Bikerscum - Patrick St. Jean

Link: http://www.village-idiot.org/archives/2005/01/28/b2evo-captcha-explained/

I've been getting slammed by more and more comment spam over the last few days and have finally had enough. I'm implementing the captcha solution from village-idiot.org. I know it's not perfect and that there is software out there to defeat them but it'll stop me from having to delete literally hundreds of porn spam comments from my posts while still leaving them open for people to post .

The directions are pretty good but I did make a couple changes to authimage.php and comment_post.php to clean up a few warnings generated when the spammers try to hit the page directly.

Basically, you need to change two blocks of code in authimage.php, both up near the top of the file. First, wrap the if/elseif block that checks to see if you're requesting a text or image with a test to see if $_GET['type'] is set. Then in checkAICode you'll need to change the if/then block at the beginning to make sure that $_SESSION['AI-code'] is set. Here's what the two blocks look like after being changed:

if (isset($_GET['type'])) {
  if ($_GET['type'] == "text") {
    createAICode("text");
    exit;
  }elseif ($_GET['type'] == "image") {
    createAICode("image");
    exit;
  }
}

and

if(!isset($_SESSION['AI-code'])) {
  $return = 0;
} else {
  if ($code == $_SESSION['AI-code']) {
    $return = 1;
  } else {
    $return = 0;
  }
}

And then in comment_post.php you'll need to wrap the captcha checking routine with this code:

if (isset($_POST['code'])){
...
} else {
  errors_add( T_('Error: Please don\'t try to bypass the access code.') );
}