Geeklog Forums

Hi all,

I am currently writing/trying to write a CAPTCHA plugin for Geeklog. The plugin forces anonymous users to identify a secret code (e.g., "294821") embedded in an image, so to stop bots spamming comments on a Geeklog site. The only additional system requirement for this feature is GD support for the PHP installation.

I already have the code together to randomly generate such an challenge/response image, and the code to verify the user's answer, but do not currently know how I could glue this into Geeklog.

So my questions are:

-- is the choice of a plugin even the correct one for such a feature?
-- how can I check if I have an anonymous user or a logged-in one trying to make a comment?
-- how can I wrap the CAPTCHA verify function around Geeklog's comments? (i.e. the comment processing functions of Geeklog should only be called when the user answer equals the secret code, otherwise display an error page which shows the user a new random secret code to enter)
-- is there a kind of $_SESSION variable to store the user's answer? or: how can I temporarily save/restore this information in Geeklog?

Other areas of application for CAPTCHA is user registration and story submission, just to name a few.

I would really appreciate some developers feedback, because the information on http://www.geeklog.net/docs/plugin.html#Comment_Functions is not quite that what I need.

For your convenience, here is a sample for such a randomly genereated CAPTCHA image.

Edit: *doh*. I obviously can't embed the image into this post. Here is the link to the sample image.

I would LOVE to see this implemented. I was hit half a dozen times with the sex comment blaster, and some nut who took my host down by dumping votes in the vote block for Kerry.

Hope someone who knows how to integrate this can help!

---

John Nordquist,
Applications Specialist, medical Technologies

Wow... This would be ideal.

Just recently been hid by several of this comment spam

Sadly, no geeklog dev has yet provided some feedback on this.

[Copied from related post that linked to this one...]

JIC anyone is interested, I have incorporated the CAPTCHA system available from http://www.chimetv.com/tv/products/botblock.shtml
... At least, somewhat.

First, understand this: I AM NOT A PHP DEVELOPER -- THIS IS THE FIRST TIME I EVER MODIFIED A PHP FILE!!! So if something looks bass-ackwards, it likely is. Please feel free to improve on what I had done.

The reason I (and likely the above poster) cannot get the iframe to show is because the templates do not seem to support calling PHP functions.    Instead, my new user page generates a popup window with the CAPTCHA image in it.

I also added a field for the CAPTCHA image-value onto the registration template. This value is validated in the createuser function in users.php.

Here is what I did:

First, place the botblock.inc file into your site's root directory.

Then, create a file called captchaimage.php with the following contents:

<?php
require_once('lib-common.php');
require "botblock.inc";

$VERBOSE = false;

if (isset ($HTTP_POST_VARS['mode'])) {
    $mode = $HTTP_POST_VARS['mode'];
}
elseif (isset ($HTTP_GET_VARS['mode'])) {
    $mode = $HTTP_GET_VARS['mode'];
}
else {
    $mode = "";
}

$display .= printBotBlock("YourUSERNAME", "YourPASSWORD");

echo $display;
?>


In the users.php file, add the "require "botblock.inc";" after the "require_once('lib-common.php')". I then added the following code, which adds the ability to validate the CAPTCHA code and raises the popup window.    First, add a third parameter to the createuser function called $ccode:

function createuser($username,$email,$ccode)


In the beginning of the createuser function (after variable setup), add the following:

if(!validBotBlock())
{
    $msg = "Invalid CAPTCHA Value specified. Please try again.";
    $retval .= COM_siteHeader ('menu');
    if ($_CONF['custom_registration'] && function_exists(custom_userform)) {
        $retval .= custom_userform ($msg);
    } else {
        $retval .= newuserform ($msg);
    }
    $retval .= COM_siteFooter();

    return $retval;
}


I also added the following to the newuserform function (after the first "if"):

    $retval .= '<script language="JavaScript">';
    $retval .= "window.open('<YourGeekLogSiteRoot/captchaimage.php', 'CAPTCHA','width=220,height=60,resizable=yes,scrollbars=no')</script>";


And lastly, I added the following to my registrationform.thtml file, right after the for the user's email address ([lang_email]):

    <tr>
    <td colspan=2>
        To prevent spam bots from filling this form automatically, we require that you pass through a CAPTCHA system.
        A popup window should have appeared with a CAPTCHA image (if one does not appear, bypass any popup-blockers and refresh this page).
        If the text is hard to read, you can click on the image to regenerate it.
    </td>
    </tr>
    <tr>
    <td valign=top>
    </td>
    <td valign=top>
        <b>Please type the CAPTCHA code here</b>:<br><br>
        <input name="bb_codeword" maxlength=8 value="">
        <br><SMALL>Close the CAPTCHA window AFTER registration is complete!</SMALL><BR>
    </td>
    </tr>


And that was it!

Quite a bit kudgy, but it works correctly...

Hope that helps...    In some way, at least! This has only been tested with IE so far...

Peace!

---

-=- James.

   Whoops...! Ignore the part where I say to modify the createuser function; that third parameter was for debugging and is no longer used.  You can leave the signature of the function unchanged.

   Peace!

---

-=- James.

Rather than making a new plugin just for the CAPTCHA, I'd suggest adding the functionality to the existing SPAM-X plugin (to be distributed with 1.3.10, now available as an release canidate (rc) and from CVS). I think you could use the SPAM-X outline to save yourself some work.

-Vinny

It may be interest. I've found easy way to protect forms using image verification here http://php.webmaster-kit.com

Has anyone incorporated this into the Spam-X Plugin? Also who has tried this and how well does it work?