Recent Changes - Search:

Cookbook

PmWiki

pmwiki.org

Cookbook /

Captcha

Summary: Use captchas to prevent automated systems from modifying pages
Version: 2008-07-13
Prerequisites: pmwiki-2.2.0-beta46
Status:
Maintainer: Pm
Categories: Security Spam

Questions answered by this recipe

Description

This recipe provides a captcha capability that can be embedded into forms used by PmWiki. To use this recipe, download captcha.phpΔ, copy it into the cookbook/ directory, and add one of the following two lines to a local customization file, such as 'local/config.php':

include_once('cookbook/captcha.php');
include_once("$FarmD/cookbook/captcha.php");

The captcha recipe works by displaying a random sequence of digits as part of an input form, and prompting the visitor to enter the digits into a text field in the form. Here is an example: 


(:input form action={*$PageUrl} method=post:)
Enter value: {$Captcha} (:input captcha:)
(:input submit:)
(:input end:)

(:if captcha:)
%green%Captcha succeeded%%
(:else:)
%red%Captcha failed%%
(:ifend:)

Enter value:

Captcha failed

On systems that support it, the digits will be displayed as a distorted graphic image to increase the difficulty of an automated system determining the correct sequence. For PHP sites that don't have image manipulation support, the digits are displayed as plain text (this will still defeat a substantial number of robots).

To require a captcha in order to edit a page, add the following markup to an appropriate place in the Site.EditForm page (or wherever edit forms are being held):

Enter value: {$Captcha} (:input captcha:)

Also, set the $EnablePostCaptchaRequired : $EnablePostCaptchaRequired = 1; variable in a local customization file (. Then, any request to save a page that doesn't contain a valid captcha code will be denied (with an opportunity to re-submit the request with the correct code).

Notes

Comments

Is there some way to get this to work with self registration in the HtpasswdForm recipe? 05/23/07 GNUZoo

May 31, 2007 - If your visitors are having a difficult time reading the captcha, you may want to add text somewhere in the page which gives the visitor a good method for "re-generating" the captcha. I added this to my form:

"If the captcha is too difficult to read, click the Send button and try again."

as that will re-generate the captcha while preserving the text the visitor might have already entered into the form. Ian MacGregor

May 31, 2007 - If you're finding that the captcha is displayed as text instead of an image, you can try adding this to the local/config.php: 

$EnableCaptchaImage=1;

This seemed to force the captcha to display as an image instead of text on my server. Ian MacGregor

  • To integrate with Cookbook.Mailform2, add the following line *after* you load the captcha.php, and before loading mailform2.php, in 'local/config.php'. Then ensure that any mail form you use has the captcha code shown above (i.e. "Enter value: {$Captcha} (:input captcha:)"). JamesM?
include_once("$FarmD/cookbook/captcha.php");
...
$Mailform2Disabled = $Mailform2Disabled || !IsCaptcha();
...
include_once("$FarmD/cookbook/mailform2.php");

Smc Jan 12 2007 - Just tried this and have the following observations which IMHO would make this recipe very useful. Captcha does not support the 'Preview'ing a page without entering in a code. Once you do that, the code changes, so authors need to keep entering new codes every time they Preview. Recommend excluding page preview from Captcha check.

Feb 22, 2008 - Beta65 doesn't seem to be working with captcha in the edit form. I did the same thing to implement it, using the Site.EditForm. But while it worked in earlier versions, now the captcha code doesn't appear in the edit form under the text area.

Hi. I had the problem with Captcha that simply setting the following in config.php: 

     $EnablePostCaptchaRequired = 1;
     include_once('cookbook/captcha.php');

... made it so that I couldn't edit any of my pages without having to include a captcha code input on the edit form, and filling it out every time (lame!). after a post to the pmwiki mailing list, these are the two very useful workarounds i received:

from Randy 

     if (($page=='MyPage1' || ($page=='MyPage2')) && $action != 'edit') {
	$EnablePostCaptchaRequired = true;
     }
     include_once('cookbook/captcha.php');

and the alternative from Hans (which turns off captcha if you're logged in) 

     $EnablePostCaptchaRequired = 1;
     if (CondAuth($pagename,'edit'))
           $EnablePostCaptchaRequired = 0;
     include_once('cookbook/captcha.php');

overtones99 March 21, 2008, at 03:31 AM

and another alternative, which turns it off completely for edit (if you only want it to work for commentboxes): 

     include_once "$FarmD/cookbook/captcha.php";
     $EditFunctions = array_diff($EditFunctions, array('RequireCaptcha') );

ari October 29, 2008, at 12:21 PM EDT

The captcha.php file appears to have been overwritten. :-(

Ben Stallings May 18, 2008, at 05:53 PM

I've uploaded it again. HansB May 19, 2008, at 06:20 AM

Please, advice me how to enable captcha only for not authorized visitors

See Also

Contributors
Edit - History - Print - Recent Changes - Search
Page last modified on October 29, 2008, at 11:21 AM