- MattschesI'd however go with a distinct unique plugin instead blowing up the
spamblock plugin with that. Much like the add-on plugins for SURBL/DNSBL. This
has the upside that people could use the new plugin on their existing blogs
without upgrading to a core s9y version.
use reCaptcha in place of existing captchas?
The idea's great and has come up on the s9y mailing list just the other day. Garvin argued that it's probably better to put recaptcha into a separate plugin:
-
- Core Developer
- Posts: 30022
- Joined: Tue Sep 16, 2003 9:45 pm
- Location: Cologne, Germany
- Contact:
Re: use reCaptcha in place of existing captchas?
Hi!
A different captcha plugin could be written using the same hooks/means.
I would love to see that, it's an interesting project IMHO!
Regards,
Garvin
Yes, very much so. The spamblock plugin itself uses those hooks to emit its own captcha.Are the hooks in place to replace the existing captcha mechanism with this one?
A different captcha plugin could be written using the same hooks/means.
I would love to see that, it's an interesting project IMHO!
Regards,
Garvin
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
Hi,
I have tried to extend the existing spamblock plugin by using the recaptcha plugin.
Here is the patch (of recaptcha 1.16 and serendipity 1.1.2)
lang_en.inc.php.diff:
--- lang_en.inc.php 2007-05-29 18:26:17.127768400 +0200
+++ lang_en.inc.php.orig 2007-05-29 12:28:17.279592400 +0200
@@ -5,6 +5,7 @@
* @author Translator Name <yourmail@example.com>
* EN-Revision: Revision of lang_en.inc.php
*/
+
@define('PLUGIN_EVENT_SPAMBLOCK_TITLE', 'Spam Protector');
@define('PLUGIN_EVENT_SPAMBLOCK_DESC', 'A variety of methods to prevent comment spam');
@define('PLUGIN_EVENT_SPAMBLOCK_ERROR_BODY', 'Spam Prevention: Invalid message.');
@@ -19,12 +20,6 @@
@define('PLUGIN_EVENT_SPAMBLOCK_IPFLOOD_DESC', 'Only allow an IP to submit a comment every n minutes. Useful to prevent comment floods.');
@define('PLUGIN_EVENT_SPAMBLOCK_CAPTCHAS', 'Enable Captchas');
@define('PLUGIN_EVENT_SPAMBLOCK_CAPTCHAS_DESC', 'Will force the user to input a random string displayed in a specially crafted image. This will disallow automated submits to your blog. Please remember that people with decreased vision may find it hard to read those captchas.');
-@define('PLUGIN_EVENT_SPAMBLOCK_RECAPTCHA', 'Use Recaptcha');
-@define('PLUGIN_EVENT_SPAMBLOCK_RECAPTCHA_DESC', 'If set, a recaptcha will be generated. This is a special kind of captcha, that will help digitize books. See http://www.recaptcha.net for more details. As with normal captchas, remember that people with decreased vision may find it hard to read.');
-@define('PLUGIN_EVENT_SPAMBLOCK_RECAPTCHA_PUB', 'Public key for recaptcha');
-@define('PLUGIN_EVENT_SPAMBLOCK_RECAPTCHA_PRIV', 'Private key for recaptcha');
-@define('PLUGIN_EVENT_SPAMBLOCK_RECAPTCHA_PUB_DESC', 'Provide a public key pair for communicating with the recaptcha.net site. You can request a public/private key pair at http://www.recaptcha.net/api/getkey');
-@define('PLUGIN_EVENT_SPAMBLOCK_RECAPTCHA_PRIV_DESC', 'Provide a private key pair for communicating with the recaptcha.net site. You can request a public/private key pair at http://www.recaptcha.net/api/getkey');
@define('PLUGIN_EVENT_SPAMBLOCK_CAPTCHAS_USERDESC', 'To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.');
@define('PLUGIN_EVENT_SPAMBLOCK_CAPTCHAS_USERDESC2', 'Enter the string you see here in the input box!');
@define('PLUGIN_EVENT_SPAMBLOCK_CAPTCHAS_USERDESC3', 'Enter the string from the spam-prevention image above: ');
------------------------------------------------------------------------------------
serendipity_event_spamblock.php:
--- serendipity_event_spamblock.php 2007-05-29 18:16:59.770099300 +0200
+++ serendipity_event_spamblock.php.orig 2007-05-29 12:23:20.252671700 +0200
@@ -12,11 +12,6 @@
}
include dirname(__FILE__) . '/lang_en.inc.php';
-require_once dirname(__FILE__) . '/recaptchalib.php';
-$GLOBALS['recaptcha_api_server'] = 'http://api.recaptcha.net';
-$GLOBALS['recaptcha_api_secure_server'] = 'https://api-secure.recaptcha.net';
-$GLOBALS['recaptcha_verify_server'] = 'api-verify.recaptcha.net';
-
/* BC - TODO: Remove for 0.8 final */
if (!function_exists('serendipity_serverOffsetHour')) {
@@ -61,9 +56,6 @@
'ipflood',
'csrf',
'captchas',
- 'recaptcha',
- 'recaptcha_pub',
- 'recaptcha_priv',
'captchas_ttl',
'captcha_color',
'forcemoderation',
@@ -172,31 +164,6 @@
'desc' => array(YES, NO, PLUGIN_EVENT_SPAMBLOCK_CAPTCHAS_SCRAMBLE)
));
break;
-
- case 'recaptcha':
- $propbag->add('type', 'radio');
- $propbag->add('name', PLUGIN_EVENT_SPAMBLOCK_RECAPTCHA);
- $propbag->add('description', PLUGIN_EVENT_SPAMBLOCK_RECAPTCHA_DESC);
- $propbag->add('default', 'no');
- $propbag->add('radio', array(
- 'value' => array('yes', 'no'),
- 'desc' => array(YES, NO)
- ));
- break;
-
- case 'recaptcha_pub':
- $propbag->add('type', 'string');
- $propbag->add('name', PLUGIN_EVENT_SPAMBLOCK_RECAPTCHA_PUB);
- $propbag->add('description', PLUGIN_EVENT_SPAMBLOCK_RECAPTCHA_PUB_DESC);
- $propbag->add('default', '');
- break;
-
- case 'recaptcha_priv':
