Hack: only registered users can post comments

  • My friend and I threw together a little hack in the wp-comments.php file that allows you to control the public commenting on your blog, in that only registered and logged in users are able to post to your blog. It’s by no means bullet-proof like I’d want, but it works.
    It uses the function get_currentuserinfo(); to test the user’s session and to see if the variables user_email and user_nickname are assigned values. I’d probably try to use more sophisticated session checking, but this works out of the box and with a few small hacks.
    Open up the wp-comments.php file and add these few lines of code after the opening <?php tag
    ######### comments hack by Jamison & Michael
    get_currentuserinfo();
    $comment_author = $user_nickname;
    $comment_author_email = $user_email;
    $comment_author_url = $user_url;
    if ((empty($user_nickname))&&(empty($user_email))) {
    $message = "<font color=red>You must be a registered user and LOGGED IN to post comments.</font>
    ";
    $message .= 'Please login or register
    ';
    $post_disabled = " disabled";
    }
    Now scroll down further in the file where the form tags are for the commenting. Add these few lines of code right before the opening <form> tag.
    <?
    ######### comments hack by Jamison & Michael
    echo $message; // display message if they're not logged in
    ?>
    Now this next part could be tricky if you don’t know HTML very well… so if you don’t, do your best to follow along…
    You’ll be adding the following tag in the author, email, url, comment, and submit fields:
    <?=$post_disabled?>
    Those tags will look something like this:
    <input type="text" name="author" id="author" class="textarea" value="<?php echo $comment_author; ?>" size="28" tabindex="1" <?=$post_disabled?> />
    <input type="text" name="email" id="email" value="<?php echo $comment_author_email; ?>" size="28" tabindex="2" <?=$post_disabled?> />
    <input type="text" name="url" id="url" value="<?php echo $comment_author_url; ?>" size="28" tabindex="3" <?=$post_disabled?>/>
    <textarea name="comment" id="comment" cols="70" rows="4" tabindex="4"<?=$post_disabled?>></textarea>
    <input name="submit" type="submit" tabindex="5" value="<?php _e("Say It!"); ?>" <?=$post_disabled?> />

    What those $post_disabled tags do is fill in a value “disabled” in the form fields if the user is not logged in and cause the form to become unusuable/disabled to the end user.
    Like I said, it’s not the most secure way of keeping out undesireable posts, but this combined with WP-Blacklist 1.2.1, you can relatively control who is able to post comments on your blog.
    – Michael
    https://www.designbymichael.com

Viewing 13 replies - 16 through 28 (of 28 total)

  • Excellent, and I thank you, but the casino spammers have broken through. Who knows how…it’s a mystery.
    Back to the drawing board.
    (My first post to the forum; hi, all!)

    Its because you are only blocking the posting form, not what processes it. Add this to the wp-comments-post.php file, after the test for required_name_email.
    # Require user to be registered and logged in before allowing posting
    # 30 second hack by Brian C. Lane - www.libertynews.org
    get_currentuserinfo();
    if( empty($user_nickname) && empty($user_email) )
    die( __('Error: You must be logged in before you can post') );

    Ugh, pretty ugly. You should get the gist of it though, call get_currentuserinfo() and then see if nickname and email are empty.

    You can also add similar code to wp-comments.php to totally remove the form:
    # Require user to be registered and logged in before allowing posting
    # 30 second hack by Brian C. Lane - www.libertynews.org
    get_currentuserinfo();
    if( empty($user_nickname) && empty($user_email) )
    _e("Sorry, you must login before posting.");
    else if ('open' == $post->comment_status) {

    appreciate it guys – i just started getting attacked by the dreaded web-casino bots..far out they can be annoying.

    thanks for this – works beautifully ??

    I am having a problem with this hack…

    Hack works great, but I cannot seem to stay logged in… any suggestions?

    So…I added the 30 second hack by Brian C Lane and nothing happened. It says “sorry, you must be logged in before posting”, but still allows you to post comments.

    also you can add a redirect url, so when de users logs in is redirected to de original page.
    [code]
    # Require user to be registered and logged in before allowing posting
    # 30 second hack by Brian C. Lane - https://www.libertynews.org
    get_currentuserinfo();
    if( empty($user_nickname) && empty($user_email) )
    _e('Sorry, you must login before posting.');
    else if ('open' == $post->comment_status) {
    [/code]

    btw i add this around line 74 and works great ??

    fixed again xD
    this time set de vars the form espect to, so it hides de form and shows de welcome back

    # Require user to be registered and logged in before allowing posting
    # 30 second hack by Brian C. Lane - www.libertynews.org
    get_currentuserinfo();
    if( empty($user_nickname) && empty($user_email) )
    _e('Sorry, you must login before posting.');
    else if ('open' == $post->comment_status) {
    $comment_author_email = $user_email;
    $comment_author = $user_nickname;

    kada
    shouting in the dark.

    Hm…what do you think I’m doing wrong? I get the message but can still post comments while logged out.

    Ahh…I think I had it in the wrong place. Thanks.

    Hi,
    Designbymichael, your file says:
    Open up the wp-comments.php file and add these few lines of code after the opening <?php tag

    where is that wp-comments.php file? within WordPress? I can’t find one.

    I am new at WP, so patience is appreciated. I’m trying to require a user to be registered and logged in to comment.

Viewing 13 replies - 16 through 28 (of 28 total)
  • The topic ‘Hack: only registered users can post comments’ is closed to new replies.