====== CAPTCHA plugin ====== ---- plugin ---- description: Use an image verification (CAPTCHA) to defeat spambots author : Andreas Gohr email : andi@splitbrain.org type : action lastupdate : 2007-08-14 compatible : depends : conflicts : similar : tags : captcha, spam ---- {{ plugin:captcha.png|Example CAPTCHA with image and Audio}} This plugin implements a //Completely Automated Public Turing test to tell Computers and Humans Apart// also known as [[wp>CAPTCHA]]. ===== Download ===== * {{plugin:captcha-plugin-2007-08-14.tgz}} - fixed German language encoding, added Italian translation * {{plugin:captcha-plugin-2007-08-06.tgz}} - updated for recent form handling changes in devel, German and Slovak translation * {{plugin:captcha-plugin-2007-04-22.tgz}} - removed dependency on ACTION_REGISTER event * {{plugin:captcha-plugin-2006-12-02.tgz}} - don't break other plugins registered to TPL_ACT_UNKNOWN * {{plugin:captcha-plugin-2006-11-30.tgz}} - fixed bugs [[bug>994]] * {{plugin:captcha-plugin-2006-11-16.tgz}} - Audio support added, optional protection of register process, other fixes * {{plugin:captcha-plugin-2006-11-15.tgz}} - Initial release You can get the plugin through [[darcs]] from http://dev.splitbrain.org/darcs/dwplugins/captcha/, too. ===== Configuration ===== The plugin provides four different methods of CAPTCHAs selectable in the [[plugin:config|config manager]]. The first one (**js**) displays 5 random characters which need to be copied into an input box. This task is done through JavaScript automatically, then the whole CAPTCHA test is hidden from the user. Usual Spambots won't execute JavaScript or search the page for the characters, so this test should be quite effective without requiring any manual interaction from most users. The test is perfectly accessible for disabled users or users without JavaScript. The second method (**text**) work just like the js method but without the automatic JavaScript. This will defeat SpamBots with enabled JavaScript but requires more interaction from users. It's still pretty simple to defeat by analyzing the page source. Accessibility is as good as with the first method. The third method (**image**) finally does display the random chars as an automatically generated image. This test can not be defeated without using costly [[wp>Optical_character_recognition|OCR]] techniques. Unfortunately this method effectively locks out blind users or users with textbrowsers. This feature needs the libGD PHP extension. The fourth method (**audio**) improves the accessibility of the image CAPTCHA by adding a .wav download. The .wav file plays the letters of the captcha read in the [[wp>NATO phonetical alphabet]]. Please note, that because of the way how the wave file is generated it might be easier to automatically decode than the image. If you select the image type you may specify the size of the generated image. Larger images take more screen space and might be easier to recognize with OCR. On the other hand larger images are better to read for humans, too. By default the CAPTCHA method is only applied for anonymous users. You may enable it for logged in users as well through the ''forusers'' option. The CAPTCHA plugin not only protects the edit form but the user registration process, too. You can disable this through the ''regprotect'' option. ===== Feedback ===== It doesn't go well with Discussion Plugin. CAPTCHA appears in discussion forms and is not visible in Edit Page, making page editing pretty much disabled. It happens when we want ALL group both write in discussion and edit the page. I found the same thing --- Could captcha be disabled for a certain IP or subnet and enabled for another? I might take a look at the code someday. ---- It would be useful to have temporary anonymous login (30min or so) after one captcha as it is in Wikipedia and as sudo acts in ubuntu. it would solve the problem of comment vs edit captcha as well! ---- * would be nice to have a refresh button above the "listen" button that generates a new code, if the current is unreadable ! * would also be nice to have very easy to read captchas, but that have easy arithmetic expression to calculate (like "1+4=" and the user must enter "5"), what do you think of it ? ---- When dokuwiki say that "most recent revision already exists" (not exactly, I have localized message) there is no captcha request on this page! This is true when "Use CAPTCHA for logged in users, too?" option enabled and when you need to restore old page revision. So, After enter captcha and pushing "Save" button for certain (old) revision "most recent revision exists" messages appears __without__ captcha. You don't able to restore old page revision with "Use CAPTCHA for logged in users, too?" enabled.