Recent Changes - Search:

Cookbook

PmWiki

pmwiki.org

Captcha

Summary: Use captchas to prevent automated systems from modifying pages
Version: 2008-07-13
Prerequisites: pmwiki-2.2.0-beta46
Status:
Maintainer: Pm
Discussion: Captcha-Talk
Categories: Security Spam Captcha
Users: +8 (View / Edit)

Questions answered by this recipe

Description

This recipe provides a captcha capability that can be embedded into forms used by PmWiki. The captcha recipe works by displaying a random sequence of digits as part of an input form, and prompting the visitor to enter the digits into a text field in the form. Here is an example:


(:input form action={*$PageUrl} method=post:)
(:input default request=1:)
Enter value: {$Captcha} (:input captcha:)
(:input submit:)
(:input end:)

(:if captcha:)
%green%Captcha succeeded%%
(:else:)
%red%Captcha failed%%
(:ifend:)

Enter value:

Captcha failed

On systems that support it, the digits will be displayed as a distorted graphic image to increase the difficulty of an automated system determining the correct sequence. For PHP sites that don't have image manipulation support, the digits are displayed as plain text (this will still defeat a substantial number of robots).


Installation

To use this recipe in a typical setup:

  1. download captcha.phpΔ, copy it into the cookbook/ directory, and add one of the following two lines to a local customization file, such as 'local/config.php':
    if (!CondAuth($pagename,'edit')) $EnablePostCaptchaRequired = 1;
    include_once("$FarmD/cookbook/captcha.php");
    
    
    Note: The condition will allow users with Edit permissions to by-pass the captcha. If you want all users to have to enter the captcha omit the condition and simply use. For more information refer to selective enabling.
    $EnablePostCaptchaRequired = 1;
    include_once("$FarmD/cookbook/captcha.php");
    
    
  2. To require a captcha in order to edit a page, add the following markup to an appropriate place in the Site.EditForm page (or wherever edit forms are being held): Enter value: {$Captcha} (:input captcha:)
  3. To enable image captchas rather than the text version you may need to add this to config.php:
    $EnableCaptchaImage=1;
    
    

Now, any request (even if you are authenticated) to save a page that doesn't contain a valid captcha code will be denied (with an opportunity to re-submit the request with the correct code).


Selectively Enable Captcha

by overtones99

Enabling captcha as described in the section made it so that I couldn't edit any of my pages without having to include a captcha code input on the edit form, and filling it out every time (lame!). There are various approaches to selectively enabling captcha.

Turn off captcha if you have edit permission

by Hans

Turns off captcha if you're logged in and have edit permissions:

$EnablePostCaptchaRequired = 1;
if (CondAuth($pagename,'edit'))
   $EnablePostCaptchaRequired = 0;
include_once("$FarmD/cookbook/captcha.php");

Enable for specific pages

by Randy

Enables for specific named pages, if you have edit permissions.

if (($page=='MyPage1' || ($page=='MyPage2')) && $action != 'edit')
   $EnablePostCaptchaRequired = true;
include_once("$FarmD/cookbook/captcha.php");

Disable captcha in later processing

by ari October 29, 2008, at 12:21 PM EDT

Turn off captcha completely for edit (if you only want it to work for commentboxes, for example), after captcha is already enabled, add this code within appropriate conditional statements:

$EditFunctions = array_diff($EditFunctions, array('RequireCaptcha') );

Loading a new captcha image

by Ian MacGregor

If your visitors are having a difficult time reading the captcha, you may want to add text somewhere in the page which gives the visitor a good method for "re-generating" the captcha. I added this to my Site.EditForm:

"If the captcha is too difficult to read, click the Send button and try again."

as that will re-generate the captcha while preserving the text the visitor might have already entered into the form.

Displaying image captcha, not a text captcha

by Ian MacGregor

If you're finding that the captcha is displayed as text instead of an image, you can try adding this to the local/config.php:

$EnableCaptchaImage=1;

This seemed to force the captcha to display as an image instead of text on my server.


Integration with Mailform2

by JamesM?

To integrate with Cookbook.Mailform2, add the following line *after* you load the captcha.php, and before loading mailform2.php, in 'local/config.php'. Then ensure that any mail form you use has the captcha code shown above (i.e. "Enter value: {$Captcha} (:input captcha:)").

include_once("$FarmD/cookbook/captcha.php");
...
$Mailform2Disabled = $Mailform2Disabled || !IsCaptcha();
...
include_once("$FarmD/cookbook/mailform2.php");

Contributors

Comments

See discussion at Captcha-Talk

User notes +8: If you use, used or reviewed this recipe, you can add your name. These statistics appear in the Cookbook listings and will help newcomers browsing through the wiki.

Edit - History - Print - Recent Changes - Search
Page last modified on February 02, 2014, at 07:20 AM