<<O>> Difference Topic CaptchaPlugin (r1.7 - 03 Aug 2006 - KoenMartens^?)

CaptchaPlugin

Plugin for visual confirmation of new user registration, to prevent automated scripts to create users and spam your wiki with their url's to get a better google ranking.

Line: 9 to 9

Syntax Rules

Changed:

<
< * None

>
> * The tag %CAPTCHAURL% expands to the url of the image containing the scrambled text; * The tag %CAPTCHAHASH% expands to the hash matching the image.

Examples

Line: 20 to 21

Plugin settings are stored as preferences variables. To reference a plugin setting write %<plugin>_<setting>%, i.e. %INTERWIKIPLUGIN_SHORTDESCRIPTION%

* One line description, is shown in the TextFormattingRules topic:

Changed:

<
< * Set SHORTDESCRIPTION = Plugin for visual confirmation of new user registration.

>
> * Set SHORTDESCRIPTION = Plugin for Captcha verification / visual confirmation of new user registration.

* Debug plugin: (See output in data/debug.txt) * Set DEBUG = 1

Line: 28 to 29

* Custom settings (defaults shown): * Characters to use in generated strings: * Set CHARACTERS = ABCDEFGHKLMNPRSTVWXYZabcdeghpqsuvwxy@

Changed:

<
< * Truetype font to use:

>
> * Truetype font to use (place the font in $prefix/pub/TWiki/CaptchaPlugin, good source of apparently free fonts is http://www.webpagepublicity.com/free-fonts.html):

* Set FONT = TahomaBold^?.ttf * Number of random lines to add (use none for 0): * Set LINES = 10

Line: 44 to 45

* Download the ZIP file from the Plugin web (see below) * Unzip CaptchaPlugin.zip in your twiki installation directory. Content:

File:	Description:

Changed:

<
<

`data/TWiki/VisualConfirmPlugin.txt`	Plugin topic
`data/TWiki/VisualConfirmPlugin.txt,v`	Plugin topic repository
`register.patch`	Patch for the register binary
`templates/oopsregvisualconfirm.tmpl`	Error template

>
>

`data/TWiki/CaptchaPlugin.txt`	Plugin topic
`data/TWiki/CaptchaPlugin.txt,v`	Plugin topic repository
`register.patch`	Patch for the register module
`templates/oopscaptcha.tmpl`	Error template

lib/TWiki/Plugins/CaptchaPlugin.pm Plugin Perl module

Changed:

<
< * Apply the patch register.patch to bin/register (alternatively, patch register manual, see section below): * cd bin

>
>

`pub/TWiki/CaptchaPlugin/TahomaBold.ttf`	Default font
`pub/TWiki/CaptchaPlugin/_db`	Hash database directory
`pub/TWiki/CaptchaPlugin/_img`	Image directory

* Apply the patch register.patch to lib/TWiki/UI/Register.pm (alternatively, patch Register.pm manually, see section below), be sure to make a backup so you can revert the patch if you want to disable the plugin: * cd /path/to/twiki * cp lib/TWiki/UI/Register.pm lib/TWiki/UI/Register.pm.dist

* patch < ../register.patch

Deleted:

<
< * Create the directories visualconfirm and visualconfirm/db in your pub/ directory, and make sure it is readable and writable by the user that TWiki is executing as. * mkdir -p pub/visualconfirm/db * chown -R nobody pub/visualconfirm * chmod -R 644 pub/visualconfirm

* Restrict access to the database files, for example, by including the following in your httpd.conf:

Changed:

<
< <Directory "/path/to/twiki/pub/visualconfirm/db">

>
> <Directory "/path/to/twiki/pub/TWiki/CaptchaPlugin/_db">

deny from all </Directory>

Changed:

<
< * Make sure the plugin has access to the preferred truetype font, by putting the .ttf file in pub/visualconfirm/

>
> * Make sure the plugin has access to the preferred truetype font, by putting the .ttf file in pub/TWiki/CaptchaPlugin/

* Test if the installation was successful:

Changed:

<
< * Create a topic containing <IMG SRC="%VISUALCONFIRMURL%"> and %VISUALCONFIRMHASH%

>
> * Create a topic containing <IMG SRC="%CAPTCHAURL%"> and %CAPTCHAHASH%

* When loading this topic you should see an obfuscated character string loaded as a png and a hexadecimal hash.

