Difference: CaptchaPlugin (2 vs. 3)

Revision 309 Oct 2005 - KoenMartens

Line: 1 to 1
 

CaptchaPlugin

Changed:
<
<		Plugin for visual confirmation of new user registration.
>
>		Plugin for visual confirmation of new user registration, to prevent automated scripts to create users and spam your wiki with their url's to get a better google ranking.
 
Line: 13 to 13
 

Examples

Changed:
<
<
  • None yet
>
>
  • N/A
 

Plugin Settings

Line: 25 to 25
 
  • Debug plugin: (See output in data/debug.txt)
    • Set DEBUG = 1
Changed:
<
<
  • My own setting:
    • Set CHARACTERS = ABC
    • Set FONT = luximb.ttf
    • Set NOISE = kjfksd
    • Set LINES = 3
    • Set CIRCLES = 20
>
>
  • Custom settings (defaults shown):
    • Characters to use in generated strings:
      • Set CHARACTERS = ABCDEFGHKLMNPRSTVWXYZabcdeghpqsuvwxy@
    • Truetype font to use:
      • Set FONT = luxisbi.ttf
    • Number of random lines to add (use none for 0):
      • Set LINES = 10
    • Number of random circles to add (use none for 0):
      • Set CIRCLES = 10
    • Noise, percentage of pixels to flip randomly after generating graphics (use none for 0%):
      • Set NOISE = 15
 

Plugin Installation Instructions

Line: 39 to 44
 
  • Download the ZIP file from the Plugin web (see below)
  • Unzip CaptchaPlugin.zip in your twiki installation directory. Content:
    File: Description:
Changed:
<
<
data/TWiki/CaptchaPlugin.txt Plugin topic
data/TWiki/CaptchaPlugin.txt,v Plugin topic repository
>
>
data/TWiki/VisualConfirmPlugin.txt Plugin topic
data/TWiki/VisualConfirmPlugin.txt,v Plugin topic repository
register.patch Patch for the register binary
templates/oopsregvisualconfirm.tmpl Error template
 
lib/TWiki/Plugins/CaptchaPlugin.pm Plugin Perl module
Added:
>
>
  • Apply the patch register.patch to bin/register (alternatively, patch register manual, see section below):
    • cd bin
    • patch < ../register.patch
  • Create the directories visualconfirm and visualconfirm/db in your pub/ directory, and make sure it is readable and writable by the user that TWiki is executing as.
    • mkdir -p pub/visualconfirm/db
    • chown -R nobody pub/visualconfirm
    • chmod -R 644 pub/visualconfirm
  • Restrict access to the database files, for example, by including the following in your httpd.conf: 
			<Directory "/path/to/twiki/pub/visualconfirm/db">
			  deny from all
			</Directory>
  • Make sure the plugin has access to the preferred truetype font, by putting the .ttf file in pub/visualconfirm/
 
  • Test if the installation was successful:
Changed:
<
<
    • enter samples here
>
>
    • Create a topic containing <IMG SRC="%VISUALCONFIRMURL%"> and %VISUALCONFIRMHASH%
    • When loading this topic you should see an obfuscated character string loaded as a png and a hexadecimal hash.
    • Check whether the hash database is properly protected by going to the url http://my.twiki.server/my/twiki/path/pub/visualconfirm/db/hashes.pag, you should see a permission denied message.
  • Now edit your TWikiRegistration topic
    • Display the image %VISUALCONFIRMURL% somewhere in your form, along with a text instructing new users to copy the obfuscated text into the appropriate text input.
    • Add the appropriate text input as Twk1VisualConfirm
    • Add a hidden input as Twk1VisualConfirmHash
    • For example, add this to your TWikiRegistration: 
				<tr>
				  <td valign="top" align="right"><IMG SRC="%VISUALCONFIRMURL%">: <br /> (..)   </td>
				  <td><input type="hidden" name="Twk1VisualConfirmHash" value="%VISUALCONFIRMHASH%">
						<input type="text" name="Twk1VisualConfirm" size="5"></td>
				</tr>
  • That's it.

Manually patching the register binary

Find the line in bin/register that says: 

	 # everything OK

Insert the code below directly BEFORE that line: 

	 # check valid visual confirmation
	 for( $x = 0; $x < $formLen; $x++ ) {
		$vcHash=$formDataValue[$x]
		  unless(not($formDataName[$x] eq "Visual Confirm Hash"));
		$vcTxt=$formDataValue[$x]
		  unless(not($formDataName[$x] eq "Visual Confirm"));
	 }

	 open(LOCKFILE,">".&TWiki::getPubDir()."/visualconfirm/db/hashes.lock");
	 flock(LOCKFILE,2);

	 dbmopen(%database, &TWiki::getPubDir()."/visualconfirm/db/hashes" ,0644);

	 if(!defined($database{$vcHash})) {
		$url = &TWiki::getOopsUrl( $webName, $topic, "oopsregvisualconfirm",
		  "The visual confirmation has expired.");
		TWiki::redirect( $query, $url );
		return;
	 }

	 my ($time,$txt)=split(',',$database{$vcHash});

	 if(not(lc($txt) eq lc($vcTxt))) {
		$url = &TWiki::getOopsUrl( $webName, $topic, "oopsregvisualconfirm",
		  "The character string you entered for visual confirmation is incorrect.");
		TWiki::redirect( $query, $url );
		return;
	 }
	 dbmclose(%database);

	 close(LOCKFILE);

Further Development

  • Make number of characters configurable
  • Make font size configurable
  • Find out how to safely delete images from the register binary
 

Plugin Info

Line: 64 to 149
 Related Topics: TWikiPreferences, TWikiPlugins
Changed:
<
<		-- KoenMartens? - 07 Oct 2005
>
>		-- TWiki:Main.KoenMartens - 07 Oct 2005
 
View topic | History: r10 < r9 < r8 < r7 | More topic actions...
 
This site is powered by the TWiki collaboration platformCopyright � by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback
Note: Please contribute updates to this topic on TWiki.org at TWiki:TWiki.CaptchaPlugin