I have anon posting on with email required. I was fiddling around and realized that, if I was logged out, and I posted with my user name (Ipstenu) and the email I used with my registered ID (me@bar.com), it would let me post. If I posed with a different user name (jhdgsd) and the email, it wouldn't post.
It occurs to me that having a person be able to 'spoof' registered users is kinda a bad thing.
I saw this post - http://wordpress.org/support/topic/39025?replies=5 - but that's three years old. Is there any way to easily say 'If this email is also used by a registered user, prompt for user to login'?
Okay, I came up with a solution that SEEMS to be working.
Based on
http://www.saphod.net/2008/10/14/how-to-prevent-commenters-from-using-your-email/
and
http://www.dagondesign.com/articles/prevent-author-impersonation-in-wordpress-comments/
function wp_prevent_imposters( $commentdata){
// get list of user (display) names for blog
global $wpdb;
$valid_users = (array)$wpdb->get_results(" SELECT display_name, user_email FROM " . $wpdb->prefix . "users");
global $userdata;
get_currentuserinfo();
// get email of current user
$logged_in_email = $commentdata['comment_author_email'];
$logged_in_name = $commentdata['comment_author'];
// see if the comment author matches an existing author
$found_match = FALSE;
foreach ($valid_users as $va) {
if (trim($va->display_name) != '') {
if (strtolower($va->display_name) == strtolower($logged_in_name)) {
$found_match = TRUE;
break;
}
}
if (trim($va->user_email) != '') {
if (strtolower($va->user_email) == strtolower($logged_in_email)) {
$found_match = TRUE;
break;
}
}
}
// if commenter is not logged in, but match was found, block the comment
if ($found_match == TRUE) {
wp_die( __('You cannot post using the name or email of a registered author.') );
}
else {
return $commentdata;
}
}
add_filter('preprocess_comment', 'wp_prevent_imposters');
