Generic PHP library for Mollom's REST API.



Installs: 110 599

Dependents: 2

Suggesters: 0

Security: 0

Stars: 17

Watchers: 4

Forks: 13

0.0.1 2014-07-02 11:44 UTC

This package is not auto-updated.

Last update: 2023-11-25 12:23:31 UTC


A generic Mollom client PHP class.

This base class aims to ease integration of the Mollom content moderation service into PHP based applications. The class implements essential code logic expected from Mollom clients and provides many helper functions to communicate with Mollom's REST API.

Make sure that your server time is synchronized with the world clocks, and that you do not share your private key with anyone else.

To submit bug reports and feature suggestions, or to track changes:


  • PHP 5.3.4 or later


  • Extend the Mollom class for your platform. At minimum, you need to implement the following methods:

    class MollomMyPlatform extends Mollom {
      public function loadConfiguration($name) {}
      public function saveConfiguration($name, $value) {}
      public function deleteConfiguration($name) {}
      public function getClientInformation() {}
      protected function request($method, $server, $path, $query = NULL, array $headers = array()) {}

    These methods are documented in detail in the Mollom class.

  • For example, to check a post for spam:

    // When a comment is submitted:
    $mollom = new MollomMyPlatform();
    $comment = $_POST['comment'];
    $result = $mollom->checkContent(array(
      'checks' => array('spam'),
      'postTitle' => $comment['title'],
      'postBody' => $comment['body'],
      'authorName' => $comment['name'],
      'authorUrl' => $comment['homepage'],
      'authorIp' => $_SERVER['REMOTE_ADDR'],
      'authorId' => $userid, // If the author is logged in.
    // You might want to make the fallback case configurable:
    if (!is_array($result) || !isset($result['id'])) {
      print "The content moderation system is currently unavailable. Please try again later.";
    // Check the final spam classification.
    switch ($result['spamClassification']) {
      case 'ham':
        // Do nothing. (Accept content.)
      case 'spam':
        // Discard (block) the form submission.
        print "Your submission has triggered the spam filter and will not be accepted.";
      case 'unsure':
        // Require to solve a CAPTCHA to get the post submitted.
        $captcha = $mollom->createCaptcha(array(
          'contentId' => $result['id'],
          'type' => 'image',
        if (!is_array($captcha) || !isset($captcha['id'])) {
          print "The content moderation system is currently unavailable. Please try again later.";
        // Output the CAPTCHA.
        print '<img src="' . $captcha['url'] . '" alt="Type the characters you see in this picture." />';
        print '<input type="text" name="captcha" size="10" value="" autocomplete="off" />';
        // Re-inject the submitted form values, re-render the form,
        // and ask the user to solve the CAPTCHA.
        // If we end up here, Mollom responded with a unknown spamClassification.
        // Normally, this should not happen.


These are examples for implementations of the Mollom class. As visible in the above code snippet, the class only takes over the basic logic to communicate with Mollom. Every implementation still needs application-specific code to handle the results provided by Mollom.


This library is considered stable and is actively used, but API changes may not be able to avoid.

  • See the change log for details.
  • See the todo list for future refactoring tasks (which will happen in a new major version).


PHP <5.4 as CGI: Handling inbound CMP OAuth requests

For PHP versions older than 5.4, and if PHP runs as CGI (not as Apache module/mod_php), you may need to enable mod_rewrite and place the following rewrite rules into your virtual host configuration or .htaccess file:

RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

Since PHP 5.4.0, getallheaders() became also available under FastCGI. In earlier PHP versions, the HTTP Authorization request header is not forwarded into PHP environment variables when PHP runs as CGI.


You may use this software under the terms of either the MIT License or the GNU General Public License (GPL), Version 2.