- $propbag->add('type', 'string');
- $propbag->add('name', PLUGIN_EVENT_SPAMBLOCK_RECAPTCHA_PRIV);
- $propbag->add('description', PLUGIN_EVENT_SPAMBLOCK_RECAPTCHA_PRIV_DESC);
- $propbag->add('default', '');
- break;
case 'hide_for_authors':
$_groups =& serendipity_getAllGroups();
@@ -598,13 +565,11 @@
if (isset($hooks[$event])) {
$captchas_ttl = $this->get_config('captchas_ttl', 7);
$_captchas = $this->get_config('captchas', 'yes');
- $_recaptcha = $this->get_config('recaptcha', 'no');
- $captchas = ($_captchas !== 'no' && ($_captchas === 'yes' || $_captchas === 'scramble' || serendipity_db_bool($_captchas)) && ($_recaptcha ==='no'));
- $recaptcha = ($_captchas !== 'no' && ($_captchas === 'yes' || $_captchas === 'scramble' || serendipity_db_bool($_captchas)) && ($_recaptcha ==='yes' || $_recaptcha !== 'no' || serendipity_db_bool($_recaptcha)));
+ $captchas = ($_captchas !== 'no' && ($_captchas === 'yes' || $_captchas === 'scramble' || serendipity_db_bool($_captchas)));
// Check if the entry is older than the allowed amount of time. Enforce kaptchas if that is true
// of if kaptchas are activated for every entry
- $show_captcha = (($captchas || $recaptcha) && isset($eventData['timestamp']) && ($captchas_ttl < 1 || ($eventData['timestamp'] < (time() - ($captchas_ttl*60*60*24)))) ? true : false);
+ $show_captcha = ($captchas && isset($eventData['timestamp']) && ($captchas_ttl < 1 || ($eventData['timestamp'] < (time() - ($captchas_ttl*60*60*24)))) ? true : false);
$forcemoderation = $this->get_config('forcemoderation', 60);
$forcemoderation_treat = $this->get_config('forcemoderation_treat', 'moderate');
@@ -620,7 +585,8 @@
$use_gd = true;
} else {
$max_char = $min_char = 5;
- $use_gd = false; }
+ $use_gd = false;
+ }
switch($event) {
case 'fetchcomments':
@@ -864,38 +830,16 @@
// Captcha checking
if ($show_captcha && $addData['type'] == 'NORMAL') {
- if ($captchas) {
- if (!isset($_SESSION['spamblock']['captcha']) || !isset($serendipity['POST']['captcha']) || strtolower($serendipity['POST']['captcha']) != strtolower($_SESSION['spamblock']['captcha'])) {
- $this->log($logfile, $eventData['id'], 'REJECTED', sprintf(PLUGIN_EVENT_SPAMBLOCK_REASON_CAPTCHAS, $serendipity['POST']['captcha'], $_SESSION['spamblock']['captcha']), $addData);
- $eventData = array('allow_comments' => false);
- $serendipity['messagestack']['comments'][] = PLUGIN_EVENT_SPAMBLOCK_ERROR_CAPTCHAS;
- return false;
- } else {
- // DEBUG
- // $this->log($logfile, $eventData['id'], 'REJECTED', 'Captcha passed: ' . $serendipity['POST']['captcha'] . ' / ' . $_SESSION['spamblock']['captcha'] . ' // Source: ' . $_SERVER['REQUEST_URI'], $addData);
- }
- }
- // check recaptcha
- else {
- $privatekey = $this->get_config('recaptcha_priv');
- if ($_POST["recaptcha_response_field"]) {
- $resp = recaptcha_check_answer ($privatekey,
- $_SERVER["REMOTE_ADDR"],
- $_POST["recaptcha_challenge_field"],
- $_POST["recaptcha_response_field"]);
-
- if (!$resp->is_valid) {
- # set the error code so that we can display it
- $error = $resp->error;
- $this->log($logfile, $eventData['id'], 'REJECTED', $error, $addData);
- $eventData = array('allow_comments' => false);
- $serendipity['messagestack']['comments'][] = PLUGIN_EVENT_SPAMBLOCK_ERROR_CAPTCHAS;
- return false;
- }
+ if (!isset($_SESSION['spamblock']['captcha']) || !isset($serendipity['POST']['captcha']) || strtolower($serendipity['POST']['captcha']) != strtolower($_SESSION['spamblock']['captcha'])) {
+ $this->log($logfile, $eventData['id'], 'REJECTED', sprintf(PLUGIN_EVENT_SPAMBLOCK_REASON_CAPTCHAS, $serendipity['POST']['captcha'], $_SESSION['spamblock']['captcha']), $addData);
+ $eventData = array('allow_comments' => false);
+ $serendipity['messagestack']['comments'][] = PLUGIN_EVENT_SPAMBLOCK_ERROR_CAPTCHAS;
+ return false;
+ } else {
+// DEBUG
+// $this->log($logfile, $eventData['id'], 'REJECTED', 'Captcha passed: ' . $serendipity['POST']['captcha'] . ' / ' . $_SESSION['spamblock']['captcha'] . ' // Source: ' . $_SERVER['REQUEST_URI'], $addData);
}
- }
- }
- else {
+ } else {
// DEBUG
// $this->log($logfile, $eventData['id'], 'REJECTED', 'Captcha not needed: ' . $serendipity['POST']['captcha'] . ' / ' . $_SESSION['spamblock']['captcha'] . ' // Source: ' . $_SERVER['REQUEST_URI'], $addData);
}
@@ -993,45 +937,33 @@
}
if ($show_captcha) {
- if ($captchas) {
- echo '<div class="serendipity_commentDirection serendipity_comment_captcha">';
- if (!isset($serendipity['POST']['preview']) || strtolower($serendipity['POST']['captcha'] != strtolower($_SESSION['spamblock']['captcha']))) {
- echo '<br />' . PLUGIN_EVENT_SPAMBLOCK_CAPTCHAS_USERDESC . '<br />';
- if ($use_gd) {
- printf('<img src="%s" title="%s" alt="CAPTCHA" class="captcha" />',
- $serendipity['baseURL'] . ($serendipity['rewrite'] == 'none' ? $serendipity['indexFile'] . '?/' : '') . 'plugin/captcha_' . md5(time()),
+ echo '<div class="serendipity_commentDirection serendipity_comment_captcha">';
+ if (!isset($serendipity['POST']['preview']) || strtolower($serendipity['POST']['captcha'] != strtolower($_SESSION['spamblock']['captcha']))) {
