A visual challenge-response test to prevent automated scripts from using the wiki
Description
This plugin tries to prevent automated scripts from creating users and spam your wiki. It does so by requiring a
simple test to ensure that the request is done by a human being. The Captcha encodes information into a distorted image
containing letters and digits. This information is easy to generate for the computer, easy to read for human beings but
hard to recognize by computers. Note however, that Captchas aren't 100% bullet proof. They only raise the bar for automated
scripts to pass the test. There are regular reports of Captchas of a specific kind being solved automatically for high profile internet sites.
CaptchaPlugin tries to create challenge-response tests hard enough to solve for computers, but does not claim that its tests are unbreakable
on any scale. Read more about captchas at
http://en.wikipedia.org/wiki/CAPTCHA.
Syntax Rules
CAPTCHA
This macro renders a simple captcha interface based on the
jqCaptcha
jQuery plugin (an image and a click handler to reload it). In most
cases you'd use the CAPTCHAFORM macro for a more ready-to-use widget.
This simply expands to the captcha form as defined in the
captcha.tmpl
template.
Parameters:
- validateonsubmit: boolean value specifying when the form is being validated. If set to true (default) validation of the captcha will be performed on the client already when clicking on the "Submit" button. If set to false, validation happens on the server side only.
- disableonsuccess: boolean value specifying when the challenge is going to be "consumed" while validating it on the client side. This defaults to false so that the server validation check on the same challenge gets a chance to pass as well.
CAPTCHACHECK
This macro can be used in own wiki applications to check a challenge at some point. It takes a challenge identifier and a response and verifies
it while expanding the macro. Based on the result either
error
or
success
is returned.
Parameters:
- challenge: the captcha challenge identifier
- response: the response as provided by the user
- error: format string to be returned when validation failed
- success: format string to be returned when validation succeeded
Example
You type:
<form action="%SCRIPTURLPATH{view}%/%WEB%/%TOPIC%#example" id="example">
<div class="foswikiFormSteps">
%CAPTCHAFORM%
<div class="foswikiFormStep">
%BUTTON{"%MAKETEXT{"Submit"}%" icon="fa-check" type="submit"}%
%CLEAR%
</div>
</div>
</form>
%CAPTCHACHECK{
challenge="%URLPARAM{"captcha_challenge"}%"
response="%URLPARAM{"captcha_response"}%"
error="<div class='foswikiErrorMessage'>There was an error checking the validation code.</div>"
success="<div class='foswikiSuccessMessage'>The validation code has been checked successfully.</div>"
}%
You get:
You get (if installed)
Captcha-protected editing of topics
By switching on the
{EnableSave}
parameter in your Foswiki configuration, editing wiki topics will be guarded by
requiring a captcha challenge to be passed. This feature is disabled by default as Foswiki core's own Strike-One mechanism
is already well suited to protect accidental save actions to be performed (e.g. as performed by spam bots). In some cases
an additional captcha guard might be interesting as to allow unauthenticated guests of a wiki to do regular edits.
Use the
{EnableSave}
switch to enable this. The captcha challenge for topic edits can also be demanded even for registered
users by enabling the
{SaveForAll}
flag. WARNING: this might raise the barrier to contribute to the wiki a bit too high
for practical use. Only enable this feature when you really know what you are doing.
As by now the
{EnableSave}
feature is best integrated into the
NatEditPlugin while
needing extra provisions for other editors.
Installation Instructions
You do not need to install anything in the browser to use this extension. The following instructions are for the administrator who installs the extension on the server.
Open configure, and open the "Extensions" section. "Extensions Operation and Maintenance" Tab -> "Install, Update or Remove extensions" Tab. Click the "Search for Extensions" button.
Enter part of the extension name or description and press search. Select the desired extension(s) and click install. If an extension is already installed, it will
not show up in the
search results.
You can also install from the shell by running the extension installer as the web server user: (Be sure to run as the webserver user, not as root!)
cd /path/to/foswiki
perl tools/extension_installer <NameOfExtension> install
If you have any problems, or if the extension isn't available in
configure
, then you can still install manually from the command-line. See
https://foswiki.org/Support/ManuallyInstallingExtensions for more help.
Dependencies
Name | Version | Description |
---|
Foswiki::Contrib::JsonRpcContrib | >=1.30 | Required. |
Foswiki::Plugins::JQueryPlugin | >=6.00 | Required. |
GD | >=2.39 | Required. |
JSON | >=2.51 | Required |
Change History
12 Nov 2019: |
address perl critiques |
02 Dec 2014: |
moving from jquery.tmpl to jsrender |
28 Aug 2014: |
specify rest security settings |
04 Apr 2014: |
flag rest handlers that don't require authentication |
17 Jul 2013: |
brought back to live and improved - Foswiki:Main.MichaelDaum |
24 Dec 2009: |
started to port to foswiki - Foswiki:Main.SvenDowideit |
28 Oct 2007: |
Fixed bug on RegistrationAgent |
16 Aug 2007: |
Added black and white shades only; Added editcaptcha.tmpl ; Moved all attributes to LocalSite.cfg ; Removed DeleteAfterRegistration |
08 Aug 2007: |
Added support for captcha on topic save (thanks Foswiki:Main.KwangErnLiew), fixed some minor bugs, added some free fonts |
06 Aug 2007: |
Colourised fonts; Randomised font type, font size, background colour, and font positioning; Fixed hash display on user pages; Modified oopscaptcha.tmpl |
03 Aug 2006: |
Renamed to CaptchaPlugin, adapted to Dakar (TWiki 4.0.x). |
03 Jan 2006: |
Fixed some problems with expiry, also optimised according to FastPluginHints. |
10 Oct 2005: |
Strip hash and text from arguments to register binary, or they will end up in the newly created user topic. |
07 Oct 2005: |
Initial version |