Nasty wordpress hacks: adding CAPTCHA to wp-wall plugin.

Hrm.  Just had to add a CAPTCHA to a WP-wall.  So the aim here is to combine si-captcha and wp-wall.  It’s worth noting that both are excellent plugins, which makes messing about with them a lot easier.  It’s a fairly nasty hack, but it works.

1.  Install and activate SI CAPTCHA

Si Captcha is rather cleverly designed to allow WP-wall to work despite it  (without a captcha).  We need to switch this off first:

2.  Delete lines 751 – 754 of si-captcha.php

These ones:
if ( function_exists(‘WPWall_Widget’) && isset($_POST['wpwall_comment']) ) {<br /> // skip capthca<br /> return $comment;<br /> }<br />

At this point, the wall won’t work – si-captcha looks for the captcha field of the form, which isn’t there.  Yet.

3.  Add the CAPTCHA field to wp-wall plugin.

Add the following to wp-wall-widget.php, which is the ‘add a captcha’ bits of code ripped out of si-captcha.php.  Told you it was nasty.

You can add it anywhere in the form (id wallform), wherever you want the CAPTCHA to show up.

<?php</p> <p>//CAPTCHA —————————————————-</p> <p>global $user_ID, $si_captcha_url, $si_captcha_opt;<br /> global $wpmu;</p> <p>if( !isset( $_SESSION ) ) { // play nice with other plugins<br /> session_cache_limiter (‘private, must-revalidate’);<br /> session_start();<br /> }</p> <p>if (function_exists(‘load_plugin_textdomain’)) {<br /> if ($wpmu == 1) {<br /> load_plugin_textdomain(’si-captcha’, false, dirname(plugin_basename(__FILE__)).’/si-captcha-for-wordpress/languages’ );<br /> } else {<br /> load_plugin_textdomain(’si-captcha’, false, dirname(plugin_basename(__FILE__)).’/languages’ );<br /> }<br /> }</p> <p>// skip the captcha if user is loggged in and the settings allow<br /> if (isset($user_ID) && intval($user_ID) > 0 && $si_captcha_opt['si_captcha_perm'] == ‘true’) {<br /> // skip the CAPTCHA display if the minimum capability is met<br /> if ( current_user_can( $si_captcha_opt['si_captcha_perm_level'] ) ) {<br /> // skip capthca<br /> return true;<br /> }<br /> }</p> <p>// the captch html<br /> echo ‘<div style=”display:block;” id=”captchaImgDiv”>’;</p> <p>$si_aria_required = ($si_captcha_opt['si_captcha_aria_required'] == ‘true’) ? ‘ aria-required=”true” ‘ : ”;</p> <p>echo ‘<div style=”width: 250px; height: 55px; padding-top:10px;”>’;</p> <p>//captcha html<br /> $label = ’si_image’;<br /> global $si_captcha_url, $si_captcha_opt;</p> <p>echo ‘<img id=”‘.$label.’” ‘;<br /> echo ($si_captcha_opt['si_captcha_captcha_image_style'] != ”) ? ’style=”‘ . esc_attr( $si_captcha_opt['si_captcha_captcha_image_style'] ).’”‘ : ”;<br /> echo ‘ src=”‘.$si_captcha_url.’/securimage_show.php?sid=’.md5(uniqid(time())).’” alt=”‘;<br /> echo ($si_captcha_opt['si_captcha_tooltip_captcha'] != ”) ? esc_attr( $si_captcha_opt['si_captcha_tooltip_captcha'] ) : esc_attr(__(‘CAPTCHA Image’, ’si-captcha’));<br /> echo ‘” title=”‘;<br /> echo ($si_captcha_opt['si_captcha_tooltip_captcha'] != ”) ? esc_attr( $si_captcha_opt['si_captcha_tooltip_captcha'] ) : esc_attr(__(‘CAPTCHA Image’, ’si-captcha’));<br /> echo ‘” /><br /> <a href=”‘.$si_captcha_url.’/securimage_play.php” title=”‘;<br /> echo ($si_captcha_opt['si_captcha_tooltip_audio'] != ”) ? esc_attr( $si_captcha_opt['si_captcha_tooltip_audio'] ) : esc_attr(__(‘CAPTCHA Audio’, ’si-captcha’));<br /> echo ‘”><br /> <img src=”‘.