WP AuthImage Plugin (v2.1)
written by Keith McDuffee (2004-6-7)
http://www.gudlyf.com
gudlyf@realistek.com

---

CHANGELOG:

2.1 -- Added support info. in README for Wordpress 1.5.
       Fixed other typos in README.
       Merged alt and regular versions -- no need for two.
       You should now edit the $sess_key_name variable in authimage.php.
         Read below.
2.0.4 -- Fixed echo typo in this README file
         Added path for $plugins_dir for those who may not have it defined
         Added the case insinsitivity stuff to the -alt version of the script
         Fixed bounds in for loop for CreateAIAltText
2.0.3 -- Fixed some code in the README regarding the <iframe> closing tag.
         Added full path for the authimage.php script in the README.
         Fixed version number on files.
         Added full path for font file (which must be in the plugins dir)
2.0.2 -- Fixed this file's numbering -- sorry about that!
         Codes are now case-insensitive by default.  You can turn this off
         by editing the authimage.php file.
2.0.1a -- Added an alternate plugin called 'authimage-alt.php' that can be
          used instead of the original.  This alternate version will test
          come of the form values before submitting to wp-comments-post.php
          using JavaScript.
          Useful for not clearing the entire form when hitting back button on
          the WP error message.  Read instructions below for usage of this new
          alternate plugin.
2.0.1 -- Some bug fixes.  Need for a my-hacks.php file afterall.
         PLEASE READ ALL INSTRUCTIONS BELOW IF YOU ARE UPGRADING FROM
         ANY PREVIOUS RELEASE!
2.0 -- Minimal hacks now -- no need for the 'my-hacks.php' file.
       Now works as a plugin, so it has to be enabeled now.
       Image path changed to plugin location.
       No more temp files -- code is now stored in session variables
       MANY thanks to Marus Welz (http://marcus.scrappad.com/) for making
       the session variable changes for me and suggesting making this more
       of a plugin.
       Images can now be easily all numeric or all uppercase alphanumaric.  
     
1.4.1 -- Added instructions for dumping the comment into the moderation
         pool rather than fail altogether.  See instructions below for more
         details.
1.4 -- Added cookie information with phonetic English translation
       of the code.  This allows the failure page to give a hint to the
       poster as to what code they need to enter.  Non-English users may
       want to edit the showAIAltText() function to their liking.
       Added header information so the image expires and doesn't get cached.
       Changed function names so we don't walk over anything else in the
       future.
       Now allows creation of code in phonetic English if image creation
       is not possible or wanted.
1.3.3 -- Altered angle of the font and added better spacing so "q" and "p"
         won't get cut off.
1.3.2 -- Changed font to "atomicclockradio" and adjusted image size for it.
         Added image size info to comment page code.
1.3.1 -- Increased length of image slightly to stop font cutoff.
         Added crontab example at end of README.
1.3 -- Added a chmod 666 for the created files so they can be deleted by
       a user other than the http process user.
1.2 -- Changed font to "jewels" and altered image size.
1.1 -- Zero-length the image file after it's displayed.
1.0 -- Initial release.

---

REQUIREMENTS:

This hack assumes the following for your blog.  Anything else is up to
the user to hack for their own use.  These are the only reqs that have been
fully tested up to this point.

- WordPress (http://wordpress.org/) version 1.2 or above (includes 1.5).
- Apache 1.3 or above running on Linux.
- PHP 4 or above.
- GD library (http://www.boutell.com/gd/) and Freetype library
  (http://www.freetype.org/) for PHP.  See http://us2.php.net/gd for more
  information.
- Some sort of shell access to your web server.

You can test your version of PHP for GD and Freetype with the following
commands "from a shell":

    php -i | grep "GD Support"

should return:

<tr><td class="e">GD Support </td><td class="v">enabled </td></tr>

and:

    php -i | grep "FreeType Support"

should return:

<tr><td class="e">FreeType Support </td><td class="v">enabled </td></tr>

If you don't see both of those enabled, you can still use AuthImage, but
you'll need to use it in text mode.  Read below on how to do that

---

INSTALLATION:

Following the directions below with the included files should allow you to
add authorization image checking for comments posted on your site.  It displays
an image with some random text that the commenter has to enter in order for
their comment to go through.  This should cut down on any bots out there from
spamming your comments area and perhaps remove the need for comment moderation.