Changed:

<
< * Check whether the hash database is properly protected by going to the url http://my.twiki.server/my/twiki/path/pub/visualconfirm/db/hashes.pag, you should see a permission denied message.

>
> * Check whether the hash database is properly protected by going to the url http://my.twiki.server/my/twiki/path/pub/TWiki/CaptchaPlugin/db/hashes.pag, you should see a permission denied message.

* Now edit your TWikiRegistration topic

Changed:

<
< * Display the image %VISUALCONFIRMURL% somewhere in your form, along with a text instructing new users to copy the obfuscated text into the appropriate text input. * Add the appropriate text input as Twk1VisualConfirm * Add a hidden input as Twk1VisualConfirmHash

>
> * Display the image %CAPTCHAURL% somewhere in your form, along with a text instructing new users to copy the obfuscated text into the appropriate text input. * Add the appropriate text input as Twk1CaptchaString * Add a hidden input as Twk1CaptchaHash having as value %CAPTCHAHASH%

* For example, add this to your TWikiRegistration:

            <tr>

Changed:

<
< <td valign="top" align="right"><IMG SRC="%VISUALCONFIRMURL%">: <br /> (..) &lt/td> <td><input type="hidden" name="Twk1VisualConfirmHash" value="%VISUALCONFIRMHASH%"> <input type="text" name="Twk1VisualConfirm" size="5"></td>

>
> <td valign="top" align="right"><IMG SRC="%CAPTCHAURL%">: <br /> (..) &lt/td> <td><input type="hidden" name="Twk1CaptchaHash" value="%CAPTCHAHASH%"> <input type="text" name="Twk1CaptchaString" size="5"></td> <font color="red">**</font>

</tr> * That's it.

Manually patching the register binary

Changed:

<
< Find the line in bin/register that says:

>
> Find these lines in lib/TWiki/UI/Register.pm:

Changed:

<
< # everything OK

>
>

}

# generate user entry

Changed:

<
< Insert the code below directly BEFORE that line:

>
> Insert the code below directly BEFORE the line containing the curly bracket '{':

Changed:

<
<

# check valid visual confirmation for( $x = 0; $x < $formLen; $x++ ) { $vcHash=$formDataValue[$x] unless(not($formDataName[$x] eq "Visual Confirm Hash")); $vcTxt=$formDataValue[$x] unless(not($formDataName[$x] eq "Visual Confirm")); }

open(LOCKFILE,">".&TWiki::getPubDir()."/visualconfirm/db/hashes.lock");

>
> # check captcha my %database; my $vcHash=$data->{CaptchaHash}; my $vcTxt=$data->{CaptchaString}; open(LOCKFILE,">".&TWiki::Func::getPubDir()."/TWiki/CaptchaPlugin/_db/hashes.lock");

flock(LOCKFILE,2);

Changed:

<
< dbmopen(%database, &TWiki::getPubDir()."/visualconfirm/db/hashes" ,0644);

>
> dbmopen(%database, &TWiki::Func::getPubDir()."/TWiki/CaptchaPlugin/_db/hashes" ,0644);

if(defined($database{$vcHash})) {

Changed:

<
< $url = &TWiki::getOopsUrl( $webName, $topic, "oopsregvisualconfirm", "The visual confirmation has expired."); TWiki::redirect( $query, $url ); return;

>
> throw TWiki::OopsException( 'captcha', web => $data->{webName}, topic => $topic, def => 'expired_vchash', params => [ "expired" ] );

}

my ($time,$txt)=split(',',$database{$vcHash});

if(not(lc($txt) eq lc($vcTxt))) {

Changed:

<
< $url = &TWiki::getOopsUrl( $webName, $topic, "oopsregvisualconfirm", "The character string you entered for visual confirmation is incorrect."); TWiki::redirect( $query, $url ); return;

>
> throw TWiki::OopsException( 'captcha', web => $data->{webName}, topic => $topic, def => 'invalid_vcstr', params => [ "wrong" ] );

}

Added:

>
>

dbmclose(%database);

close(LOCKFILE);

Line: 133 to 135

Plugin Info

Plugin Author:

TWiki:Main.KoenMartens

Changed:

<
<

Plugin Version:

03 Jan 2006 (V1.001)

>
>

Plugin Version:

03 Aug 2006 (V1.2)

Change History:	<!-- versions below in reverse order -->
07 Oct 2005:	Initial version
10 Oct 2005:	Strip hash and text from arguments to register binary, or they will end up in the newly created user topic.
03 Jan 2006:	Fixed some problems with expiry, also optimised according to TWiki:TWiki.TWikiPlugins#FastPluginHints.