$si_captcha_url.’/images/audio_icon.gif” alt=”‘;<br /> echo ($si_captcha_opt['si_captcha_tooltip_audio'] != ”) ? esc_attr( $si_captcha_opt['si_captcha_tooltip_audio'] ) : esc_attr(__(‘CAPTCHA Audio’, ’si-captcha’));<br /> echo  ‘” ‘;<br /> //audio style=”border-style:none; margin:0; vertical-align:top;”<br /> echo ($si_captcha_opt['si_captcha_audio_image_style'] != ”) ? ’style=”‘ . esc_attr( $si_captcha_opt['si_captcha_audio_image_style'] ).’”‘ : ”;<br /> echo ‘ onclick=”this.blur()” /></a><br /><br /> <a href=”#” title=”‘;<br /> echo ($si_captcha_opt['si_captcha_tooltip_refresh'] != ”) ? esc_attr( $si_captcha_opt['si_captcha_tooltip_refresh'] ) : esc_attr(__(‘Refresh Image’, ’si-captcha’));<br /> echo ‘” onclick=”document.getElementById(\”.$label.’\').src = \”.$si_captcha_url.’/securimage_show.php?sid=\’ + Math.random(); return false”><br /> <img src=”‘.$si_captcha_url.’/images/refresh.gif” alt=”‘;<br /> echo ($si_captcha_opt['si_captcha_tooltip_refresh'] != ”) ? esc_attr( $si_captcha_opt['si_captcha_tooltip_refresh'] ) : esc_attr(__(‘Refresh Image’, ’si-captcha’));<br /> echo ‘” ‘;<br /> // refresh style=”border-style:none; margin:0; vertical-align:bottom;”<br /> echo ($si_captcha_opt['si_captcha_refresh_image_style'] != ”) ? ’style=”‘ . esc_attr( $si_captcha_opt['si_captcha_refresh_image_style'] ).’”‘ : ”;<br /> echo ‘ onclick=”this.blur()” /></a><br /> ‘;</p> <p>echo ‘</div><br /> <div id=”captchaInputDiv” style=”display:block;” ><br /> <input type=”text” name=”captcha_code” id=”captcha_code” tabindex=”4″ ‘.$si_aria_required.’ style=”width:65px;” ‘;</p> <p>if ($si_captcha_opt['si_captcha_comment_class'] != ”) {<br /> echo ‘class=”‘.$si_captcha_opt['si_captcha_comment_class'].’” ‘;<br /> }<br /> echo ‘/></p> <p><label for=”captcha_code”><small>’;</p> <p>echo ($si_captcha_opt['si_captcha_label_captcha'] != ”) ? esc_html( $si_captcha_opt['si_captcha_label_captcha'] ) : esc_html( __(‘CAPTCHA Code’, ’si-captcha’));<br /> echo ‘</small></label><br /> </div><br /> </div>’;</p> <p>//END CAPTCHA ——————————————<br /> ?>

4.  AJAXIFY

This will make the form work the first time we submit it on each page load.  However, one of the nice things about WP-wall is the ajaxiness of the whole thing.  We need to make sure that the CAPTCHA cookie is reset each time a message is posted.  We can do this by telling the captcha to refresh each time the ‘add a message’ section of the wall is shown / hidden.  On line 17 of wp-wall.js, we’re going to add the function that is called when the refresh button is clicked on the si-captcha:

document.getElementById(’si_image’).src =’THE-BASE-URL/wp-content/plugins/si-captcha-for-wordpress/captcha-secureimage/securimage_show.php?sid=’ + Math.random();

Note that you need to manually set your base url in the above line (where it says ‘THE-BASE-URL).  If you’ve change the name of the $label variable in si-captcha, you’ll also need to change the ’si_image’ bit of “document.getElementById(’si_image’)” to match..

5.   Done.

That’s it.  CAPTCHA added to WP-wall.  Sorry it’s not very neat.  Seems to work, but no doubt other plugins, various settings in the back end editor, etc will break it.