Member
Member
ulfben   2007-09-20, 23:51
#1

I want to add reCaptcha to my zenphoto installation.

Looking through the code in class-image.php revealed that addComment($name, $email, $website, $comment) is responsible for validating the comment form input. Thus, this is where I want to add some CAPTCHA controlls.

Problem is, I'm not certain how the form data (POST) gets sent to addComment. How do I get
`$_SERVER["REMOTE_ADDR"],

$_POST["recaptcha_challenge_field"],

$_POST["recaptcha_response_field"]); toaddComment`?

Member
Member
ulfben   2007-09-21, 08:47
#2

It seems zp_handle_comment() in functions_controller.php is what I'm looking for.

I'll report back in a while.

Member
Member
ulfben   2007-09-21, 10:42
#3

Got it working. I'll post the code when I've cleaned it up a bit.

Member
Member
ulfben   2007-09-21, 12:09
#4

Here's my edits. Note that this will [i]not[/i] remember what's in the comment textbox if the visitor fail their captcha - they'll have to start over again.

My next post has the code needed to keep the text intact.

[b]image.php:[/b]
`

  Leave a Reply

[snip]

`

[b]functions-controller.php:[/b]
`

if (in_context(ZP_IMAGE) && isset($_POST['name']) && isset($_POST['email']) && isset($_POST['comment'])) {

    if (isset($_POST['website'])) $website = strip_tags($_POST['website']); else $website = "";

    require_once("/path/to/wherever/you/put/recaptchalib.php");

    $privatekey = "Get a key from http://recaptcha.net/api/getkey";

    $resp = recaptcha_check_answer ($privatekey,

                                    $_SERVER["REMOTE_ADDR"],

                                    $_POST["recaptcha_challenge_field"],

                                    $_POST["recaptcha_response_field"]);

    if ($resp->is_valid)

    {

      $commentadded = $_zp_current_image->addComment(strip_tags($_POST['name']), strip_tags($_POST['email']),

          $website, kses($_POST['comment'], zp_conf('allowed_tags')));

    }

`

Member
Member
ulfben   2007-09-21, 12:16
#5

[b]NOTE:[/b] I am not a web developer. I'm frightingly unaware of safe practices and standards. What I'll show you now might quite possibly feed bad data to your server, prompting the return of SATAN and a premature end of mankind. [b]However[/b], it does seem to work pretty well for me.

If you've got more knowledge that I do, please inform us all. If you just got more sense than I do, stay away.

Here goes:

In [b]functions-controller.php[/b], this is what happens if the user fail their submission (bad captcha or no name/email/comment):
`

$stored = array($_POST['name'], $_POST['email'], $website, $_POST['comment'], false);

    if (isset($_POST['remember'])) $stored[3] = true;

    $error = true;

`

Specifically note if (isset($_POST['remember'])) $stored[3] = true;. This line confuses the hell out of me. It overwrites the $_POST['comment'] (comment text) that we just inserted the line before, with a "1". I can't find where this hardcoded value is read again, so I'd rather not mess with it. If you know - please inform me.

Now, here's my ugly workaround:
`

$stored = array($_POST['name'], $_POST['email'], $website, $_POST['comment'], false);

    $stored[5] = $_POST['comment'];

    if (isset($_POST['remember'])) $stored[3] = true;

    $error = true;

`

Simply added a sixth field and keeping the comment text safe in there. To get this back out into the comment form, heres what you need to add in [b]image.php[/b]:

[b][/b]

  
Powered By MyBB, © 2002-2026 MyBB Group.
Made with by Curves UI.