Reusable CAPTCHAS

Discussions and requests related to new CMSimple features, plugins, templates etc. and how to develop.
Please don't ask for support at this forums!
cmb
Posts: 13244
Joined: Tue Jun 21, 2011 11:04 am
Location: Mü-Sa, RLP, DE
Contact:

Reusable CAPTCHAS

Post by cmb » Mon Aug 22, 2011 11:02 pm

Hello community,

there are several plugins that require CAPTCHAS. The current situation:
  • each of those plugins has to include it's own CAPTCHA, and the developer has to write the necessary code or must find and use a CAPTCHA library
  • the user can't change the CAPTCHA according to his wishes, and has different looking CAPTCHAS for each plugin
I would like to see that changed in the future:
  • each of those plugins could include a totally free (MIT license?) minimal CAPTCHA solution, and provide a hook for CAPTCHA plugins
  • the user could decide to stick with the minimal CAPTCHA, or could use one (or several) CAPTCHA plugin for the other plugins according to his wishes
How could this be done? Well, it is necessary to agree to an interface. I suggest the following:

Captcha plugins (and the minimal CAPTCHA solution) should provide two functions:

Code: Select all

/**
 * Returns the (X)HTML of the CAPTCHA as inline element,
 * e.g. <img src="xxx.png" alt="CAPTCHA">
 *
 * Sets a cookie or a session variable with the CAPTCHA value.
 *
 * @return string
 */
function captcha_captcha_display() {
...
}

/**
 * Returns if the given $value is correct
 * compared to the cookie or session variable already set.
 *
 * @param  string   The value the user entered.
 * @return bool
 */
function captcha_captcha_check($value) {
...
}
 
A plugin that requires a CAPTCHA should:
- provide a config option $cf[PLUGIN]['captcha_plugin'], where the user can enter the CAPTCHA plugin he wants to use
- copy the minimal CAPTCH solution to the plugin's root folder as captcha.php
- initialize the CAPTCHA plugin:

Code: Select all

if (!file_exists($pth['folder']['plugins'].$plugin_cf[PLUGIN]['captcha_plugin'].'/captcha.php')) {
    // fall back to build in functions:
    $plugin_cf[PLUGIN]['captcha_plugin'] = PLUGIN;
}
include_once $pth['folder']['plugins'].$plugin_cf[PLUGIN]['captcha_plugin'].'/captcha.php';
 
- display the CAPTCHA in the form:

Code: Select all

<?php echo call_user_func($plugin_cf[PLUGIN]['captcha_plugin'].'_captcha_display'); ?>
- check for valid user input:

Code: Select all

if (call_user_func($plugin_cf[PLUGIN]['captcha_plugin'].'_captcha_check', $_POST['captcha'])) {
    // error: CAPTCHA not recognized
}
 
- make sure that nothing is sent to the browser, before captcha_display is called

IMO that could spare quite some time for developers needing a CAPTCHA for their plugin, and will users give great freedom choosing the CAPTCHA they like. I can even image very special CAPTCHA solutions, e.g. billard balls for a pool club.

I'm gladly willing to provide at least the mentioned minimal CAPTCHA, probably as simple text based solution comparable to the standard CMSimple_XH mailform's CAPTCHA.

Any comments appreciated.

Christoph
Christoph M. Becker – Plugins for CMSimple_XH

svasti
Posts: 1649
Joined: Wed Dec 17, 2008 5:08 pm

Re: Reusable CAPTCHAS

Post by svasti » Tue Aug 23, 2011 5:11 pm

Good idea!

Holger
Site Admin
Posts: 3097
Joined: Mon May 19, 2008 7:10 pm
Location: Hessen, Germany
Contact:

Re: Reusable CAPTCHAS

Post by Holger » Tue Aug 23, 2011 8:22 pm

+1

But I don't understand why the pluginautor should copy a part of your solution to his plugin-folder???
Or maybe I don't get it from your description.

Beside this, the plugin should be open to easy integrate other Captchas, provided in a - lets say - ./libs/captch1 ... folder structure.
This could be done later by other developers.

Some solutions I like is e.g. http://www.phpcaptcha.org/
or http://www.google.com/recaptcha

I think with such a plugin-to-plugin solution, all of them are possible.

And, BTW, I really like the idea "Plugin for Plugins"! We have it with jQuery and it's a good choice for a captcha-solution too!

KR
Holger

cmb
Posts: 13244
Joined: Tue Jun 21, 2011 11:04 am
Location: Mü-Sa, RLP, DE
Contact:

Re: Reusable CAPTCHAS

Post by cmb » Tue Aug 23, 2011 8:34 pm

Hello Holger,

my idea was to have a general interface for captcha plugins and plugins requiring captchas (guestbooks, mailforms, etc). So there could be different captcha plugins, as it's the case with different lightbox plugins now (e.g. hi_fancybox and tg_popup). The "minimal solution" could be integrated by any plugin which requires a captcha, to have an independent plugin: the user is not required to install an additional plugin. But he could, if he prefers a more sophisticated or a special captcha solution.

Christoph
Christoph M. Becker – Plugins for CMSimple_XH

Holger
Site Admin
Posts: 3097
Joined: Mon May 19, 2008 7:10 pm
Location: Hessen, Germany
Contact:

Re: Reusable CAPTCHAS

Post by Holger » Tue Aug 23, 2011 8:56 pm

Ah :idea:
Now i got it.

