I use Jot for comments on my page, only for registered users. However several posts have ’createdby’ field empty, which should be impossible. After some digging I found, that it’s not really difficult to avoid this restriction.
1) I login and go to the page with comments
2) I open another page of that web and logout
3) Then I return to the first page with comments, fill in the form and post comment
4) Jot normally inserts new comment in the database but as I am logged out, the ’createdby’ field remains blank (zero).
I guess Jot checks whether user is logged in only when displaying form. Once the form is submitted, Jot doesn’t care anymore about the user.
<h2 id="comments" class="border">Comments</h2>
[!Jot? &action=`comments` &customfields=`name,email` &subscribe=`1` &pagination=`10` &canmoderate=`Site Admins` &canpost=`Registered` &css=`0` !]
<h2 class="border">Post new comment</h2>
[!Jot? &action=`form` &subscribe=`1` &customfields=`name,email` &canmoderate=`Site Admins` &canpost=`Registered` &debug=`0` &cssFile=`assets/templates/svoboda/styles/comments.css` !]
Am I doing something wrong or is it really a bug? Actually I really think this behavior is bad, the question is, whether I have to hack the Jot code or there is another way how to secure my web.