MediaWiki:Captcha
From SEDSWiki
Captcha
These are Captcha patches to MediaWiki 1.5.7 used on this site. I got tired of all the spambots logging in and trashing pages with spam. Hopefully this will put an end to that... I could not have done this without the details on mods to MediaWiki 1.4.5 at this site.
Note that the underlying Veriword class requires the PHP installation to have the GD Graphics Library and Freetype compiled-in.
The Mediawiki adaptation builds on the WordPress Plugin: AuthImage so start by downloading that package and installating it in the Mediawiki extensions/ folder.
I found that I didn't need the "authimage-hacks.php" file. Also, when you're done implementing all these changes, add the following to the end of your LocalSettings.php file:
require_once( 'extensions/authimage.php' );
The remainder of this page is in a similar style to the site mentioned above, with my specific mods for the newer version of mediawiki.
extensions/authimage-inc/
extensions/authimage-inc/words/words.txt
Tip: Create your own captcha word dictionary! On SEDS.org, we used a number of space-related words that should be familiar to our users.
extensions/authimage-inc/veriword.ini So that it will use all the words in the dictionary file, don't set a length for the random words.
... randomword_length = ...
extensions/authimage.php I've modified this significantly from the Word Press version, as well as the version used for MediaWiki 1.4.5 -- note that I'm not confident on how the session is closed out, so if you know the "right" way, please correct it. What is below seems to work, but doesn't "feel right." Also, I have a concern that the "image" is generated for every wiki page load, becauase of where it lives in this function, but I can't get the debugging work to verify if that is true.
<?php
/*
Plugin Name: AuthImage
Plugin URI: http://www.gudlyf.com/index.php?p=376
Description: Creates an authentication image to help combat spam in comments.
Version: 3.0
Author: Keith McDuffee
Author URI: http://www.gudlyf.com/
Originally modified by miEro
This version by C. Lewicki 3/25/2006
*/
session_start();
$authimage = '/extensions/authimage-inc/image.veriword.php';
function checkAICode($code)
{
require_once("authimage-inc/class.verificator.php");
$veri = new VeriFicator($code);
$verified = $veri->verified();
$return = ($verified == 1) ? 1 : 0;
if(!isset($_SESSION['veriword'])) {
$return = 0;
} else {
/*
session_unset();
session_destroy();
session_start();
*/
}
return $return;
}
?>
includes/EditPage.php Note that our site doesn't use this particular modification, as we require accounts to edit any pages via "$wgGroupPermissions['*']['edit'] = false;" in LocalSettings.php
--- EditPage.php.orig 2006-03-24 15:37:30.000000000 -0800
+++ EditPage.php 2006-03-25 10:43:31.000000000 -0800
@@ -175,7 +175,10 @@
return;
}
if ( $this->save ) {
- $this->editForm( 'save' );
+ if ( checkAICode($_POST['code']) || $wgUser->isSysop() )
+ $this->editForm( 'save' );
+ else
+ $this->editForm( 'edit' );
} else if ( $this->preview ) {
$this->editForm( 'preview' );
} else if ( $this->diff ) {
@@ -710,12 +713,19 @@
<textarea tabindex='1' accesskey="," name="wpTextbox1" rows='{$rows}'
cols='{$cols}'{$ew}>
END
-. htmlspecialchars( $this->safeUnicodeOutput( $this->textbox1 ) ) .
-"
+htmlspecialchars( $wgContLang->recodeForEdit( $this->textbox1 ) ) . "
</textarea>
{$metadata}
-<br />{$editsummary}
+<table><tr><td>
+{$editsummary}
{$checkboxhtml}
+<p>
+<label for=\"code\">Enter phrase from image (or skip for another): </label>
+<input type=\"text\" name=\"code\" id=\"code\" value=\"\" size=\"20\" tabindex=\"4\"/>
+</p>
+</td><td valign=\"bottom\">
+<img style=\"border:1px solid black\" src=\"$GLOBALS[authimage]\" alt=\"authimage\"/><br/>
+</td></tr></table>
{$safemodehtml}
<input tabindex='5' id='wpSave' type='submit' value=\"{$save}\" name=\"wpSave\" accesskey=\"".wfMsg('accesskey-save')."\"".
" title=\"".wfMsg('tooltip-save')."\"/>
includes/SpecialUserlogin.php
--- SpecialUserlogin.php.orig 2006-03-24 15:37:59.000000000 -0800
+++ SpecialUserlogin.php 2006-03-24 15:46:12.000000000 -0800
@@ -52,6 +52,7 @@
$this->mLoginattempt = $request->getCheck( 'wpLoginattempt' );
$this->mAction = $request->getVal( 'action' );
$this->mRemember = $request->getCheck( 'wpRemember' );
+ $this->mCode = $request->getVal( 'wpCode' );
if( $wgEnableEmail ) {
$this->mEmail = $request->getText( 'wpEmail' );
@@ -80,14 +81,18 @@
$this->onCookieRedirectCheck( $this->mCookieCheck );
return;
} else if( $this->mPosted ) {
- if( $this->mCreateaccount ) {
+ $ok = -1;
+ if( $this->mCreateaccount && ($ok = checkAICode($this->mCode)) ) {
return $this->addNewAccount();
- } else if ( $this->mCreateaccountMail ) {
+ } else if ( $this->mCreateaccountMail && ($ok = checkAICode($this->mCode))) {
return $this->addNewAccountMailPassword();
- } else if ( $this->mMailmypassword ) {
+ } else if ( $this->mMailmypassword && ($ok = checkAICode($this->mCode))) {
return $this->mailPassword();
} else if ( ( 'submitlogin' == $this->mAction ) || $this->mLoginattempt ) {
- return $this->processLogin();
+ if ($ok !== -1)
+ return $this->mainLoginForm( 'Incorrect phrase from image. Please, try again with another image.' );
+ else
+ return $this->processLogin();
}
}
$this->mainLoginForm( '' );
includes/templates/Userlogin.php
--- Userlogin.php.orig 2006-03-24 15:38:22.000000000 -0800
+++ Userlogin.php 2006-03-24 15:56:58.000000000 -0800
@@ -84,6 +84,7 @@
<input tabindex='7' type='text' name="wpEmail" id="wpEmail"
value="<?php $this->text('email') ?>" size='20' />
</td>
+ <td rowspan="2"><img src="<?php print $GLOBALS['authimage'] ?>" alt="authimage"/></td>
<?php } ?>
<?php if( $this->data['userealname'] ) { ?>
</tr>
@@ -94,6 +95,13 @@
value="<?php $this->text('realname') ?>" size='20' />
</td>
<?php } ?>
+ </tr>
+ <tr>
+ <td align='right'><label for='wpCode'>Enter phrase from image:</label></td>
+ <td align='left'>
+ <input tabindex='7' type='text' name="wpCode" id="wpCode"
+ value="" size='20' />
+ </td>
<td align='left'>
<input tabindex='9' type='submit' name="wpCreateaccount"
value="<?php $this->msg('createaccount') ?>" />
--Chris 11:22, 25 March 2006 (PST)