NOTE: It's important to make the indicated changes to BOTH the regular AND the
popup versions of the comment pages.  If you don't do that, spammers may
perhaps find a way to target the unedited version of the page.

1. Put the files "authimage.php" and "automicclockradio.ttf" in your WP
   plugins directory.  Keep reading past step 7 if you want to use the
   JavaScript form checking.

2. FOR WORDPRESS VERSIONS < 1.5, look for this in 'wp-comments.php' AND 'wp-comments-popup.php'.  FOR WORDPRESS VERSION 1.5, loog for this in your theme's 'comments.php' and/or 'comments-popup.php':

<label for="url"><?php _e("<acronym title=\"Uniform Resource Identifier\">URI</acronym>"); ?></label>

  and add this after it if you want to display an image:

<p>
          <input type="text" name="code" id="code" value="<?php echo ""; ?>" size="28" tabindex="4" />
          <label for="code"><?php _e("Enter this code: "); ?></label>
          <img src="<?php echo get_settings('siteurl'); ?>/wp-content/plugins/authimage.php?type=image" width="155" height="50" alt="authimage" />
</p>

  -or- if you want to display phonetic-English text instead of an image:

          <input type="text" name="code" id="code" value="<?php echo ""; ?>" size="28" tabindex="4" />
          <label for="code"><?php _e("Enter this code: "); ?></label>
          <iframe src="<?php echo get_settings('siteurl'); ?>/wp-content/plugins/authimage.php?type=text" width="155" height="50"></iframe>
</p>


3. FOR WORDPRESS VERSIONS < 1.5: Look for this in 'wp-comments-post.php':

if (strlen($url) < 7)
        $url = '';

  and add this after it:

// authimage -- Check for valid sized code
$code = trim(strip_tags($_POST['code']));
if (strlen($code) < 6)
        $code = '';

FOR WORDPRESS VERSION 1.5: Look for this in 'wp-comments-post.php':

$comment_content      = $_POST['comment'];

  and add this after it:

$comment_code         = $_POST['code'];  // AuthImage

4. FOR WORDPRESS VERSIONS < 1.5: You have two options next, both require editing 'wp-comments-post.php':

  To allow comments to come into the moderation pool, look for the following
  lines in 'wp-comments-post.php':

if(check_comment($author, $email, $url, $comment, $user_ip)) {
        $approved = 1;
} else {
        $approved = 0;
}

  and add this afterwards:

// authimage -- Check if valid code.  If not valid, send to moderation.
if ( !checkAICode($code) )
        $approved = 0;

  -or- if you want to dump the comment altogether and warn the commenter
  that an invalid code was entered, look for the following lines in
  'wp-comments-post.php':

if ( '' == $comment )
	die( __('Error: please type a comment.') );

  and add this after it:

if ( !checkAICode($code) )
        die( __('Error: please enter the valid authorization code.') );

FOR WORDPRESS VERSION 1.5:

Look for the following lines n 'wp-comments-post.php':

if ( '' == $comment_content )
        die( __('Error: please type a comment.') );

  and add this after it:

// AuthImage
if ( !checkAICode($comment_code) )
        die( __('Error: please enter the valid authorization code.') );

5. Make sure you've activated the AuthImage plugin.

6. Make sure your 'my-hacks.php' file contains what is in 'authimage-hacks.php'.
   THIS IS STILL REQUIRED!

7. Enable the 'my-hacks.php legacy support' from your WP options.  If you are not
   interested in using the JavaScript form checking, you can stop here.

--

8. FOR WORDPRESS VERSIONS < 1.5: Edit 'wp-comments.php' AND 'wp-comments-popup.php'
   and change the following line.  FOR WORDPRESS VERSION 1.5, this line is in
   'comments.php' AND 'comments-popup.php' in your theme's directory:

<form action="<?php echo get_settings('siteurl'); ?>/wp-comments-post.php"
method="post" id="commentform">

  to read:

<form action="<?php echo get_settings('siteurl'); ?>/wp-comments-post.php"
method="post" id="commentform" onSubmit="return testValues(this)">

9. If you want to validate the email address, edit the plugin and uncomment
   the code that checks for email.  That's it!