CAPTCHA thread

personman · Heavy poster Offline Joined: May 29, 2007 Posts: 152

I used to have anonymous commenting on my site's news page, but had to disable it to control spam.

Is there a way to turn on captcha for anonymous posting? Should there be? I could investigate modding it, might be over my head though, dunno.

I previously made a patch to allow disabling anonymous news comments without disabling anonymous news submissions. It's floating around here somewhere.

-Andy

hadi00 · Posted: Sun Dec 07, 2008 1:46 am Post subject: Re: Captcha for anonymous?

I guess not! There is no CAPTCHA for news comments..

personman · Heavy poster Offline Joined: May 29, 2007 Posts: 152

Well, I took a whack at it and ended up with nothing but a broken captcha and a headache. Sad

It has such a nice CAPTCHA, but it's a shame so little uses it. Maybe work could be done, or documentation could be written, to make it easier for modders to use the CAPTCHA system? Or maybe I just need to be more patient.

-Andy

rlgura

Might want to take a look at this post and see if it's helpful for what you're doing: myndworx.com/ForumsPro...t=709.html

Klas

Try this, copy the comments.php to modules/News/ . But make a backup first.

personman · Heavy poster Offline Joined: May 29, 2007 Posts: 152

Thanks guys. Smile

Once I get re-motivated to take a shot at it, I'd like to go through and CAPTCHA-ize the whole thing. News, blogs, forums, comments, etc. I'd like to eventually re-open my site to anonymous users, without opening a floodgate of spam.

Probably make the changes in to a patch against DF 9.2.1.

I think it would be cool to see it go in to the core (assuming we pull it off.)

Looks like these should be a good starting point, I'll check it out more when I get my hands dirty. Smile

-Andy

tkog2004 · Heavy poster Offline Joined: May 14, 2006 Posts: 152

just used the Myndworx example as a basis to adding captcha to Guestbook4U and it works no problem so It shouldnt be much hassle to get it in elsewhere.

I dont really use comments much, but if I get chance then I will take a look at it.

personman · Heavy poster Offline Joined: May 29, 2007 Posts: 152

Here are the changes I've made to add the security code to the news comments form. This should only effect unregistered users, and requires anonymous commenting to be enabled.

Attached is a replacement /modules/News/comments.php for DragonflyCMS 9.2.1, with the changes applied.

Open /modules/News/comments.php

Around line 308, in the function replyform, find this bit of code at the bottom of the function:

Code::

	<input type="hidden" name="pid" value="'.$pid.'" />
	<input type="hidden" name="sid" value="'.$sid.'" />
	<input type="submit" name="preview" value="'._PREVIEW.'" /> <input type="submit" name="postreply" value="'._OK.'" />
	</form>';
	CloseTable();

and change it to this:

Code::

	<input type="hidden" name="pid" value="'.$pid.'" />
	<input type="hidden" name="sid" value="'.$sid.'" />';
if (!is_user()) {
echo '
<table border="0">
<tr>
<td class="row1"><span class="gen">'._SECURITYCODE.':</span></td>
<td class="row2">'.generate_secimg().'</td></tr>
<tr>
<td class="row1"><span class="gen">'._TYPESECCODE.':</span></td>
<td class="row2"><input type="text" name="gfx_check" size="7" maxlength="6" /></td>
</tr></table>';}
	echo '<input type="submit" name="preview" value="'._PREVIEW.'" /> <input type="submit" name="postreply" value="'._OK.'" />
	</form>';
	CloseTable();

Around line 384 in the function replypost, you should see this if statement:

Code::

	if (is_user()) {
		$name = $userinfo['username'];
		$email = $userinfo['femail'];
		$url = $userinfo['user_website'];
		$score = 1;
	} else {
		$name = $email = $url = '';
		$score = 0;
	}

We change this to:

Code::

	if (is_user()) {
		$name = $userinfo['username'];
		$email = $userinfo['femail'];
		$url = $userinfo['user_website'];
		$score = 1;
	} else {
		$name = $email = $url = '';
		$score = 0;
		//edited
		if (!validate_secimg()) { cpg_error(_SECURITYCODE.' incorrect'); }
                //end edit
	}

Updated: Forgot the usercheck in the form.

personman · Heavy poster Offline Joined: May 29, 2007 Posts: 152

The reDesign theme also has a reply form in it, so here is my attempt at modding in the security code.