Holger

cmb
Posts: 13244
Joined: Tue Jun 21, 2011 11:04 am
Location: Mü-Sa, RLP, DE
Contact:

Re: Reusable CAPTCHAS

Post by cmb » Tue Aug 23, 2011 9:00 pm

Hello Holger,
Holger wrote: + 1
Does it still hold?

Christoph
Christoph M. Becker – Plugins for CMSimple_XH

Holger
Site Admin
Posts: 3097
Joined: Mon May 19, 2008 7:10 pm
Location: Hessen, Germany
Contact:

Re: Reusable CAPTCHAS

Post by Holger » Tue Aug 23, 2011 9:02 pm

cmb wrote:Does it still hold?
Hmm, I must think about it ... :?

BR
Holger

Holger
Site Admin
Posts: 3097
Joined: Mon May 19, 2008 7:10 pm
Location: Hessen, Germany
Contact:

Re: Reusable CAPTCHAS

Post by Holger » Thu Aug 25, 2011 3:35 pm

Hi Christoph!

Ok, thought about it, but IMO it's better doing it another way.

I think it's not good to include the basic captca-code to every plugin.

Why not going the way like with jQuery4CMSimple?

You provide a complete basic-captcha plugin, which give that few functions to other plugins.
You, the user or other developers may include / provide other captchas as addons to your plugin.
That's easy to handle. Let's say you have a folder /plugins/captcha/addons/ in your plugin.
A new captcha solution extends the basic one and will come to your plugin as a subfolder /new_captcha in addons.
A user selects "new_captcha" in the plugin-config and your code looks for a folder with this name.
If so, it includes the code from there to provide this new captcha with the same function names of the basic one.

That's IMO easier to handle than copy some code to every plugin.
And what, if you must change / extend sth. in the basic captcha / the general interface? You have to update all plugins using it.

IMO it's not too hard to make it. And it's not a disadvantage to install a second plugin.
Anyway, the best solution should be the core can handle the plugin too. So you have the same captcha everywhere on the whole installation.

KR
Holger

cmb
Posts: 13244
Joined: Tue Jun 21, 2011 11:04 am
Location: Mü-Sa, RLP, DE
Contact:

Re: Reusable CAPTCHAS

Post by cmb » Thu Aug 25, 2011 4:36 pm

Hello Holger,

thanks for your thoughts and your reply. :)

Your suggestion is a good idea in the technical sense. But I see three problems: the first is a legal problem. If a developer writes an add-on to the captcha-plugin, and he wants to distribute it commercially, that might not work, if I publish the captcha-plugin as GPL. If I publish the captcha-plugin under commercial license, than the user has to pay twice. And even if I publish the captcha-plugin under a very liberal license (say LGPL or MIT), the user has to install the captcha-plugin in addition to other plugins using it. And that's the second problem. The third: some plugin developers perhaps don't want to rely on another plugin. So the captcha plugin wouldn't be of great use.
Holger wrote:I think it's not good to include the basic captca-code to every plugin.
The basic captcha code doesn't need to be included to any plugin that needs a captcha. It's only important that the author of the plugin uses an interfaced that will be agreed upon. Just yesterday I've developed the minimal captcha code that might be used. It's:

Code: Select all

<?php
session_start();

function advfrm_captcha_code() {
    $res = '';
    for ($i = 0; $i < 5; $i++) {
    $res .= rand(0, 9);
    }
    return $res;
}


function advancedform_captcha_display() {
    $code = advfrm_captcha_code();
    $_SESSION['ADVFRM_CAPTCHA'] = $code;
    return '<span class="captcha">'.$code.'</span>';
}


function advancedform_captcha_check($value) {
    return $value == $_SESSION['ADVFRM_CAPTCHA'];
}
 
The code is so simple, that a developer might as well write his own minimal captcha. It all comes down to an interface, that would be agreed upon. And your suggestion might as well be chosen as alternative, if other developers will prefer it. And that's the point:

Are other developers needing a captcha for their plugin interested in a common solution?

Christoph

PS: And BTW: you should have a look at http://www.cmsimpleforum.com/viewtopic.php?f=29&t=3213 ;)
Christoph M. Becker – Plugins for CMSimple_XH

cmb
Posts: 13244
Joined: Tue Jun 21, 2011 11:04 am
Location: Mü-Sa, RLP, DE
Contact:

Re: Reusable CAPTCHAS

Post by cmb » Wed Sep 14, 2011 12:46 am

Hello Holger,

I had a look at freecap, and I think it's quite nice, and even i18n is not a big deal, but unfortunatly it is not accessible for the visually impaired. So I had a look at phpcaptcha, but the download is already very large, and it doesn't contain localized audio captchas. So I had a look at reCaptcha. This seems to be a very interesting solution for a captcha, but unfortunatly it requires registration. It should be possible to get the required keys for inclusion to a plugin, but those keys would be coupled to my email-address. Requiring registration for the user of the plugin would be a minor inconvenience, but the plugin configuration would require the user to store the public and the private registration key to config.php, what might be a security issue.

So, do you have any suggestion, how this could be handled?

Christoph
Christoph M. Becker – Plugins for CMSimple_XH

Post Reply