+ echo '<br />' . PLUGIN_EVENT_SPAMBLOCK_CAPTCHAS_USERDESC . '<br />';
+ if ($use_gd) {
+ printf('<img src="%s" title="%s" alt="CAPTCHA" class="captcha" />',
+ $serendipity['baseURL'] . ($serendipity['rewrite'] == 'none' ? $serendipity['indexFile'] . '?/' : '') . 'plugin/captcha_' . md5(time()),
+ htmlspecialchars(PLUGIN_EVENT_SPAMBLOCK_CAPTCHAS_USERDESC2)
+ );
+ } else {
+ $bgcolors = explode(',', $this->get_config('captcha_color', '255,0,255'));
+ $hexval = '#' . dechex(trim($bgcolors[0])) . dechex(trim($bgcolors[1])) . dechex(trim($bgcolors[2]));
+ $this->random_string($max_char, $min_char);
+ echo '<div style="background-color: ' . $hexval . '">';
+ for ($i = 1; $i <= $max_char; $i++) {
+ printf('<img src="%s" title="%s" alt="CAPTCHA ' . $i . '" class="captcha" />',
+ $serendipity['baseURL'] . ($serendipity['rewrite'] == 'none' ? $serendipity['indexFile'] . '?/' : '') . 'plugin/captcha_' . $i . '_' . md5(time()),
htmlspecialchars(PLUGIN_EVENT_SPAMBLOCK_CAPTCHAS_USERDESC2)
);
- } else {
- $bgcolors = explode(',', $this->get_config('captcha_color', '255,0,255'));
- $hexval = '#' . dechex(trim($bgcolors[0])) . dechex(trim($bgcolors[1])) . dechex(trim($bgcolors[2]));
- $this->random_string($max_char, $min_char);
- echo '<div style="background-color: ' . $hexval . '">';
- for ($i = 1; $i <= $max_char; $i++) {
- printf('<img src="%s" title="%s" alt="CAPTCHA ' . $i . '" class="captcha" />',
- $serendipity['baseURL'] . ($serendipity['rewrite'] == 'none' ? $serendipity['indexFile'] . '?/' : '') . 'plugin/captcha_' . $i . '_' . md5(time()),
- htmlspecialchars(PLUGIN_EVENT_SPAMBLOCK_CAPTCHAS_USERDESC2)
- );
- }
- echo '</div>';
}
- echo '<br />';
- echo '<label for="captcha">'. PLUGIN_EVENT_SPAMBLOCK_CAPTCHAS_USERDESC3 . '</label><br /><input type="text" size="5" name="serendipity[captcha]" value="" id="captcha" />';
- }
- elseif (isset($serendipity['POST']['captcha'])) {
- echo '<input type="hidden" name="serendipity[captcha]" value="' . htmlspecialchars($serendipity['POST']['captcha']) . '" />';
+ echo '</div>';
}
- echo '</div>';
- }
- elseif ($recaptcha){
- $pubkey = $this->get_config('recaptcha_pub');
- $privkey = $this->get_config('recaptcha_priv');
- // The response from recaptcha.net
- $resp = null;
- // The error code from recaptcha.net, if any
- $error = null;
- echo recaptcha_get_html($pubkey);
+ echo '<br />';
+ echo '<label for="captcha">'. PLUGIN_EVENT_SPAMBLOCK_CAPTCHAS_USERDESC3 . '</label><br /><input type="text" size="5" name="serendipity[captcha]" value="" id="captcha" />';
+ } elseif (isset($serendipity['POST']['captcha'])) {
+ echo '<input type="hidden" name="serendipity[captcha]" value="' . htmlspecialchars($serendipity['POST']['captcha']) . '" />';
}
+ echo '</div>';
}
return true;
-----------------------------------------------------------------------------------
This is my first contribution to serendipity and I had a hard time figuring out the plugin_api . But it works for me.
All you need to do is get a copy of recaptchalib.php from <a href="http://recaptcha.net/plugins/php/">recaptcha.net</a> and place it in the serendipity_event_spamblock folder. Next you need to apply for your public/private key combination at <a href="http://recaptcha.net/api/getkey">recaptcha.net</a>.
Now apply the patch and enter the keys into the fields in the configuration dialog for the spamblock plugin.
I have tried to extend the existing spamblock plugin by using the recaptcha plugin.
Here is the patch (of recaptcha 1.16 and serendipity 1.1.2)
lang_en.inc.php.diff:
--- lang_en.inc.php 2007-05-29 18:26:17.127768400 +0200
+++ lang_en.inc.php.orig 2007-05-29 12:28:17.279592400 +0200
@@ -5,6 +5,7 @@
* @author Translator Name <yourmail@example.com>
* EN-Revision: Revision of lang_en.inc.php
*/
+
@define('PLUGIN_EVENT_SPAMBLOCK_TITLE', 'Spam Protector');
@define('PLUGIN_EVENT_SPAMBLOCK_DESC', 'A variety of methods to prevent comment spam');
@define('PLUGIN_EVENT_SPAMBLOCK_ERROR_BODY', 'Spam Prevention: Invalid message.');
@@ -19,12 +20,6 @@
@define('PLUGIN_EVENT_SPAMBLOCK_IPFLOOD_DESC', 'Only allow an IP to submit a comment every n minutes. Useful to prevent comment floods.');
@define('PLUGIN_EVENT_SPAMBLOCK_CAPTCHAS', 'Enable Captchas');
@define('PLUGIN_EVENT_SPAMBLOCK_CAPTCHAS_DESC', 'Will force the user to input a random string displayed in a specially crafted image. This will disallow automated submits to your blog. Please remember that people with decreased vision may find it hard to read those captchas.');
-@define('PLUGIN_EVENT_SPAMBLOCK_RECAPTCHA', 'Use Recaptcha');
-@define('PLUGIN_EVENT_SPAMBLOCK_RECAPTCHA_DESC', 'If set, a recaptcha will be generated. This is a special kind of captcha, that will help digitize books. See http://www.recaptcha.net for more details. As with normal captchas, remember that people with decreased vision may find it hard to read.');
-@define('PLUGIN_EVENT_SPAMBLOCK_RECAPTCHA_PUB', 'Public key for recaptcha');
-@define('PLUGIN_EVENT_SPAMBLOCK_RECAPTCHA_PRIV', 'Private key for recaptcha');
-@define('PLUGIN_EVENT_SPAMBLOCK_RECAPTCHA_PUB_DESC', 'Provide a public key pair for communicating with the recaptcha.net site. You can request a public/private key pair at http://www.recaptcha.net/api/getkey');
