Skip to content

Instantly share code, notes, and snippets.

@jat001

jat001/verification.js

Last active January 4, 2016 15:19
Show Gist options
  • Save jat001/8639850 to your computer and use it in GitHub Desktop.
Save jat001/8639850 to your computer and use it in GitHub Desktop.
Download ZIP
Two-step verification for WordPress.
Raw
verification.js
var $ = jQuery;
var host = '.' + location.host;
$(document).ready(function() {
$.removeCookie('wait', {path: '/', domain: host});
});
$('#content #respond #comment').focus(function() {
if (!$.cookie('wait')) {
var timestamp = Math.round($.now()/1000);
$.getJSON('/', {'action': 'verifycode', 'timestamp': timestamp}, function(json) {
var id = '#content #respond #submit';
$(id).removeAttr('disabled');
var code = json.code;
if (code != 0) {
$(id).attr({'disabled': 'disabled'});
switch(code) {
case 1:
alert('\u83b7\u53d6 IP \u5730\u5740\u5931\u8d25');
break;
case 2:
alert('\u83b7\u53d6\u65f6\u95f4\u6233\u5931\u8d25');
break;
case 3:
alert('\u65f6\u95f4\u9519\u8bef\uff0c\u8bf7\u68c0\u67e5\u672c\u5730\u65f6\u95f4\u662f\u5426\u6b63\u786e');
break;
case 4:
alert('\u8bc4\u8bba\u9891\u7387\u8fc7\u5feb\uff0c\u8bf7\u7a0d\u540e\u518d\u8bd5');
break;
default:
alert('\u4e24\u6b65\u9a8c\u8bc1\u5931\u8d25\uff0c\u8bf7\u5237\u65b0\u672c\u9875\u9762');
}
}
});
$.cookie('wait', 'true', {expires: 1/288, path: '/', domain: host});
}
});
Raw
verification.php
<?php
function commentSecretKey() {
return '';
}
function verifyCode() {
if($_GET['action'] == 'verifycode') {
$ip = $_SERVER['REMOTE_ADDR'];
preg_match('/^(\d{1,3}\.){3}\d{1,3}$/', $ip, $matches) or quit(array('code' => 1, 'result' => 'Get ip address error.'));
$ip = $matches[0];
$timeStamp = $_GET['timestamp'];
preg_match('/^\d{10}$/', $timeStamp, $matches) or quit(array('code' => 2, 'result' => 'Get timestamp error.'));
$timeStamp = $matches[0];
$now = $_SERVER['REQUEST_TIME'];
$minTime = $now - 10;
if ($timeStamp > $now || $timeStamp < $minTime ) quit(array('code' => 3, 'result' => 'Wrong time.'));
global $wpdb;
$commentTime = strtotime($wpdb->get_var("SELECT comment_date_gmt FROM wp_comments WHERE comment_author_IP = '$ip' ORDER BY comment_ID DESC LIMIT 1"));
$allowableCommentTime = $commentTime + 600;
if ($now < $allowableCommentTime) quit(array('code' => 4, 'result' => 'Too many comments frequencies.'));
$secretKey = commentSecretKey();
$verifyCode = md5(md5($ip) . md5($timeStamp) . md5($secretKey));
quit(array('code' => 0, 'result' => 'Set cookie success.'), base64_encode($timeStamp), $verifyCode);
}
}
add_action('init', 'verifyCode');
function checkCommentToken($comment = array()) {
if (!current_user_can('level_4')) {
$ip = $_SERVER['REMOTE_ADDR'];
preg_match('/^(\d{1,3}\.){3}\d{1,3}$/', $ip, $matches) or quit('获取 IP 地址失败');
$ip = $matches[0];
$timeStamp = base64_decode($_COOKIE['timestamp']);
preg_match('/^\d{10}$/', $timeStamp, $matches) or quit('获取时间戳失败');
$timeStamp = $matches[0];
$verifyCode = $_COOKIE['verifycode'];
preg_match('/^[a-z0-9]{32}$/', $verifyCode, $matches) or quit('获取 token 失败');
$verifyCode = $matches[0];
$now = $_SERVER['REQUEST_TIME'];
if ($timeStamp > $now) quit('错误的时间戳');
$maxTime = $timeStamp + 1800;
if ($maxTime < $now) quit('超时时间已过');
$secretKey = commentSecretKey();
$md5 = md5(md5($ip) . md5($timeStamp) . md5($secretKey));
if ($verifyCode != $md5) quit('两步验证失败');
}
return $comment;
}
add_filter('preprocess_comment', 'checkCommentToken');
function quit($message, $timeStamp = '', $verifyCode = '') {
if (is_array($message)) {
$contentType = 'application/json';
$message = json_encode($message);
} else {
$contentType = 'text/plain';
}
$host = '.' . $_SERVER['SERVER_NAME'];
header("Content-type: $contentType; charset=UTF-8");
setcookie('timestamp', $timeStamp, 0, '/', $host);
setcookie('verifycode', $verifyCode, 0, '/', $host);
exit($message);
}
?>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment