(r7) CaptchaPlugin < TWiki/

TWiki/ Web>CaptchaPlugin (revision 7) (raw view)~~EditAttach~~

---+!! <nop>%TOPIC%

Plugin for visual confirmation of new user registration, to prevent automated scripts to create users and spam your wiki with their url's to get a better google ranking. 

%TOC%

------

---++ Syntax Rules

   * The tag %<nop>CAPTCHAURL% expands to the url of the image containing the scrambled text;
   * The tag %<nop>CAPTCHAHASH% expands to the hash matching the image.

---++ Examples

   * N/A

---++ Plugin Settings

Plugin settings are stored as preferences variables. To reference a plugin setting write ==%<nop>&lt;plugin&gt;_&lt;setting&gt;%==, i.e. ==%<nop>INTERWIKIPLUGIN_SHORTDESCRIPTION%==

   * One line description, is shown in the %TWIKIWEB%.TextFormattingRules topic:
      * Set SHORTDESCRIPTION = Plugin for Captcha verification / visual confirmation of new user registration.

   * Debug plugin: (See output in =data/debug.txt=)
      * Set DEBUG = 1

   * Custom settings (defaults shown):
      * Characters to use in generated strings:
         * Set CHARACTERS = ABCDEFGHKLMNPRSTVWXYZabcdeghpqsuvwxy@
      * Truetype font to use (place the font in <code>$prefix/pub/TWiki/CaptchaPlugin</code>, good source of apparently free fonts is http://www.webpagepublicity.com/free-fonts.html):
         * Set FONT = TahomaBold.ttf
      * Number of random lines to add (use ==none== for 0):
         * Set LINES = 10
      * Number of random circles to add (use ==none== for 0):
         * Set CIRCLES = 10
      * Noise, percentage of pixels to flip randomly after generating graphics (use ==none== for 0%):
         * Set NOISE = 12

---++ Plugin Installation Instructions

__Note:__ You do not need to install anything on the browser to use this plugin. The following instructions are for the administrator who installs the plugin on the server where TWiki is running. 

   * Download the ZIP file from the Plugin web (see below)
   * Unzip ==%TOPIC%.zip== in your twiki installation directory. Content:
     | *File:* | *Description:* |
     | ==data/TWiki/CaptchaPlugin.txt== | Plugin topic |
     | ==data/TWiki/CaptchaPlugin.txt,v== | Plugin topic repository |
     | ==register.patch== | Patch for the register module |
     | ==templates/oopscaptcha.tmpl== | Error template |
     | ==lib/TWiki/Plugins/%TOPIC%.pm== | Plugin Perl module |
     | ==pub/TWiki/CaptchaPlugin/TahomaBold.ttf== | Default font |
     | ==pub/TWiki/CaptchaPlugin/_db== | Hash database directory |
     | ==pub/TWiki/CaptchaPlugin/_img== | Image directory |
   * Apply the patch ==register.patch== to ==lib/TWiki/UI/Register.pm== (alternatively, patch Register.pm manually, see section below), be sure to make a backup so you can revert the patch if you want to disable the plugin:
      * cd /path/to/twiki
      * cp lib/TWiki/UI/Register.pm lib/TWiki/UI/Register.pm.dist
      * patch < ../register.patch
   * Restrict access to the database files, for example, by including the following in your httpd.conf:
<pre>
         &lt;Directory "/path/to/twiki/pub/TWiki/%TOPIC%/_db"&gt;
           deny from all
         &lt;/Directory&gt;
</pre>
   * Make sure the plugin has access to the preferred truetype font, by putting the ==.ttf== file in ==pub/TWiki/%TOPIC%/==
   * Test if the installation was successful:
      * Create a topic containing ==&lt;IMG SRC="%<nop>CAPTCHAURL%"&gt;== and ==%<nop>CAPTCHAHASH%==
      * When loading this topic you should see an obfuscated character string loaded as a png and a hexadecimal hash.
      * Check whether the hash database is properly protected by going to the url http://my.twiki.server/my/twiki/path/pub/TWiki/%TOPIC%/db/hashes.pag, you should see a permission denied message.
   * Now edit your TWiki.TWikiRegistration topic
      * Display the image !%CAPTCHAURL% somewhere in your form, along with a text instructing new users to copy the obfuscated text into the appropriate text input.
      * Add the appropriate text input as ==Twk1CaptchaString==
      * Add a hidden input as ==Twk1CaptchaHash== having as value !%CAPTCHAHASH%
      * For example, add this to your TWiki.TWikiRegistration:
<pre>
            &lt;tr&gt;
              &lt;td valign="top" align="right"&gt;&lt;IMG SRC="%<nop>CAPTCHAURL%"&gt;: &lt;br /&gt; (..) &nbsp; &lt/td&gt;
              &lt;td&gt;&lt;input type="hidden" name="Twk1CaptchaHash" value="%<nop>CAPTCHAHASH%"&gt;
                  &lt;input type="text" name="Twk1CaptchaString" size="5"&gt;&lt;/td&gt;  =&lt;font color="red"&gt;**&lt;/font&gt;=
            &lt;/tr&gt;
</pre>
   * That's it.

