Welcome to Geeklog, Anonymous Thursday, March 28 2024 @ 10:20 am EDT

Geeklog Forums

How to include CAPTCHA support for anti-spam comments?


Status: offline

Elegantly

Forum User
Junior
Registered: 08/13/04
Posts: 15
Hi all,

I am currently writing/trying to write a CAPTCHA plugin for Geeklog. The plugin forces anonymous users to identify a secret code (e.g., "294821") embedded in an image, so to stop bots spamming comments on a Geeklog site. The only additional system requirement for this feature is GD support for the PHP installation.

I already have the code together to randomly generate such an challenge/response image, and the code to verify the user's answer, but do not currently know how I could glue this into Geeklog.

So my questions are:

-- is the choice of a plugin even the correct one for such a feature?
-- how can I check if I have an anonymous user or a logged-in one trying to make a comment?
-- how can I wrap the CAPTCHA verify function around Geeklog's comments? (i.e. the comment processing functions of Geeklog should only be called when the user answer equals the secret code, otherwise display an error page which shows the user a new random secret code to enter)
-- is there a kind of $_SESSION variable to store the user's answer? or: how can I temporarily save/restore this information in Geeklog?

Other areas of application for CAPTCHA is user registration and story submission, just to name a few.

I would really appreciate some developers feedback, because the information on http://www.geeklog.net/docs/plugin.html#Comment_Functions is not quite that what I need.
 Quote

Status: offline

Elegantly

Forum User
Junior
Registered: 08/13/04
Posts: 15
For your convenience, here is a sample for such a randomly genereated CAPTCHA image.

Edit: *doh*. I obviously can't embed the image into this post. Here is the link to the sample image.
 Quote

Status: offline

jnordquist

Forum User
Full Member
Registered: 03/14/03
Posts: 129
Location:Kenosha
I would LOVE to see this implemented. I was hit half a dozen times with the sex comment blaster, and some nut who took my host down by dumping votes in the vote block for Kerry.

Hope someone who knows how to integrate this can help!


John Nordquist,
Applications Specialist, medical Technologies
 Quote

Edwin

Anonymous
Wow... This would be ideal.

Just recently been hid by several of this comment spam

 Quote

Steven

Anonymous
Sadly, no geeklog dev has yet provided some feedback on this.
 Quote

Status: offline

jtwine

Forum User
Newbie
Registered: 11/03/04
Posts: 4
Location:New Hampshire, USA
[Copied from related post that linked to this one...]

JIC anyone is interested, I have incorporated the CAPTCHA system available from http://www.chimetv.com/tv/products/botblock.shtml
... At least, somewhat.

First, understand this: I AM NOT A PHP DEVELOPER -- THIS IS THE FIRST TIME I EVER MODIFIED A PHP FILE!!! So if something looks bass-ackwards, it likely is. Please feel free to improve on what I had done.

The reason I (and likely the above poster) cannot get the iframe to show is because the templates do not seem to support calling PHP functions.    Instead, my new user page generates a popup window with the CAPTCHA image in it.

I also added a field for the CAPTCHA image-value onto the registration template. This value is validated in the createuser function in users.php.

Here is what I did:

First, place the botblock.inc file into your site's root directory.

Then, create a file called captchaimage.php with the following contents:

<?php
require_once('lib-common.php');
require "botblock.inc";

$VERBOSE = false;

if (isset ($HTTP_POST_VARS['mode'])) {
    $mode = $HTTP_POST_VARS['mode'];
}
elseif (isset ($HTTP_GET_VARS['mode'])) {
    $mode = $HTTP_GET_VARS['mode'];
}
else {
    $mode = "";
}

$display .= printBotBlock("YourUSERNAME", "YourPASSWORD");

echo $display;
?>


In the users.php file, add the "require "botblock.inc";" after the "require_once('lib-common.php')". I then added the following code, which adds the ability to validate the CAPTCHA code and raises the popup window.    First, add a third parameter to the createuser function called $ccode:

function createuser($username,$email,$ccode)


In the beginning of the createuser function (after variable setup), add the following:

if(!validBotBlock())
{
    $msg = "Invalid CAPTCHA Value specified. Please try again.";
    $retval .= COM_siteHeader ('menu');
    if ($_CONF['custom_registration'] && function_exists(custom_userform)) {
        $retval .= custom_userform ($msg);
    } else {
        $retval .= newuserform ($msg);
    }
    $retval .= COM_siteFooter();

    return $retval;
}


I also added the following to the newuserform function (after the first "if"):

    $retval .= '<script language="JavaScript">';
    $retval .= "window.open('<YourGeekLogSiteRoot/captchaimage.php', 'CAPTCHA','width=220,height=60,resizable=yes,scrollbars=no')</script>";


And lastly, I added the following to my registrationform.thtml file, right after the for the user's email address ([lang_email]):

    <tr>
    <td colspan=2>
        To prevent spam bots from filling this form automatically, we require that you pass through a CAPTCHA system.
        A popup window should have appeared with a CAPTCHA image (if one does not appear, bypass any popup-blockers and refresh this page).
        If the text is hard to read, you can click on the image to regenerate it.
    </td>
    </tr>
    <tr>
    <td valign=top>
    </td>
    <td valign=top>
        <b>Please type the CAPTCHA code here</b>:<br><br>
        <input name="bb_codeword" maxlength=8 value="">
        <br><SMALL>Close the CAPTCHA window AFTER registration is complete!</SMALL><BR>
    </td>
    </tr>


And that was it!

Quite a bit kudgy, but it works correctly...

Hope that helps...    In some way, at least! This has only been tested with IE so far...

Peace!

-=- James.
 Quote

Status: offline

jtwine

Forum User
Newbie
Registered: 11/03/04
Posts: 4
Location:New Hampshire, USA
   Whoops...! Ignore the part where I say to modify the createuser function; that third parameter was for debugging and is no longer used.  You can leave the signature of the function unchanged.

   Peace!
-=- James.
 Quote

Status: offline

vinny

Site Admin
Admin
Registered: 06/24/02
Posts: 352
Location:Colorado, USA
Rather than making a new plugin just for the CAPTCHA, I'd suggest adding the functionality to the existing SPAM-X plugin (to be distributed with 1.3.10, now available as an release canidate (rc) and from CVS). I think you could use the SPAM-X outline to save yourself some work.

-Vinny
 Quote

Status: offline

alexphp

Forum User
Newbie
Registered: 11/16/04
Posts: 1
It may be interest. I've found easy way to protect forms using image verification here http://php.webmaster-kit.com
 Quote

Status: offline

ronack

Forum User
Full Member
Registered: 05/27/03
Posts: 612
Has anyone incorporated this into the Spam-X Plugin? Also who has tried this and how well does it work?

 Quote

All times are EDT. The time is now 10:20 am.

  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content