Hey all!
After several days of trying different things, I got it to work! The Vorras Antibot is a randomly-generated graphic that contains letters and numbers, which must be entered correctly to be able to add a link. It looks like this:



This should stop spam submissions cold. The download of the Antibot code is here: http://www.vorras.com/products/antibot/

I placed the files like so:

public www directory - (which includes your Links-generated pages)
-- images directory containing images used by Antibot.

public cgi-bin - (which includes your add.cgi, search.cgi, etc)
-- data directory containing...
---- .dat files
-- Antibot directory containing...
----config.py, config.pyc, parseidat.py, png.py, png.pyc

Set the Antibot config file to point to your image directory (path and url), and ignore the FormAction setting, we won't be using it. Set the template line like this:

template = 'antibot_form.html'

The script is written in Python, not Perl, and is very particlar about whitespace - both blank lines and wrong indents will cause errors. Also be sure to set the correct path Python that your server uses; mine was different than what was written in the code. The changes to the Antibot code, beside the config file, is this in png.py:

try:
fd = open('./admin/templates/'+template, 'r')
except IOError:
print 'Could not open template file'
sys.exit(0)

This will direct Antibot to use the new template you will create in the links/templates directory. The original code looks like this: fd = open('templates/'+template, 'r')

That's all for the non-Links code. Now, open site_html_templates.pl, and add this to the add routine:

sub site_html_add_form {
# --------------------------------------------------------
# This routine determines how the add form page will look like.
#
&html_print_headers;
my $category = shift;
my $antibot_form = &get_antibot_form;
my $sequence => ($in{'sequence'}),
my $realsequence => ($in{'realsequence'}),
$category ?
($category = qq~$category <input type="hidden" name="Category" value="$category">~) :
($category = &build_select_field_clean ("Category", "$in{'Category'}"));
my $altcategories = &build_select_field_clean ("AltCategories","$in{'AltCategories'}","AltCategories","multiple Size=3");

print &load_template ('add.html', {
Category => $category,
Keywords => $keywords,
AltCategories => $altcategories,
antibot_form => $antibot_form,
sequence => $sequence,
realsequence => $realsequence,
%in,
%globals
});
}


And create this new sub:

# antibot mod >
sub site_html_antibot_form {
# --------------------------------------------------------
# This routine will build an antibot form insert.
return &load_template ('antibot_form.html', {
%in,
%rec,
%globals
} );
}
# < antibot mod


Next add this to db_utils.db:

# antibot mod >
sub get_antibot_form {
#------------------------------------
# Get the antibot form for Add page.
$output = `./antibot/png.py`;
return $output;
}
# < antibot mod


Note that those are `backticks`, not 'single quotes'.

Now go into your add.cgi, and make these changes...



sub main {
# --------------------------------------------------------
local (%in) = &parse_form;

# We are processing the form.
if (keys %in != 0) {
$in{'antibot_check'} ? &addit : &site_html_add_failure;
}

# Otherwise we are displaying the form (in site_html.pl).
else {
if ($db_single_category) {
my %is_valid = map { $_ => 1 } &category_list;
$ENV{'HTTP_REFERER'} =~ s,/[^/]+\.[^/]+$,,;
$ENV{'HTTP_REFERER'} =~ m,$build_root_url/(.+?)/?$,;
$is_valid{$1} ? &site_html_add_form ($1) : &site_html_add_form ();
}
else {
&site_html_add_form ();
}
}
}

sub addit {
#----------------------------------
# Checks entry for correct antibot code
use SHA;
use CGI;
my $q = new CGI;
if ($in{'sequence'}) {
$seq = ($in{'sequence'});
$realseq = ($in{'realsequence'});
$context = new SHA;
$context->reset();
$seq = $context->hexhash($seq);
$seq =~ s/ //g;
if ($realseq eq $seq) {
&process_form;
}
else {
print $q->header("text/html");
print "<p><b>Wrong A!</b></p>";
}
}
else {
print $q->header("text/html");
print "<p><b>Wrong B!</b></p>";
}
} #end sub addit



This part was the key to making Antibot work!
I plan on making better error messages than "Wrong!"... (The A and B were part of my testing...)