-@define('PLUGIN_EVENT_SPAMBLOCK_RECAPTCHA_PRIV_DESC', 'Provide a private key pair for communicating with the recaptcha.net site. You can request a public/private key pair at http://www.recaptcha.net/api/getkey');
@define('PLUGIN_EVENT_SPAMBLOCK_CAPTCHAS_USERDESC', 'To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.');
@define('PLUGIN_EVENT_SPAMBLOCK_CAPTCHAS_USERDESC2', 'Enter the string you see here in the input box!');
@define('PLUGIN_EVENT_SPAMBLOCK_CAPTCHAS_USERDESC3', 'Enter the string from the spam-prevention image above: ');
------------------------------------------------------------------------------------
serendipity_event_spamblock.php:
--- serendipity_event_spamblock.php 2007-05-29 18:16:59.770099300 +0200
+++ serendipity_event_spamblock.php.orig 2007-05-29 12:23:20.252671700 +0200
@@ -12,11 +12,6 @@
}
include dirname(__FILE__) . '/lang_en.inc.php';
-require_once dirname(__FILE__) . '/recaptchalib.php';
-$GLOBALS['recaptcha_api_server'] = 'http://api.recaptcha.net';
-$GLOBALS['recaptcha_api_secure_server'] = 'https://api-secure.recaptcha.net';
-$GLOBALS['recaptcha_verify_server'] = 'api-verify.recaptcha.net';
-
/* BC - TODO: Remove for 0.8 final */
if (!function_exists('serendipity_serverOffsetHour')) {
@@ -61,9 +56,6 @@
'ipflood',
'csrf',
'captchas',
- 'recaptcha',
- 'recaptcha_pub',
- 'recaptcha_priv',
'captchas_ttl',
'captcha_color',
'forcemoderation',
@@ -172,31 +164,6 @@
'desc' => array(YES, NO, PLUGIN_EVENT_SPAMBLOCK_CAPTCHAS_SCRAMBLE)
));
break;
-
- case 'recaptcha':
- $propbag->add('type', 'radio');
- $propbag->add('name', PLUGIN_EVENT_SPAMBLOCK_RECAPTCHA);
- $propbag->add('description', PLUGIN_EVENT_SPAMBLOCK_RECAPTCHA_DESC);
- $propbag->add('default', 'no');
- $propbag->add('radio', array(
- 'value' => array('yes', 'no'),
- 'desc' => array(YES, NO)
- ));
- break;
-
- case 'recaptcha_pub':
- $propbag->add('type', 'string');
- $propbag->add('name', PLUGIN_EVENT_SPAMBLOCK_RECAPTCHA_PUB);
- $propbag->add('description', PLUGIN_EVENT_SPAMBLOCK_RECAPTCHA_PUB_DESC);
- $propbag->add('default', '');
- break;
-
- case 'recaptcha_priv':
- $propbag->add('type', 'string');
- $propbag->add('name', PLUGIN_EVENT_SPAMBLOCK_RECAPTCHA_PRIV);
- $propbag->add('description', PLUGIN_EVENT_SPAMBLOCK_RECAPTCHA_PRIV_DESC);
- $propbag->add('default', '');
- break;
case 'hide_for_authors':
$_groups =& serendipity_getAllGroups();
@@ -598,13 +565,11 @@
if (isset($hooks[$event])) {
$captchas_ttl = $this->get_config('captchas_ttl', 7);
$_captchas = $this->get_config('captchas', 'yes');
- $_recaptcha = $this->get_config('recaptcha', 'no');
- $captchas = ($_captchas !== 'no' && ($_captchas === 'yes' || $_captchas === 'scramble' || serendipity_db_bool($_captchas)) && ($_recaptcha ==='no'));
- $recaptcha = ($_captchas !== 'no' && ($_captchas === 'yes' || $_captchas === 'scramble' || serendipity_db_bool($_captchas)) && ($_recaptcha ==='yes' || $_recaptcha !== 'no' || serendipity_db_bool($_recaptcha)));
+ $captchas = ($_captchas !== 'no' && ($_captchas === 'yes' || $_captchas === 'scramble' || serendipity_db_bool($_captchas)));
// Check if the entry is older than the allowed amount of time. Enforce kaptchas if that is true
// of if kaptchas are activated for every entry
- $show_captcha = (($captchas || $recaptcha) && isset($eventData['timestamp']) && ($captchas_ttl < 1 || ($eventData['timestamp'] < (time() - ($captchas_ttl*60*60*24)))) ? true : false);
+ $show_captcha = ($captchas && isset($eventData['timestamp']) && ($captchas_ttl < 1 || ($eventData['timestamp'] < (time() - ($captchas_ttl*60*60*24)))) ? true : false);
$forcemoderation = $this->get_config('forcemoderation', 60);
$forcemoderation_treat = $this->get_config('forcemoderation_treat', 'moderate');
@@ -620,7 +585,8 @@
$use_gd = true;
} else {
$max_char = $min_char = 5;
- $use_gd = false; }
+ $use_gd = false;
+ }
switch($event) {
case 'fetchcomments':
@@ -864,38 +830,16 @@
// Captcha checking
if ($show_captcha && $addData['type'] == 'NORMAL') {
- if ($captchas) {
- if (!isset($_SESSION['spamblock']['captcha']) || !isset($serendipity['POST']['captcha']) || strtolower($serendipity['POST']['captcha']) != strtolower($_SESSION['spamblock']['captcha'])) {
- $this->log($logfile, $eventData['id'], 'REJECTED', sprintf(PLUGIN_EVENT_SPAMBLOCK_REASON_CAPTCHAS, $serendipity['POST']['captcha'], $_SESSION['spamblock']['captcha']), $addData);
- $eventData = array('allow_comments' => false);
- $serendipity['messagestack']['comments'][] = PLUGIN_EVENT_SPAMBLOCK_ERROR_CAPTCHAS;
- return false;
- } else {
- // DEBUG
- // $this->log($logfile, $eventData['id'], 'REJECTED', 'Captcha passed: ' . $serendipity['POST']['captcha'] . ' / ' . $_SESSION['spamblock']['captcha'] . ' // Source: ' . $_SERVER['REQUEST_URI'], $addData);
- }
- }
- // check recaptcha
- else {
- $privatekey = $this->get_config('recaptcha_priv');
- if ($_POST["recaptcha_response_field"]) {
- $resp = recaptcha_check_answer ($privatekey,
- $_SERVER["REMOTE_ADDR"],
- $_POST["recaptcha_challenge_field"],
- $_POST["recaptcha_response_field"]);