I modded version 9.1.2.7 DP I think it was.

Open the file /themes/reDesign/template/news/comments.html

Around line 165 you should see the following:

Code::

  <input type="hidden" name="{S_SID_NAME}" value="{S_SID}" />
  <div style="text-align: center;padding: 20px;clear: both;">
  <input type="submit" name="preview" class="button" value="{S_PREVIEW}" /> <input type="submit" name="postreply" class="button" value="{S_OK}" />

We want to change this to:

Code::

  <input type="hidden" name="{S_SID_NAME}" value="{S_SID}" />
  <div style="text-align: center;padding: 20px;clear: both;">
<!-- PHP -->
if (!is_user()) {
echo '
<table align="center" border="0">
<tr>
<td class="row1"><span class="gen">'._SECURITYCODE.':</span></td>
<td class="row2">'.generate_secimg().'</td></tr>
<tr>
<td class="row1"><span class="gen">'._TYPESECCODE.':</span></td>
<td class="row2"><input type="text" name="gfx_check" size="7" maxlength="6" /></td>
</tr></table>';
}
<!-- ENDPHP -->
  <input type="submit" name="preview" class="button" value="{S_PREVIEW}" /> <input type="submit" name="postreply" class="button" value="{S_OK}" />

hadi00

I think I have just needed that ! thnx a lot !

DJ Maze

There's no need to manually validate the 'gfxid'

validate_secimg() does it all for you!

dragonflycms.org/cvs/h...play.php?v

personman · Heavy poster Offline Joined: May 29, 2007 Posts: 152

I don't imagine this will block all spam bots, just hoping it raises the bar for them a bit, and makes the moderator's job more reasonable with anonymous commenting. On the other hand, it might just end up attracting bots that crack this particular captcha. Time will tell.

So far, I've had pretty good results. I posted a preview and install guide for Kubuntu Linux 9.04, story ran on a few linux news sites. Got about 5,000 reads, maybe 6 or 7 anonymous comments, and no spam yet. Smile

-Andy

DJ Maze: If I understand correctly, I can replace this bit:

Code::

		//edited
		$gfxid = isset($_POST['gfxid']) ? $_POST['gfxid'] : 0;
		$code = $CPG_SESS['gfx'][$gfxid];
		$gfx_check = isset($_POST['gfx_check']) ? $_POST['gfx_check'] : '';
		if (strlen($gfx_check) < 2 || $code != $gfx_check) { cpg_error(_SECURITYCODE.' incorrect'); }
                //end edit

simply with: validate_secimg()? or drop it altogether?

Cool, thanks. I'll play around with it next time I'm in there and post any updates. Smile

DJ Maze

You're correct just use:

Code::

if (!validate_secimg()) { cpg_error(_SECURITYCODE.' incorrect'); }

You could even make the code harder.
By default it uses 6 characters but can modify that to your liking.

generate_secimg(12)
validate_secimg(12)

Ofcourse the background image should be big enough to fit all characters Wink

Tip regarding you news item: Use VirtualBox!
When running a VM you can make nice screenshots instead of the horrible "shoot the monitor" pictures Very Happy

VirtualBox is available in your Ubuntu repo or at www.virtualbox.org/

I use it all the time to test new OS's

download an ISO of the desired OS
run virtualbox and mount the ISO as CD/DVD

hadi00

Still watching !
keep good work..

personman · Heavy poster Offline Joined: May 29, 2007 Posts: 152

I updated the code based on DJ Maze's comments (it should be functionally identical). On a related note, I've added anonymous commenting with CAPTCHA to the newest release of Personal Pages.

Bots seem to have figured out that my survey's comments don't have CAPTCHA yet, so that will probably be one of the next things to remedy.

In the future I'll probably look in to adding CAPTCHA to the blog comments and the forums, maybe the news submission form.

-Andy