Support » Plugins » Hack: only registered users can post comments

  • My friend and I threw together a little hack in the wp-comments.php file that allows you to control the public commenting on your blog, in that only registered and logged in users are able to post to your blog. It’s by no means bullet-proof like I’d want, but it works.
    It uses the function get_currentuserinfo(); to test the user’s session and to see if the variables user_email and user_nickname are assigned values. I’d probably try to use more sophisticated session checking, but this works out of the box and with a few small hacks.
    Open up the wp-comments.php file and add these few lines of code after the opening <?php tag
    ######### comments hack by Jamison & Michael
    $comment_author = $user_nickname;
    $comment_author_email = $user_email;
    $comment_author_url = $user_url;
    if ((empty($user_nickname))&&(empty($user_email))) {
    $message = "<font color=red>You must be a registered user and LOGGED IN to post comments.</font>
    $message .= 'Please login or register
    $post_disabled = " disabled";

    Now scroll down further in the file where the form tags are for the commenting. Add these few lines of code right before the opening <form> tag.
    ######### comments hack by Jamison & Michael
    echo $message; // display message if they're not logged in
    Now this next part could be tricky if you don’t know HTML very well… so if you don’t, do your best to follow along…
    You’ll be adding the following tag in the author, email, url, comment, and submit fields:
    Those tags will look something like this:
    <input type="text" name="author" id="author" class="textarea" value="<?php echo $comment_author; ?>" size="28" tabindex="1" <?=$post_disabled?> />
    <input type="text" name="email" id="email" value="<?php echo $comment_author_email; ?>" size="28" tabindex="2" <?=$post_disabled?> />
    <input type="text" name="url" id="url" value="<?php echo $comment_author_url; ?>" size="28" tabindex="3" <?=$post_disabled?>/>
    <textarea name="comment" id="comment" cols="70" rows="4" tabindex="4"<?=$post_disabled?>></textarea>
    <input name="submit" type="submit" tabindex="5" value="<?php _e("Say It!"); ?>" <?=$post_disabled?> />

    What those $post_disabled tags do is fill in a value “disabled” in the form fields if the user is not logged in and cause the form to become unusuable/disabled to the end user.
    Like I said, it’s not the most secure way of keeping out undesireable posts, but this combined with WP-Blacklist 1.2.1, you can relatively control who is able to post comments on your blog.
    – Michael

Viewing 15 replies - 1 through 15 (of 28 total)
  • Oh, and on a different note… it’d be nice if the thing actually worked and preserved all formatting between the code tags. If my instructions seemed illegible, you can find them here...

    its not code tag u use. u use backticks… the key on left of 1 key…

    gotcha. didn’t see the obvious right above the textarea. thnx.

    Have tried this. works great! Thanks!

    Very cool. I may use this if I can’t get the commenters to behave…

    Question 1: is there any way to require a valid e-mail address when folks register? I guess this would involve sending a welcome message to the address with a link to validate it. if I can’t force them to use a real e-mail address, this won’t be nearly as helpful.
    Question 2: can I use this plugin to control the level of the user? (eg: only users level 3 and above can post comments.)

    Quick comment: use the code version Michael’s linked to (the txt file on his site) rather than the code in here — it doesn’t work right. On the other hand, the code on his site works beautifully. Thanks, Michael!

    I got the following error after adding this code.. Any ideas about what would cause it?
    Parse error: parse error in /home/johnlitt/public_html/blog/wp-comments.php on line 8
    The line that is the problem is
    if ((empty($user_nickname))&&(empty($user_email))) {

    oops should have read the last post.. will try the linked code.

    that did the trick.



    Made some small changes so that the comment form isn’t even shown unless the user is logged in. After the line:
    <?php if ('open' == $post->comment_status) { ?>
    <?php if (isset ($message)) {
    ######### comments hack by Jamison & Michael
    echo $message; // display message if they're not logged in
    else {

    and change the line
    <?php } else { // comments are closed ?>
    to be
    <?php }} else { // comments are closed ?>
    Then they can’t even use any little tricks to bypass the disabled form stuff. (I have a plugin for firefox that will do exactly that, and it wouldn’t be hard to remove them with a regex in a spam script)


    The last code posted doesn’t seem to work. The forms are still there!


    I tried it and had the same results. The comment form still appears.


    Although well-written and -executed, this hack did not stop the “texas holdem” attack. I will try other methods…



    Well, the forums really screwed up the code in my last post. So if you want the code to make the changes to the forum, and can’t figure it out because of the stupidity of the forums translation, email me and I’ll send it to you.

Viewing 15 replies - 1 through 15 (of 28 total)
  • The topic ‘Hack: only registered users can post comments’ is closed to new replies.