-
- if (!$resp->is_valid) {
- # set the error code so that we can display it
- $error = $resp->error;
- $this->log($logfile, $eventData['id'], 'REJECTED', $error, $addData);
- $eventData = array('allow_comments' => false);
- $serendipity['messagestack']['comments'][] = PLUGIN_EVENT_SPAMBLOCK_ERROR_CAPTCHAS;
- return false;
- }
+ if (!isset($_SESSION['spamblock']['captcha']) || !isset($serendipity['POST']['captcha']) || strtolower($serendipity['POST']['captcha']) != strtolower($_SESSION['spamblock']['captcha'])) {
+ $this->log($logfile, $eventData['id'], 'REJECTED', sprintf(PLUGIN_EVENT_SPAMBLOCK_REASON_CAPTCHAS, $serendipity['POST']['captcha'], $_SESSION['spamblock']['captcha']), $addData);
+ $eventData = array('allow_comments' => false);
+ $serendipity['messagestack']['comments'][] = PLUGIN_EVENT_SPAMBLOCK_ERROR_CAPTCHAS;
+ return false;
+ } else {
+// DEBUG
+// $this->log($logfile, $eventData['id'], 'REJECTED', 'Captcha passed: ' . $serendipity['POST']['captcha'] . ' / ' . $_SESSION['spamblock']['captcha'] . ' // Source: ' . $_SERVER['REQUEST_URI'], $addData);
}
- }
- }
- else {
+ } else {
// DEBUG
// $this->log($logfile, $eventData['id'], 'REJECTED', 'Captcha not needed: ' . $serendipity['POST']['captcha'] . ' / ' . $_SESSION['spamblock']['captcha'] . ' // Source: ' . $_SERVER['REQUEST_URI'], $addData);
}
@@ -993,45 +937,33 @@
}
if ($show_captcha) {
- if ($captchas) {
- echo '<div class="serendipity_commentDirection serendipity_comment_captcha">';
- if (!isset($serendipity['POST']['preview']) || strtolower($serendipity['POST']['captcha'] != strtolower($_SESSION['spamblock']['captcha']))) {
- echo '<br />' . PLUGIN_EVENT_SPAMBLOCK_CAPTCHAS_USERDESC . '<br />';
- if ($use_gd) {
- printf('<img src="%s" title="%s" alt="CAPTCHA" class="captcha" />',
- $serendipity['baseURL'] . ($serendipity['rewrite'] == 'none' ? $serendipity['indexFile'] . '?/' : '') . 'plugin/captcha_' . md5(time()),
+ echo '<div class="serendipity_commentDirection serendipity_comment_captcha">';
+ if (!isset($serendipity['POST']['preview']) || strtolower($serendipity['POST']['captcha'] != strtolower($_SESSION['spamblock']['captcha']))) {
+ echo '<br />' . PLUGIN_EVENT_SPAMBLOCK_CAPTCHAS_USERDESC . '<br />';
+ if ($use_gd) {
+ printf('<img src="%s" title="%s" alt="CAPTCHA" class="captcha" />',
+ $serendipity['baseURL'] . ($serendipity['rewrite'] == 'none' ? $serendipity['indexFile'] . '?/' : '') . 'plugin/captcha_' . md5(time()),
+ htmlspecialchars(PLUGIN_EVENT_SPAMBLOCK_CAPTCHAS_USERDESC2)
+ );
+ } else {
+ $bgcolors = explode(',', $this->get_config('captcha_color', '255,0,255'));
+ $hexval = '#' . dechex(trim($bgcolors[0])) . dechex(trim($bgcolors[1])) . dechex(trim($bgcolors[2]));
+ $this->random_string($max_char, $min_char);
+ echo '<div style="background-color: ' . $hexval . '">';
+ for ($i = 1; $i <= $max_char; $i++) {
+ printf('<img src="%s" title="%s" alt="CAPTCHA ' . $i . '" class="captcha" />',
+ $serendipity['baseURL'] . ($serendipity['rewrite'] == 'none' ? $serendipity['indexFile'] . '?/' : '') . 'plugin/captcha_' . $i . '_' . md5(time()),
htmlspecialchars(PLUGIN_EVENT_SPAMBLOCK_CAPTCHAS_USERDESC2)
);
- } else {
- $bgcolors = explode(',', $this->get_config('captcha_color', '255,0,255'));
- $hexval = '#' . dechex(trim($bgcolors[0])) . dechex(trim($bgcolors[1])) . dechex(trim($bgcolors[2]));
- $this->random_string($max_char, $min_char);
- echo '<div style="background-color: ' . $hexval . '">';
- for ($i = 1; $i <= $max_char; $i++) {
- printf('<img src="%s" title="%s" alt="CAPTCHA ' . $i . '" class="captcha" />',
- $serendipity['baseURL'] . ($serendipity['rewrite'] == 'none' ? $serendipity['indexFile'] . '?/' : '') . 'plugin/captcha_' . $i . '_' . md5(time()),
- htmlspecialchars(PLUGIN_EVENT_SPAMBLOCK_CAPTCHAS_USERDESC2)
- );
- }
- echo '</div>';
}
- echo '<br />';
- echo '<label for="captcha">'. PLUGIN_EVENT_SPAMBLOCK_CAPTCHAS_USERDESC3 . '</label><br /><input type="text" size="5" name="serendipity[captcha]" value="" id="captcha" />';
- }
- elseif (isset($serendipity['POST']['captcha'])) {
- echo '<input type="hidden" name="serendipity[captcha]" value="' . htmlspecialchars($serendipity['POST']['captcha']) . '" />';
+ echo '</div>';
}
- echo '</div>';
- }
- elseif ($recaptcha){
- $pubkey = $this->get_config('recaptcha_pub');
- $privkey = $this->get_config('recaptcha_priv');
- // The response from recaptcha.net
- $resp = null;
- // The error code from recaptcha.net, if any
- $error = null;
- echo recaptcha_get_html($pubkey);
+ echo '<br />';
+ echo '<label for="captcha">'. PLUGIN_EVENT_SPAMBLOCK_CAPTCHAS_USERDESC3 . '</label><br /><input type="text" size="5" name="serendipity[captcha]" value="" id="captcha" />';
+ } elseif (isset($serendipity['POST']['captcha'])) {
+ echo '<input type="hidden" name="serendipity[captcha]" value="' . htmlspecialchars($serendipity['POST']['captcha']) . '" />';
}
+ echo '</div>';
}
return true;
-----------------------------------------------------------------------------------
This is my first contribution to serendipity and I had a hard time figuring out the plugin_api . But it works for me.
