You can skip this step, if you want. Advanced Textual Confirmation (ATC) works well with the default settings.
However, it's better to customize ATC because the future generations of spam bots will know answers to the default questions.
Open the file bbas_config.php in a text editor.
The variable questions is an associative array. A key of the array is a question, the corresponding value is an array of the correct answers. Write your own questions and answers instead of the default ones.
The questions and answers are printed as is, without escaping. It's your task to escape the special HTML symbols “<”, “>” and “&” as “<”, “>” and “&”. Also, precede each single quote and backslash symbol with the backslash (read about PHP single quoted strings for details).
One of the best questions is something like:
What is the site pass code (see “<a href="/about.html">About Us</a>”)?
The question is very easy for users to answer. Also, the answer is unique and easy to change.
To change the messages from ATC, edit the associative array lang.
If iso-8859-1 isn't the encoding of your site, you should correct the value of the key CHARSET.
To learn the encoding used by your site, point the Mozilla or Firefox browser to your script. Then go to the menu View, then the menu item “Page Info”. The window “Page Info” appears, and the tab General displays the desired value near the label Encoding.
The variable confirmation_page contains HTML code of the question-answer form. You shouldn't change the value of this variable, unless the variable license_key contains a valid license key.
If you change the HTML layout of the confirmation form, and the license key is invalid, ATC disables protection and your scripts become unprotected (but still working).
Upload the files bbantispam.php and bbas_config.php on the server.
For each script to be protected:
- Make backup.
- Insert something like this at the very beginning:
<?php include_once 'bbantispam.php'; ?>
You might find tool-specific advice on the digest page “Tool-specific ATC installation” in the bbAntiSpam discussion forum.
Instead of changing the scripts, experienced webmasters might prefer to add the following directive to .htaccess or httpd.conf:
php_value auto_prepend_file bbantispam.php
Try to post some data to your script. If Advanced Textual Confirmation is properly installed, it asks you a question. Intentionally answer the question wrong, and ATC asks you again. Now answer correctly and see that your data is posted correctly.
Try to post some data again. As your session is now marked as “human“, ATC doesn't activate itself, and the data goes directly to the script.
For the further tests, temporarily disable cookies. (In Mozilla or Firefox, go to the menu Tools, the submenu “Cookie Manager”, and select “Block Cookies from this Site”.) Now ATC always displays a question.
- Check that a text with the symbols “<”, “&”, “>”, “\”, “"” (quote) and “'” (single quote) isn't corrupted.
- Make a similar check, but add the backslash: “\<”, “\&”, “\>”, “\\”, “\"” and “\'”.
- Test non-English symbols, such as “™”, “©”, “ü” or “ß”.