Verify Comment Email Addresses of Registered Users

[mtdewvirus]

When leaving a comment with an email address of a registered user, WordPress should force the visitor to login or change the email address in the comment form.

Anyone can impersonate a blog's user if they know the user's email address.

[filosofo]

Duplicate of #8646 ?

[Denis-de-Bernardy]

Yeah. I closed the old one. See #8646, #2543, #1598.

[ryan]

How about get_user_by('email', $comment_author_email)?

[ShaneF]

Works as designed. Changed format to of what ryan had above.

[ryan]

Having a means to go back would be nice. Relevant discussion here:

​http://core.trac.wordpress.org/ticket/4332#comment:15

[ryan]

Maybe this should wait until we can offer a login form instead of just a die or go back. See #11172 for the planned login_form() function which would help here.

[ryan]

Postponing to 3.0 where we're planning to standardize the login and comment form stuff. That work will make it much easier to offer a good interaction here.

[westi]

I agree that it will be better for this to take advantage of #10931 - going to remove commit/has_patch for now as I think it is better to have an implementation which offers a login form so people can continue on and actually comment.

[dd32]

I agree that it will be better for this to take advantage of #10931

I agree as well, Without it, This ticket wouldnt exist! :)

[hakre]

I think westi had some other ticket in mind... but which one?

[westi]

Replying to hakre:

I think westi had some other ticket in mind... but which one?

I did #11172 - i.e. display a login form.

[rmccue]

We have a login form thanks to #11172 now, so this ticket appears to be ready for a proper patch.

[nacin]

Replying to rmccue:

We have a login form thanks to #11172 now, so this ticket appears to be ready for a proper patch.

Too late for 3.0 though. Moving to 3.1.

Remains a blessed task.

[scribu]

If I don't come up with an updated patch, go on without me... :)

[Denis-de-Bernardy]

#13791

[mdawaffe]

This solution is incomplete. If we're going to prevent impersonation, we need to implement CSRF protection for all logged in commentors. The patch on #13791 does this. The proposed code there is hook based, so it's all configurable/extendable. It's also more complicated.

If we go with this method, we'll need to pull in the CSRF stuff from #13791.

[scribu]

Instead of preventing the user from commenting, I think a better solution would be to accept the comment, but send it to the moderation queue.

There, the comment could have a notification displayed, to the effect of "Possible impersonation".

[scribu]

This could be done by storing a custom field on the comment.

[westi]

I'd like us to consider implementing this in 3.2

[westi]

Use Future Release to constrain 3.2-early

[greuben]

The patch only moves the comment to moderation if it is not spam and email is registered one.

[scribu]

Found out there's a plugin for this: ​http://wordpress.org/extend/plugins/impostercide/

[dd32]

I don't think moving to spam is the ideal method here, Sure, some people will be spamming or attempting to use someone elses details.. but there's also the case of people who are unable to differentiate logging in, and commenting anonymously.

My idea workflow would be for the comment to be marked pending, followed by the commentor being given a login screen, if they can login as that user, the comment is marked as them (and set to approved) and they're redirected back to the posting..

[greuben]

Replying to dd32:

I don't think moving to spam is the ideal method here, Sure, some people will be spamming or attempting to use someone elses details.. but there's also the case of people who are unable to differentiate logging in, and commenting anonymously.

My idea workflow would be for the comment to be marked pending, followed by the commentor being given a login screen, if they can login as that user, the comment is marked as them (and set to approved) and they're redirected back to the posting..

10931-2.diff​ does not move to spam, it moves the comment to moderation queue unless Akismet( or other spam plugins ) mark the comment as spam...

[dd32]

Sorry, misread the patch as spam rather than pending/moderation queue.

I do think that giving the user some kind of feedback of "Hey, your comment has been sent to the queue due to the email address being in use.." would be beneficial to many users who might not "get it"

[greuben]

Replying to dd32:

I do think that giving the user some kind of feedback of "Hey, your comment has been sent to the queue due to the email address being in use.." would be beneficial to many users who might not "get it"

For that, we can set
$comment_approved = -1 or 2;

and comments loop in themes (or wp_list_comments) should do

if( $comment_approved = -1 or 2 ){
echo "blah blah...";
}

[DrewAPicture]

#20165 Closed as dup/related.

[jane]

I would much prefer to force a login than push to moderation.

[nacin]

One thing to keep in mind; if a user is suspended/"deleted" or not yet activated, or has lost their password, forcing a login may prevent a comment from occurring temporarily or permanently.

Also, forcing a login here is actually pretty difficult from a technical perspective.

I think a push to moderation would be lame as well. Just pointing out some potential challenges.

[jane]

@nacin: I would also be fine with this being in a plugin. :)

[mark-k]

It is not only the impersonation possibility that is problematic, but also that the end result of commenting while logged in and while logged off might be different. When logged off author stylig will not be applied and the comment author URL will not be set to the website field in the user's profile.

Why not have something like

if user not logged in but email matches an active user {
    store comment in spam queue 
    dispatch cron event to be executed an hour later
    redirect to login form with redirect_to set to an admin URL in which the comment can be approved
    once approved duplicate the comment as if it was submitted by the user while he is logged in, remove the original from spam and process the new one
    then redirect to the post in which the comment was made.
}

in the cron event {
  if comment is still marked as spam send a mail to its author telling him to contact the admin about approving that comment
}

Comment initialy marked as spam since the damage of impersonation is probably higher then the damage of one comment being lost.

[playjoy]

I wanted to report this issue (for bbPress).
I'm amazed the issue still exists after 8 years it was first reported...