The following describes how to add a captcha test (Turing test) to Gallery v1.5.x (G1) using a modified Auditor1) v1.0 to prevent automated comments and spam. Note: v1.6 of Gallery 1 comes with its own captcha module.
Auditor uses a PHP session to pass along the secret number of digits which is incompatible with Gallery (which uses PHP sessions too). In order to make Auditor work with Gallery we retrieve Gallery's session ID and propagate it to Auditor so that we can re-use the same session.
We will call button.php with ?sid=session_id (see below). In button.php we only need to add the line
session_id(strip_tags($_GET['sid']));
before
session_start();
32a33 > session_id(strip_tags($_GET['sid']));
In audit.php we have to exchange line
session_destroy();
with
$_SESSION['digit']='';
as to prevent the deletion of Gallery's session. Resetting variable $_SESSION['digit'] serves the same purpose as would have destroying Auditor's session data.
6c6 < session_destroy(); --- > $_SESSION['digit']='';
Fortunately, there is only 1 file that needs to be modified: add_comment.php. Essentially, 2 modifications are required: We need the code to check whether the captcha was successful, and we need the HTML to make the captcha test show up.
In add_comment.php there is a block of commands that actually adds the comment. In Gallery v1.5.3 it starts with
// Uncomment to forbid html in comments.
// $comment_text = strip_tags($comment_text);
$commenter_name = strip_tags($commenter_name);
and ends with a return;.
We need to enclose this block with
// include captcha check hack (as) @include('YOUR_PATH_TO_AUDITOR/audit.php'); if (!audit()) { // (captcha) Commenter entered wrong number YOUR_ACTIONS_IF_VALIDATION_FAILED; } else { // (captcha) Commenter entered correct number
and a closing } after the block like
} // end of captcha hack
The HTML is somewhat a matter of taste. I decided to go with a HTML table inserted after
drawCommentAddForm($commenter_name, 35); ?>
You probably at least want to include
<img width="120" height="30" border="1" src="YOUR_PATH_TO_AUDITOR/button.php?sid=<? echo session_id(); ?>"> <input maxlength="5" size="5" name="userdigit" type="text" value="">
Note that button.php is called with an appended session ID. The whole code for my additions to add_comment.php can be found in the diff.
61a62,71 > > // include captcha check hack (as) > @include('YOUR_PATH_TO_AUDITOR/audit.php'); > if (!audit()) { > // (captcha) Commenter entered wrong number > $error_text = gTranslate('core', > "The digits you have entered are incorrect."); > } else { > // (captcha) Commenter entered correct number > 73a84,86 > > } // end of captcha hack > 97a112,134 > <!-- HTML for captcha check hack (as) --> > <table width="80%" cellpadding="2" cellspacing="2"> > <tr> > <td width="40%">To prevent spam, please, enter the 5 digits > from the image on the right</td> > <td> > <img width="120" height="30" border="1" align="right" alt="captcha" > src="YOUR_PATH_TO_AUDITOR/button.php?sid=<? echo session_id(); ?>"> > <input maxlength="5" size="5" name="userdigit" type="text" value=""> > </td> > </tr> > <?php > if (!empty($comment_text)) { > $htmlcomment=htmlentities($comment_text); > echo <<<EOT > <tr><td width="40%">Your comment (you can copy + paste it > if you want to resubmit it)</td> > <td style="border:1px solid">$htmlcomment</td> > </tr> > EOT; > } > ?>
http://php.webmaster-kit.com/ until 2010. The orginal page is available at archive.org.disclaimer & imprint :: copyright :: backlinks :: page history :: index :: recent changes (all) :: go to top ::