我想在wordpress文章评论的评论表单中添加验证,但我找不到更改提交表单的方法(以便我可以在评论帖子提交时验证它)。我找到了plugin,为用户登录添加了验证码,所以我接受了,并将其添加到我的评论表单中。
我基本上只将短代码添加到我的评论表单
function mytheme_image_captcha( $args ){
// Adds an argument to the shortcode to record the type of form (Contact us, Request a Visit, Refer a Friend...) - [fuel-spam-guard form="Contact Us"]
extract( shortcode_atts( array( 'form' => '' ), $args ) );
// Create an array to hold the image library
$captchas = array(
esc_html__( 'Heart', 'mytheme') => "fa-heart",
esc_html__( 'House', 'mytheme') => "fa-home",
esc_html__( 'Star', 'mytheme') => "fa-star",
esc_html__( 'Car', 'mytheme') => "fa-car",
esc_html__( 'Cup', 'mytheme') => "fa-coffee",
esc_html__( 'Flag', 'mytheme') => "fa-flag",
esc_html__( 'Key', 'mytheme') => "fa-key",
esc_html__( 'Truck', 'mytheme') => "fa-truck",
esc_html__( 'Tree', 'mytheme') => "fa-tree",
esc_html__( 'Plane', 'mytheme') => "fa-plane"
);
$choice = array_rand( $captchas, 3);
foreach($choice as $key) {
$choices[$key] = $captchas[$key];
}
// Pick a number between 0-2 and use it to determine which array item will be used as the answer
$human = rand(0,2);
ob_start(); ?>
<div class="captcha-image">
<p><?php _e('Please prove you are human by selecting the', 'mytheme'); ?> <span><?php echo $choice[$human]; ?></span> <?php esc_html_e('.', 'mytheme'); ?></p>
<?php
$i = -1;
foreach($choices as $title => $image) {
$i++;
if($i == $human) { $value = "tn_human"; } else { $value = "bot"; };
echo '<label><input type="radio" name="tn_captcha" value="'. $value .'"/><i class="fa '. $image .'"></i></label>';
}
?>
</div>
<div style="display:none">
<input type="text" name="tn_honeypot">
<input type="hidden" name="FormType" value="<?php echo $form ?>"/>
<input type="hidden" name="wplicic_exists" value="true"/>
</div>
<?php // more code
$result = ob_get_contents(); // get everything in to $result variable
ob_end_clean();
return $result;
}
add_shortcode('contact_captcha', 'mytheme_image_captcha');
循环您需要选择的输入字段中的图像和单词。评论表是这样的:
<?php
$commenter = wp_get_current_commenter();
$req = get_option( 'require_name' );
$aria_req = ( $req ? " aria-required='true'" : '' );
$fields = array(
'author' =>
'<div class="comment_fields"><p class="comment-form-author"><input id="author" name="author" type="text" placeholder="' . esc_html__( 'Name', 'mytheme' ) . '" value="' . esc_attr( $commenter['comment_author'] ) .
'" size="30"' . $aria_req . ' /></p></div>',
'captcha' => (!is_user_logged_in()) ? do_shortcode('[contact_captcha]') : '',
);
$comment_field = '<p class="comment-form-comment"><textarea id="comment" name="comment" placeholder="' . esc_html__( 'Your Comment', 'mytheme' ) . '" cols="45" rows="6" aria-required="true"></textarea></p>';
comment_form(array(
'fields' => $fields,
'comment_field' => $comment_field,
'comment_notes_after' => '',
'id_submit' => 'comment-submit',
'title_reply' => esc_html__( 'Leave a comment', 'mytheme' ),
'title_reply_to' => esc_html__( 'Leave a reply to %s.', 'mytheme' ),
'cancel_reply_link' => esc_html__( 'Cancel reply', 'mytheme' ),
'label_submit' => esc_html__( 'Submit', 'mytheme' ),
'comment_notes_before' => ''
)); ?>
仅当用户未登录时才会显示验证码(我假设登录的用户不是机器人)。
因为我找不到覆盖表单提交的$_POST
的方法,所以我添加了一个小而简单的js代码,它将禁用post按钮,除非你点击正确的。它的工作原理
/*Comment Validation*/
if ($('#comments').length) {
$('#comments').find('input[type="submit"]').attr('disabled', 'disabled');
$('.captcha-image input[type="radio"]').on('click', function(){
if ( $(this).is(':checked') && $(this).val() == 'tn_human' ){
$('#comments').find('input[type="submit"]').removeAttr('disabled');
} else{
$('#comments').find('input[type="submit"]').attr('disabled', 'disabled');
}
});
}
现在我的问题是:这有多安全?
这可以防止机器人发表评论吗?
我有一种感觉,这不是验证wordpress评论的简单方法。
我找到了一个有效的验证码插件,但它有一个基于类型的验证码(3 + __ = 7类型的capthca),客户端要求基于图像点击的验证码,我找不到一个免费的致力于评论。
任何有关安全的建议都是有帮助的。
答案 0 :(得分:0)
此类场景的最佳做法是使用PHP库将captcha插入到表单中。这是最好的做法,因为您不必抓住整个插件只是为了使用其短代码进行验证码。
我最近使用了Secureimage,它的运行方式与我想要的完全相同。
您必须插入HTML元素才能输入:
<input class="membership-form" type="text" name="captcha_code" size="10" maxlength="6" required>
<img style="margin-left: 34%;margin-top: 1%;" id="captcha" src="http://darpe.me/wp/wp-content/plugins/custom-register/securimage/securimage_show.php" alt="CAPTCHA Image" />
<a href="#" onclick="document.getElementById('captcha').src = 'http://darpe.me/wp/wp-content/plugins/custom-register/securimage/securimage_show.php?' + Math.random(); return false">[ Different Image ]</a>
接下来,在提交检查页面中,您将添加以下内容:
include_once $_SERVER['DOCUMENT_ROOT'] . '/wp/wp-content/plugins/YOUR-PLUGIN-PATH/securimage/securimage.php';
if (!is_wp_error($errors)) $errors = new WP_Error;
$securimage = new Securimage();
if ($securimage->check($_POST['captcha_code']) == false) {
// the code was incorrect
// you should handle the error so that the form processor doesn't continue
// or you can use the following code if there is no validation or you do not know how
$errors->add('chaptcha_error', 'The security code entered was incorrect. Please try again!');
}