[vhffs-dev] [1867] Use reCAPTCHA for captcha.

[ Thread Index | Date Index | More vhffs.org/vhffs-dev Archives ]


Revision: 1867
Author:   beuss
Date:     2011-06-03 21:38:23 +0200 (Fri, 03 Jun 2011)
Log Message:
-----------
Use reCAPTCHA for captcha.

Modified Paths:
--------------
    trunk/vhffs-backend/conf/vhffs.conf.dist.in
    trunk/vhffs-panel/Makefile.am
    trunk/vhffs-panel/debian/vhffs-panel.install
    trunk/vhffs-panel/subscribe.pl
    trunk/vhffs-panel/templates/anonymous/subscribe.tt
    trunk/vhffs-test-dependencies.in

Removed Paths:
-------------
    trunk/vhffs-panel/play_code.pl
    trunk/vhffs-panel/show_code.pl

Modified: trunk/vhffs-backend/conf/vhffs.conf.dist.in
===================================================================
--- trunk/vhffs-backend/conf/vhffs.conf.dist.in	2011-06-03 19:37:39 UTC (rev 1866)
+++ trunk/vhffs-backend/conf/vhffs.conf.dist.in	2011-06-03 19:38:23 UTC (rev 1867)
@@ -75,11 +75,13 @@
 	# The default theme
 	default_theme		=	light-grey
 
-	# Use captcha ?  Beware, this is going to make subscription impossible by blind users
+	# Use captcha? You'll have to subscribe to
+    # Google reCAPTCHA service to get public/private key
 	use_captcha		=	no
 
-	# Captcha key, 12 hexadecimal characters [0-9a-f]{12}
-	captchakey		=	a1b2c3d4e5f6
+    # reCAPTCHA 40 chars public key
+    captcha_pubkey  =   ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmn
+    captcha_privkey =   ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmn
 
 	# Obfuscation technique for emails (none, swap, simple, entities or javascript)
 	mail_obfuscation	=	swap

Modified: trunk/vhffs-panel/Makefile.am
===================================================================
--- trunk/vhffs-panel/Makefile.am	2011-06-03 19:37:39 UTC (rev 1866)
+++ trunk/vhffs-panel/Makefile.am	2011-06-03 19:38:23 UTC (rev 1867)
@@ -798,8 +798,6 @@
 	lost.pl \
 	lost_ack.pl \
 	panel.pl \
-	show_code.pl \
-	play_code.pl \
 	subscribe.pl \
 	acl/view.pl \
 	admin/index.pl \

Modified: trunk/vhffs-panel/debian/vhffs-panel.install
===================================================================
--- trunk/vhffs-panel/debian/vhffs-panel.install	2011-06-03 19:37:39 UTC (rev 1866)
+++ trunk/vhffs-panel/debian/vhffs-panel.install	2011-06-03 19:38:23 UTC (rev 1867)
@@ -1,2 +1,2 @@
-acl/ admin/ alert.pl alert_submit.pl auth.pl cvs/ dns/ favicon.ico group/ help/ history.pl largefile/ login.pl logout.pl lost.pl lost_ack.pl mail/ mailinglist/ mysql/ object/ panel.pl pgsql/ public/ show_code.pl subscribe.pl subscribe_complete.pl svn/ themes/ user/ web/ usr/share/vhffs/panel
+acl/ admin/ alert.pl alert_submit.pl auth.pl cvs/ dns/ favicon.ico group/ help/ history.pl largefile/ login.pl logout.pl lost.pl lost_ack.pl mail/ mailinglist/ mysql/ object/ panel.pl pgsql/ public/ subscribe.pl svn/ themes/ user/ web/ usr/share/vhffs/panel
 templates/ usr/share/vhffs/

Deleted: trunk/vhffs-panel/play_code.pl
===================================================================
--- trunk/vhffs-panel/play_code.pl	2011-06-03 19:37:39 UTC (rev 1866)
+++ trunk/vhffs-panel/play_code.pl	2011-06-03 19:38:23 UTC (rev 1867)
@@ -1,60 +0,0 @@
-#!%PERL% -w
-# Copyright (c) vhffs project and its contributors
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without 
-# modification, are permitted provided that the following conditions 
-# are met:
-#
-# 1. Redistributions of source code must retain the above copyright 
-#   notice, this list of conditions and the following disclaimer.
-#2. Redistributions in binary form must reproduce the above copyright
-#   notice, this list of conditions and the following disclaimer in 
-#   the documentation and/or other materials provided with the 
-#   distribution.
-#3. Neither the name of vhffs nor the names of its contributors 
-#   may be used to endorse or promote products derived from this 
-#   software without specific prior written permission.
-#
-#THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 
-#"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 
-#LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 
-#FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 
-#COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 
-#INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 
-#BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 
-#LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 
-#CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN 
-# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 
-# POSSIBILITY OF SUCH DAMAGE.
-
-use strict;
-use utf8;
-use CGI;
-use lib '%VHFFS_LIB_DIR%';
-use Vhffs::Main;
-
-#Get some basics informations with CGI
-my $cgi 		= new CGI;
-$cgi->charset('utf-8');
-my $vhffs		= init Vhffs::Main;	
-
-my $code = $cgi->param("code");
-
-my $buffer;
-
-exit 0 unless ( defined $code && $code =~ /^[0-9a-fA-F]{32}$/ );
-exit 0 unless ( open(WAV, $vhffs->get_config()->get_panel->{'captchadir'}."/$code.wav") );
-
-print CGI->header( -type=>'audio/wav', -attachment => 'captcha.wav' );
-
-select((select(STDOUT), $| = 1)[0]);
-binmode STDOUT;
-binmode WAV;
-
-while( read(WAV, $buffer, 1024) ) {
-    print STDOUT $buffer;
-}
-close WAV;
-close STDOUT;

