Hello All,
I've been thinking a lot about doing this myself as many of my customers
have been loudly complaining about comment spam on their websites.
If the captcha system could be made generic, it could be tied into the
comment system as well. Anonymous posters would have to enter a captcha
code before commenting. Future features could use it too (say if
somebody wrote an "email to friend" box).
I've been thinking about doing this as a function that sends a binary
image directly to the apache handler. You'd tie the function to an op
(say, captcha). The captcha op would take no parameters and return a
binary image and shove its captcha code into the session store.
On the registration page, you'd add a block (say, |captcha|) that looks
something like:
<div id='captcha'>
<img src="|siteurl|/captcha" />
<input type='text' name='captcha' value='' />
<span class='error'>|captcha_error|</span>
</div>
Upon form submission, the calling party would call a "check_captcha()",
which would internally fetch the right param() and validate it. If it
passes, check_captcha() returns nothing. If it fails, it returns an
error message that gets shoved into |captcha_error|.
Couple of issues that I've thought of:
- Since both comments & registration forms use the existing formkey
system, it would be slick to somehow tie captcha's into it rather than
making new function calls. Haven't fleshed out this idea yet.
- Scoop does not automatically create a session (and a cookie for that
matter) for anonymous users. This is an issue because a user is still
anonymous while they sign up. (or post an anonymous comment). I'm not
sure if scoop has a function call to force a session on an anonymous
user, if not, I'd have to write one.
- Many sites have a separate server to serve static files to keep scoop
from serving more then a single request per page. This system would
require two hits per page to the apache process running scoop. However,
weighted against setting up some crazy scheme involving NFS, this ain't
a bad trade-off.
- There would need to be modifications to either page_out() in Scoop.pm
or handler() in ApacheHandler.pm to keep scoop from modifying the binary
image and to keep it from writing it's own headers. I thought
$S->{FILTERED} might do it, but looking at the code, I think I'm wrong.
- Since this would call the apache request object directly, thought
would also need to be given to any future plans for Apache2 as well.
- This system would most likely use GD::SecurityImage, which in turn
requires both FreeType and GD. All three would be new dependencies
required by Scoop. I don't think this is a big issue as every distro
I've seen offers both FreeType & GD with many installing them by
default. GD::SecurityImage would be installed in the same way scoop
already installs CPAN modules.
I'm thinking it is about a day or two of work to write & test this. I
could schedule some time a week or two from now and do this myself.
--
Cory R. King
XLAN, Inc.
Chris Schults wrote:
> Hello all. We're going to experiment with removing the requirement that
> you must activate a new account by clicking on the activation link in
> the new user welcome email. Instead, we're going to add a CAPTCHA* to
> the new user registration form. While this won't prevent people from
> supplying bogus email addresses, it should keep the number of bots
> spamming our comments to a minimum. The intent behind this move is to
> make the sign-up process easier and quicker.
>
> Has anyone successfully disabled the activation step, or added a CAPTCHA
> to the registration form?
>
> Chris
>
> * Completely Automated Public Turing test to tell Computers and Humans
> Apart
>
> --------------------------
>
> Chris Schults
> Web Production Manager
> Grist Magazine
> 710 Second Avenue, Suite 860
> Seattle, WA 98104
> Phone: 206-876-2020, ext. 204
> Fax: 253-423-6487
> <http://www.grist.org>
>
> To sign up for Grist by email, the world's top environmental news served
> up with a sense of humor, click here <http://www.grist.org/signup/> or
> send a blank email message to <daily-grist-subscribe at lists.grist.org>
>
> _______________________________________________
> Scoop-help mailing list
> Scoop-help at lists.kuro5hin.org
> http://lists.kuro5hin.org/mailman/listinfo/scoop-help
>
>