WackoWiki: CapTcha ...

Home Page | Изменения | Новые Комменты | Пользователи | Каталог | Регистрация | Вход:  Пароль:  

CapTcha Hack


I was spammed twice over 100 pages in less than a month. That's too much.
So, I looked around for a solution and the best thing I could find was a Wikipedia:Captcha.
There is a feature request in the bug tracking system, but it hasn't been assigned so I guess I'll have to do it myself.
For PHP (since Wacko Wiki is coded in PHP), the best implementation of captcha I could find seems to be freecap (v1.3 at the time of writing).


The following will display a picture with letters that the anonymous user will have to type in a textbox to save his modifications.


It's a dirty hack.


captcha.patch

--- edit.php.org    2005-06-14 09:29:13.296302248 +0200
+++ edit.php    2005-06-14 11:19:53.318865384 +0200
@@ -19,6 +19,71 @@
         if ($this->page["time"] != $_POST["previous"])
           $error = $this->GetResourceValue("OverwriteAlert");

+/*captcha to avoid spam
+*/
+
+      //check whether anonymous user
+      //anonymous user has the IP or host name as name
+      //if name contains '.', we assume it's anonymous
+      if (strpos($this->GetUserName(), '.')) {
+        //anonymous user, check the captcha
+/************************************************************\
+*
+*        freeCap v1.3 Copyright 2005 Howard Yeend
+*        www.puremango.co.uk
+*
+*    This file is part of freeCap.
+*
+*    freeCap is free software; you can redistribute it and/or modify
+*    it under the terms of the GNU General Public License as published by
+*    the Free Software Foundation; either version 2 of the License, or
+*    (at your option) any later version.
+*
+*    freeCap is distributed in the hope that it will be useful,
+*    but WITHOUT ANY WARRANTY; without even the implied warranty of
+*    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+*    GNU General Public License for more details.
+*
+*    You should have received a copy of the GNU General Public License
+*    along with freeCap; if not, write to the Free Software
+*    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+*
+*
+\************************************************************/
+
+
+//session_start();
+
+    if(!empty($_SESSION['freecap_word_md5']) && !empty($_POST['word']))
+    {
+        if(md5($_POST['word'])==$_SESSION['freecap_word_md5'])
+        {
+            // reset freecap session vars
+            // cannot stress enough how important it is to do this
+            // defeats re-use of known image with spoofed session id
+            $_SESSION['freecap_attempts'] = 0;
+            $_SESSION['freecap_word_md5'] = false;
+
+
+            // now process form
+
+
+            // now go somewhere else
+            // header("Location: somewhere.php");
+            $word_ok = "yes";
+        } else {
+            $word_ok = "no";
+        }
+    } else {
+        $word_ok = false;
+    }
+
+    if ($word_ok != "yes") {
+      //not the right word
+      $error = $this->GetResourceValue("SpamAlert");
+    }
+  
+      }

       // store
       if (!$error)
@@ -109,6 +174,18 @@
                                onmouseout ='this.className="CancelBtn_Top";'
            type="button" align="top" value="<?php echo str_replace("\n"," ",$this->GetResourceValue("EditCancelButton")); ?>" onclick="document.location='<?php echo addslashes($this->href("", "", "", 1))?>';"
             /><br />
+
+<!-- captcha code starts -->
+<?
+if (strpos($this->GetUserName(), '.')) {
+
?>
+<img src="<?php echo $this->GetConfigValue("root_url");?>images/freecap.php" id="freecap" /><br />
+Please type the word you read in the image above:
+<input type="text" name="word">
+<?php
+}
+
?>
+<!-- end captcha -->
<?php
    $output
.= "<input type=\"hidden\" name=\"previous\" value=\"".htmlspecialchars($previous)."\" /><br />";
    if (
$this->GetConfigValue("theme")=="tabs")

 
Файлов нет. [Показать файлы/форму]
Комментариев нет. [Показать комментарии/форму]
Donate
Время работы: 2.251 s
Использовано памяти: 1.544 Mb