[vhffs-dev] [1867] Use reCAPTCHA for captcha. |
[ Thread Index |
Date Index
| More vhffs.org/vhffs-dev Archives
]
Revision: 1867
Author: beuss
Date: 2011-06-03 21:38:23 +0200 (Fri, 03 Jun 2011)
Log Message:
-----------
Use reCAPTCHA for captcha.
Modified Paths:
--------------
trunk/vhffs-backend/conf/vhffs.conf.dist.in
trunk/vhffs-panel/Makefile.am
trunk/vhffs-panel/debian/vhffs-panel.install
trunk/vhffs-panel/subscribe.pl
trunk/vhffs-panel/templates/anonymous/subscribe.tt
trunk/vhffs-test-dependencies.in
Removed Paths:
-------------
trunk/vhffs-panel/play_code.pl
trunk/vhffs-panel/show_code.pl
Modified: trunk/vhffs-backend/conf/vhffs.conf.dist.in
===================================================================
--- trunk/vhffs-backend/conf/vhffs.conf.dist.in 2011-06-03 19:37:39 UTC (rev 1866)
+++ trunk/vhffs-backend/conf/vhffs.conf.dist.in 2011-06-03 19:38:23 UTC (rev 1867)
@@ -75,11 +75,13 @@
# The default theme
default_theme = light-grey
- # Use captcha ? Beware, this is going to make subscription impossible by blind users
+ # Use captcha? You'll have to subscribe to
+ # Google reCAPTCHA service to get public/private key
use_captcha = no
- # Captcha key, 12 hexadecimal characters [0-9a-f]{12}
- captchakey = a1b2c3d4e5f6
+ # reCAPTCHA 40 chars public key
+ captcha_pubkey = ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmn
+ captcha_privkey = ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmn
# Obfuscation technique for emails (none, swap, simple, entities or javascript)
mail_obfuscation = swap
Modified: trunk/vhffs-panel/Makefile.am
===================================================================
--- trunk/vhffs-panel/Makefile.am 2011-06-03 19:37:39 UTC (rev 1866)
+++ trunk/vhffs-panel/Makefile.am 2011-06-03 19:38:23 UTC (rev 1867)
@@ -798,8 +798,6 @@
lost.pl \
lost_ack.pl \
panel.pl \
- show_code.pl \
- play_code.pl \
subscribe.pl \
acl/view.pl \
admin/index.pl \
Modified: trunk/vhffs-panel/debian/vhffs-panel.install
===================================================================
--- trunk/vhffs-panel/debian/vhffs-panel.install 2011-06-03 19:37:39 UTC (rev 1866)
+++ trunk/vhffs-panel/debian/vhffs-panel.install 2011-06-03 19:38:23 UTC (rev 1867)
@@ -1,2 +1,2 @@
-acl/ admin/ alert.pl alert_submit.pl auth.pl cvs/ dns/ favicon.ico group/ help/ history.pl largefile/ login.pl logout.pl lost.pl lost_ack.pl mail/ mailinglist/ mysql/ object/ panel.pl pgsql/ public/ show_code.pl subscribe.pl subscribe_complete.pl svn/ themes/ user/ web/ usr/share/vhffs/panel
+acl/ admin/ alert.pl alert_submit.pl auth.pl cvs/ dns/ favicon.ico group/ help/ history.pl largefile/ login.pl logout.pl lost.pl lost_ack.pl mail/ mailinglist/ mysql/ object/ panel.pl pgsql/ public/ subscribe.pl svn/ themes/ user/ web/ usr/share/vhffs/panel
templates/ usr/share/vhffs/
Deleted: trunk/vhffs-panel/play_code.pl
===================================================================
--- trunk/vhffs-panel/play_code.pl 2011-06-03 19:37:39 UTC (rev 1866)
+++ trunk/vhffs-panel/play_code.pl 2011-06-03 19:38:23 UTC (rev 1867)
@@ -1,60 +0,0 @@
-#!%PERL% -w
-# Copyright (c) vhffs project and its contributors
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-#
-# 1. Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-#2. Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in
-# the documentation and/or other materials provided with the
-# distribution.
-#3. Neither the name of vhffs nor the names of its contributors
-# may be used to endorse or promote products derived from this
-# software without specific prior written permission.
-#
-#THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-#"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-#LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
-#FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-#COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-#INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
-#BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-#LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-#CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
-# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-# POSSIBILITY OF SUCH DAMAGE.
