khromov/README.md

## README.md

      
    Raw
  

              README.md
            
          
    This is an example implementation of DiceBear Avatars for WordPress comments.
You can see a demo for this plugin at the bottom of this post:
https://unwanted.cloud/2022/09/24/nanoleaf-privacy-review/
Screenshot:
https://snippets.khromov.se/wp-content/uploads/2022/09/dicebear-avatars.png
Aside from implementing the DiceBear Micah avatar style, this plugin also removes the website and email fields from the WordPress comments form.
This means names are used for avatar generation for anonymous users, and user ID:s are used for logged in users.
You can use the official DiceBear CDN or self-host your own avatar server for increased privacy.
Setup


Activate the plugin
Go to Settings > Discussion > Default avatar and select "Dicebear: Micah"

You can further customize the plugin with constants:
Set a custom avatars server
You can deploy this via Docker using this image.
define( 'DICEBEAR_AVATARS_BASE_URL', 'https://avatars.unwanted.cloud' ); 
Set a custom salt for avatar generation
This ensures that if emails are used to generate avatars, it is impossible to reverse the emails.
You can also change this if you ever want to reset all avatars.
define( 'DICEBEAR_SALT', '1234567' ); 

  
## dicebear-avatars.php
<?php
/*
Plugin Name: Dicebear Avatars
*/

/**
 * Automatically tick the "Save my data in this browser" checkbox on comments if it was ticked before.
 */
add_action('wp_footer', function() {
    if(is_single() && comments_open()):
    ?>
        <script>
            if(document.cookie && document.cookie.includes('comment_author_')) {
                document.getElementById('wp-comment-cookies-consent').checked = true;
            }
        </script>
    <?php
    endif;
});

/**
 * Add Dicebear avatar option to Settings > Discussion
 */
add_filter('avatar_defaults', function($avatar_defaults) {
    $new_avatar_defaults = $avatar_defaults;
    $new_avatar_defaults['dicebear_micah'] = 'Dicebear: Micah';
    return $new_avatar_defaults;
});

/**
 * Disable requiring user email/password.
 * Unfortunately it's not possible to disable only email.
 */
add_filter('pre_option_require_name_email', function($value) {
    return "0";
});

/**
 * Disable Email and website fields
 */
add_filter('comment_form_default_fields', function($fields) {;
    if(isset($fields['url'])) {
		unset($fields['url']);
	}

    if(isset($fields['email'])) {
        unset($fields['email']);
    }

    // Not very clean but doesn't seem filterable otherwise.
    $fields['cookies'] = str_replace('Save my name, email, and website in this browser for the next time I comment.', 'Save my name in this browser for the next time I comment.', $fields['cookies']);

    return $fields;
});

/**
 * Replace the avatar URL.
 *
 * @param array $args        Arguments passed to get_avatar_data(), after processing.
 * @param mixed $data The Gravatar to retrieve. Accepts a user ID, Gravatar MD5 hash,
 *                           user email, WP_User object, WP_Post object, or WP_Comment object.
 */
add_filter('pre_get_avatar_data', function($args, $data) {
    $dicebear_avatars_base_url = 'https://avatars.dicebear.com';

    // Something "unique" for each site
    $dicebear_salt = md5(get_site_url());

    if(defined('DICEBEAR_AVATARS_BASE_URL')) {
        $dicebear_avatars_base_url = DICEBEAR_AVATARS_BASE_URL;
    }

    if(defined('DICEBEAR_SALT')) {
        $dicebear_salt = DICEBEAR_SALT;
    }

    $seed = 'default';
    if($data instanceof WP_Comment) {
        $seed = md5($dicebear_salt . $data->comment_author); // If comment, use the name for a persistent hash
    } else if($data instanceof WP_User) {
        $seed = md5($dicebear_salt . $data->ID); // If user, use the user ID
    } else if($data instanceof WP_Post) {
        $seed = md5($dicebear_salt . $data->post_author); // Not sure what we are expecting here 🤷
    } else if(is_int($data)) {
        $seed = md5($dicebear_salt . $data);
    } else if(is_string($seed)) {
        $seed = md5($dicebear_salt . $data); // This one is most likely to be an email, but we can't control it.
    }

