Difference: CaptchaPlugin (8 vs. 9)

Revision 908 Aug 2007 - KoenMartens

Line: 1 to 1
 

CaptchaPlugin

A visual confirmation plugin, known as Captcha, for new user registration. This plugin prevents automated scripts in creating users and spam your wiki with their url's to get a better google ranking.

Line: 32 to 32
 
    • The characters that you want to use in Captcha:
      • Set CHARACTERS = abcdefghijklmnopqrstuvwxyz%&?@!1234567890
Added:
>
>
Additionally, the following settings can be added to lib/LocalSite.cfg. In time, the above options will be moved to that file too.

  • $TWiki::cfg{Plugins}{CaptchaPlugin}{Expiry}=3600; # time in seconds after which a captcha will expire and be removed
  • $TWiki::cfg{Plugins}{CaptchaPlugin}{EnableSave}=1; # enable captcha for topic save
 

Plugin Installation Instructions

Note: You do not need to install anything on the browser to use this plugin. The following instructions are for the administrator who installs the plugin on the server where TWiki is running.

Line: 44 to 49
 
register-4.1.2.patch Patch for the register module
templates/oopscaptcha.tmpl Error template
lib/TWiki/Plugins/CaptchaPlugin.pm Plugin Perl module
Changed:
<
<
pub/TWiki/CaptchaPlugin/Fonts/ Fonts directory
>
>
pub/TWiki/CaptchaPlugin/fonts/ Fonts directory
pub/TWiki/CaptchaPlugin/fonts/* A collection of free fonts to get you started
 
pub/TWiki/CaptchaPlugin/_db Hash database directory
Changed:
<
<
pub/TWiki/CaptchaPlugin/_img Image directory
>
>
pub/TWiki/CaptchaPlugin/img Image directory
 
  • Apply the patch register-4.1.2.patch to lib/TWiki/UI/Register.pm (alternatively, patch Register.pm manually, see section below), be sure to make a backup so you can revert the patch if you want to disable the plugin:
    • cd /path/to/twiki
    • cp lib/TWiki/UI/Register.pm lib/TWiki/UI/Register.pm.dist
    • patch < ../register.patch
Changed:
<
<
  • Restrict access to the database files, for example, by including the following in your httpd.conf:
>
>
  • Restrict access to the files, for example, by including the following in your httpd.conf:
 
         <Directory "/path/to/twiki/pub/TWiki/CaptchaPlugin/_db">
           deny from all
         </Directory>

Added:
>
>
<Directory "/path/to/twiki/pub/TWiki/CaptchaPlugin/fonts"> deny from all </Directory> <Directory "/path/to/twiki/pub/TWiki/CaptchaPlugin/img"> deny from all </Directory>
 
Changed:
<
<
  • Install necessary TrueType fonts in to pub/TWiki/CaptchaPlugin/Fonts/
>
>
  • Enable the plugin via the bin/configure script
  • Install necessary TrueType fonts in to pub/TWiki/CaptchaPlugin/fonts/
 
    • This allows the plugin to randomly choose the fonts to use
  • Test if the installation was successful:
    • Create a topic containing <IMG SRC="%CAPTCHAURL%"> and %CAPTCHAHASH%
Line: 77 to 90
 
  • That's it.
Added:
>
>

Captcha on topic edit

If you want to protect edits by TWikiGuest with a captcha, add the following line to your lib/LocalSite.cfg:

$TWiki::cfg{Plugins}{CaptchaPlugin}{EnableSave} = 1;

Of course, you will need the Twk1CaptchaHash and Twk1CaptchaString input fields somewhere in your edit template.