Deleted: trunk/vhffs-panel/show_code.pl
===================================================================
--- trunk/vhffs-panel/show_code.pl	2011-06-03 19:37:39 UTC (rev 1866)
+++ trunk/vhffs-panel/show_code.pl	2011-06-03 19:38:23 UTC (rev 1867)
@@ -1,60 +0,0 @@
-#!%PERL% -w
-# Copyright (c) vhffs project and its contributors
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without 
-# modification, are permitted provided that the following conditions 
-# are met:
-#
-# 1. Redistributions of source code must retain the above copyright 
-#   notice, this list of conditions and the following disclaimer.
-#2. Redistributions in binary form must reproduce the above copyright
-#   notice, this list of conditions and the following disclaimer in 
-#   the documentation and/or other materials provided with the 
-#   distribution.
-#3. Neither the name of vhffs nor the names of its contributors 
-#   may be used to endorse or promote products derived from this 
-#   software without specific prior written permission.
-#
-#THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 
-#"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 
-#LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 
-#FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 
-#COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 
-#INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 
-#BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 
-#LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 
-#CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN 
-# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 
-# POSSIBILITY OF SUCH DAMAGE.
-
-use strict;
-use utf8;
-use CGI;
-use Authen::Captcha;
-
-use lib '%VHFFS_LIB_DIR%';
-use Vhffs::Main;
-
-my $cgi = new CGI;
-$cgi->charset('utf-8');
-
-my $vhffs = init Vhffs::Main;	
-my $captchakey = $vhffs->get_config->get_panel->{'captchakey'};
-
-my $hex = $cgi->param('code');
-exit 0 unless ( defined $hex && $hex =~ /^[0-9a-f]{12}$/ );
-
-my $code = pack('H12', $hex);
-$code ^= pack('H12', $captchakey) if defined $captchakey;
-
-print CGI->header( -type=>'image/png' );
-
-select((select(STDOUT), $| = 1)[0]);
-binmode STDOUT;
-
-my $captcha = Authen::Captcha->new;
-my $png = $captcha->create_image_file( $code );
-print STDOUT ${$png};
-close STDOUT;

Modified: trunk/vhffs-panel/subscribe.pl
===================================================================
--- trunk/vhffs-panel/subscribe.pl	2011-06-03 19:37:39 UTC (rev 1866)
+++ trunk/vhffs-panel/subscribe.pl	2011-06-03 19:38:23 UTC (rev 1867)
@@ -44,11 +44,10 @@
 use locale;
 use Locale::gettext;
 use Encode;
-use Authen::Captcha;
+use Captcha::reCAPTCHA;
 
 use lib '%VHFFS_LIB_DIR%';
 use Vhffs::User;
-use Vhffs::Main;
 use Vhffs::Functions;
 use Vhffs::Constants;
 use Vhffs::Panel::Main;
@@ -57,15 +56,14 @@
 exit 0 unless $panel;
 
 my $vhffs = $panel->{'vhffs'};
-my $templatedir = $panel->{'templatedir'};
 my $cgi = $panel->{'cgi'};
 
 my $submitted = $cgi->param( 'CREATE_SUBMIT' );
-my $template;
 my $message;
 
 my $usecaptcha = Vhffs::Functions::strtobool( $vhffs->get_config->get_panel->{'use_captcha'} );
-my $captchakey = $vhffs->get_config->get_panel->{'captchakey'};
+my $captcha_pubkey = $vhffs->get_config->get_panel->{'captcha_pubkey'};
+my $captcha_privkey = $vhffs->get_config->get_panel->{'captcha_privkey'};
 
 if( $vhffs->get_config->get_allow_subscribe == 0 )
 {
@@ -92,15 +90,14 @@
 	$newslettercheckbox = ( defined $newslettercheckbox && $newslettercheckbox eq 'on' );
 
