jat001/verification.js

## verification.js
var $ = jQuery;
var host = '.' + location.host;
$(document).ready(function() {
    $.removeCookie('wait', {path: '/', domain: host});
});
$('#content #respond #comment').focus(function() {
    if (!$.cookie('wait')) {
        var timestamp = Math.round($.now()/1000);
        $.getJSON('/', {'action': 'verifycode', 'timestamp': timestamp}, function(json) {
            var id = '#content #respond #submit';
            $(id).removeAttr('disabled');
            var code = json.code;
            if (code != 0) {
                $(id).attr({'disabled': 'disabled'});
                switch(code) {
                    case 1:
                        alert('\u83b7\u53d6 IP \u5730\u5740\u5931\u8d25');
                        break;

                    case 2:
                        alert('\u83b7\u53d6\u65f6\u95f4\u6233\u5931\u8d25');
                        break;

                    case 3:
                        alert('\u65f6\u95f4\u9519\u8bef\uff0c\u8bf7\u68c0\u67e5\u672c\u5730\u65f6\u95f4\u662f\u5426\u6b63\u786e');
                        break;

                    case 4:
                        alert('\u8bc4\u8bba\u9891\u7387\u8fc7\u5feb\uff0c\u8bf7\u7a0d\u540e\u518d\u8bd5');
                        break;

                    default:
                        alert('\u4e24\u6b65\u9a8c\u8bc1\u5931\u8d25\uff0c\u8bf7\u5237\u65b0\u672c\u9875\u9762');
                }
            }
        });
        $.cookie('wait', 'true', {expires: 1/288, path: '/', domain: host});
    }
});

## verification.php
<?php
function commentSecretKey() {
    return '';
}

function verifyCode() {
    if($_GET['action'] == 'verifycode') {
        $ip = $_SERVER['REMOTE_ADDR'];
        preg_match('/^(\d{1,3}\.){3}\d{1,3}$/', $ip, $matches) or quit(array('code' => 1, 'result' => 'Get ip address error.'));
        $ip = $matches[0];

        $timeStamp = $_GET['timestamp'];
        preg_match('/^\d{10}$/', $timeStamp, $matches) or quit(array('code' => 2, 'result' => 'Get timestamp error.'));
        $timeStamp = $matches[0];

        $now = $_SERVER['REQUEST_TIME'];
        $minTime = $now - 10;
        if ($timeStamp > $now || $timeStamp < $minTime ) quit(array('code' => 3, 'result' => 'Wrong time.'));

        global $wpdb;
        $commentTime = strtotime($wpdb->get_var("SELECT comment_date_gmt FROM wp_comments WHERE comment_author_IP = '$ip' ORDER BY comment_ID DESC LIMIT 1"));
        $allowableCommentTime = $commentTime + 600;
        if ($now < $allowableCommentTime) quit(array('code' => 4, 'result' => 'Too many comments frequencies.'));

        $secretKey = commentSecretKey();
        $verifyCode = md5(md5($ip) . md5($timeStamp) . md5($secretKey));
        quit(array('code' => 0, 'result' => 'Set cookie success.'), base64_encode($timeStamp), $verifyCode);
    }
}
add_action('init', 'verifyCode');

function checkCommentToken($comment = array()) {
    if (!current_user_can('level_4')) {
        $ip = $_SERVER['REMOTE_ADDR'];
        preg_match('/^(\d{1,3}\.){3}\d{1,3}$/', $ip, $matches) or quit('获取 IP 地址失败');
        $ip = $matches[0];

        $timeStamp = base64_decode($_COOKIE['timestamp']);
        preg_match('/^\d{10}$/', $timeStamp, $matches) or quit('获取时间戳失败');
        $timeStamp = $matches[0];

        $verifyCode = $_COOKIE['verifycode'];
        preg_match('/^[a-z0-9]{32}$/', $verifyCode, $matches) or quit('获取 token 失败');
        $verifyCode = $matches[0];

        $now = $_SERVER['REQUEST_TIME'];
        if ($timeStamp > $now) quit('错误的时间戳');
        $maxTime = $timeStamp + 1800;
        if ($maxTime < $now) quit('超时时间已过');

        $secretKey = commentSecretKey();
        $md5 = md5(md5($ip) . md5($timeStamp) . md5($secretKey));
        if ($verifyCode != $md5) quit('两步验证失败');
    }
    return $comment;
}
add_filter('preprocess_comment', 'checkCommentToken');

function quit($message, $timeStamp = '', $verifyCode = '') {
    if (is_array($message)) {
        $contentType = 'application/json';
        $message = json_encode($message);
    } else {
        $contentType = 'text/plain';
    }
    $host = '.' . $_SERVER['SERVER_NAME'];
    header("Content-type: $contentType; charset=UTF-8");
    setcookie('timestamp', $timeStamp, 0, '/', $host);
    setcookie('verifycode', $verifyCode, 0, '/', $host);
    exit($message);
}

