Comments Form

  • The project I am working on has a private area available to company employees only. rather than have the huge overhead of requiring each employee to have an account, there is a single dummy user account used to access the private area – so everyone logs in as the same person.

    I need to allow users to add comments to posts, but I need them to be able to identify themselves beyond the dummy user id. I can’t find the graceful way to include name and email fields on the comments form that are visible and used to identfy comments when there is a user logged in. I can’t see how to do it without modifying the comment_form() function, which is obviously undesirable.

    Any suggestions?

    Cheers,

    Crac

    • This topic was modified 4 years, 2 months ago by crac1967.
Viewing 5 replies - 1 through 5 (of 5 total)

  • Having users share accounts is very undesirable. If something goes wrong, you have no way of tracing who is responsible.

    I can’t imagine that the overhead for individual accounts could be that much (each account needs a line in the wp_users table and a few lines in the wp_user_meta table), unless it is an incredibly large organization, in which case it becomes even more important to have proper access control.

    Thread Starter crac1967

    (@crac1967)

    I understand what you are saying, but in this instance there would be thousands of users, so it’s not an option.

    The shared account has no privilages – it is simply used for access control to the page. So what I really want to do is to switch on the features available for non-logged in users to comment, even though they are actually logged in as a user.

    Any suggestions?

    Cheers,

    Crac

    You could just password protect the pages and then not require an account to comment.

    However, sharing a password between thousands of people is highly undesirable. What if someone leaves the organization and has a grudge? What if someone leaves a password laying around? They are not likely to own up to that. Perhaps they won’t even know that there has been a compromise. If you are sharing a password between that many people, you may as well not have a password at all.

    Thread Starter crac1967

    (@crac1967)

    I agree it’s all a compromise.

    I’ve already done something along the lines you suggested … so users still have to ‘login’ but it’s not a WordPress login and as far as WordPress is concerned they are still guests. This works fine with the comments. Security for this is a bit primitive, but based on the idea that no-one is likely to stumble across the page(s) unless they are specifically looking for them – and if the password gets into the wrong hands the worst scenario is that someone can see some pages that contain no confidential information really, so it’s not a problem.

    Shame there wasn’t a way to do it within WordPress though …

    Cheers,

    Crac

    You may just want to make sure that the comments are not exposed in feeds / API endpoints. :fourleafclover: :coffee:

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Comments Form’ is closed to new replies.

Tags