Good find! Incorporating this security feature is not too hard; the code is below.
1. Get a copy of the files (you have to register, but it's free), extract the zip file, and
edit captcha.pl (shown below) to suit your server. I put the files in a directory named captcha inside the admin directory, so that is how the code below is written. Upload the files captcha.pl, codes.txt, and the images directory into the captcha directory. I left out the data directory, and captchtest.cgi, as it won't be used.
$captcha_datafolder = "/full/path/to/cgi-bin/links/admin/captcha"; # not web accessible to store database (no trailing slash)
$captcha_database = "$captcha_datafolder/codes.txt"; # path to database file
$captcha_imagesfolder = "$captcha_datafolder/images"; # not web accessible to store png image files (no trailing slash)
$captcha_outputfolder = "/full/path/to/www/links/captcha"; # path to store output (no trailing slash)
$captcha_webfolder = "http://your_url.com/links/captcha"; # url to outputfolder (no trailing slash)
2. Edit add.cgi, sub main as shown:
if (keys %in != 0) {
$in{'captcha'} ? &captcha : &site_html_add_failure("You are attempting to bypass our security.") and return;
}
3. Add this new sub to add.cgi, above sub process_form:
sub captcha {
#------------------------------------------
require "admin/captcha/captcha.pl";
$code = ($in{'code'});
$crypt = ($in{'crypt'});
if ($code && $crypt){
# check code
$result = &checkCode($code,$crypt);
if ($result == 1){
&process_form;
}
elsif ($result == -1){
&site_html_add_failure("<b>Failed!</b> Reason: code expired. Possible cause: code was issued too long ago. Try the new code below.") and return;
}
elsif ($result == -2){
&site_html_add_failure("<b>Failed!</b> Reason: invalid code (not in database). Possible causes: code already used or expired. Try the new code below.") and return;
}
elsif ($result == -3){
&site_html_add_failure("<b>Failed!</b> Reason: invalid code (code does not match crypt). Possible cause: characters not entered correctly. Try the new code below.") and return;
# note - once a solution is tried it is expired, even if it failed
}
else {
&site_html_add_failure("You did not enter the security code.") and return;
}
}
} # end sub
4. Edit site_html_templates.pl as shown:
# --------------------------------------------------------
# This routine determines how the add form page will look like.
&html_print_headers;
my $get_captcha_form = &create_captcha_form; #in db_utils.pl
my $category = shift;
$category ?
($category = qq~$category <input type=hidden name="Category" value="$category">~) :
($category = &build_select_field ("Category", "$in{'Category'}"));
print &load_template ('add.html', {
Category => $category,
captcha_form => $get_captcha_form,
%globals
});
} sub site_html_add_failure {
# --------------------------------------------------------
# This routine determines how the add failure page will look like. my ($errormsg) = shift;
my $get_captcha_form = &create_captcha_form; # in db_utils.pl
$in{'Category'} ?
($in{'Category'} = qq~<input type=hidden name="Category" value="$in{'Category'}">$in{'Category'}~) :
($in{'Category'} = &build_select_field ("Category"));
&html_print_headers;
print &load_template ('add_error.html', {
error => $errormsg,
captcha_form => $get_captcha_form,
%in,
%globals
});}
5. Add a new sub to db_utils.pl, at the end of the file just abpve the '1;'. This is where you can edit the HTML code to match your site.
#-----------------------------------------------------------
# Create the form for add.cgi securityrequire "admin/captcha/captcha.pl";
$crypt = &generateCode(8); if ($crypt){
$i_width = $captcha_length*$captcha_width;
$output = qq|<img src="$captcha_webfolder/$crypt.png" width="$i_width" height="$captcha_height" border="0"><br>
<input type="hidden" name="crypt" value="$crypt">
Enter the characters you see in the image:
<input type="text" name="code" value=""><br>
Note: the numbers zero (0) and one (1) do not appear in the image. Refresh/reload this page for a new image. If you are uncertain of a character, take your best guess.|;
return $output;
}
else{
&site_html_add_failure("Code not generated (file error)! Check to be sure that the script is properly configured.") and return;
}
}
6. Edit the add.html and add_error.html templates as shown. The bold part is what is actually required.
<tr><td align="right" valign="top">Security:</td>
<td><%captcha_form%></td></tr>
<tr><td></td><td><input type="SUBMIT" value="Add Resource" name="captcha"></td></tr>
That should do it! If you have any trouble, let me know.