?>
	var $ = jQuery;
	var host = '.' + location.host;
	$(document).ready(function() {
	$.removeCookie('wait', {path: '/', domain: host});
	});
	$('#content #respond #comment').focus(function() {
	if (!$.cookie('wait')) {
	var timestamp = Math.round($.now()/1000);
	$.getJSON('/', {'action': 'verifycode', 'timestamp': timestamp}, function(json) {
	var id = '#content #respond #submit';
	$(id).removeAttr('disabled');
	var code = json.code;
	if (code != 0) {
	$(id).attr({'disabled': 'disabled'});
	switch(code) {
	case 1:
	alert('\u83b7\u53d6 IP \u5730\u5740\u5931\u8d25');
	break;

	case 2:
	alert('\u83b7\u53d6\u65f6\u95f4\u6233\u5931\u8d25');
	break;

	case 3:
	alert('\u65f6\u95f4\u9519\u8bef\uff0c\u8bf7\u68c0\u67e5\u672c\u5730\u65f6\u95f4\u662f\u5426\u6b63\u786e');
	break;

	case 4:
	alert('\u8bc4\u8bba\u9891\u7387\u8fc7\u5feb\uff0c\u8bf7\u7a0d\u540e\u518d\u8bd5');
	break;

	default:
	alert('\u4e24\u6b65\u9a8c\u8bc1\u5931\u8d25\uff0c\u8bf7\u5237\u65b0\u672c\u9875\u9762');
	}
	}
	});
	$.cookie('wait', 'true', {expires: 1/288, path: '/', domain: host});
	}
	});
	<?php
	function commentSecretKey() {
	return '';
	}

	function verifyCode() {
	if($_GET['action'] == 'verifycode') {
	$ip = $_SERVER['REMOTE_ADDR'];
	preg_match('/^(\d{1,3}\.){3}\d{1,3}$/', $ip, $matches) or quit(array('code' => 1, 'result' => 'Get ip address error.'));
	$ip = $matches[0];

	$timeStamp = $_GET['timestamp'];
	preg_match('/^\d{10}$/', $timeStamp, $matches) or quit(array('code' => 2, 'result' => 'Get timestamp error.'));
	$timeStamp = $matches[0];

	$now = $_SERVER['REQUEST_TIME'];
	$minTime = $now - 10;
	if ($timeStamp > $now \|\| $timeStamp < $minTime ) quit(array('code' => 3, 'result' => 'Wrong time.'));

	global $wpdb;
	$commentTime = strtotime($wpdb->get_var("SELECT comment_date_gmt FROM wp_comments WHERE comment_author_IP = '$ip' ORDER BY comment_ID DESC LIMIT 1"));
	$allowableCommentTime = $commentTime + 600;
	if ($now < $allowableCommentTime) quit(array('code' => 4, 'result' => 'Too many comments frequencies.'));

	$secretKey = commentSecretKey();
	$verifyCode = md5(md5($ip) . md5($timeStamp) . md5($secretKey));
	quit(array('code' => 0, 'result' => 'Set cookie success.'), base64_encode($timeStamp), $verifyCode);
	}
	}
	add_action('init', 'verifyCode');

	function checkCommentToken($comment = array()) {
	if (!current_user_can('level_4')) {
	$ip = $_SERVER['REMOTE_ADDR'];
	preg_match('/^(\d{1,3}\.){3}\d{1,3}$/', $ip, $matches) or quit('获取 IP 地址失败');
	$ip = $matches[0];

	$timeStamp = base64_decode($_COOKIE['timestamp']);
	preg_match('/^\d{10}$/', $timeStamp, $matches) or quit('获取时间戳失败');
	$timeStamp = $matches[0];

	$verifyCode = $_COOKIE['verifycode'];
	preg_match('/^[a-z0-9]{32}$/', $verifyCode, $matches) or quit('获取 token 失败');
	$verifyCode = $matches[0];

	$now = $_SERVER['REQUEST_TIME'];
	if ($timeStamp > $now) quit('错误的时间戳');
	$maxTime = $timeStamp + 1800;
	if ($maxTime < $now) quit('超时时间已过');

	$secretKey = commentSecretKey();
	$md5 = md5(md5($ip) . md5($timeStamp) . md5($secretKey));
	if ($verifyCode != $md5) quit('两步验证失败');
	}
	return $comment;
	}
	add_filter('preprocess_comment', 'checkCommentToken');

	function quit($message, $timeStamp = '', $verifyCode = '') {
	if (is_array($message)) {
	$contentType = 'application/json';
	$message = json_encode($message);
	} else {
	$contentType = 'text/plain';
	}
	$host = '.' . $_SERVER['SERVER_NAME'];
	header("Content-type: $contentType; charset=UTF-8");
	setcookie('timestamp', $timeStamp, 0, '/', $host);
	setcookie('verifycode', $verifyCode, 0, '/', $host);
	exit($message);
	}

	?>