Further testing, integrating images generated from Neil's python goody.
authorBrion Vibber <brion@users.mediawiki.org>
Fri, 14 Oct 2005 05:07:24 +0000 (05:07 +0000)
committerBrion Vibber <brion@users.mediawiki.org>
Fri, 14 Oct 2005 05:07:24 +0000 (05:07 +0000)
Still experimental and incomplete, not ready for use.

ConfirmEdit.php
FancyCaptcha.php [new file with mode: 0644]

index 6099fb6851f57d4897226453558a4c881a8832f3..d82e0237bb8f40b7b30e9d57c9ffec3e7c17dc1e 100644 (file)
@@ -3,22 +3,28 @@
 # Prelim in-progress code. Proof of concept for framework, not
 # intended as a real production captcha system!
 
-# Loader for spam blacklist feature
+# Loader for simple captcha feature
 # Include this from LocalSettings.php
 
 if ( defined( 'MEDIAWIKI' ) ) {
 
-global $wgExtensionFunctions, $wgHooks, $wgGroupPermissions;
+global $wgExtensionFunctions, $wgGroupPermissions;
 
 $wgExtensionFunctions[] = 'ceSetup';
 
-$wgHooks['EditFilter'][] = 'ceConfirmEditLinks';
-
 $wgGroupPermissions['*'        ]['skipcaptcha'] = false;
 $wgGroupPermissions['user'     ]['skipcaptcha'] = false;
 $wgGroupPermissions['bot'      ]['skipcaptcha'] = true; // registered bots
 $wgGroupPermissions['sysop'    ]['skipcaptcha'] = true;
 
+global $wgCaptcha, $wgCaptchaClass, $wgCaptchaTriggers;
+$wgCaptcha = null;
+$wgCaptchaClass = 'SimpleCaptcha';
+
+$wgCaptchaTriggers = array();
+$wgCaptchaTriggers['edit']   = false; // Would check on every edit
+$wgCaptchaTriggers['addurl'] = true;  // Check on edits that add URLs
+
 /**
  * Allow users who have confirmed their e-mail addresses to post
  * URL links without being harassed by the captcha.
@@ -30,138 +36,162 @@ $ceAllowConfirmedEmail = false;
  * Set up message strings for captcha utilities.
  */
 function ceSetup() {
-       global $wgMessageCache;
+       global $wgMessageCache, $wgHooks, $wgCaptcha, $wgCaptchaClass;
        $wgMessageCache->addMessage('captcha-short', "Your edit includes new URL links; as a protection
                against automated spam, you'll need to enter the answer to this
                simple arithmetic test:" );
+       
        SpecialPage::addPage( new SpecialPage( 'Captcha', false,
                /*listed*/ false, /*function*/ false, /*file*/ false ) );
+       
+       $wgCaptcha = new $wgCaptchaClass();
+       $wgHooks['EditFilter'][] = array( &$wgCaptcha, 'confirmEdit' );
 }
 
 /**
  * Entry point for Special:Captcha
  */
 function wfSpecialCaptcha( $par = null ) {
+       global $wgCaptcha;
        switch( $par ) {
        case "image":
-               return ceShowImage();
+               return $wgCaptcha->showImage();
        case "help":
        default:
-               return ceShowHelp();
+               return $wgCaptcha->showHelp();
        }
 }
 
