You are here: start » captcha_plugins

Captcha Plugins

To avoid spam, different kinds of plugins, such as form mailers, guestbooks and blogs, will use of captchas. To alleviate the burdon for plugin authors to implement their own solution, and to give users of different plugins the opportunity to have the same captcha for all of them, the following solution is presented. It was already discussed in the CMSimple forum.

A captcha plugin should have a file captcha.php in it's root folder that could be include()'d (N.B.: captcha.php might be included from within a function, so be sure to declare all used globals as global), with the definition of the following two functions:

/**
 * Returns the (x)html block element displaying the captcha,
 * the input field for the captcha code and all other elements,
 * that are related directly to the captcha,
 * such as an reload and an audio button.
 *
 * @return string
 */
function PLUGINNAME_captcha_display() {...}
 
/**
 * Returns wether the correct captcha code was entered
 * after the form containing the captcha was posted.
 *
 * @return bool
 */
function PLUGINNAME_captcha_check() {...}

PLUGINNAME must be replaced by the name of the plugin, i.e. the name of it's root folder. The captcha plugin's author is free to choose which elements should be displayed for the captcha, but he should give the user the possibility to adjust the look of the captcha according to his needs by means of a stylesheet or configuration options. The author of the captcha plugin is also free to choose how he implements PLUGINNAME_captcha_check(). Typically this involves sending a cookie or setting a session variable in PLUGINNAME_captcha_display() and comparing it's value to the posted value of the captcha input field.

All coding style guidelines for CMSimple_XH should be followed as usual.

Plugins using captcha plugins

Any plugin that will use a captcha plugin should have a config option allowing the user to choose his preferred captcha plugin by entering the name of the captcha plugin.

Whenever the plugin needs to include a captcha to a form, at first the captcha plugin's captcha.php should be included by include_once(), and the result of PLUGINNAME_captcha_display() should be inserted to the form. After the form was submitted, the plugin should check if the entered code was valid by calling PLUGINNAME_captcha_check(), and act accordingly.

A simplified example:

function myplugin() {
    global $plugin_cf;
 
    $captcha_plugin = $plugin_cf['myplugin']['captcha_plugin'];
    include_once $pth['folder']['plugins'].$captcha_plugin.'/captcha.php';
 
    if (!isset($_POST['myinput'])) { // display the form
	return '<form action="" method="POST">'."\n"
		.tag('input type="text" name="myinput"')."\n"
		.call_user_func($captcha_plugin.'_captcha_display')."\n"
		.'</form>'."\n";
    } else { // process the submitted form
	if (call_user_func($captcha_plugin.'_captcha_check')) {
	    // captcha was entered correctly, so process the form data
	} else {
	    // report error: wrong captcha!
	}
    }
}

If the plugin author wants to avoid that users of his plugin have to install a captcha plugin, he is free to deliver an integrated captcha. He could do it whatever way he prefers, but it might be the simplest solution to use the interface described in the section above, i.e. to put a file captcha.php into the root folder of his plugin, which defines the two required functions. If he prefixes the functions with the name of his plugin, all that's left is to preconfigure the appropriate configuration option with the name of his plugin.

For even greater convenience he could use the following code as a base for a minimal captcha and modify it according to his liking:

<?php
 
if (!isset($_SESSION)) {
    session_start();
}
 
 
// utf-8-marker: äöüß
 
 
if (!defined('CMSIMPLE_XH_VERSION')) {
    header('HTTP/1.0 403 Forbidden');
    exit;
}
 
 
/**
 * Returns the captcha code.
 *
 * @return string
 */
function PLUGINNAME_captcha_code() {
    $res = '';
    for ($i = 0; $i < 5; $i++) {
	$res .= rand(0, 9);
    }
    return $res;
}
 
 
/**
 * Returns the (x)html block element displaying the captcha,
 * the input field for the captcha code and all other elements,
 * that are related directly to the captcha,
 * such as an reload and an audio button.
 *
 * @return string
 */
function PLUGINNAME_captcha_display() {
    $code = advfrm_captcha_code();
    $_SESSION['advfrm_captcha'] = $code;
    return '<div class="captcha">'.'<span class="captcha">'.$code.'</span>'
	    .tag('input type="text" name="advancedform-captcha"').'</div>'."\n";
}
 
 
/**
 * Returns wether the correct captcha code was entered
 * after the form containing the captcha was posted.
 *
 * @return bool
 */
function PLUGINNAME_captcha_check() {
    return stsl($_POST['advancedform-captcha']) == $_SESSION['advfrm_captcha'];
}
 
?>

In combination with some styling, such as the following:

div.captcha span.captcha {
    font-family: cursive;
    border: 3px solid black;
    color: black;
    background: #fffff0;
    padding: 4px;
    margin: 2px 10px 2px 0;
}

it might be enough to serve it's purpose.

 
You are here: start » captcha_plugins
Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
Valid XHTML 1.0 Valid CSS Driven by DokuWiki