X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/fdc8d981d2555a4a2a7bb8ed1ef1cee7d03749dc..f83d905549ac16a3ae2d50d63d47effb20a68998:/doc/todo/require_CAPTCHA_to_edit.mdwn diff --git a/doc/todo/require_CAPTCHA_to_edit.mdwn b/doc/todo/require_CAPTCHA_to_edit.mdwn index e42ac259c..921e6254a 100644 --- a/doc/todo/require_CAPTCHA_to_edit.mdwn +++ b/doc/todo/require_CAPTCHA_to_edit.mdwn @@ -2,6 +2,8 @@ I don't necessarily trust all OpenID providers to stop bots. I note that ikiwik I imagine a plugin that modifies the login screen to use . You would then be required to fill in the captcha as well as log in in the normal way. +-- [[users/Will]] + > I hate CAPTCHAs with a passion. Someone else is welcome to write such a > plugin. > @@ -36,6 +38,8 @@ I imagine a plugin that modifies the login screen to use >>>> it means that someone else is taking care of keeping it ahead of >>>> the bot authors. +>> As [[spam_fighting]] shows, OpenID spam is now real. Yahoo, at least, would need to be blocked, according to the above, which seems like a bold move. --[[anarcat]] + Okie - I have a first pass of this. There are still some issues. Currently the code verifies the CAPTCHA. If you get it right then you're fine. @@ -55,7 +59,7 @@ ignored. > This is still not fixed. I would have thought the following patch would > have fixed this second issue, but it doesn't. -(code snipped as a working patch is below) +(code snipped as a working [[patch]] is below) >> What seems to be happing here is that the openid plugin defines a >> validate hook for openid_url that calls validate(). validate() in turn @@ -87,17 +91,18 @@ ignored. >>>> prusue my idea of not doing the captcha validation in the validate >>>> hook. +[[!format diff """ --- a/IkiWiki/Plugin/openid.pm +++ b/IkiWiki/Plugin/openid.pm -@@ -18,6 +18,7 @@ sub getopt () { #{{{ +@@ -18,6 +18,7 @@ sub getopt () { error($@) if $@; Getopt::Long::Configure('pass_through'); GetOptions("openidsignup=s" => \$config{openidsignup}); + GetOptions("openidneedscaptcha=s" => \$config{openidneedscaptcha}); - } #}}} + } - sub formbuilder_setup (@) { #{{{ -@@ -61,6 +62,7 @@ sub formbuilder_setup (@) { #{{{ + sub formbuilder_setup (@) { +@@ -61,6 +62,7 @@ sub formbuilder_setup (@) { # Skip all other required fields in this case. foreach my $field ($form->field) { next if $field eq "openid_url"; @@ -105,7 +110,7 @@ ignored. $form->field(name => $field, required => 0, validate => '/.*/'); } -@@ -96,6 +98,18 @@ sub validate ($$$;$) { #{{{ +@@ -96,6 +98,18 @@ sub validate ($$$;$) { } } @@ -125,6 +130,7 @@ ignored. return_to => IkiWiki::cgiurl(do => "postsignin"), trust_root => $config{cgiurl}, +"""]] Instructions ===== @@ -132,8 +138,10 @@ Instructions You need to go to and get a key set. The keys are added as options. - reCaptchaPubKey => "LONGPUBLICKEYSTRING", - reCaptchaPrivKey => "LONGPRIVATEKEYSTRING", +[[!format perl """ +reCaptchaPubKey => "LONGPUBLICKEYSTRING", +reCaptchaPrivKey => "LONGPRIVATEKEYSTRING", +"""]] You can also use "signInSSL" if you're using ssl for your login screen. @@ -142,6 +150,7 @@ The following code is just inline. It will probably not display correctly, and ---------- +[[!format perl """ #!/usr/bin/perl # Ikiwiki password authentication. package IkiWiki::Plugin::recaptcha; @@ -150,19 +159,19 @@ use warnings; use strict; use IkiWiki 2.00; -sub import { #{{{ +sub import { hook(type => "formbuilder_setup", id => "recaptcha", call => \&formbuilder_setup); -} # }}} +} -sub getopt () { #{{{ +sub getopt () { eval q{use Getopt::Long}; error($@) if $@; Getopt::Long::Configure('pass_through'); GetOptions("reCaptchaPubKey=s" => \$config{reCaptchaPubKey}); GetOptions("reCaptchaPrivKey=s" => \$config{reCaptchaPrivKey}); -} #}}} +} -sub formbuilder_setup (@) { #{{{ +sub formbuilder_setup (@) { my %params=@_; my $form=$params{form}; @@ -272,7 +281,7 @@ EOTAGS }); } } -} # }}} +} # The following function is borrowed from # Captcha::reCAPTCHA by Andy Armstrong and are under the PERL Artistic License @@ -323,4 +332,4 @@ sub check_answer { } 1; - +"""]]