CaptchaPlugin
A visual confirmation plugin, known as Captcha, for new user registration. This plugin prevents automated scripts in creating users and spam your wiki with their url's to get a better google ranking.
Syntax Rules
- The tag %CAPTCHAURL% expands to the url of the image containing the scrambled text;
- The tag %CAPTCHAHASH% expands to the hash matching the image.
Examples
Plugin Settings
Plugin settings are stored as preferences variables. To reference a plugin setting write
%<plugin>_<setting>%
, i.e.
%INTERWIKIPLUGIN_SHORTDESCRIPTION%
- One line description, is shown in the TextFormattingRules topic:
- Set SHORTDESCRIPTION = Plugin for Captcha verification / visual confirmation of new user registration.
- Debug plugin: (See output in
data/debug.txt
)
- Custom settings (defaults shown):
- Number of characters for Captcha:
- The characters that you want to use in Captcha:
- Set CHARACTERS = abcdefghijklmnopqrstuvwxyz%&?@!1234567890
Plugin Installation Instructions
Note: You do not need to install anything on the browser to use this plugin. The following instructions are for the administrator who installs the plugin on the server where TWiki is running.
- Download the ZIP file from the Plugin web (see below)
- Unzip
CaptchaPlugin.zip
in your twiki installation directory. Content: File: | Description: |
data/TWiki/CaptchaPlugin.txt | Plugin topic |
data/TWiki/CaptchaPlugin.txt,v | Plugin topic repository |
register-4.1.2.patch | Patch for the register module |
templates/oopscaptcha.tmpl | Error template |
lib/TWiki/Plugins/CaptchaPlugin.pm | Plugin Perl module |
pub/TWiki/CaptchaPlugin/Fonts/ | Fonts directory |
pub/TWiki/CaptchaPlugin/_db | Hash database directory |
pub/TWiki/CaptchaPlugin/_img | Image directory |
- Apply the patch
register-4.1.2.patch
to lib/TWiki/UI/Register.pm
(alternatively, patch Register.pm manually, see section below), be sure to make a backup so you can revert the patch if you want to disable the plugin:
- cd /path/to/twiki
- cp lib/TWiki/UI/Register.pm lib/TWiki/UI/Register.pm.dist
- patch < ../register.patch
- Restrict access to the database files, for example, by including the following in your httpd.conf:
<Directory "/path/to/twiki/pub/TWiki/CaptchaPlugin/_db">
deny from all
</Directory>
- Install necessary TrueType fonts in to
pub/TWiki/CaptchaPlugin/Fonts/
- This allows the plugin to randomly choose the fonts to use
- Test if the installation was successful:
- Create a topic containing
<IMG SRC="%CAPTCHAURL%">
and %CAPTCHAHASH%
- When loading this topic you should see an obfuscated character string loaded as a png and a hexadecimal hash.
- Check whether the hash database is properly protected by going to the url http://my.twiki.server/my/twiki/path/pub/TWiki/CaptchaPlugin/db/hashes.pag, you should see a permission denied message.
- Now edit your TWikiRegistration topic
- Display the image %CAPTCHAURL% somewhere in your form, along with a text instructing new users to copy the obfuscated text into the appropriate text input.
- Add the appropriate text input as
Twk1CaptchaString
- Add a hidden input as
Twk1CaptchaHash
having as value %CAPTCHAHASH%
- For example, add this to your TWikiRegistration:
<tr>
<td valign="top" align="right"><IMG SRC="%CAPTCHAURL%">: <br /> (..) </td>
<td><input type="hidden" name="Twk1CaptchaHash" value="%CAPTCHAHASH%">
<input type="text" name="Twk1CaptchaString" size="5"></td> =<font color="red">**</font>=
</tr>
Manually patching the register binary
Refer to the patch file.
Guide for TWiki 4.0.5
Find these lines in
lib/TWiki/UI/Register.pm
:
}
# generate user entry
Insert the code below directly
BEFORE the line containing the curly bracket '{':
# check captcha
my %database;
my $vcHash=$data->{CaptchaHash};
my $vcTxt=$data->{CaptchaString};
open(LOCKFILE,">".&TWiki::Func::getPubDir()."/TWiki/CaptchaPlugin/_db/hashes.lock");
flock(LOCKFILE,2);
dbmopen(%database, &TWiki::Func::getPubDir()."/TWiki/CaptchaPlugin/_db/hashes" ,0644);
if(!defined($database{$vcHash})) {
throw TWiki::OopsException( 'captcha',
web => $data->{webName},
topic => $topic,
def => 'expired_vchash',
params => [ "expired" ] );
}
my ($time,$txt)=split(',',$database{$vcHash});
if(not(lc($txt) eq lc($vcTxt))) {
throw TWiki::OopsException( 'captcha',
web => $data->{webName},
topic => $topic,
def => 'invalid_vcstr',
params => [ "wrong" ] );
}
dbmclose(%database);
close(LOCKFILE);
Further Development
- Fix timer (expiry)
- Refactor to comply with TWiki's convention
- Remove created .png files
- Adjustable font size range
- Adjustable height and width
- Option of Black and White only
Plugin Info
Plugin Author: |
TWiki:Main.KoenMartens, TWiki:Main.KwangErnLiew |
Plugin Version: |
06 Aug 2007 1.5-pre1 |
Change History: |
|
06 Aug 2007: |
Colourised fonts; Randomised font type, font size, background colour, and font positioning; Fixed hash display on user pages; Modified oopscaptcha.tmpl |
03 Aug 2006: |
Renamed to CaptchaPlugin, adapted to Dakar (TWiki 4.0.x). |
03 Jan 2006: |
Fixed some problems with expiry, also optimised according to TWiki:TWiki.TWikiPlugins#FastPluginHints. |
10 Oct 2005: |
Strip hash and text from arguments to register binary, or they will end up in the newly created user topic. |
07 Oct 2005: |
Initial version |
TWiki Dependency: |
$TWiki::Plugins::VERSION 1.1 |
CPAN Dependencies: |
GD, Digest::MD5 |
Other Dependencies: |
none |
Perl Version: |
5.005 |
License: |
GPL (GNU General Public License) |
TWiki:Plugins/Benchmark: |
GoodStyle 98%, FormattedSearch 98%, TWikiRegistration (patched) 85% |
Plugin Home: |
http://TWiki.org/cgi-bin/view/Plugins/CaptchaPlugin |
Feedback: |
http://TWiki.org/cgi-bin/view/Plugins/CaptchaPluginDev |
Appraisal: |
http://TWiki.org/cgi-bin/view/Plugins/CaptchaPluginAppraisal |
Related Topics: TWikiPreferences,
TWikiPlugins
--
TWiki:Main.KoenMartens - 03 Aug 2006