I cannot figure out how turn off spam protection for comments only when the user is logged in. We don't need spam protection for blog comments at this time, because the user will be logged in and we are moderating new user registrations.

I don't want to turn off spam protection completely across the whole system, because there are other things I need it for. I would have thought the page comment interface would have checked for valid user before running the spam protection, but that does not seem to be the case.

Something like this in your _config.php might work:

if (!Member::currentUserID()) {
	//Code to enable spam protection
}

Hi JonoM,

This throws errors in Convert::raw2sql() --
Fatal error: Call to a member function addslashes() on a non-object in ..../sapphire/core/Convert.php on line 122

DB::getConn() is returning a NULL value here. I think this means that the DB doesn't exist yet, as if doing such a thing in _config.php is too early.

Oh okay. I wonder if you could try putting that code in your page.php's init function instead of _config.php? Then it might be too late in the pipeline but worth a shot I suppose.

I think I solved this with a few changes to the spamprotector module. Hint hint, I think this could be a useful change for others. :-)

SpamProtectorManager.php

class SpamProtectorManager {
	...
	private static $protect_when_logged_in = true;
	...
	/**
	 * Tell the spam protector manager whether it should enforce protection even when there is a known user
	 */
	public static function set_protect_when_logged_in($b=true) {
		self::$protect_when_logged_in = $b;
	}
	/**
	 * Returns current setting for whether it should enforce protection even when there is a known user
	 */
	public static function get_protect_when_logged_in() {
		return self::$protect_when_logged_in;
	}
	...
}

inside method SpamProtectorManager::update_form() (at the very top of the method)
		// Don't do anything if we're not supposed to protect when a user is logged in, and there is a valid user
		if (!self::get_protect_when_logged_in()  &&  Member::currentUserID())  return false;

so now my _config.php looks like:

SpamProtectorManager::set_spam_protector('RecaptchaProtector');
SpamProtectorManager::set_protect_when_logged_in(false);

hmmm... Now I'm thinking I should copy some of the logic from PageCommentInterface::set_comments_require_permission() to here. I'd love to say "after a user gets to a certain trusted level, then bypass spam protection."

That does look useful! As far as I know the best way to get your changes seen/included is to fork the project at github and submit a pull request to include your alts. https://github.com/silverstripe/silverstripe-spamprotection

@johnmblack, JonoM - rather than the solution provided, would it make more sense to put this on the new commenting api configuration as an option? (https://github.com/silverstripe/silverstripe-comments/blob/master/code/Commenting.php#L25)

I can think from my experience a couple cases where you still want members to be given recaptchas, one being this forum. We get a large amount of spam getting through the signup that is manual (we've tried all sorts of honey pots!) so then we still would like people to fill out recaptchas.

Actually reading your last post, I like the idea of some sort of trusted level that disables spam protection. That would be suitable for the spam protection module. The challenge would be to design a 'nice' API for people to configure the levels, perhaps a permission code which then people could assign to groups or members?

Pull requests welcome!