-function ceConfirmEditLinks( &$editPage, $newtext, $section ) {
-       $oldtext = ceLoadText( $editPage, $section );
-       
-       $oldLinks = ceFindLinks( $oldtext );
-       $newLinks = ceFindLinks( $newtext );
-       
-       $addedLinks = array_diff( $newLinks, $oldLinks );
-       $numLinks = count( $addedLinks );
-       
-       /*
-       var_dump( $oldtext );
-       var_dump( $newtext );
-       var_dump( $oldLinks );
-       var_dump( $newLinks );
-       var_dump( $addedLinks );
-       die( '---' );
-       */
-       
-       if( $numLinks > 0 ) {
-               wfDebug( "ConfirmEdit found $numLinks new links...\n" );
-               if( ceKeyMatch() ) {
-                       wfDebug( "ConfirmEdit given proper key from form, passing.\n" );
-                       return true;
-               } else {
-                       wfDebug( "ConfirmEdit missing form key, prompting.\n" );
-                       $editPage->showEditForm( 'ceFormCallback' );
+class SimpleCaptcha {
+       /**
+        * @param EditPage $editPage
+        * @param string $newtext
+        * @param string $section
+        * @return bool true if the captcha should run
+        */
+       function shouldCheck( &$editPage, $newtext, $section ) {
+               global $wgUser;
+               if( $wgUser->isAllowed( 'skipcaptcha' ) ) {
+                       wfDebug( "SimpleCaptcha: user group allows skipping captcha\n" );
                        return false;
                }
-       } else {
-               wfDebug( "ConfirmEdit: no new links.\n" );
-               return true;
-       }
-}
-
-function ceKeyMatch() {
-       global $wgUser;
-       if( $wgUser->isAllowed( 'skipcaptcha' ) ) {
-               wfDebug( "ConfirmEdit: user group allows skipping captcha\n" );
-               return true;
-       }
-
-       global $wgEmailAuthentication, $ceAllowConfirmedEmail;
-       if( $wgEmailAuthentication && $ceAllowConfirmedEmail &&
-               $wgUser->isEmailConfirmed() ) {
-               wfDebug( "ConfirmEdit: user has confirmed mail, skippng captcha\n" );
-               return true;
-       }
        
-       if( !isset( $_SESSION['ceAnswerVar'] ) ) {
-               wfDebug( "ConfirmEdit no session captcha key set, this is new visitor.\n" );
+               global $wgEmailAuthentication, $ceAllowConfirmedEmail;
+               if( $wgEmailAuthentication && $ceAllowConfirmedEmail &&
+                       $wgUser->isEmailConfirmed() ) {
+                       wfDebug( "SimpleCaptcha: user has confirmed mail, skipping captcha\n" );
+                       return false;
+               }
+               
+               global $wgCaptchaTriggers;
+               if( !empty( $wgCaptchaTriggers['edit'] ) ) {
+                       // Check on all edits
+                       wfDebug( "SimpleCaptcha: checking all edits...\n" );
+                       return true;
+               }
+               
+               if( !empty( $wgCaptchaTriggers['addurl'] ) ) {
+                       // Only check edits that add URLs
+                       $oldtext = $this->loadText( $editPage, $section );
+                       
+                       $oldLinks = $this->findLinks( $oldtext );
+                       $newLinks = $this->findLinks( $newtext );
+                       
+                       $addedLinks = array_diff( $newLinks, $oldLinks );
+                       $numLinks = count( $addedLinks );
+                       
+                       if( $numLinks > 0 ) {
+                               wfDebug( "SimpleCaptcha: found $numLinks new links; triggered...\n" );
+                               return true;
+                       }
+               }
+               
                return false;
        }
-       global $wgRequest;
-       return $wgRequest->getVal( $_SESSION['ceAnswerVar'] ) == $_SESSION['ceAnswer'];
-}
-
-function ceFormCallback( &$out ) {
-       $source = 'ceSource' . mt_rand();
-       $dest = 'ceConfirm' . mt_rand();
        
-       $a = mt_rand(0, 100);
-       $b = mt_rand(0, 10);
-       $op = mt_rand(0, 1) ? '+' : '-';
-       
-       $test = "$a $op $b";
-       $answer = ($op == '+') ? ($a + $b) : ($a - $b);
-       $_SESSION['ceAnswer'] = $answer;
-       $_SESSION['ceAnswerVar'] = $dest;
+       function confirmEdit( &$editPage, $newtext, $section ) {
+               if( $this->shouldCheck( $editPage, $newtext, $section ) ) {
+                       if( $this->keyMatch() ) {
+                               wfDebug( "ConfirmEdit given proper key from form, passing.\n" );
+                               return true;
+                       } else {
+                               wfDebug( "ConfirmEdit missing form key, prompting.\n" );
+                               $editPage->showEditForm( array( &$this, 'formCallback' ) );
+                               return false;
+                       }
+               } else {
+                       wfDebug( "ConfirmEdit: no new links.\n" );
+                       return true;
+               }
+       }
        