---+++ Manually patching the register binary

Find these lines in ==lib/TWiki/UI/Register.pm==:
<pre>
 }
 
 # generate user entry
</pre>

Insert the code below directly *BEFORE* the line containing the curly bracket '{':

<pre>
    # check captcha
    my %database;
    my $vcHash=$data->{CaptchaHash};
    my $vcTxt=$data->{CaptchaString};
    open(LOCKFILE,">".&TWiki::Func::getPubDir()."/TWiki/CaptchaPlugin/_db/hashes.lock");
    flock(LOCKFILE,2);

    dbmopen(%database, &TWiki::Func::getPubDir()."/TWiki/CaptchaPlugin/_db/hashes" ,0644);

    if(!defined($database{$vcHash})) {
        throw TWiki::OopsException( 'captcha',
                                    web => $data->{webName},
                                    topic => $topic,
                                    def => 'expired_vchash',
                                    params => [ "expired" ] );
    }

    my ($time,$txt)=split(',',$database{$vcHash});

    if(not(lc($txt) eq lc($vcTxt))) {
        throw TWiki::OopsException( 'captcha',
                                    web => $data->{webName},
                                    topic => $topic,
                                    def => 'invalid_vcstr',
                                    params => [ "wrong" ] );
    }

    dbmclose(%database);

    close(LOCKFILE);
</pre>

---++ Further Development

   * Make number of characters configurable
   * Make font size configurable
   * Find out how to safely delete images from the register binary

---++ Plugin Info

|  Plugin Author: | TWiki:Main.KoenMartens |
|  Plugin Version: | 03 Aug 2006 (V1.2) |
|  Change History: | <!-- versions below in reverse order -->&nbsp; |
|  07 Oct 2005: | Initial version |
|  10 Oct 2005: | Strip hash and text from arguments to register binary, or they will end up in the newly created user topic. |
|  03 Jan 2006: | Fixed some problems with expiry, also optimised according to TWiki:TWiki.TWikiPlugins#FastPluginHints. |
|  03 Aug 2006: | Renamed to %TOPIC%, adapted to Dakar (TWiki 4.0.x). |
|  TWiki Dependency: | $TWiki::Plugins::VERSION 1.1 |
|  CPAN Dependencies: | GD, Digest::MD5 |
|  Other Dependencies: | none |
|  Perl Version: | 5.005 |
|  License: | GPL ([[http://www.gnu.org/copyleft/gpl.html][GNU General Public License]]) |
|  TWiki:Plugins/Benchmark: | %TWIKIWEB%.GoodStyle 98%, %TWIKIWEB%.FormattedSearch 98%, TWiki.TWikiRegistration (patched) 85% |
|  Plugin Home: | http://TWiki.org/cgi-bin/view/Plugins/%TOPIC% |
|  Feedback: | http://TWiki.org/cgi-bin/view/Plugins/%TOPIC%Dev |
|  Appraisal: | http://TWiki.org/cgi-bin/view/Plugins/%TOPIC%Appraisal |

__Related Topics:__ %TWIKIWEB%.TWikiPreferences, %TWIKIWEB%.TWikiPlugins


-- TWiki:Main.KoenMartens - 03 Aug 2006

Attachments

Topic attachments
I	Attachment	Action	Size	Date	Who
png	05c156f95c6ef8ae9591caad2b6c6581.png	manage	1.2 K	02 Aug 2006 - 16:52	UnknownUser
png	088f7acb964be1f25e5d01c5d23d3660.png	manage	0.8 K	02 Aug 2006 - 14:33	UnknownUser
png	0d5a4bd5b05cdc627f42673908d04970.png	manage	1.3 K	02 Aug 2006 - 16:50	UnknownUser
png	3426709e3fa5b47e46c096f42bd949a4.png	manage	1.2 K	02 Aug 2006 - 16:52	UnknownUser
png	54c87dd0ccd02046324ef17f55f9bf1c.png	manage	0.8 K	02 Aug 2006 - 16:12	UnknownUser
png	7d467cdaabfbc12019d16dd429d2be9e.png	manage	1.2 K	02 Aug 2006 - 16:17	UnknownUser
png	87cf5aaa6b29f32476e11947e2b5531c.png	manage	1.3 K	02 Aug 2006 - 16:50	UnknownUser
png	957688f290596a7f4aa4c09613ad0177.png	manage	1.3 K	03 Aug 2006 - 06:48	UnknownUser
png	9d349e919dbe95f575b36e985d98f875.png	manage	1.2 K	02 Aug 2006 - 16:52	UnknownUser
ttf	TahomaBold.ttf	manage	191.4 K	02 Aug 2006 - 16:48	UnknownUser
png	b3afa94a6ebc0970fb701f57b802113a.png	manage	1.2 K	02 Aug 2006 - 16:52	UnknownUser
png	b811fee8f0ca2c9e1916050e0673a4ed.png	manage	1.2 K	02 Aug 2006 - 16:52	UnknownUser
png	c8b94fc4649a3f7fbe811acc29257c3c.png	manage	1.2 K	02 Aug 2006 - 16:52	UnknownUser
png	cf15d69a13f0408cf48769ae28a9e81b.png	manage	1.3 K	02 Aug 2006 - 16:51	UnknownUser
png	f3ce477fa4d448916f97e514e47f3c16.png	manage	1.3 K	03 Aug 2006 - 06:39	UnknownUser
png	f8d9367a6d41cf92619b89188aa7befa.png	manage	1.3 K	03 Aug 2006 - 06:18	UnknownUser
png	fce0a41ec99a29ccbc48b89b699c3f16.png	manage	1.3 K	02 Aug 2006 - 16:52	UnknownUser
ttf	luxisbi.ttf	manage	64.0 K	02 Aug 2006 - 16:16	UnknownUser

Topic revision: r7 - 03 Aug 2006 - 07:19:42 - KoenMartens?

TWiki/

Copyright � by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback