@madpilot makes

Image verification for comments in WordPress 2.0

I’m sick of blog spam. It is such a pain to have to mark it all as spam (And what exactly does that function do? I’ve seen the same spam come through many times, so it doesn’t seem to learn…)

Anyways, here is my quick and dirty hack to add a image verification box on the comments page (Warning WordPress hack ahead – I’ll bother to learn the plugin system one day…)

This hack requires the following PHP libraries installed on your server: Freetype, GD and mcrypt.

Create a new file in $PATH_TO_YOU_BLOG/wp-image-verify.php

Insert the following code:

<?php
  require( dirname(__FILE__) . /wp-config.php’ );
  $verifier = $_REQUEST[‘verifier’];
  $display_string = decrypt($verifier);
  $image_details = imagettfbbox (10, 0, /usr/share/fonts/TTF/tahoma.ttf’, $display_string);
  $image = imagecreatetruecolor($image_details[4]  $image_details[5], (0  $image_details[5])  (0  $image_details[3]) + 1);
  imageantialias($image, true);
  $background = imagecolorallocate($image, 255, 255, 255);
  imagefill($image, 0, 0, $background);
  imagettftext($image, 10, 0, $image_details[0] + 1, 0  $image_details[5], imagecolorallocate($image, 119, 119, 119), /usr/share/fonts/TTF/tahoma.ttf’, $display_string);
  header(“Content-type: image/png”);
  imagepng($image);
?>

Note – you will probably (ok will) have to change the path of the font as /usr/share/fonts/TTF/tahoma.ttf is a font I copied from my windows directory.

Open $PATH_TO_YOU_BLOG/wp-comments-post.php and add the following lines at around line 25:

$verifier = trim($_POST[‘verifier’]);
$verifier_compare = decrypt($_POST[‘verifier_hash’]);

Open $PATH_TO_YOU_BLOG/includes/comments-functions.php and add the following lines at the top of the file:

// image verifier functions – by Myles Eftos
$key = “afedss”; // Enter a 5 character string
$iv = “sdfesdf”; // Enter a 7 character IV
function random_string($length = 6) {
  $str = ;
  for($i = 0; $i < $length; $i++) {
    $str .= chr(rand(ord(‘A’), ord(‘Z’)));
  }
  return $str;
}

function encrypt($string) {
  global $key;
  global $iv;
  return base64_encode(mcrypt_encrypt(MCRYPT_DES, $key, $string, MCRYPT_MODE_ECB, $iv));
}

function decrypt($string) {
  global $key;
  global $iv;
  return chop(mcrypt_decrypt(MCRYPT_DES, $key, base64_decode($string), MCRYPT_MODE_ECB, $iv));
}

All done :)