All you need to do is get a copy of recaptchalib.php from <a href="http://recaptcha.net/plugins/php/">recaptcha.net</a> and place it in the serendipity_event_spamblock folder. Next you need to apply for your public/private key combination at <a href="http://recaptcha.net/api/getkey">recaptcha.net</a>.
Now apply the patch and enter the keys into the fields in the configuration dialog for the spamblock plugin.
Re: use reCaptcha in place of existing captchas?
Hi,
Both plugins are available as tar.gz Archives at http://www.256bit.org/~chrisbra/s9y/
Instructions:
Get the recaptcha library from www.recaptcha.net.
Place the unzipped recaptcha library at bundled_libs in a new folder called Recaptcha.
Put serendipity_event_captcha into the plugins_folder.
Replace the serendipity_event_spamblock folder by the new one.
Go to the login screen and add the captcha plugin as new event-plugin. Reconfigure the capture-plugin and the spamblock-plugin.
As this is pretty much the first time, I haved digged into the s9y-code, I would appreciate feedback from the developers. (some code is only commented out, as I was not sure, whether it might have to be included later on).
Please note, this is no stable software, it may burn your computer. I'll take no responsibility.
Update:
I have installed the recaptcha plugin in my blog see http://blog.256bit.org for some examples, what it would look like.
I have been working a little more on integrating the recaptcha into s9y. I have created a captcha_plugin which integrates the old captcha functionality and the new recaptcha one. Therefore I have been taking the captcha functionality out of the spamblock plugin.garvinhicking wrote: The spamblock plugin itself uses those hooks to emit its own captcha.
A different captcha plugin could be written using the same hooks/means.
I would love to see that, it's an interesting project IMHO!
Both plugins are available as tar.gz Archives at http://www.256bit.org/~chrisbra/s9y/
Instructions:
Get the recaptcha library from www.recaptcha.net.
Place the unzipped recaptcha library at bundled_libs in a new folder called Recaptcha.
Put serendipity_event_captcha into the plugins_folder.
Replace the serendipity_event_spamblock folder by the new one.
Go to the login screen and add the captcha plugin as new event-plugin. Reconfigure the capture-plugin and the spamblock-plugin.
As this is pretty much the first time, I haved digged into the s9y-code, I would appreciate feedback from the developers. (some code is only commented out, as I was not sure, whether it might have to be included later on).
Please note, this is no stable software, it may burn your computer. I'll take no responsibility.
Update:
I have installed the recaptcha plugin in my blog see http://blog.256bit.org for some examples, what it would look like.
-
- Core Developer
- Posts: 30022
- Joined: Tue Sep 16, 2003 9:45 pm
- Location: Cologne, Germany
- Contact:
Re: use reCaptcha in place of existing captchas?
Hi Chris!
Thanks a lot for your work! Might I be so bold to request a slightly different implementation?
What I would ultimately like to have is a simple "recaptcha" plugin that a person can install on top of a s9y installation without changing his spamblock plugin.
So we leave the spamblock plugin exactly as it is now.
The recaptcha plugin will then take care of issuing its very own captcha, and when people use it, they simply configure the spamblock plugin to not use captchas (because recaptcha does that job).
This has the following advantages:
1. People don't need to upgrade to a new s9y version because of the spamblock changes
2. The recaptcha plugin stands as its own and can be advertised on the recaptca pages easily.
3. The recaptcha plugin can easily be installed via Spartacus without interfering with the spamblock plugin
4. We can upgrade the recaptcha plugin independently from the s9y installation, because it is completely unrelated to the spamblock plugin.
BTW, the recaptcha library should be included within the plugin directory. It can be licenses as BSD, so no need to externally download the library for the user.
Do you think this would be possible? I would love it to be.
Thanks a lot for your work,
Garvin
Thanks a lot for your work! Might I be so bold to request a slightly different implementation?
What I would ultimately like to have is a simple "recaptcha" plugin that a person can install on top of a s9y installation without changing his spamblock plugin.
So we leave the spamblock plugin exactly as it is now.
The recaptcha plugin will then take care of issuing its very own captcha, and when people use it, they simply configure the spamblock plugin to not use captchas (because recaptcha does that job).
This has the following advantages:
1. People don't need to upgrade to a new s9y version because of the spamblock changes
2. The recaptcha plugin stands as its own and can be advertised on the recaptca pages easily.
3. The recaptcha plugin can easily be installed via Spartacus without interfering with the spamblock plugin
4. We can upgrade the recaptcha plugin independently from the s9y installation, because it is completely unrelated to the spamblock plugin.
BTW, the recaptcha library should be included within the plugin directory. It can be licenses as BSD, so no need to externally download the library for the user.
Do you think this would be possible? I would love it to be.
Thanks a lot for your work,
Garvin
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
Re: use reCaptcha in place of existing captchas?
Well got your point. From a users point of perspective I find that suboptimal, because you end up with 2 places where to configure captchas. And if the users isn't carefully, he might end up with 2 different captchas.garvinhicking wrote: What I would ultimately like to have is a simple "recaptcha" plugin that a person can install on top of a s9y installation without changing his spamblock plugin.
So we leave the spamblock plugin exactly as it is now.
The recaptcha plugin will then take care of issuing its very own captcha, and when people use it, they simply configure the spamblock plugin to not use captchas (because recaptcha does that job).
If you just take my provided recaptcha-plugin and use the existing spamblock-plugin, you'll see how that works. (In the end the captcha provided by the spamblock-plugin would always win).
What needs to be sure, is that the recaptcha-plugin would need to disable the captcha from the spamblock plugin. Don't know if this is possible.
Also from a programmer's view I find it not optimal, cause you end up with the same (or nearly the same code) in 2 plugins. This just does not sound reasonable.
Well, I am not sure how to proceed. I can rework the plugin, but in my personal opinion, this does not sound right.garvinhicking wrote: This has the following advantages:
1. People don't need to upgrade to a new s9y version because of the spamblock changes
2. The recaptcha plugin stands as its own and can be advertised on the recaptca pages easily.
3. The recaptcha plugin can easily be installed via Spartacus without interfering with the spamblock plugin
4. We can upgrade the recaptcha plugin independently from the s9y installation, because it is completely unrelated to the spamblock plugin.