-
-use strict;
-use utf8;
-use CGI;
-use lib '%VHFFS_LIB_DIR%';
-use Vhffs::Main;
-
-#Get some basics informations with CGI
-my $cgi = new CGI;
-$cgi->charset('utf-8');
-my $vhffs = init Vhffs::Main;
-
-my $code = $cgi->param("code");
-
-my $buffer;
-
-exit 0 unless ( defined $code && $code =~ /^[0-9a-fA-F]{32}$/ );
-exit 0 unless ( open(WAV, $vhffs->get_config()->get_panel->{'captchadir'}."/$code.wav") );
-
-print CGI->header( -type=>'audio/wav', -attachment => 'captcha.wav' );
-
-select((select(STDOUT), $| = 1)[0]);
-binmode STDOUT;
-binmode WAV;
-
-while( read(WAV, $buffer, 1024) ) {
- print STDOUT $buffer;
-}
-close WAV;
-close STDOUT;
Deleted: trunk/vhffs-panel/show_code.pl
===================================================================
--- trunk/vhffs-panel/show_code.pl 2011-06-03 19:37:39 UTC (rev 1866)
+++ trunk/vhffs-panel/show_code.pl 2011-06-03 19:38:23 UTC (rev 1867)
@@ -1,60 +0,0 @@
-#!%PERL% -w
-# Copyright (c) vhffs project and its contributors
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-#
-# 1. Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-#2. Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in
-# the documentation and/or other materials provided with the
-# distribution.
-#3. Neither the name of vhffs nor the names of its contributors
-# may be used to endorse or promote products derived from this
-# software without specific prior written permission.
-#
-#THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-#"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-#LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
-#FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-#COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-#INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
-#BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-#LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-#CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
-# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-# POSSIBILITY OF SUCH DAMAGE.
-
-use strict;
-use utf8;
-use CGI;
-use Authen::Captcha;
-
-use lib '%VHFFS_LIB_DIR%';
-use Vhffs::Main;
-
-my $cgi = new CGI;
-$cgi->charset('utf-8');
-
-my $vhffs = init Vhffs::Main;
-my $captchakey = $vhffs->get_config->get_panel->{'captchakey'};
-
-my $hex = $cgi->param('code');
-exit 0 unless ( defined $hex && $hex =~ /^[0-9a-f]{12}$/ );
-
-my $code = pack('H12', $hex);
-$code ^= pack('H12', $captchakey) if defined $captchakey;
-
-print CGI->header( -type=>'image/png' );
-
-select((select(STDOUT), $| = 1)[0]);
-binmode STDOUT;
-
-my $captcha = Authen::Captcha->new;
-my $png = $captcha->create_image_file( $code );
-print STDOUT ${$png};
-close STDOUT;
Modified: trunk/vhffs-panel/subscribe.pl
===================================================================
--- trunk/vhffs-panel/subscribe.pl 2011-06-03 19:37:39 UTC (rev 1866)
+++ trunk/vhffs-panel/subscribe.pl 2011-06-03 19:38:23 UTC (rev 1867)
@@ -44,11 +44,10 @@
use locale;
use Locale::gettext;
use Encode;
-use Authen::Captcha;
+use Captcha::reCAPTCHA;
use lib '%VHFFS_LIB_DIR%';
use Vhffs::User;
-use Vhffs::Main;
use Vhffs::Functions;
use Vhffs::Constants;
use Vhffs::Panel::Main;
@@ -57,15 +56,14 @@
exit 0 unless $panel;
my $vhffs = $panel->{'vhffs'};
-my $templatedir = $panel->{'templatedir'};
my $cgi = $panel->{'cgi'};
my $submitted = $cgi->param( 'CREATE_SUBMIT' );
-my $template;
my $message;
my $usecaptcha = Vhffs::Functions::strtobool( $vhffs->get_config->get_panel->{'use_captcha'} );
-my $captchakey = $vhffs->get_config->get_panel->{'captchakey'};
+my $captcha_pubkey = $vhffs->get_config->get_panel->{'captcha_pubkey'};
+my $captcha_privkey = $vhffs->get_config->get_panel->{'captcha_privkey'};
if( $vhffs->get_config->get_allow_subscribe == 0 )
{
@@ -92,15 +90,14 @@
