CapTcha Hack
I was spammed twice over 100 pages in less than a month. That's too much.
So, I looked around for a solution and the best thing I could find was a
Wikipedia:Captcha.
There is a
feature request in the
bug tracking system, but it hasn't been assigned so I guess I'll have to do it myself.
For PHP (since
Wacko Wiki is coded in PHP), the best implementation of captcha I could find seems to be
freecap (v1.3 at the time of writing).
The following will display a picture with letters that the anonymous user will have to type in a textbox to save his modifications.
It's a dirty hack.
- install php4-gd (make sure you have activated it in php.ini).
- get freecap, copy the following files in wacko/images:
- words.txt
- freecap.php
- font.gdf
- apply the patch (uploaded below) to edit.php (in wacko/handlers/page)
captcha.patch
--- edit.php.org 2005-06-14 09:29:13.296302248 +0200
+++ edit.php 2005-06-14 11:19:53.318865384 +0200
@@ -19,6 +19,71 @@
if ($this->page["time"] != $_POST["previous"])
$error = $this->GetResourceValue("OverwriteAlert");
+/*captcha to avoid spam
+*/
+
+ //check whether anonymous user
+ //anonymous user has the IP or host name as name
+ //if name contains '.', we assume it's anonymous
+ if (strpos($this->GetUserName(), '.')) {
+ //anonymous user, check the captcha
+/************************************************************\
+*
+* freeCap v1.3 Copyright 2005 Howard Yeend
+* www.puremango.co.uk
+*
+* This file is part of freeCap.
+*
+* freeCap is free software; you can redistribute it and/or modify
+* it under the terms of the GNU General Public License as published by
+* the Free Software Foundation; either version 2 of the License, or
+* (at your option) any later version.
+*
+* freeCap is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+* GNU General Public License for more details.
+*
+* You should have received a copy of the GNU General Public License
+* along with freeCap; if not, write to the Free Software
+* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+*
+*
+\************************************************************/
+
+
+//session_start();
+
+ if(!empty($_SESSION['freecap_word_md5']) && !empty($_POST['word']))
+ {
+ if(md5($_POST['word'])==$_SESSION['freecap_word_md5'])
+ {
+ // reset freecap session vars
+ // cannot stress enough how important it is to do this
+ // defeats re-use of known image with spoofed session id
+ $_SESSION['freecap_attempts'] = 0;
+ $_SESSION['freecap_word_md5'] = false;
+
+
+ // now process form
+
+
+ // now go somewhere else
+ // header("Location: somewhere.php");
+ $word_ok = "yes";
+ } else {
+ $word_ok = "no";
+ }
+ } else {
+ $word_ok = false;
+ }
+
+ if ($word_ok != "yes") {
+ //not the right word
+ $error = $this->GetResourceValue("SpamAlert");
+ }
+
+ }
// store
if (!$error)
@@ -109,6 +174,18 @@
onmouseout ='this.className="CancelBtn_Top";'
type="button" align="top" value="<?php echo str_replace("\n"," ",$this->GetResourceValue("EditCancelButton")); ?>" onclick="document.location='<?php echo addslashes($this->href("", "", "", 1))?>';"
/><br />
+
+<!-- captcha code starts -->
+<?
+if (strpos($this->GetUserName(), '.')) {
+?>
+<img src="<?php echo $this->GetConfigValue("root_url");?>images/freecap.php" id="freecap" /><br />
+Please type the word you read in the image above:
+<input type="text" name="word">
+<?php
+}
+?>
+<!-- end captcha -->
<?php
$output .= "<input type=\"hidden\" name=\"previous\" value=\"".htmlspecialchars($previous)."\" /><br />";
if ($this->GetConfigValue("theme")=="tabs")
