E-Mail-Verification

With version 3.7.0, you can enable email verification to prevent spam and exclude LLMs from creating comments.

SQLite only

Please note that this feature is only functional when you use SQLite as your storage method it won't work with Markdown.

E-Mails

Make sure to configure Kirby to send e-mails. Read more about it here: https://getkirby.com/docs/guide/emails#transport-configuration

This is how it works:

  1. Your reader writes a comment
  2. She gets an email with a verification link
  3. The link expires after 48 hours (unless otherwise configured)
  4. New comments get the status PENDING
  5. The link opens a virtual Kirby page
  6. When she clicks the link
    1. The comment status changes to VERIFIED
    2. The verification link becomes invalid
  7. When she does not click the link in time
    1. It will become invalid
    2. The comment will be marked as spam or is deleted

Basic setup

To enable this feature you have to configure at least two options in your config.php:

'mauricerenck' => [
    'komments' => [
        'spam' => [
            'verification' => [
                'enabled' => true,
                'secret' => 'my-extremly-secure-secret'
            ]
        ]
    ]
]

This enables the feature. The secret is used to create the verification token for each comment.

With this setup, the token will be valid for 48 hours. After that time it will be deleted, and the comment will be marked as spam.

You can change how long the token will be valid by setting your value (hours):

'mauricerenck' => [
    'komments' => [
        'spam' => [
            'verification' => [
                'ttl' => 8,
            ]
        ]
    ]
]

You can also decide what happens when the user clicks the verification link:

'mauricerenck' => [
    'komments' => [
        'spam' => [
            'verification' => [
                'autoPublish' => true,
            ]
        ]
    ]
]

Setting autoPublish to true will automatically publish the comment when the user verifies it. Otherwise the comment will change its status from "PENDING" to "VERIFIED".

The other way around, you can decide what happens when the user does not click the link. By default the comment will be marked as spam as soon as the verification expires; setting the deletionMode will delete it instead:

'mauricerenck' => [
    'komments' => [
        'spam' => [
            'verification' => [
                'deletionMode' => 'delete',
            ]
        ]
    ]
]

Customizing Templates

Both the email and the template of the virtual verification page are very minimal, and you probably want to customize them.

You can do so by creating your own templates.

E-mail template

Create a new file named mailverification.php at site/templates/emails
You have access to the following variables:

<?php 

$username // The name the user entered
$expireHours // When the link will expire
$verificationUrl // the url the user has to visit

Virtual Page Template

Create a new file named comment-verified.php at site/templates
Make sure to add the necessary code if you want to display details of the comment. You can find the original template here: https://github.com/mauricerenck/komments/blob/main/templates/pages/comment-verified.php

Show unverified comments in the panel

By default, unverified comments are hidden in the panel and in notifications. They only appear once they have been verified. To change this behavior, you can disable this behavior by using the following option:

'mauricerenck' => [
    'komments' => [
        'spam' => [
            'verification' => [
                'filterUnverfied' => false,
            ]
        ]
    ]
]
Customizing Avatars
Write a comment Related Posts