WP AuthImage Plugin (v2.0.4)
written by Keith McDuffee (2004-6-7)
http://www.gudlyf.com
gudlyf@realistek.com

---

CHANGELOG:

2.0.4 -- Fixed echo typo in this README file
         Added path for $plugins_dir for those who may not have it defined
         Added the case insinsitivity stuff to the -alt version of the script
         Fixed bounds in for loop for CreateAIAltText
2.0.3 -- Fixed some code in the README regarding the <iframe> closing tag.
         Added full path for the authimage.php script in the README.
         Fixed version number on files.
         Added full path for font file (which must be in the plugins dir)
2.0.2 -- Fixed this file's numbering -- sorry about that!
         Codes are now case-insensitive by default.  You can turn this off
         by editing the authimage.php file.
2.0.1a -- Added an alternate plugin called 'authimage-alt.php' that can be
          used instead of the original.  This alternate version will test
          come of the form values before submitting to wp-comments-post.php
          using JavaScript.
          Useful for not clearing the entire form when hitting back button on
          the WP error message.  Read instructions below for usage of this new
          alternate plugin.
2.0.1 -- Some bug fixes.  Need for a my-hacks.php file afterall.
         PLEASE READ ALL INSTRUCTIONS BELOW IF YOU ARE UPGRADING FROM
         ANY PREVIOUS RELEASE!
2.0 -- Minimal hacks now -- no need for the 'my-hacks.php' file.
       Now works as a plugin, so it has to be enabeled now.
       Image path changed to plugin location.
       No more temp files -- code is now stored in session variables
       MANY thanks to Marus Welz (http://marcus.scrappad.com/) for making
       the session variable changes for me and suggesting making this more
       of a plugin.
       Images can now be easily all numeric or all uppercase alphanumaric.  
     
1.4.1 -- Added instructions for dumping the comment into the moderation
         pool rather than fail altogether.  See instructions below for more
         details.
1.4 -- Added cookie information with phonetic English translation
       of the code.  This allows the failure page to give a hint to the
       poster as to what code they need to enter.  Non-English users may
       want to edit the showAIAltText() function to their liking.
       Added header information so the image expires and doesn't get cached.
       Changed function names so we don't walk over anything else in the
       future.
       Now allows creation of code in phonetic English if image creation
       is not possible or wanted.
1.3.3 -- Altered angle of the font and added better spacing so "q" and "p"
         won't get cut off.
1.3.2 -- Changed font to "atomicclockradio" and adjusted image size for it.
         Added image size info to comment page code.
1.3.1 -- Increased length of image slightly to stop font cutoff.
         Added crontab example at end of README.
1.3 -- Added a chmod 666 for the created files so they can be deleted by
       a user other than the http process user.
1.2 -- Changed font to "jewels" and altered image size.
1.1 -- Zero-length the image file after it's displayed.
1.0 -- Initial release.

---

REQUIREMENTS:

This hack assumes the following for your blog.  Anything else is up to
the user to hack for their own use.  These are the only reqs that have been
fully tested up to this point.

- WordPress (http://wordpress.org/) version 1.2 or above.
- Apache 1.3 or above running on Linux.
- PHP 4 or above.
- GD library (http://www.boutell.com/gd/) and Freetype library
  (http://www.freetype.org/) for PHP.  See http://us2.php.net/gd for more
  information.
- Some sort of shell access to your web server.

You can test your version of PHP for GD and Freetype with the following
commands "from a shell":

    php -i | grep "GD Support"

should return:

<tr><td class="e">GD Support </td><td class="v">enabled </td></tr>

and:

    php -i | grep "FreeType Support"

should return:

<tr><td class="e">FreeType Support </td><td class="v">enabled </td></tr>

If you don't see both of those enabled, you can still use AuthImage, but
you'll need to use it in text mode.  Read below on how to do that

---

INSTALLATION:

Following the directions below with the included files should allow you to
add authorization image checking for comments posted on your site.  It displays
an image with some random text that the commenter has to enter in order for
their comment to go through.  This should cut down on any bots out there from
spamming your comments area and perhaps remove the need for comment moderation.

1. Put the files "authimage.php" and "automicclockradio.ttf" in your WP
   plugins directory.  Keep reading past step 10 if you want to use the
   alternate script instead.

2. Look for this in 'wp-comments.php' (or similarly in 'wp-comments-popup.php'):

<label for="url"><?php _e("<acronym title=\"Uniform Resource Identifier\">URI</acronym>"); ?></label>

  and add this after it if you want to display an image:

<p>
          <input type="text" name="code" id="code" value="<?php echo ""; ?>" size="28" tabindex="4" />
          <label for="code"><?php _e("Enter this code: "); ?></label>
          <img src="<? echo get_settings('siteurl') ?>/wp-content/plugins/authimage.php?type=image" width="155" height="50" alt="authimage" />
</p>

  -or- if you want to display phonetic-English text instead of an image:

          <input type="text" name="code" id="code" value="<?php echo ""; ?>" size="28" tabindex="4" />
          <label for="code"><?php _e("Enter this code: "); ?></label>
          <iframe src="<? echo get_settings('siteurl')" ?>/wp-content/plugins/authimage.php?type=text" width="155" height="50"></iframe>
</p>


3. Look for this in 'wp-comments-post.php':

if (strlen($url) < 7)
        $url = '';

  and add this after it:

// authimage -- Check for valid sized code
$code = trim(strip_tags($_POST['code']));
if (strlen($code) < 6)
        $code = '';

4. You have two options next, both require editing 'wp-comments-post.php':

  To allow comments to come into the moderation pool, look for the following
  lines in 'wp-comments-post.php':

if(check_comment($author, $email, $url, $comment, $user_ip)) {
        $approved = 1;
} else {
        $approved = 0;
}

  and add this afterwards:

// authimage -- Check if valid code.  If not valid, send to moderation.
if ( !checkAICode($code) )
        $approved = 0;

  -or- if you want to dump the comment altogether and warn the commenter
  that an invalid code was entered, look for the following lines in
  'wp-comments-post.php':

if ( '' == $comment )
	die( __('Error: please type a comment.') );

  and add this after it:

if ( !checkAICode($code) )
        die( __('Error: please enter the valid authorization code.') );

5. Make sure you've activated the AuthImage plugin.

6. Make sure your 'my-hacks.php' file contains what is in 'authimage-hacks.php'.
   THIS IS STILL REQUIRED!

7. Enable the 'my-hacks.php' file from your WP options.  If you are not
   interested in using the alternate authimage plugin, you can stop here.

--

8. If you're using the 'authimage-alt.php' plugin instead of the default
   plugin file, copy the 'authimage-alt.php' file into your plugins directory
   and rename it 'authimage.php'.

9. Edit 'wp-comments.php' and/or 'wp-comments-popup.php' and change the line:

<form action="<?php echo get_settings('siteurl') ?>/wp-comments-post.php"
method="post" id="commentform">

  to read:

<form action="<?php echo get_settings('siteurl') ?>/wp-comments-post.php"
method="post" id="commentform" onSubmit="return testValues(this)">

10. If you want to validate the email address, edit the plugin and uncomment
    the code that checks for email.  That's it!