrator to get all emails as that can sometimes be too overwhelming. Often times in the case of my role. I am developer and I don’t need to see all blog activity.

The purpose of our Forum the Architects will create the Topics: The members who come to forum are prospects who will be asking specific questions based on the topic area. See our website https://www.ibm.com/blogs/ask-an-architect/forum/

[jedidrew42]

I like the idea of the approve/unapprove buttons to appear next to each comment that comes in. Kinda like the default commenting system thats built into wordpress.

Posts of administrators/moderators get approved by default, right? Correct.

Hope all my comments make sense. Please let us know if you require a monetary fee to complete this requirement in a timely manner.

[Asgaros]

We only want registered users who are approved to comment on existing topics.

So you first want to approve users before they have the ability to answer on an existing topic?

[jedidrew42]

yes thats correct. Any idea on a timeline for completion? We have a campaign we need to launch and IBM security wont allow us to launch our forum your plugin without some sort of approval system built in for comment moderation. If you need funds to pay for this please give me idea of cost in USD. We have modified your v1.1 to work with our THEME. Should I start a Github space so that you can work on the IBM solution apart from your main source repository? Please respond ASAP.

[jedidrew42]

Since we are controlling the user logins per IBM security. We are not allowing front end user logins. So please consider this when working on this enhancement.

[jedidrew42]

Our IBM Security has a concern with your plugin. Can you please address this Vulnerability in your latest release please.

Cross-sight scripting:

Cross-site scripting occurs when a user is able to insert arbitrary JavaScript into the application in such a way that it is then later executed by a web browser in the security context of the web site.
Given the current and increasing power of Javascript, cross-site scripting is a very serious vulnerability.

URLs
https://wwwstage.ibm.com/blogs/ask-an-architect/forum/?view=forum&id=1″/><script>alert(document.cookie)</script&gt;
https://wwwstage.ibm.com/blogs/ask-an-architect/forum/?view=thread&id=1″/><script>prompt(document.cookie)</script&gt;

[jedidrew42]

Thomas would it be possible to do a skype with you? Let me know if you have a SKYPE ID.

[Asgaros]

yes thats correct.

I am a little bit concerned because of this. If users should get approved first before they can post anything it might be a better idea to write an additional plugin for this. An user-approval-system should be something which works globally outside of the forum-plugin.

Something that would fit into the forum-plugin-system would be a workflow like this:
– a user is creating an account
– the user is posting an answer/topic in the forum (the answer/topic is not visible yet because it is not approved!)
– an administrator/moderator sees the new unapproved answer/topic in the forum-frontend
– an administrator/moderator approves the answer/topic via a button in the forum-frontend
– the answer/topic is now visible for all users

Since we are controlling the user logins per IBM security. We are not allowing front end user logins. So please consider this when working on this enhancement.

How does this affect the creation of topics/answers?

Our IBM Security has a concern with your plugin. Can you please address this Vulnerability in your latest release please.

Thanks! I have fixed this here and I will release an updated version of the plugin later:
https://github.com/Asgaros/asgaros-forum/commit/3c040af43ef3ab8f74571c218f1ed0e8067651ee

Thomas would it be possible to do a skype with you? Let me know if you have a SKYPE ID.

Not yet. You can contact me via mail at developer (at) thomasbelser.net. Maybe this is a better way to stay in contact instead via the forums.

[Asgaros]

We have modified your v1.1 to work with our THEME. Should I start a Github space so that you can work on the IBM solution apart from your main source repository?

Maybe this would be a good idea.

[jedidrew42]

OK I will start a Github since I found out from our IBM WP developer that we had to modify almost every file in your Forum plugin to work with our theme. I am also going to enable the Oauth/BlueID authentication which is the approved IBM way to authenticate user logins. I will start connecting with you via email. Thanks for all your help.

[gbunz]

Hi @asgaros,

Great plugin!

I’m also interested in the moderation functionality but nothing as fancy as what’s discussed above. Any logged in user can create their own topics and comment on existing topics, however, I just need all comments to be moderated so admin can monitor what’s been posted. Posts of admin will be approved by default.

You’d mentioned potentially adding a new button to each post with the labels “dis/approve”. Then when approved, posts will be visible to non-administrator/moderator users.

Is this still in the works please?

[Asgaros]

Its still planned but no news yet when it will come. ??