From: Tuc at T-B-O-H.N. <ml...@t-...> - 2007-05-23 21:52:10
|
Hi, As with most people, my guestbook is being used for spam. Even though its "hidden until approved", search engines still pick it up. Today I got annoyed at it, so I looked to start adding Captcha to it. (Sorry, I just got distracted. Even though I pulled the page, they are submitting to the cgi directly...So now THATS chmod 000). I first started by changing the reference on Guestbook.html from "AddGuest.html" to "/cgi-bin/AddGuest.cgi". I then copied my AddGuest.html to AddGuesttemplate.html . After the Comments section, I added : <INPUT TYPE=hidden name=crypt value="%CRYPT%"> Please enter the characters in the image below: <INPUT TYPE=text name=co de> <BR> <IMG SRC="%CAPTCHASRC%"><BR> I then created AddGuest.cgi as : #!/usr/bin/perl use Authen::Captcha; my $output_dir = "/my/html/captcha"; my $www_output_dir = "/captcha"; my $db_dir = "/my/cgi-bin/captcha.db"; my $num_of_characters = 7; my $captcha = Authen::Captcha->new( output_folder => $output_dir, data_folder => $db_dir ); my $md5sum = $captcha->generate_code($num_of_characters); undef $file; open (IN,"</my/html/AddGuesttemplate.html"); while (<IN>) { $file .= $_; } close (IN); $file =~ s/%CRYPT%/$md5sum/g; $file =~ s/%CAPTCHASRC%/$www_output_dir\/$md5sum.png/g; print "Content-Type: text/html; charset=iso-8859-1\n\n"; print $file; exit; There are alot of changes to guestbook.pl... 1) add $captcha to the "use vars qw(" 2) put a $captcha=1; under the $line_breaks=1; 3) Add if ($captcha) { require Authen::Captcha; import Authen::Captcha; } under the "if ($mailprog =~ /SMTP:/i )" 4) After the part where it foreach's the input_names to strip_nonprintable I added : if ($captcha) { my $output_dir = "/usr/home/tucobx/html/captcha"; my $www_output_dir = "/captcha"; my $db_dir = "/usr/home/tucobx/cgi-bin/captcha.db"; my $num_of_characters = 7; my $captcha = Authen::Captcha->new( output_folder => $output_dir, data_folder => $db_dir ); if ($inputs{'code'} && $inputs{'crypt'}) { } else { } } Well, the reason there isn't anything in there yet is I did a quick test. I got my captcha out fine, and when I hit SUBMIT, I realized there were parts of the code I never knew ran. It ends up that there are inputs for the fields built right into the CGI. At this point, I've stopped. I really don't know what to do at this point. Personally, I like the nice pretty fancy page I made previously. The starkness of the stuff in form_error bothers me alot. Has any thought be given to another re-write/version of this? What I personally would love to see is that you allow the user to have a template like mine, but maybe even have a bigger replace of %GUESTBOOK_CODE_HERE% where it inserts the input chunk area and can include the captcha if necessary, so that when there is an error, just suck the template back in, and spit all the error info/etc into its midsection. Sorry for such a long first post.... Tuc |