Thread

This topic has come up before, and each time fizzled with something down the lines of “the SAEF is for logged in users only—so you don’t really need a captcha.”

Well, I need to allow guests to add weblog entries. I’m going to use an auto-login script into a guest account (see this thread; read all the way to the bottom). What I can’t have is a bunch of new database entries courtesy of spambots.

So I’m working to enable a captcha on a custom stand-alone form, and it’s actually appearing just fine. The code that processes the form, however, is not looking for the captcha.

Has anyone successfully written a hook/mod/hack that will accomplish this?

Thanks!

After spending some quality time with the code, I was able to hack the mod.weblog_standalone.php file to include captcha processing on the specific weblog I needed.

Here’s what you do (v 1.6.0):

Cut lines 803-830 (the “Check Captcha” code) from /system/modules/email/mod.email.php. Drop this into mod.weblog_standalone.php at line 62. Add “global $DB” to the top, plus a check for the weblog_id in question.

With a little context above and below, your mod.weblog_standalone.php file should now look like this:

// Ya gotta be logged-in billy bob…

        if ($SESS->userdata('member_id') == 0)
          { 
            return $OUT->show_user_error('general', $LANG->line('weblog_must_be_logged_in'));        
          }

        /** ----------------------------------------
        /**  Check Captcha
        /** ----------------------------------------*/
        
        global $DB; # <-- ADD THIS
        if ($_POST['weblog_id'] == 11) # <-- ADD WEBLOG_ID WHERE YOU WANT CAPTCHAS ENABLED
        {
            if ( ! isset($_POST['captcha']) || $_POST['captcha'] == '')
            {
                return $OUT->show_user_error('general', array($LANG->line('captcha_required')));
            }
            
            $query = $DB->query("SELECT COUNT(*) AS count FROM exp_captcha 
                                 WHERE word='".$DB->escape_str($_POST['captcha'])."' 
                                 AND ip_address = '".$IN->IP."' 
                                 AND date > UNIX_TIMESTAMP()-7200");
        
            if ($query->row['count'] == 0)
            {
                return $OUT->show_user_error('submission', array($LANG->line('captcha_incorrect')));
            }
        
            $DB->query("DELETE FROM exp_captcha 
                        WHERE (word='".$DB->escape_str($_POST['captcha'])."' 
                        AND ip_address = '".$IN->IP."') 
                        OR date < UNIX_TIMESTAMP()-7200");
        }

        /** ----------------------------------------
        /**  Prep data for insertion
        /** ----------------------------------------*/

This hack assumes the weblog_id is hard-coded into the entry form.

Good luck.

i have the exact same problem (need captcha in a SAEF), and following your instructions i can indeed hack EE to check a captcha in the SAEF of my choice.

however!

how did you get the captcha to display in the SAEF? that part is missing from this thread. any help appreciated.

This advice worked great in EE 1.6.8.

To make the CAPTCHAdisplay in the SAEF, remove the {if captcha} {/if} conditional check.

A note to the friendly people at Ellis Lab: there are a lot of threads on here looking for CAPTCHA support in the SAEF module.  I’ve read your reasons for not make it a supported option (namely that logged-in users shouldn’t need to enter CAPTCHAs), but it seems that many people are using logmein (like me) to allow the public to post.

It would be fantastic if you would make this a supported feature.

It would be fantastic if you would make this a supported feature.

I second that motion.