Changed:

<
<

TWiki Dependency:

$TWiki::Plugins::VERSION 1.024

>
>

03 Aug 2006:	Renamed to CaptchaPlugin, adapted to Dakar (TWiki 4.0.x).
TWiki Dependency:	$TWiki::Plugins::VERSION 1.1

CPAN Dependencies:	GD, Digest::MD5
Other Dependencies:	none
Perl Version:	5.005

Line: 151 to 154

Related Topics: TWikiPreferences, TWikiPlugins

Changed:

<
< -- TWiki:Main.KoenMartens - 07 Oct 2005

>
> -- TWiki:Main.KoenMartens - 03 Aug 2006

Added:

>
>

<<O>> Difference Topic CaptchaPlugin (r1.6 - 02 Aug 2006 - KoenMartens^?)

Line: 29 to 29
	CaptchaPlugin Plugin for visual confirmation of new user registration, to prevent automated scripts to create users and spam your wiki with their url's to get a better google ranking.
	Characters to use in generated strings: Set CHARACTERS = ABCDEFGHKLMNPRSTVWXYZabcdeghpqsuvwxy@ Truetype font to use:
Changed:
< <	Set FONT = luxisbi.ttf
> >	* Set FONT = TahomaBold^?.ttf
	Number of random lines to add (use `none` for 0): Set LINES = 10 Number of random circles to add (use `none` for 0): Set CIRCLES = 10 Noise, percentage of pixels to flip randomly after generating graphics (use `none` for 0%):
Changed:
< <	Set NOISE = 15
> >	* Set NOISE = 12
	Plugin Installation Instructions

<<O>> Difference Topic CaptchaPlugin (r1.5 - 03 Jan 2006 - KoenMartens^?)

CaptchaPlugin

Plugin for visual confirmation of new user registration, to prevent automated scripts to create users and spam your wiki with their url's to get a better google ranking.

Line: 133 to 133

Plugin Info

Plugin Author:

TWiki:Main.KoenMartens

Changed:

<
<

Plugin Version:

07 Oct 2005 (V1.000)

>
>

Plugin Version:

03 Jan 2006 (V1.001)

Change History:	<!-- versions below in reverse order -->
07 Oct 2005:	Initial version
10 Oct 2005:	Strip hash and text from arguments to register binary, or they will end up in the newly created user topic.

Added:

>
>

03 Jan 2006:

Fixed some problems with expiry, also optimised according to TWiki:TWiki.TWikiPlugins#FastPluginHints.

TWiki Dependency:	$TWiki::Plugins::VERSION 1.024
CPAN Dependencies:	GD, Digest::MD5
Other Dependencies:	none
Perl Version:	5.005
License:	GPL (GNU General Public License)

Changed:

<
<

TWiki:Plugins/Benchmark:

GoodStyle nn%, FormattedSearch nn%, CaptchaPlugin nn%

>
>

TWiki:Plugins/Benchmark:

GoodStyle 98%, FormattedSearch 98%, TWikiRegistration (patched) 85%

Plugin Home:	http://TWiki.org/cgi-bin/view/Plugins/CaptchaPlugin
Feedback:	http://TWiki.org/cgi-bin/view/Plugins/CaptchaPluginDev
Appraisal:	http://TWiki.org/cgi-bin/view/Plugins/CaptchaPluginAppraisal

<<O>> Difference Topic CaptchaPlugin (r1.4 - 10 Oct 2005 - KoenMartens^?)

CaptchaPlugin

Plugin for visual confirmation of new user registration, to prevent automated scripts to create users and spam your wiki with their url's to get a better google ranking.

Line: 136 to 136

Plugin Version:	07 Oct 2005 (V1.000)
Change History:	<!-- versions below in reverse order -->
07 Oct 2005:	Initial version

Added:

>
>

10 Oct 2005:

Strip hash and text from arguments to register binary, or they will end up in the newly created user topic.

TWiki Dependency:	$TWiki::Plugins::VERSION 1.024
CPAN Dependencies:	GD, Digest::MD5
Other Dependencies:	none

<<O>> Difference Topic CaptchaPlugin (r1.3 - 09 Oct 2005 - KoenMartens^?)

