--- modules/comment.module.orig	2005-08-20 11:25:48.000000000 -0400
+++ modules/comment.module	2005-08-20 11:40:49.000000000 -0400
@@ -517,6 +517,11 @@
       }
     }
   }
+
+  if ($edit['token'] != (md5($edit['nid'] . $edit['pid'] . variable_get('comment_private_key', '')))) {
+    form_set_error('token', t('Unable to validate your comment, please try again.  If this error persists, please contact the site administrator.'));
+  }
+
   return $edit;
 }
 
@@ -1375,6 +1380,11 @@
 function theme_comment_form($edit, $title = NULL) {
   global $user;
 
+  // private key used to validate comment (preventing spam)
+  if (!variable_get('comment_private_key', '')) {
+    variable_set('comment_private_key', mt_rand());
+  }
+
   $form .= "<a id=\"comment-form\"></a>\n";
   // contact information:
   if ($user->uid) {
@@ -1424,6 +1434,7 @@
   $form .= form_hidden('pid', $edit['pid']);
   $form .= form_hidden('nid', $edit['nid']);
   $form .= form_hidden('uid', $edit['uid']);
+  $form .= form_hidden('token', md5($edit['nid'] . $edit['pid'] . variable_get('comment_private_key', '')));
 
   $form .= form_submit(t('Preview comment'));