Captcha module

Captcha module

Modifications to standard guestbook module to use captcha

ttf fonts weren't included in the diff. So if you want to test, copy or link Bitstream Vera to modules/capthca/fonts/

Hi Matti - thanks for all this. My first reaction is this is a huge amnt of code for a solving a simple problem. have u seen the captcha used in FUD? or the one here:

http://netevil.org/node.php?nid=832&SC=1#comments

There's a few additional disadvantages to the class you chose:

• ms coding standards
• depends on gd being installed
• many unix only fns

Also, the captcha should be implemented as a lib (or in near future as a plugin) but not a module since it doesn't have workflow, ie, validate/process/display.

A lightweight captcha would be extremely useful however, in case you get inspired ;-)

cheers

demian

Hi!

Don't understand what you mean by huge amount of code. The used external BSD licenced captcha library sure is 500 lines with comments, but can't figure out how I could write the seagull code shorter (and usable). With usable I mean that you can easily change the implementing library to another if you don't have GD installed.

If you would write this as a library, how would you output the image? If I have got it right, everyting goes through managers in Seagull. I think too that a separate module is too much captcha if you want to include this to seagull core. Then captcha images could be generated through separate manager in default module.

IMO the captcha in your link (preformatted textart) is too weak for real/heavy use. I ain't gonna work on that. Also lacks sound support that someone will blaim us someday.

The repo for contributed modules was a good idea. Maybe a database for "tested addons" could be useful for endusers too. Kind of repo for "hacks that will never pass through demians hands to core distribution but might still be useful for some not so advanced endusers". I'm sure that there are other users suffering of dirt on seagull guestbook atm. I would have saved some hours if I could just have searched for a patch and applied it. Now this whole captcha issue is propably forgotten for ages and the patch in this ticket buried deep in ticket history.

matti

Hi Matti

With the following few changes I think this could be made more generic:

• rename Captcha to SGL_Captcha and put it in seagull/lib/SGL
• put PhpCaptcha? in seagull/lib/Other
• instantiate captcha like this in validate()

$captha = new SGL_Captcha();
if (PEAR::isError($captcha->init())) {
  // log fact that windows OS was detected in current captcha driver only works for unix
}
if (!$captcha->validateKey($input->captcha)) { /* and so on ... */

• finally, template can call {this.plugin(#generateCaptcha#)} so new manager is not needed
• or make captcha generation a separate action method in your calling class, ie, GuestBookMgr?

what do u think?

Sorry to jump in but I am working on a captcha for my project as well and would like to contribute to this discussion.

I initially integrated the pear captcha Text_Captcha in a fashion similar to what Demian suggests (SGL_Captcha extends Text_Captcha) but ended up preferring the ascii art implementation suggested by Demian. It is a LOT less cpu/disk intensive, admittedly at the loss of functionality provided by Matti's captcha.

Although my implementation may not be what Matti is looking for, I would like to offer it up here for some opinions.

screenshot example of captcha used in contactus module

http://ss.newtier.com/sgl/captcha.html

add ascii art captcha lib SGL_Captcha

example of captcha used in contactus module

Hi Steve, and Matti

Steve I think your implementation is excellent, a few lines of code that achieve a powerful effect, this is very much in the PHP spirit and also what Seagull is striving for.

I'd like to commit this, then Matti if you're interested perhaps you can implement a driver hook, so new SGL_Catpcha('Image') calls your additional libs if required.

Great work!

cheers

Demian

Hi!

Looks pretty good. Propably works in most places atm and with minimum cpu power as demian mentioned. But when everybody uses this kind of solution, spammers get frustrated and hack this pretty soon.

I'd suggest that we prepare for this early (read: now) by using flexy plugin for getting the captcha html snippet (img tag or pre tag with ascii art or whatever) and maybe even use two level constructor for SGL_Captcha as Demian suggested earlier. Also the type of captcha should not be given as an argument, but fetched from config. This way the intreface for modules should be pretty solid which is very critical for application framework.

matti

nice work, in bugfix. Matti - pls reopen this ticket if you want to add the driver implementation.