CaptchaPlugin

Changed:

<
< Plugin for visual confirmation of new user registration.

>
> Plugin for visual confirmation of new user registration, to prevent automated scripts to create users and spam your wiki with their url's to get a better google ranking.

TOC: No TOC in "TWiki.CaptchaPlugin"

Line: 13 to 13

Examples

Changed:

<
<

None yet

>
>

Plugin Settings

Line: 25 to 25

Debug plugin: (See output in data/debug.txt)
- Set DEBUG = 1

Changed:

<
<

My own setting:
- Set CHARACTERS = ABC
- Set FONT = luximb.ttf
- Set NOISE = kjfksd
- Set LINES = 3
- Set CIRCLES = 20

>
>

Custom settings (defaults shown):
- Characters to use in generated strings:
  - Set CHARACTERS = ABCDEFGHKLMNPRSTVWXYZabcdeghpqsuvwxy@
- Truetype font to use:
  - Set FONT = luxisbi.ttf
- Number of random lines to add (use none for 0):
  - Set LINES = 10
- Number of random circles to add (use none for 0):
  - Set CIRCLES = 10
- Noise, percentage of pixels to flip randomly after generating graphics (use none for 0%):
  - Set NOISE = 15

Plugin Installation Instructions

Line: 39 to 44

Download the ZIP file from the Plugin web (see below)
Unzip CaptchaPlugin.zip in your twiki installation directory. Content:

File: Description:

Changed:

<
<

`data/TWiki/CaptchaPlugin.txt`	Plugin topic
`data/TWiki/CaptchaPlugin.txt,v`	Plugin topic repository

>
>

`data/TWiki/VisualConfirmPlugin.txt`	Plugin topic
`data/TWiki/VisualConfirmPlugin.txt,v`	Plugin topic repository
`register.patch`	Patch for the register binary
`templates/oopsregvisualconfirm.tmpl`	Error template

lib/TWiki/Plugins/CaptchaPlugin.pm Plugin Perl module

Added:

>
>

Apply the patch register.patch to bin/register (alternatively, patch register manual, see section below):
- cd bin
- patch < ../register.patch
Create the directories visualconfirm and visualconfirm/db in your pub/ directory, and make sure it is readable and writable by the user that TWiki is executing as.
- mkdir -p pub/visualconfirm/db
- chown -R nobody pub/visualconfirm
- chmod -R 644 pub/visualconfirm
Restrict access to the database files, for example, by including the following in your httpd.conf:

         <Directory "/path/to/twiki/pub/visualconfirm/db">
           deny from all
         </Directory>

Make sure the plugin has access to the preferred truetype font, by putting the .ttf file in pub/visualconfirm/

Test if the installation was successful:

Changed:

<
<

- enter samples here

>
>

- Create a topic containing <IMG SRC="%VISUALCONFIRMURL%"> and %VISUALCONFIRMHASH%
- When loading this topic you should see an obfuscated character string loaded as a png and a hexadecimal hash.
- Check whether the hash database is properly protected by going to the url http://my.twiki.server/my/twiki/path/pub/visualconfirm/db/hashes.pag, you should see a permission denied message.
Now edit your TWikiRegistration topic
- Display the image %VISUALCONFIRMURL% somewhere in your form, along with a text instructing new users to copy the obfuscated text into the appropriate text input.
- Add the appropriate text input as Twk1VisualConfirm
- Add a hidden input as Twk1VisualConfirmHash
- For example, add this to your TWikiRegistration:

            <tr>
              <td valign="top" align="right"><IMG SRC="%VISUALCONFIRMURL%">: <br /> (..)   </td>
              <td><input type="hidden" name="Twk1VisualConfirmHash" value="%VISUALCONFIRMHASH%">
                  <input type="text" name="Twk1VisualConfirm" size="5"></td>
            </tr>

That's it.

