CaptchaPlugin

A visual challenge-response test to prevent automated scripts from using the wiki

Description

This plugin tries to prevent automated scripts from creating users and spam your wiki. It does so by requiring a simple test to ensure that the request is done by a human being. The Captcha encodes information into a distorted image containing letters and digits. This information is easy to generate for the computer, easy to read for human beings but hard to recognize by computers. Note however, that Captchas aren't 100% bullet proof. They only raise the bar for automated scripts to pass the test. There are regular reports of Captchas of a specific kind being solved automatically for high profile internet sites.

CaptchaPlugin tries to create challenge-response tests hard enough to solve for computers, but does not claim that its tests are unbreakable on any scale. Read more about captchas at http://en.wikipedia.org/wiki/CAPTCHA.

Syntax Rules

CAPTCHA

This macro renders a simple captcha interface based on the jqCaptcha jQuery plugin (an image and a click handler to reload it). In most cases you'd use the CAPTCHAFORM macro for a more ready-to-use widget.

CAPTCHAFORM

This simply expands to the captcha form as defined in the captcha.tmpl template.

Parameters:

  • validateonsubmit: boolean value specifying when the form is being validated. If set to true (default) validation of the captcha will be performed on the client already when clicking on the "Submit" button. If set to false, validation happens on the server side only.
  • disableonsuccess: boolean value specifying when the challenge is going to be "consumed" while validating it on the client side. This defaults to false so that the server validation check on the same challenge gets a chance to pass as well.

CAPTCHACHECK

This macro can be used in own wiki applications to check a challenge at some point. It takes a challenge identifier and a response and verifies it while expanding the macro. Based on the result either error or success is returned.

Parameters:

  • challenge: the captcha challenge identifier
  • response: the response as provided by the user
  • error: format string to be returned when validation failed
  • success: format string to be returned when validation succeeded

Example

You type:

<form action="%SCRIPTURLPATH{view}%/%WEB%/%TOPIC%#example" id="example">
<div class="foswikiFormSteps">
  %CAPTCHAFORM%
  <div class="foswikiFormStep">
    %BUTTON{"%MAKETEXT{"Submit"}%" icon="tick" type="submit"}%
    %CLEAR%
  </div>
</div>
</form>

%CAPTCHACHECK{
  challenge="%URLPARAM{"captcha_challenge"}%"
  response="%URLPARAM{"captcha_response"}%"
  error="%JQICON{"error"}% There was an error checking the validation code."
  success="%JQICON{"accept"}% The validation code has been checked successfully."
}%

You get:

%CAPTCHAFORM%

%CAPTCHACHECK{ challenge="" response="" error="error There was an error checking the validation code." success="accept The validation code has been checked successfully." }%

You get (if installed)

captcha snapshot

Captcha-protected editing of topics

By switching on the {EnableSave} parameter in your Foswiki configuration, editing wiki topics will be guarded by requiring a captcha challenge to be passed. This feature is disabled by default as Foswiki core's own Strike-One mechanism is already well suited to protect accidental save actions to be performed (e.g. as performed by spam bots). In some cases an additional captcha guard might be interesting as to allow unauthenticated guests of a wiki to do regular edits. Use the {EnableSave} switch to enable this. The captcha challenge for topic edits can also be demanded even for registered users by enabling the {SaveForAll} flag. WARNING: this might raise the barrier to contribute to the wiki a bit too high for practical use. Only enable this feature when you really know what you are doing.

As by now the {EnableSave} feature is best integrated into the NatEditPlugin while needing extra provisions for other editors.

Installation Instructions

You do not need to install anything in the browser to use this extension. The following instructions are for the administrator who installs the extension on the server.

Open configure, and open the "Extensions" section. Use "Find More Extensions" to get a list of available extensions. Select "Install".

If you have any problems, or if the extension isn't available in configure, then you can still install manually from the command-line. See http://foswiki.org/Support/ManuallyInstallingExtensions for more help.

Plugin Info

Author(s): Foswiki:Main.KoenMartens, Foswiki:Main.KwangErnLiew, Foswiki:Main.MichaelDaum
License: GPL (GNU General Public License)
Release: 2.02
Version: 2.02
Change History:  
28 Aug 2014: specify rest security settings
04 Apr 2014: flag rest handlers that don't require authentication
17 Jul 2013: brought back to live and improved - Foswiki:Main.MichaelDaum
24 Dec 2009: started to port to foswiki - Foswiki:Main.SvenDowideit
28 Oct 2007: Fixed bug on RegistrationAgent
16 Aug 2007: Added black and white shades only; Added editcaptcha.tmpl; Moved all attributes to LocalSite.cfg; Removed DeleteAfterRegistration
08 Aug 2007: Added support for captcha on topic save (thanks Foswiki:Main.KwangErnLiew), fixed some minor bugs, added some free fonts
06 Aug 2007: Colourised fonts; Randomised font type, font size, background colour, and font positioning; Fixed hash display on user pages; Modified oopscaptcha.tmpl
03 Aug 2006: Renamed to CaptchaPlugin, adapted to Dakar (TWiki 4.0.x).
03 Jan 2006: Fixed some problems with expiry, also optimised according to FastPluginHints.
10 Oct 2005: Strip hash and text from arguments to register binary, or they will end up in the newly created user topic.
07 Oct 2005: Initial version
Dependencies:
NameVersionDescription
GD>=2.39Required.
Foswiki::Contrib::JsonRpcContrib>=1.30Required.
Plugin Home: http://foswiki.org/Extensions/CaptchaPlugin
Feedback: http://foswiki.org/Support/CaptchaPluginDev

I Attachment Action Size Date Who Comment
CaptchaPlugin.md5md5 CaptchaPlugin.md5 manage 0.2 K 28 Aug 2014 - 09:03 MichaelDaum  
CaptchaPlugin.sha1sha1 CaptchaPlugin.sha1 manage 0.2 K 28 Aug 2014 - 09:04 MichaelDaum  
CaptchaPlugin.tgztgz CaptchaPlugin.tgz manage 390.4 K 28 Aug 2014 - 09:03 MichaelDaum  
CaptchaPlugin.zipzip CaptchaPlugin.zip manage 403.0 K 28 Aug 2014 - 09:03 MichaelDaum  
CaptchaPlugin_installerEXT CaptchaPlugin_installer manage 6.7 K 28 Aug 2014 - 09:03 MichaelDaum  
CaptchaSnap1.pngpng CaptchaSnap1.png manage 16.0 K 28 Aug 2014 - 09:03 MichaelDaum  
Topic revision: r4 - 28 Aug 2014, MichaelDaum
 
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. see CopyrightStatement. Creative Commons License