May I ask for comments? I need to rethink this a little bit more, before I'll implement that change.
Ok, I was not sure were to put it anyway.garvinhicking wrote: BTW, the recaptcha library should be included within the plugin directory. It can be licenses as BSD, so no need to externally download the library for the user.
Of course this is possible. I am not yet really convinced, but if you or a majority still want it that way, I guess I will implement it.garvinhicking wrote: Do you think this would be possible? I would love it to be.
I got finally the chance to give something back.garvinhicking wrote: Thanks a lot for your work,
regards,
Christian
-
- Core Developer
- Posts: 30022
- Joined: Tue Sep 16, 2003 9:45 pm
- Location: Cologne, Germany
- Contact:
Re: use reCaptcha in place of existing captchas?
Hi!
People would only benefit from that option when they upgrade to the new serendipity version with that new plugin, but for the future it would be there.
There are drawbacks, I agree. But IMHO the advantages are much more important.
So, all the people reading it here, please comment.
Regards,
Garvin
We could add a check to the spamblock plugin that checks for a variable which is set by the recaptcha plugin (using the frontend_configure hook). If that variable is set, the spamblock captcha will not be emitted?Well got your point. From a users point of perspective I find that suboptimal, because you end up with 2 places where to configure captchas. And if the users isn't carefully, he might end up with 2 different captchas.
People would only benefit from that option when they upgrade to the new serendipity version with that new plugin, but for the future it would be there.
IMHO the amount of duplicate code would not be that high. The only thing I see identical would be the <img src> output and the blocking of spam when the captcha is found?Also from a programmer's view I find it not optimal, cause you end up with the same (or nearly the same code) in 2 plugins. This just does not sound reasonable.
There are drawbacks, I agree. But IMHO the advantages are much more important.
Of course, please have a go at it. But at the current implementation point, I cannot put your plugin into the official spartacus/serendipity repository - which is sad, because I'd really like reCaptcha implementation.Well, I am not sure how to proceed. I can rework the plugin, but in my personal opinion, this does not sound right.
May I ask for comments? I need to rethink this a little bit more, before I'll implement that change.
So, all the people reading it here, please comment.
Regards,
Garvin
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
I'm in agreement with Garvin. I feel that, although reCaptcha is a cool new idea to an old-time problem, I don't think that it should be jumped on and fully adopted so quickly. IMHO, it would be better to implement as a plugin so that people have the option of using it, but not forcing it down people's throats NOR forcing an update to Serendipity for those who want to utilize it.
I'm still iffy when I say this, but I would propose that should adoption of the reCaptcha be taken extremely well (ie: a sizable percentage of the userbase for Serendipity using the plugin), the original captcha idea be replaced with reCaptcha. The only issue that I have is the requirement for a API key:
I'm still iffy when I say this, but I would propose that should adoption of the reCaptcha be taken extremely well (ie: a sizable percentage of the userbase for Serendipity using the plugin), the original captcha idea be replaced with reCaptcha. The only issue that I have is the requirement for a API key:
That is not something old Captcha lovers will want to have to do, and I'm sure Serendipity won't want to have a universal API key for security reasons. Additionally, new adoptions to the blogging software might be extremely slow especially if the added step of having to register for an API key is required...Sign up for an API key. This sign-up process makes it much more difficult for an attacker to break your CAPTCHA.
Chris Weldon, ZCE
bowzer@gmail.com
bowzer@gmail.com
That was exactly was I did. The user could stay with the old traditional captcha or take the new one. Therefore I thought a captcha plugin would be better.bowzer wrote:I'm in agreement with Garvin. I feel that, although reCaptcha is a cool new idea to an old-time problem, I don't think that it should be jumped on and fully adopted so quickly. IMHO, it would be better to implement as a plugin so that people have the option of using it, but not forcing it down people's throats NOR forcing an update to Serendipity for those who want to utilize it.
But anyway, I'll rework it.
regards,
Christian
Re: use reCaptcha in place of existing captchas?
Well I reworked the plugin. See http://www.256bit.org/~chrisbra/s9y/ser ... 0.4.tar.gz
for the new recaptcha plugin.
I hope it is ok, to simply put a variable in $serendipity. I tried to make is in such a way, that other plugins could also use that.
Anyway, the problem with this approach is, that now, the recaptcha plugin needs to be loaded before the spamblock plugin, otherwise, the spamblock plugin will not see the variable.
regards,
Christian
for the new recaptcha plugin.
Ok, made a patch.garvinhicking wrote: We could add a check to the spamblock plugin that checks for a variable which is set by the recaptcha plugin (using the frontend_configure hook). If that variable is set, the spamblock captcha will not be emitted?
I hope it is ok, to simply put a variable in $serendipity. I tried to make is in such a way, that other plugins could also use that.
Anyway, the problem with this approach is, that now, the recaptcha plugin needs to be loaded before the spamblock plugin, otherwise, the spamblock plugin will not see the variable.
Also from a programmer's view I find it not optimal, cause you end up with the same (or nearly the same code) in 2 plugins. This just does not sound reasonable.
Well actually it is the spamblock plugin, removed by all non-necessary parts. (You'll probably see similarities, if you diff spamblock and recaptcha) Even some of the configuration options are shared.garvinhicking wrote: IMHO the amount of duplicate code would not be that high. The only thing I see identical would be the <img src> output and the blocking of spam when the captcha is found?
Oh well, you wanted it that way, so you'll find a better version at my site (see link above)garvinhicking wrote: There are drawbacks, I agree. But IMHO the advantages are much more important.
regards,
Christian
-
- Core Developer
- Posts: 30022
- Joined: Tue Sep 16, 2003 9:45 pm
- Location: Cologne, Germany
- Contact:
Re: use reCaptcha in place of existing captchas?
Hi!
Thanks a lot for the work! I just committed your files with minor modifications:
1. I modified the serendipity spamblock plugin to check your variable in place where the actual captcha is emitted, not on 'frontend_configure'. So now the order doesn'T matter any more. With my note I just wanted to say that the variable needed to be SET in frontned_configure, not read. That can be done later in the queue, where the variables of all plugins have been set.
2. I stripped some more code out of the recaptcha plugin that was not used (forcemoderation for example). I bumped the version to 0.5.
3. I removed the example*.php files frmo recaptcha to prevent people calling them and possibly endangering the serendipity installation with malicious code.