Manually patching the register binary

Find the line in bin/register that says:

    # everything OK

Insert the code below directly BEFORE that line:

    # check valid visual confirmation
    for( $x = 0; $x < $formLen; $x++ ) {
      $vcHash=$formDataValue[$x]
        unless(not($formDataName[$x] eq "Visual Confirm Hash"));
      $vcTxt=$formDataValue[$x]
        unless(not($formDataName[$x] eq "Visual Confirm"));
    }

    open(LOCKFILE,">".&TWiki::getPubDir()."/visualconfirm/db/hashes.lock");
    flock(LOCKFILE,2);

    dbmopen(%database, &TWiki::getPubDir()."/visualconfirm/db/hashes" ,0644);

    if(!defined($database{$vcHash})) {
      $url = &TWiki::getOopsUrl( $webName, $topic, "oopsregvisualconfirm",
        "The visual confirmation has expired.");
      TWiki::redirect( $query, $url );
      return;
    }

    my ($time,$txt)=split(',',$database{$vcHash});

    if(not(lc($txt) eq lc($vcTxt))) {
      $url = &TWiki::getOopsUrl( $webName, $topic, "oopsregvisualconfirm",
        "The character string you entered for visual confirmation is incorrect.");
      TWiki::redirect( $query, $url );
      return;
    }
    dbmclose(%database);

    close(LOCKFILE);

Further Development

Make number of characters configurable
Make font size configurable
Find out how to safely delete images from the register binary

Plugin Info

Line: 64 to 149

Related Topics: TWikiPreferences, TWikiPlugins

Changed:

<
< -- KoenMartens^? - 07 Oct 2005

>
> -- TWiki:Main.KoenMartens - 07 Oct 2005

<<O>> Difference Topic CaptchaPlugin (r1.2 - 08 Oct 2005 - KoenMartens^?)

Line: 26 to 26
	CaptchaPlugin Plugin for visual confirmation of new user registration.
	Set DEBUG = 1 My own setting:
Changed:
< <	Set HOWTO = got it!
> >	Set CHARACTERS = ABC Set FONT = luximb.ttf Set NOISE = kjfksd Set LINES = 3 Set CIRCLES = 20
	Plugin Installation Instructions

<<O>> Difference Topic CaptchaPlugin (r1.1 - 07 Oct 2005 - KoenMartens^?)

Line: 1 to 1

Added:

>
>

CaptchaPlugin

Plugin for visual confirmation of new user registration.

Syntax Rules
Examples
Plugin Settings
Plugin Installation Instructions
Plugin Info

Syntax Rules

None

Examples

None yet

Plugin Settings

Plugin settings are stored as preferences variables. To reference a plugin setting write %<plugin>_<setting>%, i.e. %INTERWIKIPLUGIN_SHORTDESCRIPTION%

One line description, is shown in the TextFormattingRules topic:
- Set SHORTDESCRIPTION = Plugin for visual confirmation of new user registration.

Debug plugin: (See output in data/debug.txt)
- Set DEBUG = 1

My own setting:
- Set HOWTO = got it!

Plugin Installation Instructions

Note: You do not need to install anything on the browser to use this plugin. The following instructions are for the administrator who installs the plugin on the server where TWiki is running.

Download the ZIP file from the Plugin web (see below)

Unzip CaptchaPlugin.zip in your twiki installation directory. Content:

File:	Description:
`data/TWiki/CaptchaPlugin.txt`	Plugin topic
`data/TWiki/CaptchaPlugin.txt,v`	Plugin topic repository
`lib/TWiki/Plugins/CaptchaPlugin.pm`	Plugin Perl module

Test if the installation was successful:
- enter samples here

Plugin Info

Plugin Author:	TWiki:Main.KoenMartens
Plugin Version:	07 Oct 2005 (V1.000)
Change History:	<!-- versions below in reverse order -->
07 Oct 2005:	Initial version
TWiki Dependency:	$TWiki::Plugins::VERSION 1.024
CPAN Dependencies:	GD, Digest::MD5
Other Dependencies:	none
Perl Version:	5.005
License:	GPL (GNU General Public License)
TWiki:Plugins/Benchmark:	GoodStyle nn%, FormattedSearch nn%, CaptchaPlugin nn%
Plugin Home:	http://TWiki.org/cgi-bin/view/Plugins/CaptchaPlugin
Feedback:	http://TWiki.org/cgi-bin/view/Plugins/CaptchaPluginDev
Appraisal:	http://TWiki.org/cgi-bin/view/Plugins/CaptchaPluginAppraisal

Related Topics: TWikiPreferences, TWikiPlugins

-- KoenMartens^? - 07 Oct 2005

View topic | Diffs | r1.7 | > | r1.6 | > | r1.5 | More

Revision r1.1 - 07 Oct 2005 - 17:05 - KoenMartens^?
Revision r1.7 - 03 Aug 2006 - 10:19 - KoenMartens^?