+       function keyMatch() {
+               if( !isset( $_SESSION['ceAnswerVar'] ) ) {
+                       wfDebug( "ConfirmEdit no session captcha key set, this is new visitor.\n" );
+                       return false;
+               }
+               global $wgRequest;
+               return $wgRequest->getVal( $_SESSION['ceAnswerVar'] ) == $_SESSION['ceAnswer'];
+       }
        
-       $out->addWikiText( wfMsg( "captcha-short" ) );  
-       $out->addHTML( <<<END
-               <p><span id="$source">$test</span> = <input name="$dest" id="$dest" /></p>
+       function formCallback( &$out ) {
+               $source = 'ceSource' . mt_rand();
+               $dest = 'ceConfirm' . mt_rand();
+               
+               $a = mt_rand(0, 100);
+               $b = mt_rand(0, 10);
+               $op = mt_rand(0, 1) ? '+' : '-';
+               
+               $test = "$a $op $b";
+               $answer = ($op == '+') ? ($a + $b) : ($a - $b);
+               $_SESSION['ceAnswer'] = $answer;
+               $_SESSION['ceAnswerVar'] = $dest;
+               
+               
+               $out->addWikiText( wfMsg( "captcha-short" ) );  
+               $out->addHTML( <<<END
+                       <p><span id="$source">$test</span> = <input name="$dest" id="$dest" /></p>
 END
-               );
-}
-
-function ceLoadText( $editPage, $section ) {
-       $rev = Revision::newFromTitle( $editPage->mTitle );
-       if( is_null( $rev ) ) {
-               return "";
-       } else {
-               $text = $rev->getText();
-               if( $section != '' ) {
-                       return Article::getSection( $text, $section );
+                       );
+       }
+       
+       function loadText( $editPage, $section ) {
+               $rev = Revision::newFromTitle( $editPage->mTitle );
+               if( is_null( $rev ) ) {
+                       return "";
                } else {
-                       return $text;
+                       $text = $rev->getText();
+                       if( $section != '' ) {
+                               return Article::getSection( $text, $section );
+                       } else {
+                               return $text;
+                       }
                }
        }
-}
-
-function ceFindLinks( $text ) {
-       $regex = '/((?:' . HTTP_PROTOCOLS . ')' . EXT_LINK_URL_CLASS . '+)/';
        
-       if( preg_match_all( $regex, $text, $matches, PREG_PATTERN_ORDER ) ) {
-               return $matches[1];
-       } else {
-               return array();
+       function findLinks( $text ) {
+               $regex = '/((?:' . HTTP_PROTOCOLS . ')' . EXT_LINK_URL_CLASS . '+)/';
+               
+               if( preg_match_all( $regex, $text, $matches, PREG_PATTERN_ORDER ) ) {
+                       return $matches[1];
+               } else {
+                       return array();
+               }
        }
-}
-
-function ceShowHelp() {
-       global $wgOut, $ceAllowConfirmedEmail;
-       $wgOut->setPageTitle( 'Captcha help' );
-       $wgOut->addWikiText( <<<END
-So what's this wacky captcha thing about?
-
-It's your enemy. It's here to kill you. RUN WHILE YOU STILL CAN
+       
+       function showHelp() {
+               global $wgOut, $ceAllowConfirmedEmail;
+               $wgOut->setPageTitle( 'Captcha help' );
+               $wgOut->addWikiText( <<<END
+       So what's this wacky captcha thing about?
+       
+       It's your enemy. It's here to kill you. RUN WHILE YOU STILL CAN
 END
-               );
+                       );
+       }
+       
 }
 