Now, what remains is a IMHO conceptual flaw:
The recaptcha plugin checks if $_POST['recaptcha_response_field'] is set. Now, if a spambot submits his own POST data to comment.php and simply leaves out that field, that will completely bypass the captcha protection, because the plugin does not have that field and simply says "hooray, this ain't spam".
It should be changed so that in case the POST-Field is missing, the comment is classified as spam, right?
Then another problem: If I solve a captcha once, I can get the POST-Data for the challenge field, and because I know the required result for the response field, I will be able to submit comments with the same POST-Data for challenge/response time and again, right?
Or is a challenge only valid until it has been solved for the first time? If so, how does it prevent that a challenge is not issued to two users who both validly solve it and submit it to the API?
Best regards,
Garvin
Thanks a lot for the work! I just committed your files with minor modifications:
1. I modified the serendipity spamblock plugin to check your variable in place where the actual captcha is emitted, not on 'frontend_configure'. So now the order doesn'T matter any more. With my note I just wanted to say that the variable needed to be SET in frontned_configure, not read. That can be done later in the queue, where the variables of all plugins have been set.
2. I stripped some more code out of the recaptcha plugin that was not used (forcemoderation for example). I bumped the version to 0.5.
3. I removed the example*.php files frmo recaptcha to prevent people calling them and possibly endangering the serendipity installation with malicious code.
Now, what remains is a IMHO conceptual flaw:
The recaptcha plugin checks if $_POST['recaptcha_response_field'] is set. Now, if a spambot submits his own POST data to comment.php and simply leaves out that field, that will completely bypass the captcha protection, because the plugin does not have that field and simply says "hooray, this ain't spam".
It should be changed so that in case the POST-Field is missing, the comment is classified as spam, right?
Then another problem: If I solve a captcha once, I can get the POST-Data for the challenge field, and because I know the required result for the response field, I will be able to submit comments with the same POST-Data for challenge/response time and again, right?
Or is a challenge only valid until it has been solved for the first time? If so, how does it prevent that a challenge is not issued to two users who both validly solve it and submit it to the API?
Best regards,
Garvin
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
Re: use reCaptcha in place of existing captchas?
ok thanks.garvinhicking wrote: 1. I modified the serendipity spamblock plugin to check your variable in place where the actual captcha is emitted, not on 'frontend_configure'. So now the order doesn'T matter any more. With my note I just wanted to say that the variable needed to be SET in frontned_configure, not read. That can be done later in the queue, where the variables of all plugins have been set.
My understanding from the existing documentation (which is not much on the security matter) is, that by providing your private key and the token generated by the recaptcha server, one single captcha can always be linked to one user and one session.garvinhicking wrote: 2. I stripped some more code out of the recaptcha plugin that was not used (forcemoderation for example). I bumped the version to 0.5.Yeah forgot about the forcemoderation code.I think, an empty POST field will produce an error, since the plugin sends that to the recaptcha server. It is probably a good idea to check for an empty field, to reduce network traffic.garvinhicking wrote: The recaptcha plugin checks if $_POST['recaptcha_response_field'] is set. Now, if a spambot submits his own POST data to comment.php and simply leaves out that field, that will completely bypass the captcha protection, because the plugin does not have that field and simply says "hooray, this ain't spam".
It should be changed so that in case the POST-Field is missing, the comment is classified as spam, right?
garvinhicking wrote: Then another problem: If I solve a captcha once, I can get the POST-Data for the challenge field, and because I know the required result for the response field, I will be able to submit comments with the same POST-Data for challenge/response time and again, right?
Or is a challenge only valid until it has been solved for the first time? If so, how does it prevent that a challenge is not issued to two users who both validly solve it and submit it to the API?
See the Api-Documentation for more infos.
regards,
Christian
-
- Core Developer
- Posts: 30022
- Joined: Tue Sep 16, 2003 9:45 pm
- Location: Cologne, Germany
- Contact:
Re: use reCaptcha in place of existing captchas?
Hi!
Best regards,
Garvin
No, it does not generate an error because if the response-POST-Field is missing, the webservice is not even queried in current code.I think, an empty POST field will produce an error, since the plugin sends that to the recaptcha server. It is probably a good idea to check for an empty field, to reduce network traffic.
Okay, thanks for clearing that up!My understanding from the existing documentation (which is not much on the security matter) is, that by providing your private key and the token generated by the recaptcha server, one single captcha can always be linked to one user and one session.
Best regards,
Garvin
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
The recaptcha plugin works great (http://3gz.com/test/ - runs on nightly build s9y_200706012342).
But... maybe I'm missing the point here, although recaptcha looks slick, and the decipher-project is a great initiative, the captchas in the S9Y-Spam Protector plugin seems faster and more friendlier for visitors to read. Also my readers (hi mum!) are Dutch not English. The mix of letters and numbers in the S9Y Spam Protector plugin seems more universal to me.
So, my verdict:
+ Appealing Looks
+ helps the decifering of books
+ because we can
- not reader-friendly
- a tad slower
But... maybe I'm missing the point here, although recaptcha looks slick, and the decipher-project is a great initiative, the captchas in the S9Y-Spam Protector plugin seems faster and more friendlier for visitors to read. Also my readers (hi mum!) are Dutch not English. The mix of letters and numbers in the S9Y Spam Protector plugin seems more universal to me.
So, my verdict:
+ Appealing Looks
+ helps the decifering of books
+ because we can
- not reader-friendly
- a tad slower
Who is General Failure, and why is he reading my disk?
I also have 2 blogs, one which is basically exclusively read by Germans. Most of my readers probably neither understand, what a captcha is, nor what this recaptcha thing is actually doing. Therefore I do not use it at this blog.Neut wrote:The recaptcha plugin works great (http://3gz.com/test/ - runs on nightly build s9y_200706012342).
But... maybe I'm missing the point here, although recaptcha looks slick, and the decipher-project is a great initiative, the captchas in the S9Y-Spam Protector plugin seems faster and more friendlier for visitors to read. Also my readers (hi mum!) are Dutch not English. The mix of letters and numbers in the S9Y Spam Protector plugin seems more universal to me.
So, my verdict:
+ Appealing Looks
+ helps the decifering of books
+ because we can
- not reader-friendly
- a tad slower
In fact, I only wrote the plugin, because I wanted to contribute back to the team and wanted to learn about the Plugin-Interface of serendipity.
regards,
Christian