Does anybody else think that it makes no sense to force somebody to validate that they're not a spammer [by forcing you to enter the random "YX5A" text] when they've already got a password to view your private gallery or site?

I understand the need to put them on publicly accessible galleries, and even hidden galleries w/o a password, to prevent comment spam.

But if I am giving a password to somebody to one of my galleries, or to my entire site, then there is an implicit trust that they will not spam my comments.

Or if they do, there is some level of accountability.

Does anybody else think this should be changed?

Does anybody else think that it makes no sense to force somebody to validate that they're not a spammer [by forcing you to enter the random "YX5A" text] when they've already got a password to view your private gallery or site?

I understand the need to put them on publicly accessible galleries, and even hidden galleries w/o a password, to prevent comment spam.

But if I am giving a password to somebody to one of my galleries, or to my entire site, then there is an implicit trust that they will not spam my comments.

Or if they do, there is some level of accountability.

Does anybody else think this should be changed?

I agree. If gallery or site is password protected, captcha is not needed.

This is in the FR thread already, love to see the feedback, thanks.

Please all, keep in mind that features get prioritized. Thanks!

Well, duh, yeah, not if you're logged into your own site, but *ALSO* if somebody else is logged into their SM site and comments on one of your photos. Huh, that's cool, and exactly how it should work for password-protected galleries/sites that a non-SM user logs into.

Oh, sweet, it's in the release notes from the last set of Feature Requests:

http://www.dgrin.com/showthread.php?t=71342

- Remove captcha for comments for logged in user

OOOOOH, I see Andy. You reset the thread with every release. Stupid me, I thought it was the same thread going back to the beginning of time. :-}

(Hey, that's funny -- the first "bugs and feature requests" thread was the one I started back in 2004!)

Anyways, would love to see:

- Remove captcha for users logged into password-protected sites/galleries

:-}

OOOOOH, I see Andy. You reset the thread with every release. Stupid me, I thought it was the same thread going back to the beginning of time. :-}
nope, but I do it "every so often."

*Bump*

As I anticipate more parents in my son's nursery school using my convoluted "Comments -> Keywords" hack to "tag" their kids' photos, I *really* would like to see comment Captchas go away for password-protected sites/galleries.

Oh, also, it would be nice to disable them for Sharing too, because again, if somebody has a password to your private site/gallery, it's unlikely they're going to be spammers.

*Bump*

As I anticipate more parents in my son's nursery school using my convoluted "Comments -> Keywords" hack to "tag" their kids' photos, I *really* would like to see comment Captchas go away for password-protected sites/galleries.

Oh, also, it would be nice to disable them for Sharing too, because again, if somebody has a password to your private site/gallery, it's unlikely they're going to be spammers.Thanks for the bump, it's in the FR thread, we appreciate it!

*Bumping* again -- it's the end of the school year. I really want parents to be able to start tagging photos of the kids. Having to type in Captchas for every comment really makes this a chore.

*Bumping* again -- it's the end of the school year. I really want parents to be able to start tagging photos of the kids. Having to type in Captchas for every comment really makes this a chore.
Thank you, Darryl.

Yeah, my use of smugmug is wholly for invited clients only. It is absolutely unreasonable for me to expect them to enter a captcha code for every photo they want to star or comment upon. There must be a simple way for them to tag a batch of photos without entering a code each time.

If I have someone who wants to tag several dozen photos asking them to enter a code each time would be similar to a person having to enter a code for every word they want to post in this forum.

Ridiculous.

Yearly *bump*. The end of this school year is only 3 months away.

Again, I would like users who have logged in with the site-wide password (and therefore are *not* spammers) to be able to add comments without requiring a Captcha.

(Since SmugMug still does not allow keyword editing for non-owners/guest passwords including people logged in with site-passwords, I'm still using my moldy old Perl script that periodically reads the comments RSS feed and converts specifically tagged comments to keywords.)

So hey, I know you guys had to futz with the commenting code for the Facebook Connect debacle, and if somebody uses Facebook, they don't have to use the Captcha.

Couldn't you do a simple check for a cookie named UP-$userid *OR* Gallery$galleryid and if the password matches for the site or the gallery, you could *not* require a Captcha for those folks either?

I suppose there's the problem that you're doing this all in Javascript and the password is *gack* stored in the cookie in plaintext, so maybe you'd have to generate hashes of all the passwords on the database side? Yuck.

Still though, Captchas really seem unnecessary for people you've explicitly given permission to view your albums to via a password.

Yearly *bump*. The end of this school year is only 3 months away.

Again, I would like users who have logged in with the site-wide password (and therefore are *not* spammers) to be able to add comments without requiring a Captcha.

(Since SmugMug still does not allow keyword editing for non-owners/guest passwords including people logged in with site-passwords, I'm still using my moldy old Perl script that periodically reads the comments RSS feed and converts specifically tagged comments to keywords.)

