Image verification for comments in WordPress 2.0
I’m sick of blog spam. It is such a pain to have to mark it all as spam (And what exactly does that function do? I’ve seen the same spam come through many times, so it doesn’t seem to learn…)
Anyways, here is my quick and dirty hack to add a image verification box on the comments page (Warning WordPress hack ahead – I’ll bother to learn the plugin system one day…)
This hack requires the following PHP libraries installed on your server: Freetype, GD and mcrypt.
Create a new file in [path_to_your_blog]/wp-image-verify.php
Insert the following code:
-
< ?php
-
$verifier = $_REQUEST[‘verifier’];
-
-
$display_string = decrypt($verifier);
-
-
$image_details = imagettfbbox (10, 0, ‘/usr/share/fonts/TTF/tahoma.ttf’, $display_string);
-
$image = imagecreatetruecolor($image_details[4] – $image_details[5], (0 – $image_details[5]) – (0 – $image_details[3]) + 1);
-
imageantialias($image, true);
-
$background = imagecolorallocate($image, 255, 255, 255);
-
imagefill($image, 0, 0, $background);
-
imagettftext($image, 10, 0, $image_details[0] + 1, 0 – $image_details[5], imagecolorallocate($image, 119, 119, 119), ‘/usr/share/fonts/TTF/tahoma.ttf’, $display_string);
-
-
imagepng($image);
-
?>
Note – you will probably (ok will) have to change the path of the font as /usr/share/fonts/TTF/tahoma.ttf is a font I copied from my windows directory.
Open [path_to_your_blog]/wp-comments-post.php and add the following lines at around line 25:
-
$verifier_compare = decrypt($_POST[‘verifier_hash’]);
Open [path_to_your_blog]/includes/comments-functions.php and add the following lines at the top of the file:
Replacing the $key and $iv variables with a random 5 and 7 cahracter string respectively.
Finally find the comments.php file in you theme directory – if you are using the default theme it is at [path_to_your_blog]/wp-content/themes/default and add the following lines after the url textbox (Around line 89 in the default template):
-
< p>
-
< input type=“text” name=“verifier” id=“verifier” size=“22” />
-
< label< small>Enter the string you see here: < img src=“< ?php echo get_option('siteurl'); ?>/wp-image-verify.php?verifier=< ?php echo urlencode ($image_hash) ?>” alt=”” />< / small>Â < / label>
-
-
< input type="hidden" name="verifier_hash” value=”< ?php echo $image_hash; ?>” />
-
< /p>
All done :)
7 comments
Granted using an image verification method won't stop real people blog-spamming, but until I see evidence of a lot of this happening I'll stick to this method - it's simpler and doesn't rely on a third party that could disappear tomorrow (Not to say akismet will).
i try to use your script in my blog (i use wordpress ver. 2.7)
but there's error at "return chop(mcrypt_decrypt(MCRYPT_DES, $key, base64_decode($string), MCRYPT_MODE_ECB, $iv));" said that there's unknown mcrypt_decrypt function.
and then i try benjamin's script but there's error too :(
would you help me to re-write your code for wordpress 2.7 ?
or maybe you could send the file and how to install it to my email??
thanks for your advice
finally i found the plugin here http://www.theblog.ca/random-anti-spam
just install and enjoy :D
Leave a comment