The in-form captcha

Last modified: 2006-10-03
Last reviewed: never

Introduction

WordPress Cognotent (WP-CT for short), which is the software that runs Blogsome and Blogs.ie, allows you to put a captcha (specifically, a security image) in your comment form. We call this the "in-form captcha", because it appears in the comment form. (There is also an older captcha, the "post-submission captcha", so called because it appears after the submission of a comment. That captcha is not discussed in this document.)

For all new blogs, the feature is enabled by default, so you don't have to do anything. Blogs older than a certain date, however, don't have it enabled; if yours is one, and you want to learn how to make use of the feature, read on.

Making use of the captcha

Two things are needed:

You need to ensure that the feature is enabled for your blog. To do this, enter the administration interface of your blog, choose "Options" from the main menu then "Miscellaneous" from the submenu, and ensure that the appropriate box is ticked.
Your comments template (the file comments.html) needs to have the necessary code to make the captcha visible to the user and to allow WP-CT to validate it. There are 2 ways to get this code into the template: an easy way, and a harder, but more flexible, way.

The easy way

The easy way is to enter the administration interface of your blog, choose "Manage" from the main menu then "Hacks" from the submenu, and press the button labelled "Add code".

If you do this, it's important that you then check your blog, and make sure of the following:

The captcha appears.
The rest of your comment form hasn't changed in some way undesirable to you.
The captcha actually does its job (i.e. WP-CT accepts your comment if and only if you correctly retype the text from the image).

When you perform this test, you should ensure you're not logged into your blog, because WP-CT doesn't require authenticated users of a blog to pass the captcha.

The reason you need to check your comment form is that this "hack" of ours can't deal with every possible comment template it might encounter. It should work in the great majority of cases, however, and is intended to make life easier for those who aren't comfortable editing template files.

If the hack hasn't done its job properly, you can get your old comment template back by pressing the button labelled "Restore".

The flexible way

If you are comfortable editing template files, you may prefer to modify the comments template yourself. If so, you need to put something like the following in your template:

  {if $captcha_image_URL != "" && $blog_user_level == -1}
    {$captcha_hidden_form_fields}
    <p>
    <img src="{$captcha_image_URL}" align="center">
    <input type="text" 
    name="captcha_value_typed"><br>
    Anti-spam measure: please retype the 
    above text into the box provided.
    </p>
  {/if}

The variable $captcha_image_URL contains the URL of the security image; it will be empty if the blog's owner hasn't enabled the in-form captcha. $blog_user_level (which is set only if $captcha_image_URL is also set) contains the user level of the user requesting the comment form; it has the value -1 if the user is not an authenticated blog user. $hidden_form_fields contains, as its name implies, certain hidden form fields; these are needed for the captcha to work.

The name of the form field has to be "captcha_value_typed"; otherwise, WP-CT won't be able to validate the captcha.