 } # End invocation guard
+
 ?>
diff --git a/FancyCaptcha.php b/FancyCaptcha.php
new file mode 100644 (file)
index 0000000..7cacd23
--- /dev/null
@@ -0,0 +1,115 @@
+<?php
+
+if ( defined( 'MEDIAWIKI' ) ) {
+
+global $wgCaptchaDirectory;
+$wgCaptchaDirectory = "$wgUploadDirectory/captcha"; // bad default :D
+
+global $wgCaptchaSecret;
+$wgCaptchaSecret = "CHANGE_THIS_SECRET!";
+
+
+class FancyCaptcha extends SimpleCaptcha {
+       function keyMatch() {
+               global $wgRequest, $wgCaptchaSecret;
+               
+               if( !isset( $_SESSION['ceAnswerVar'] ) ) {
+                       wfDebug( "FancyCaptcha: no session captcha key set, this is new visitor.\n" );
+                       return false;
+               }
+               
+               $var  = $_SESSION['ceAnswerVar'];
+               $salt = $_SESSION['captchaSalt'];
+               $hash = $_SESSION['captchaHash'];
+               
+               $answer = $wgRequest->getVal( $var );
+               $digest = $wgCaptchaSecret . $salt . $answer . $wgCaptchaSecret . $salt;
+               $answerHash = substr( md5( $digest ), 0, 16 );
+               
+               if( $answerHash == $hash ) {
+                       wfDebug( "FancyCaptcha: answer hash matches expected $hash\n" );
+                       return true;
+               } else {
+                       wfDebug( "FancyCaptcha: answer hashes to $answerHash, expected $hash\n" );
+                       return false;
+               }
+       }
+       
+       function formCallback( &$out ) {
+               $dest = 'wpCaptchaWord' . mt_rand();
+               
+               $img = $this->pickImage();
+               if( !$img ) {
+                       die( 'aaargh' );
+               }
+               
+               $_SESSION['ceAnswerVar'] = $dest;
+               $_SESSION['captchaHash'] = $img['hash'];
+               $_SESSION['captchaSalt'] = $img['salt'];
+               $_SESSION['captchaViewed'] = false;
+               wfDebug( "Picked captcha with hash ${img['hash']}, salt ${img['salt']}.\n" );
+               
+               $title = Title::makeTitle( NS_SPECIAL, 'Captcha/image' );
+               $url = $title->getLocalUrl();
+               
+               
+               $out->addWikiText( wfMsg( "captcha-short" ) );  
+               $out->addHTML( <<<END
+                       <p><img src="$url" alt="Oh noes" /></p>
+                       <p><input name="$dest" id="$dest" /></p>
+END
+                       );
+       }
+       
+       function pickImage() {
+               global $wgCaptchaDirectory;
+               $dir = opendir( $wgCaptchaDirectory );
+               
+               $n = mt_rand( 0, 16 );
+               $count = 0;
+               
+               $entry = readdir( $dir );
+               while( false !== $entry ) {
+                       $entry = readdir( $dir );
+                       if( preg_match( '/^image_([0-9a-f]+)_([0-9a-f]+)\\.png$/', $entry, $matches ) ) {
+                               if( $count++ % 16 == $n ) {
+                                       return array(
+                                               'salt' => $matches[1],
+                                               'hash' => $matches[2],
+                                       );
+                               }
+                       }
+               }
+               return false;
+       }
+       
+       function showImage() {
+               global $wgOut;
+               $wgOut->disable();
+               if( !empty( $_SESSION['captchaViewed'] ) ) {
+                       wfHttpError( 403, 'Access Forbidden', "Can't view captcha image a second time." );
+                       return false;
+               }
+               $_SESSION['captchaViewed'] = wfTimestamp();
+               
+               if( isset( $_SESSION['captchaSalt'] ) ) {
+                       $salt = $_SESSION['captchaSalt'];
+                       if( isset( $_SESSION['captchaHash'] ) ) {
+                               $hash = $_SESSION['captchaHash'];
+                               
+                               global $wgCaptchaDirectory;
+                               $file = $wgCaptchaDirectory . DIRECTORY_SEPARATOR . "image_{$salt}_{$hash}.png";
+                               if( file_exists( $file ) ) {
+                                       header( 'Content-type: image/png' );
+                                       readfile( $file );
+                               }
+                       }
+               } else {
+                       wfHttpError( 500, 'Internal Error', 'Requested bogus captcha image' );
+               }
+       }
+}
+
+} # End invocation guard
+
+?>