TWiki> TWiki Web>CaptchaPlugin (revision 8)EditAttach

CaptchaPlugin

A visual confirmation plugin, known as Captcha, for new user registration. This plugin prevents automated scripts in creating users and spam your wiki with their url's to get a better google ranking.


Syntax Rules

  • The tag %CAPTCHAURL% expands to the url of the image containing the scrambled text;
  • The tag %CAPTCHAHASH% expands to the hash matching the image.

Examples

  • N/A

Plugin Settings

Plugin settings are stored as preferences variables. To reference a plugin setting write %<plugin>_<setting>%, i.e. %INTERWIKIPLUGIN_SHORTDESCRIPTION%

  • One line description, is shown in the TextFormattingRules topic:
    • Set SHORTDESCRIPTION = Plugin for Captcha verification / visual confirmation of new user registration.

  • Debug plugin: (See output in data/debug.txt)
    • Set DEBUG = 0

  • Custom settings (defaults shown):
    • Number of characters for Captcha:
      • Set LENGTH = 5
    • The characters that you want to use in Captcha:
      • Set CHARACTERS = abcdefghijklmnopqrstuvwxyz%&?@!1234567890

Plugin Installation Instructions

Note: You do not need to install anything on the browser to use this plugin. The following instructions are for the administrator who installs the plugin on the server where TWiki is running.

  • Download the ZIP file from the Plugin web (see below)
  • Unzip CaptchaPlugin.zip in your twiki installation directory. Content:
    File:Sorted ascending Description:
    data/TWiki/CaptchaPlugin.txt Plugin topic
    data/TWiki/CaptchaPlugin.txt,v Plugin topic repository
    lib/TWiki/Plugins/CaptchaPlugin.pm Plugin Perl module
    pub/TWiki/CaptchaPlugin/_db Hash database directory
    pub/TWiki/CaptchaPlugin/_img Image directory
    pub/TWiki/CaptchaPlugin/Fonts/ Fonts directory
    register-4.1.2.patch Patch for the register module
    templates/oopscaptcha.tmpl Error template
  • Apply the patch register-4.1.2.patch to lib/TWiki/UI/Register.pm (alternatively, patch Register.pm manually, see section below), be sure to make a backup so you can revert the patch if you want to disable the plugin:
    • cd /path/to/twiki
    • cp lib/TWiki/UI/Register.pm lib/TWiki/UI/Register.pm.dist
    • patch < ../register.patch
  • Restrict access to the database files, for example, by including the following in your httpd.conf:
         <Directory "/path/to/twiki/pub/TWiki/CaptchaPlugin/_db">
           deny from all
         </Directory>
  • Install necessary TrueType fonts in to pub/TWiki/CaptchaPlugin/Fonts/
    • This allows the plugin to randomly choose the fonts to use
  • Test if the installation was successful:
    • Create a topic containing <IMG SRC="%CAPTCHAURL%"> and %CAPTCHAHASH%
    • When loading this topic you should see an obfuscated character string loaded as a png and a hexadecimal hash.
    • Check whether the hash database is properly protected by going to the url http://my.twiki.server/my/twiki/path/pub/TWiki/CaptchaPlugin/db/hashes.pag, you should see a permission denied message.
  • Now edit your TWikiRegistration topic
    • Display the image %CAPTCHAURL% somewhere in your form, along with a text instructing new users to copy the obfuscated text into the appropriate text input.
    • Add the appropriate text input as Twk1CaptchaString
    • Add a hidden input as Twk1CaptchaHash having as value %CAPTCHAHASH%
    • For example, add this to your TWikiRegistration:
            <tr>
              <td valign="top" align="right"><IMG SRC="%CAPTCHAURL%">: <br /> (..)   </td>
              <td><input type="hidden" name="Twk1CaptchaHash" value="%CAPTCHAHASH%">
                  <input type="text" name="Twk1CaptchaString" size="5"></td>  =<font color="red">**</font>=
            </tr>
  • That's it.

Manually patching the register binary

Refer to the patch file.

Guide for TWiki 4.0.5

Find these lines in lib/TWiki/UI/Register.pm:
 }
 
 # generate user entry

Insert the code below directly BEFORE the line containing the curly bracket '{':

    # check captcha
    my %database;
    my $vcHash=$data->{CaptchaHash};
    my $vcTxt=$data->{CaptchaString};
    open(LOCKFILE,">".&TWiki::Func::getPubDir()."/TWiki/CaptchaPlugin/_db/hashes.lock");
    flock(LOCKFILE,2);

    dbmopen(%database, &TWiki::Func::getPubDir()."/TWiki/CaptchaPlugin/_db/hashes" ,0644);

    if(!defined($database{$vcHash})) {
        throw TWiki::OopsException( 'captcha',
                                    web => $data->{webName},
                                    topic => $topic,
                                    def => 'expired_vchash',
                                    params => [ "expired" ] );
    }

    my ($time,$txt)=split(',',$database{$vcHash});

    if(not(lc($txt) eq lc($vcTxt))) {
        throw TWiki::OopsException( 'captcha',
                                    web => $data->{webName},
                                    topic => $topic,
                                    def => 'invalid_vcstr',
                                    params => [ "wrong" ] );
    }

    dbmclose(%database);

    close(LOCKFILE);

Further Development

  • Fix timer (expiry)
  • Refactor to comply with TWiki's convention
  • Remove created .png files
  • Adjustable font size range
  • Adjustable height and width
  • Option of Black and White only

Plugin Info

Plugin Author: TWiki:Main.KoenMartens, TWiki:Main.KwangErnLiew
Plugin Version: 06 Aug 2007 1.5-pre1
Change History:  
06 Aug 2007: Colourised fonts; Randomised font type, font size, background colour, and font positioning; Fixed hash display on user pages; Modified oopscaptcha.tmpl
03 Aug 2006: Renamed to CaptchaPlugin, adapted to Dakar (TWiki 4.0.x).
03 Jan 2006: Fixed some problems with expiry, also optimised according to TWiki:TWiki.TWikiPlugins#FastPluginHints.
10 Oct 2005: Strip hash and text from arguments to register binary, or they will end up in the newly created user topic.
07 Oct 2005: Initial version
TWiki Dependency: $TWiki::Plugins::VERSION 1.1
CPAN Dependencies: GD, Digest::MD5
Other Dependencies: none
Perl Version: 5.005
License: GPL (GNU General Public License)
TWiki:Plugins/Benchmark: GoodStyle 98%, FormattedSearch 98%, TWikiRegistration (patched) 85%
Plugin Home: http://TWiki.org/cgi-bin/view/Plugins/CaptchaPlugin
Feedback: http://TWiki.org/cgi-bin/view/Plugins/CaptchaPluginDev
Appraisal: http://TWiki.org/cgi-bin/view/Plugins/CaptchaPluginAppraisal

Related Topics: TWikiPreferences, TWikiPlugins

-- TWiki:Main.KoenMartens - 03 Aug 2006

Edit | Attach | Print version | History: r10 < r9 < r8 < r7 < r6 | Backlinks | Raw View | Raw edit | More topic actions...
Topic revision: r8 - 06 Aug 2007 - 17:11:03 - MuSMoAdmin?

 
This site is powered by the TWiki collaboration platformCopyright � by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback
Note: Please contribute updates to this topic on TWiki.org at TWiki:TWiki.CaptchaPlugin