 	if( $usecaptcha ) {
-        my $codeuser   = $cgi->param('CONFIRMATION');
-		my $hexcode    = $cgi->param('CODE');
-		my $code = pack('H12', $hexcode);
-		$code ^= pack('H12', $captchakey) if defined $captchakey;
-
-		if( ( ! defined $code ) || ( $codeuser ne $code ) )
-		{
+        my $captcha = new Captcha::reCAPTCHA();
+        my $challenge = $cgi->param('recaptcha_challenge_field');
+        my $response = $cgi->param('recaptcha_response_field');
+        my $result = $captcha->check_answer(
+            $captcha_privkey, $ENV{REMOTE_ADDR}, $challenge, $response);
+        unless( $result->{is_valid} ) {
 			$panel->add_error( gettext("Codes do not match"));
-		}
+        }
 	}
 
 	if( ! defined $username )
@@ -219,13 +216,7 @@
 
 if( ( ! defined $submitted ) || $panel->has_errors )  {
 	if( $usecaptcha ) {
-		my $captcha = Authen::Captcha->new;
-		my $code = $captcha->generate_random_string( 6 );
-		$code ^= pack('H12', $captchakey) if defined $captchakey;
-		my $hex = unpack('H12', $code);
-        $vars->{captcha} = {
-            code => $hex
-        };
+        $vars->{captcha_pubkey} = $captcha_pubkey;
 	}
 
 	if( $vhffs->get_config->get_service_availability('newsletter') ) {
@@ -236,7 +227,5 @@
         $vars->{newsletter_checked} = 1 if($conf->{'collectmode'} eq 'passive_optin' and !defined $submitted);
 	}
 
-
     $panel->render('anonymous/subscribe.tt', $vars, 'anonymous.tt');
-    exit 0;
 }

Modified: trunk/vhffs-panel/templates/anonymous/subscribe.tt
===================================================================
--- trunk/vhffs-panel/templates/anonymous/subscribe.tt	2011-06-03 19:37:39 UTC (rev 1866)
+++ trunk/vhffs-panel/templates/anonymous/subscribe.tt	2011-06-03 19:38:23 UTC (rev 1867)
@@ -63,20 +63,22 @@
 					<span><input type="checkbox" name="NEWSLETTER" id="NEWSLETTER"[% ' checked="checked"' IF newsletter_checked %]/></span>
 				</p>
 [% END %]
-[% IF captcha.defined() %]
+[% IF captcha_pubkey %]
 				<p>
-					<label for="CONFIRMATION">
-						[% 'Confirmation code:' | i18n | html %]
-					</label>
-						<img src="show_code.pl?code=[% captcha.code %]" alt="[% 'Confirmation code, contact administrator team if you can\'t read it' | i18n | html %]"/> <a href="play_code.pl?code=[% captcha.code %]">[% 'Or listen to the code' | i18n | html %]</a>
-				</p>
-				<p>
-					<label for="CONFIRMATION">
-						[% 'Recopy the code:' | i18n | html %]
-					</label>
-					<input type="text" name="CONFIRMATION"  id="CONFIRMATION" maxlength="16"/>
-				</p>
-					<input type="hidden" name="CODE" id="CODE" value="[% captcha.code %]"/>
+                    <label class="inline">[% 'Captcha:' | i18n | html %]</label>
+                </p>
+                <script type="text/javascript">
+                    var RecaptchaOptions = {
+                        theme: 'white',
+                        lang: '[% language.substr(0, 2) | html %]'
+                    };
+                </script>
+                <script type="text/javascript" src="http://www.google.com/recaptcha/api/challenge?k=[% captcha_pubkey | html %]"></script>
+                <noscript>
+                    <iframe src="http://www.google.com/recaptcha/api/noscript?k=[% captcha_pubkey | html %]" height="300" width="500" frameborder="0"></iframe><br/>
+                    <textarea name="recaptcha_challenge_field" rows="3" cols="40"></textarea>
+                    <input type="hidden" name="recaptcha_response_field" value="manual_challenge">
+                </noscript>
 [% END %]
 				<p class="button">
 					<input type="submit" value="[% 'Subscribe' | i18n | html %]" name="CREATE_SUBMIT"/>

Modified: trunk/vhffs-test-dependencies.in
===================================================================
--- trunk/vhffs-test-dependencies.in	2011-06-03 19:37:39 UTC (rev 1866)
+++ trunk/vhffs-test-dependencies.in	2011-06-03 19:38:23 UTC (rev 1867)
@@ -8,7 +8,6 @@
 my @components;
 
 $dep{'api'} = [ 
-	('Authen::Captcha', ''),
 	('Carp', ''),
 	('CGI', ''),
 	('CGI::Session', ''),
@@ -60,7 +59,8 @@
 	('GD', ''),
 	('GD::Text::Wrap', ''),
 	('locale', ''),
-	('Locale::gettext', '')];
+	('Locale::gettext', ''),
+    ('Captcha::reCAPTCHA', '')];
 
 $dep{'robots'} = [
 	('BSD::Resource', ''),


Mail converted by MHonArc 2.6.19+ http://listengine.tuxfamily.org/