#17 Add CAPTCHA?

open
nobody
5
2012-05-18
2008-04-21
Anonymous
No

Our NMS FormMail script as been getting spammed as of late. It seems having CAPTCHA or at least an OPTION for CAPTCHA would be nice. reCAPTCHA (http://recaptcha.net/resources.html) looks like an easy thing to add/implement. The problem is I don't know where in the NMS FormMail script to add it myself (or I would). Obviously, one of the user configurations would be for the reCAPTCHA API keys (so being an OPTION is nice).

If NMS FormMail is no longer being developed or if this is a feature that would NOT be added I would like to at least be contacted by someone who could help my add it to my implementation of NMS FormMail.

Thank you,
Mike Michaelson
mike@percocomarble.com

Discussion

  • blake girardot
    blake girardot
    2008-06-30

    Logged In: YES
    user_id=135704
    Originator: NO

    Here is one way to add reCaptcha support, less than perfect, but it works. In case it doesn't post properly here is a link to it on the web displaying properly:
    http://groups.google.com/group/recaptcha/browse_thread/thread/b4b35aa61353d485

    These are notes for how I added reCaptcha support to the NMS version of FormMail.pl (http://nms-cgi.sourceforge.net/), a much better version of the original FormMail.pl.

    reCaptcha is a specific implementation of the general captcha idea and more information about it can be found here:
    http://recaptcha.net/

    I have the fully self contained, stand alone version of NMS FormMail.pl installed, called the "compat" version on the sourceforge page. This basically means the FormMail.pl script has all the code it needs are all in the one file, it has embedded any other modules it might need to work directly in its own script. This makes it fully self contained and doesn't need any additional modules to work making installation simple.

    My method installs the reCaptcha perl module in the system wide perl installation and then calls that perl module from the FormMail.pl script.

    I took the example perl code from http://code.google.com/p/recaptcha/, stripped out the HTML parts and stuck it in the FormMail.pl script following the conventions used in that script as best I could.

    I am not a perl expert so I can't promise this is the best way to accomplish this goal, but it does meet my needs just fine. I am all for someone who really knows perl doing it the right way but people have been asking around for a while and I haven't seen any other solutions on the internet yet so I thought I would take a stab at it.

    1. Install the reCaptcha perl module, at the time of writing this the latest version was 0.92
      http://search.cpan.org/~andya/Captcha-reCAPTCHA/

    Directly edit the FormMail.pl script, add the two single lines and the two following functions:

    1. Line 1034 is blank, change it to:
      use Captcha::reCAPTCHA;

    2. Line 2094 is blank, change it to:
      $self->check_recaptcha or return;

    3. Insert the following two functions into the FormMail.pl script starting at line 2104. Replace YOUR_PRIVATE_KEY_HERE with your actual private key from the reCaptcha folks:

    START additions to support reCaptcha verification

    =item check_recaptcha ( )

    Uses the reCaptcha perl module to CHECK the user entered words.

    =cut

    sub check_recaptcha {
    my ($self) = @_;
    use constant PRIVATE_KEY => 'YOUR_PRIVATE_KEY_HERE';
    my $c = Captcha::reCAPTCHA->new;
    if ( $self->{Form}{recaptcha_response_field} ) {
    my $result = $c->check_answer(
    PRIVATE_KEY, $ENV{'REMOTE_ADDR'},
    $self->{Form}{recaptcha_challenge_field},
    $self->{Form}{recaptcha_response_field}
    );
    if ( $result->{is_valid} ) {
    return 1;
    }
    else {
    $self->bad_recaptcha_error_page;
    return 0;
    }
    }
    else {
    $self->bad_recaptcha_error_page;
    return 0;
    }
    }

    =item bad_recaptcha_error_page ()

    Outputs the error page for a bad or missing reCaptcha user entry.

    =cut

    sub bad_recaptcha_error_page {
    my ($self) = @_;

    my $errhtml = <<END; <p="">
    The validation word response was missing or not correct.
    All test phrases are two words long so your entry should
    be two words as well. The presented words are generated
    automatically from a scanned book and are often hard to read.
    Please use the back button in your browser to return to the form
    and you will automatically have two new words. There is a small
    refresh icon next to the response field that will generate two
    new words if you can not read the two words presented.


    END

    $self->error_page( 'Error: Incorrect or Missing Challenge Words', $errhtml );
    }

    END additions to support reCaptcha verification

    1. Insert the following javascript in your form html to generate the challenge words box from reCaptcha. I use a static HTML form to feed my FormMail.pl script so I use the javascript code from reCaptcha to generate the challenge words. This javascript code can be found here http://recaptcha.net/apidocs/captcha/client.html since it might not display properly below depending on where you are reading these notes.
    <script type="text/javascript" src="http://api.recaptcha.net/challenge?k=&lt;your_public_key&gt;"> </script> <noscript> <iframe src="http://api.recaptcha.net/noscript?k=&lt;your_public_key&gt;" height="300" width="500" frameborder="0"></iframe>
    </noscript>

    That should about do it really, those are all the changes I made to my set up to get reCaptcha support in NMS FormMail.pl.

    Best wishes,
    Blake Girardot
    bgirardot funnyatsymbol gmail com