For example, if you are using the default pattern skin, change templates/edit.pattern.tmpl. Find:

%TMPL:DEF{"textarea"}%<textarea class="twikiEditboxStyleProportional" id="topic" name="text" rows="%EDITBOXHEIGHT%" cols="%EDITBOXWIDTH%" style='%EDITBOXSTYLE%' onkeydown='handleKeyDown(event)'>%TEXT%</textarea><script type="text/javascript">initTextAreaHeight();</script>
%TMPL:END%

and add before TMPL:END:

%TMPL:DEF{"textarea"}%<textarea class="twikiEditboxStyleProportional" id="topic" name="text" rows="%EDITBOXHEIGHT%" cols="%EDITBOXWIDTH%" style='%EDITBOXSTYLE%' onkeydown='handleKeyDown(event)'>%TEXT%</textarea><script type="text/javascript">initTextAreaHeight();</script>
              <IMG SRC="/twiki/pub/TWiki/CaptchaPlugin/img/6f8cb86243d4fb754287fb0afb6c6ec1.png"/>
              <input type="hidden" name="Twk1CaptchaHash" value="6f8cb86243d4fb754287fb0afb6c6ec1"/>
              <input type="text" name="Twk1CaptchaString" size="5"/>
%TMPL:END%

You might want to hide the captcha for logged in users (context authenticated), see VarIF for more information on conditional rendering.

 

Manually patching the register binary

Added:
>
>
 Refer to the patch file.

Guide for TWiki 4.0.5

Line: 91 to 133
 Insert the code below directly BEFORE the line containing the curly bracket '{':


Changed:
<
<
# check captcha
>
>
# verify captcha
  my %database; my $vcHash=$data->{CaptchaHash}; my $vcTxt=$data->{CaptchaString};
Line: 100 to 143
  dbmopen(%database, &TWiki::Func::getPubDir()."/TWiki/CaptchaPlugin/_db/hashes" ,0644);
Deleted:
<
<
if(defined($database{$vcHash})) { throw TWiki::OopsException( 'captcha', web => $data->{webName}, topic => $topic, def => 'expired_vchash', params => [ "expired" ] ); }
  my ($time,$txt)=split(',',$database{$vcHash});
Changed:
<
<
if(not(lc($txt) eq lc($vcTxt))) {
>
>
if ( not(lc($txt) eq lc($vcTxt)) || ($txt eq '') ) { dbmclose(%database); close(LOCKFILE);
  throw TWiki::OopsException( 'captcha', web => $data->{webName}, topic => $topic,
Line: 123 to 160
  close(LOCKFILE);
Added:
>
>
Now find:

             # 'WikiName' omitted because they can't
             # change it, and 'Confirm' is a duplicate
             push( @{$data->{form}}, $form )
              unless ($name eq 'WikiName' || $name eq 'Confirm');

and change the last line to:

             # 'WikiName' omitted because they can't
             # change it, and 'Confirm' is a duplicate
             push( @{$data->{form}}, $form )
              unless ($name eq 'WikiName' || $name eq 'Confirm' || $name eq 'CaptchaHash' || $name eq 'CaptchaString');
 

Further Development

Deleted:
<
<
  • Fix timer (expiry)
 
  • Refactor to comply with TWiki's convention
Changed:
<
<
  • Remove created .png files
>
>
  • Remove created .png files -> is already done on expiry, right?
 
  • Adjustable font size range
  • Adjustable height and width
  • Option of Black and White only
Line: 137 to 190
 
Plugin Author: TWiki:Main.KoenMartens, TWiki:Main.KwangErnLiew
Plugin Version: 06 Aug 2007 1.5-pre1
Change History:  
Added:
>
>
08 Aug 2007: Added support for captcha on topic save (thanks TWiki:Main.KwangErnLiew), fixed some minor bugs, added some free fonts
 
06 Aug 2007: Colourised fonts; Randomised font type, font size, background colour, and font positioning; Fixed hash display on user pages; Modified oopscaptcha.tmpl
03 Aug 2006: Renamed to CaptchaPlugin, adapted to Dakar (TWiki 4.0.x).
03 Jan 2006: Fixed some problems with expiry, also optimised according to TWiki:TWiki.TWikiPlugins#FastPluginHints.
Line: 153 to 207
 
Appraisal: http://TWiki.org/cgi-bin/view/Plugins/CaptchaPluginAppraisal

Related Topics: TWikiPreferences, TWikiPlugins

Deleted:
<
<

-- TWiki:Main.KoenMartens - 03 Aug 2006

 
This site is powered by the TWiki collaboration platformCopyright � by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback
Note: Please contribute updates to this topic on TWiki.org at TWiki:TWiki.CaptchaPlugin