Leonard
aka PerlFlunkie
1. Get a copy of the files (you have to register, but it's free), extract the zip file, and
edit captcha.pl (shown below) to suit your server. I put the files in a directory named captcha inside the admin directory, so that is how the code below is written. Upload the files captcha.pl, codes.txt, and the images directory into the captcha directory. I left out the data directory, and captchtest.cgi, as it won't be used.
Code:
##### SETTINGS ##### $captcha_datafolder = "/full/path/to/cgi-bin/links/admin/captcha"; # not web accessible to store database (no trailing slash)
$captcha_database = "$captcha_datafolder/codes.txt"; # path to database file
$captcha_imagesfolder = "$captcha_datafolder/images"; # not web accessible to store png image files (no trailing slash)
$captcha_outputfolder = "/full/path/to/www/links/captcha"; # path to store output (no trailing slash)
$captcha_webfolder = "http://your_url.com/links/captcha"; # url to outputfolder (no trailing slash)
2. Edit add.cgi, sub main as shown:
Code:
# We are processing the form. if (keys %in != 0) {
$in{'captcha'} ? &captcha : &site_html_add_failure("You are attempting to bypass our security.") and return;
}
3. Add this new sub to add.cgi, above sub process_form:
Code:
sub captcha {
#------------------------------------------
require "admin/captcha/captcha.pl";
$code = ($in{'code'});
$crypt = ($in{'crypt'});
if ($code && $crypt){
# check code
$result = &checkCode($code,$crypt);
if ($result == 1){
&process_form;
}
elsif ($result == -1){
&site_html_add_failure("<b>Failed!</b> Reason: code expired. Possible cause: code was issued too long ago. Try the new code below.") and return;
}
elsif ($result == -2){
&site_html_add_failure("<b>Failed!</b> Reason: invalid code (not in database). Possible causes: code already used or expired. Try the new code below.") and return;
}
elsif ($result == -3){
&site_html_add_failure("<b>Failed!</b> Reason: invalid code (code does not match crypt). Possible cause: characters not entered correctly. Try the new code below.") and return;
# note - once a solution is tried it is expired, even if it failed
}
else {
&site_html_add_failure("You did not enter the security code.") and return;
}
}
} # end sub
4. Edit site_html_templates.pl as shown:
Code:
sub site_html_add_form { # --------------------------------------------------------
# This routine determines how the add form page will look like.
&html_print_headers;
my $get_captcha_form = &create_captcha_form; #in db_utils.pl
my $category = shift;
$category ?
($category = qq~$category <input type=hidden name="Category" value="$category">~) :
($category = &build_select_field ("Category", "$in{'Category'}"));
print &load_template ('add.html', {
Category => $category,
captcha_form => $get_captcha_form,
%globals
});
} sub site_html_add_failure {
# --------------------------------------------------------
# This routine determines how the add failure page will look like. my ($errormsg) = shift;
my $get_captcha_form = &create_captcha_form; # in db_utils.pl
$in{'Category'} ?
($in{'Category'} = qq~<input type=hidden name="Category" value="$in{'Category'}">$in{'Category'}~) :
($in{'Category'} = &build_select_field ("Category"));
&html_print_headers;
print &load_template ('add_error.html', {
error => $errormsg,
captcha_form => $get_captcha_form,
%in,
%globals
});}
5. Add a new sub to db_utils.pl, at the end of the file just abpve the '1;'. This is where you can edit the HTML code to match your site.
Code:
sub create_captcha_form { #-----------------------------------------------------------
# Create the form for add.cgi securityrequire "admin/captcha/captcha.pl";
$crypt = &generateCode(8); if ($crypt){
$i_width = $captcha_length*$captcha_width;
$output = qq|<img src="$captcha_webfolder/$crypt.png" width="$i_width" height="$captcha_height" border="0"><br>
<input type="hidden" name="crypt" value="$crypt">
Enter the characters you see in the image:
<input type="text" name="code" value=""><br>
Note: the numbers zero (0) and one (1) do not appear in the image. Refresh/reload this page for a new image. If you are uncertain of a character, take your best guess.|;
return $output;
}
else{
&site_html_add_failure("Code not generated (file error)! Check to be sure that the script is properly configured.") and return;
}
}
6. Edit the add.html and add_error.html templates as shown. The bold part is what is actually required.
Code:
<td><input name="Contact Email" value="" size="40"></td></tr> <tr><td align="right" valign="top">Security:</td>
<td><%captcha_form%></td></tr>
<tr><td></td><td><input type="SUBMIT" value="Add Resource" name="captcha"></td></tr>
That should do it! If you have any trouble, let me know.
Leonard
aka PerlFlunkie