This code adds two filters to the comments form on the site. The first filter adds a field named “csrf” to the comment form, and the second filter adds a field with the question “How much will be: 11 + 11” and a field for entering the answer to this question.
Steps to run the code:
1. The “comment_form_default_fields” filter is added, which calls the “add_antispam_field_to_comment_form” function.
2. The “comment_form_fields” filter is added, which also calls the “add_antispam_field_to_comment_form” function.
3. The “add_antispam_field_to_comment_form” function is defined with the $fields parameter.
4. Inside the function, a field with the name “csrf” is added to the comment form. This field has the type “text” and is hidden from the user with the help of the “display:none” style. In addition, a script is inserted into the field, which sets the value of the field equal to the current time using the time() function.
5. Then a field with the name “numbercheck” and the text “How many will be: 11 + 11” is added to the comment form. This field has the type “number” and is mandatory.
6. At the end, the function returns the modified $fields array with added fields.
add_filter( 'comment_form_default_fields', 'add_antispam_field_to_comment_form' );
add_filter( 'comment_form_fields', 'add_antispam_field_to_comment_form' );
function add_antispam_field_to_comment_form( $fields ) {
$fields['csrf'] = '
<input type="text" name="csrf" aria-label="csfr" required style="display:none">
<script>document.getElementsByName("csrf")[0].value="' . time() . '"</script>
';
$fields['numbercheck'] = '
How many?: 11 + 11
<input type="number" name="numbercheck" aria-label="number" required>
';
return $fields;
}
add_action( 'pre_comment_on_post', 'action_check_hidden_field' );
function action_check_hidden_field( $comment_post_ID ) {
$human_pause = 30;
if ( ! isset( $_POST['numbercheck'] ) || $_POST['numbercheck'] !== '22' ) {
wp_die( 'Wrong number', 'Wrong number', 503 );
}
;
if ( ! isset( $_POST['csrf'] ) || ( ( time() - intval( $_POST['csrf'] ) ) < $human_pause ) || ! preg_match( '/\d{10}/', $_POST['csrf'] ) ) {
wp_die( 'Service Unavailable', 'Service Unavailable', 503 );
}
}
This code performs the following actions:
1. Registers the “action_check_hidden_field” function to be executed before posting a comment on the post.
2. The function checks whether a certain amount of time (30 seconds) has passed between the moment the page is drawn and the comment is sent.
3. If the “numbercheck” field is not set or is not equal to “22“, an error message is displayed and the comment is not sent.
4. If the “csrf” field is not set, the time between drawing the page and sending the comment is less than 30 seconds, or the “csrf” value does not correspond to the pattern of a ten-digit number, an error message is displayed and the comment is not sent.