So hey, I know you guys had to futz with the commenting code for the Facebook Connect debacle, and if somebody uses Facebook, they don't have to use the Captcha.

Couldn't you do a simple check for a cookie named UP-$userid *OR* Gallery$galleryid and if the password matches for the site or the gallery, you could *not* require a Captcha for those folks either?

I suppose there's the problem that you're doing this all in Javascript and the password is *gack* stored in the cookie in plaintext, so maybe you'd have to generate hashes of all the passwords on the database side? Yuck.

Still though, Captchas really seem unnecessary for people you've explicitly given permission to view your albums to via a password.

As one who uses gallery passwords for kid's sports galleries, this is a great idea! If the site or gallery is password protected, there is no need for captcha. Smugmug, please don't require it in those cases.

Smugmug, please don't require it in those cases.Darryl & John:

We just improved commenting, by adding Facebook connect. Thanks for this suggestion, can't promise if or when, but I can promise that our team will see it :thumb

Darryl & John:

We just improved commenting, by adding Facebook connect. Thanks for this suggestion, can't promise if or when, but I can promise that our team will see it :thumb Do you get the point of our request?

They've already entered a password. They aren't a spammer. I know that most of your at Smugmug don't use password protected galleries much, but for those of us who have to use them, this would be a nice enhancement and probably not very difficult (way less work than the facebook stuff). Also, my password audience is parents of young kids who are not yet on facebook so that stuff isn't helping me yet.

Do you get the point of our request?

John: Yes, of course I get it :D
If I didn't get it, I'd have asked for clarification, I promise you.

I've made sure that our team has seen this.

John: Yes, of course I get it :D
If I didn't get it, I'd have asked for clarification, I promise you.

I've made sure that our team has seen this. I couldn't tell from your reply. You didn't say anything about whether you thought it was a valid or useful idea so I wasn't sure what you thought or whether you understood the point. No way for me to know without asking.

I couldn't tell from your reply. You didn't say anything about whether you thought it was a valid or useful idea so I wasn't sure what you thought or whether you understood the point. No way for me to know without asking.
We take your (and all the input here on Dgrin) input very very seriously- we all read it and we discuss internally and all of these things go into the mix.

You can bet your last nickel that if I say "I'm passing it to the team" that I am - and that I/we get your request, we understand it :D

Thanks!

OOOF. Phanfare (where I host my personal photos) recently implemented CAPTCHAs in this same ridiculous way (unilaterally, with no regard for whether the site/gallery was password-protected).

Actually, they went a step further. They have a Friends/Family system, (a la Facebook, although more like SmugMug's Friends/Family, since there are no free memberships), but even if you are logged in and a Friend or Family of the person whose gallery you are browsing, you are still required to enter a CAPTCHA.

IDIOTIC!

(SmugMug fixed this long ago. Or maybe it was always fixed.)

But the site/gallery-password thing is still an issue here on SmugMug. Hooray, less than 2 months away from the 2-year old "anniversary" of this bug. :-P

Ok, filed in the new system: http://smugmug.uservoice.com/pages/17723-smugmug/suggestions/299225-stop-requiring-captchas-anti-spam-code-for-password-protected-galleries-or-sites-

Please vote away.

BTW, if you don't want to link Uservoice to your Google/Facebook account (or create yet another account somewhere), you can link it to your SmugMug account/password. Details here: http://www.dgrin.com/showthread.php?p=1196750#post1196750

SHOOT! I missed the 2-year anniversary of this bug.

Well, it's been a good two years, stupid "CAPTCHA on Password-Protected Sites/Galleries". I remember when you were such a cute little bug. So new, so young.

I remember when CAPTCHAs hadn't been cracked by teams of slave laborers, or Russian hackers. I remember when I first realized it didn't even make sense to *HAVE* CAPTCHAs if you're giving somebody the password to your site or gallery.

We were both so young, naive, innocent, back then, TWO YEARS AGO. Well, I hope you understand that it's now time for you to grow up, little bug. To grow up and die at the hands of the SmugMug sorcerer who notices that you're still here, still very annoying, and still probably stupid simple to fix: if ($gallery.password != '' || $site.password != '') { $captcha.required = 0; }

Happy belated birthday. And hopefully we'll be holding a nice funeral for you soon as well.

[Seriously guys. Two years and counting on this one?]

[edit: typo in my pseudo-code]

bug.

Thanks again for the feature request.

I'll make sure Scott sees this.

I guess I will bring an old thread back to life...

And take it a step further...

Not only are captchas in password protected sites unnecessary, but why not allow the ability to toggle this option in the control panel? Let the photographer choose if they want captchas to avoid spam comments.

It would be lovely if captchas were SmugMug user controlled and optional. If a SmugMug user would like to disable captchas for the enjoyment of their viewers, they should be able to do so.

I would prefer the option of no captchas. I can prevent spammers by selecting "require comment approval" in my Control Panel.

(i have to say at least SmugMug's captchas aren't as cryptic and impossible as i've seen on other sites)