$newslettercheckbox = ( defined $newslettercheckbox && $newslettercheckbox eq 'on' );
if( $usecaptcha ) {
- my $codeuser = $cgi->param('CONFIRMATION');
- my $hexcode = $cgi->param('CODE');
- my $code = pack('H12', $hexcode);
- $code ^= pack('H12', $captchakey) if defined $captchakey;
-
- if( ( ! defined $code ) || ( $codeuser ne $code ) )
- {
+ my $captcha = new Captcha::reCAPTCHA();
+ my $challenge = $cgi->param('recaptcha_challenge_field');
+ my $response = $cgi->param('recaptcha_response_field');
+ my $result = $captcha->check_answer(
+ $captcha_privkey, $ENV{REMOTE_ADDR}, $challenge, $response);
+ unless( $result->{is_valid} ) {
$panel->add_error( gettext("Codes do not match"));
- }
+ }
}
if( ! defined $username )
@@ -219,13 +216,7 @@
if( ( ! defined $submitted ) || $panel->has_errors ) {
if( $usecaptcha ) {
- my $captcha = Authen::Captcha->new;
- my $code = $captcha->generate_random_string( 6 );
- $code ^= pack('H12', $captchakey) if defined $captchakey;
- my $hex = unpack('H12', $code);
- $vars->{captcha} = {
- code => $hex
- };
+ $vars->{captcha_pubkey} = $captcha_pubkey;
}
if( $vhffs->get_config->get_service_availability('newsletter') ) {
@@ -236,7 +227,5 @@
$vars->{newsletter_checked} = 1 if($conf->{'collectmode'} eq 'passive_optin' and !defined $submitted);
}
-
$panel->render('anonymous/subscribe.tt', $vars, 'anonymous.tt');
- exit 0;
}
Modified: trunk/vhffs-panel/templates/anonymous/subscribe.tt
===================================================================
--- trunk/vhffs-panel/templates/anonymous/subscribe.tt 2011-06-03 19:37:39 UTC (rev 1866)
+++ trunk/vhffs-panel/templates/anonymous/subscribe.tt 2011-06-03 19:38:23 UTC (rev 1867)
@@ -63,20 +63,22 @@
<span><input type="checkbox" name="NEWSLETTER" id="NEWSLETTER"[% ' checked="checked"' IF newsletter_checked %]/></span>
</p>
[% END %]
-[% IF captcha.defined() %]
+[% IF captcha_pubkey %]
<p>
- <label for="CONFIRMATION">
- [% 'Confirmation code:' | i18n | html %]
- </label>
- <img src="show_code.pl?code=[% captcha.code %]" alt="[% 'Confirmation code, contact administrator team if you can\'t read it' | i18n | html %]"/> <a href="play_code.pl?code=[% captcha.code %]">[% 'Or listen to the code' | i18n | html %]</a>
- </p>
- <p>
- <label for="CONFIRMATION">
- [% 'Recopy the code:' | i18n | html %]
- </label>
- <input type="text" name="CONFIRMATION" id="CONFIRMATION" maxlength="16"/>
- </p>
- <input type="hidden" name="CODE" id="CODE" value="[% captcha.code %]"/>
+ <label class="inline">[% 'Captcha:' | i18n | html %]</label>
+ </p>
+ <script type="text/javascript">
+ var RecaptchaOptions = {
+ theme: 'white',
+ lang: '[% language.substr(0, 2) | html %]'
+ };
+ </script>
+ <script type="text/javascript" src="http://www.google.com/recaptcha/api/challenge?k=[% captcha_pubkey | html %]"></script>
+ <noscript>
+ <iframe src="http://www.google.com/recaptcha/api/noscript?k=[% captcha_pubkey | html %]" height="300" width="500" frameborder="0"></iframe><br/>
+ <textarea name="recaptcha_challenge_field" rows="3" cols="40"></textarea>
+ <input type="hidden" name="recaptcha_response_field" value="manual_challenge">
+ </noscript>
[% END %]
<p class="button">
<input type="submit" value="[% 'Subscribe' | i18n | html %]" name="CREATE_SUBMIT"/>
Modified: trunk/vhffs-test-dependencies.in
===================================================================
--- trunk/vhffs-test-dependencies.in 2011-06-03 19:37:39 UTC (rev 1866)
+++ trunk/vhffs-test-dependencies.in 2011-06-03 19:38:23 UTC (rev 1867)
@@ -8,7 +8,6 @@
my @components;
$dep{'api'} = [
- ('Authen::Captcha', ''),
('Carp', ''),
('CGI', ''),
('CGI::Session', ''),
@@ -60,7 +59,8 @@
('GD', ''),
('GD::Text::Wrap', ''),
('locale', ''),
- ('Locale::gettext', '')];
+ ('Locale::gettext', ''),
+ ('Captcha::reCAPTCHA', '')];
$dep{'robots'} = [
('BSD::Resource', ''),