[Nms-cgi-devel] Guestbook

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hi,

	As with most people, my guestbook is being used for spam. Even
though its "hidden until approved", search engines still pick it up.

	Today I got annoyed at it, so I looked to start adding Captcha to
it. (Sorry, I just got distracted. Even though I pulled the page, they
are submitting to the cgi directly...So now THATS chmod 000). 

	I first started by changing the reference on Guestbook.html from
"AddGuest.html" to "/cgi-bin/AddGuest.cgi".

	I then copied my AddGuest.html to AddGuesttemplate.html .

	After the Comments section, I added :

        <INPUT TYPE=hidden name=crypt value="%CRYPT%">
        Please enter the characters in the image below: <INPUT TYPE=text name=co
de>
        <BR>
        <IMG SRC="%CAPTCHASRC%"><BR>


	I then created AddGuest.cgi as :

#!/usr/bin/perl

use Authen::Captcha;

my $output_dir = "/my/html/captcha";
my $www_output_dir = "/captcha";
my $db_dir = "/my/cgi-bin/captcha.db";
my $num_of_characters = 7;

my $captcha = Authen::Captcha->new(
                      output_folder     => $output_dir,
                      data_folder       => $db_dir
                      );

my $md5sum = $captcha->generate_code($num_of_characters);

undef $file;
open (IN,"</my/html/AddGuesttemplate.html");
while (<IN>)
{
  $file .= $_;
}
close (IN);

$file =~ s/%CRYPT%/$md5sum/g;
$file =~ s/%CAPTCHASRC%/$www_output_dir\/$md5sum.png/g;

print "Content-Type: text/html; charset=iso-8859-1\n\n";
print $file;

exit;


	There are alot of changes to guestbook.pl...

1) add $captcha to the "use vars qw("
2) put a $captcha=1; under the $line_breaks=1;
3) Add 

    if ($captcha)
    {
      require Authen::Captcha;
      import Authen::Captcha;
    }

	under the "if ($mailprog =~ /SMTP:/i )"

4) After the part where it foreach's the input_names to strip_nonprintable
I added :

if ($captcha)
{
    my $output_dir = "/usr/home/tucobx/html/captcha";
    my $www_output_dir = "/captcha";
    my $db_dir = "/usr/home/tucobx/cgi-bin/captcha.db";
    my $num_of_characters = 7;

    my $captcha = Authen::Captcha->new(
                      output_folder     => $output_dir,
                      data_folder       => $db_dir
                      );

    if ($inputs{'code'} && $inputs{'crypt'})
    {
    }
    else
    {
    }
}

	Well, the reason there isn't anything in there yet is I did a
quick test. I got my captcha out fine, and when I hit SUBMIT, I realized
there were parts of the code I never knew ran. It ends up that there are
inputs for the fields built right into the CGI. At this point, I've stopped.

	I really don't know what to do at this point. Personally, I like
the nice pretty fancy page I made previously. The starkness of the stuff
in form_error bothers me alot. 

	Has any thought be given to another re-write/version of this? 
What I personally would love to see is that you allow the user to have a
template like mine, but maybe even have a bigger replace of 
%GUESTBOOK_CODE_HERE% where it inserts the input chunk area and can include
the captcha if necessary, so that when there is an error, just suck the
template back in, and spit all the error info/etc into its midsection.

	Sorry for such a long first post....

				Tuc