    $simple_local_avatar_url = "{$dicebear_avatars_base_url}/api/micah/{$seed}.svg?mouth[]=laughing&mouth[]=laughing&mouth[]=smile&mouth[]=pucker&mouth[]=smirk&baseColor[]=white";

    if($args['default'] === 'dicebear_micah') {
        $args['url'] = $simple_local_avatar_url;
        return $args;
    }

    return $args;
}, 10, 2);
	<?php
	/*
	Plugin Name: Dicebear Avatars
	*/

	/**
	* Automatically tick the "Save my data in this browser" checkbox on comments if it was ticked before.
	*/
	add_action('wp_footer', function() {
	if(is_single() && comments_open()):
	?>
	<script>
	if(document.cookie && document.cookie.includes('comment_author_')) {
	document.getElementById('wp-comment-cookies-consent').checked = true;
	}
	</script>
	<?php
	endif;
	});

	/**
	* Add Dicebear avatar option to Settings > Discussion
	*/
	add_filter('avatar_defaults', function($avatar_defaults) {
	$new_avatar_defaults = $avatar_defaults;
	$new_avatar_defaults['dicebear_micah'] = 'Dicebear: Micah';
	return $new_avatar_defaults;
	});

	/**
	* Disable requiring user email/password.
	* Unfortunately it's not possible to disable only email.
	*/
	add_filter('pre_option_require_name_email', function($value) {
	return "0";
	});

	/**
	* Disable Email and website fields
	*/
	add_filter('comment_form_default_fields', function($fields) {;
	if(isset($fields['url'])) {
	unset($fields['url']);
	}

	if(isset($fields['email'])) {
	unset($fields['email']);
	}

	// Not very clean but doesn't seem filterable otherwise.
	$fields['cookies'] = str_replace('Save my name, email, and website in this browser for the next time I comment.', 'Save my name in this browser for the next time I comment.', $fields['cookies']);

	return $fields;
	});

	/**
	* Replace the avatar URL.
	*
	* @param array $args Arguments passed to get_avatar_data(), after processing.
	* @param mixed $data The Gravatar to retrieve. Accepts a user ID, Gravatar MD5 hash,
	* user email, WP_User object, WP_Post object, or WP_Comment object.
	*/
	add_filter('pre_get_avatar_data', function($args, $data) {
	$dicebear_avatars_base_url = 'https://avatars.dicebear.com';

	// Something "unique" for each site
	$dicebear_salt = md5(get_site_url());

	if(defined('DICEBEAR_AVATARS_BASE_URL')) {
	$dicebear_avatars_base_url = DICEBEAR_AVATARS_BASE_URL;
	}

	if(defined('DICEBEAR_SALT')) {
	$dicebear_salt = DICEBEAR_SALT;
	}

	$seed = 'default';
	if($data instanceof WP_Comment) {
	$seed = md5($dicebear_salt . $data->comment_author); // If comment, use the name for a persistent hash
	} else if($data instanceof WP_User) {
	$seed = md5($dicebear_salt . $data->ID); // If user, use the user ID
	} else if($data instanceof WP_Post) {
	$seed = md5($dicebear_salt . $data->post_author); // Not sure what we are expecting here 🤷
	} else if(is_int($data)) {
	$seed = md5($dicebear_salt . $data);
	} else if(is_string($seed)) {
	$seed = md5($dicebear_salt . $data); // This one is most likely to be an email, but we can't control it.
	}

	$simple_local_avatar_url = "{$dicebear_avatars_base_url}/api/micah/{$seed}.svg?mouth[]=laughing&mouth[]=laughing&mouth[]=smile&mouth[]=pucker&mouth[]=smirk&baseColor[]=white";

	if($args['default'] === 'dicebear_micah') {
	$args['url'] = $simple_local_avatar_url;
	return $args;
	}

	return $args;
	}, 10, 2);