Now make a new template. The one I post here is the same as what the script comes with, except that I removed the form action and submit and /form tags. Call it antibot_form.html.

<table bordercolor="#c0c080" bgcolor="#c0c080" width="300" border="0"><tr>
<td colspan="2">
<font face="arial, helvetica" size="2">
Please enter the characters you see in the box<br>
</font>
</td></tr>
<td valign="top">
<img border="3" src="xxxxIMAGEURLxxxx">
</td><td NOWRAP>
<input type=text size=10 name=sequence>
<input type=hidden size=10 name=realsequence value="xxxxREALSEQUENCExxxx">
</td></tr>
<tr><td colspan="2">
<font face="arial, helvetica" size="1">
by <a target=new href="http://www.vorras.com/products/antibot/">Vorras Antibot 1.0</a>
</font>
</td>
</tr></table>

Last, a few changes to your add.html template. Put this where you want the form to appear:

<!-- begin antibot form -->
<%antibot_form%>
<!-- end antibot form -->

And change your submit button to include this:

<input
type="submit"
name="antibot_check"
value="Add Resource" />



That should do it!
Any problems, post away...


Leonard
aka PerlFlunkie

This looks great! Thanks for posting it for everyone. It was really needed. I'll give it a whirl as soon as I finish these other mods.

Kathy

At last!
This now works with MD5, using the updated code below. The original code required SHA, which has been deprecated (replaced) with more secure algorithms (like MD5). My host had removed SHA, which caused the add.cgi to return internal server errors (500). The fix is easy, it just took me awhile to track down what to change. I kept trying to use perl code in the python files, which won't fly...

In png.py, make these changes near the top of the file...

old:
import sys
import os, sha
import struct

new:
import sys
import os, md5
import struct

And near the end of the file...

old:
s = sha.new(seqstr)
image=encodePNG(ImagePath+'/test'+s.hexdigest()+'.png',NumberOfChars*WidthOfChars+comb.extrawidth,HeightOfChars+12)
image.IDAT = comb.filedata
image.create()
image.close()
h = createHtml(s.hexdigest())

new:
s = md5.new(seqstr)
image=encodePNG(ImagePath+'/test'+s.hexdigest()+'.png',NumberOfChars*WidthOfChars+comb.extrawidth,HeightOfChars+12)
image.IDAT = comb.filedata
image.create()
image.close()
h = createHtml(s.hexdigest())



In add.cgi, the sub addit should look like this:

sub addit {
#------------------------------------------
# This makes sure the security code they entered is correct.

use Digest::MD5;

if ($in{'sequence'}) {
$seq = ($in{'sequence'});
$realseq = ($in{'realsequence'});
$context = Digest::MD5->new;
$context->add($seq);
$seq = $context->hexdigest;
if ($realseq eq $seq) {
&process_form;
}
else {
&site_html_add_failure("You entered the wrong security code.") and return;
}
}
else {
&site_html_add_failure("You did not enter the security code.") and return;
}
} #end sub addit

This should take care of everything. Let me know if there are any problems.


Leonard
aka PerlFlunkie

I have cleaned up the code for the Add Confirm and Antibot mods, and also included the option to use them together. I have attached the code here in a rich-text file.

If you have any problems or questions, post 'em here.

I have also attached the mods as a plain text file, which will not have the code changes in bold, but may be easier to use for some folks...


Leonard
aka PerlFlunkie

Thanks Perl Flunky for your Genius work!
I am using Links Sql 2.0.4 and need desperatly to add captha to it... My add.cgi is different from what is posted.. Is there a minor mod or am I off track completely.. Thanks Phil

sub main {
# -------------------------------------------------------------------
# Display either an add form or process an add request.
#
if ($CFG->{user_required} and ! $USER) {
print $IN->redirect( Links::redirect_login_url ('add') );
return;
}
# We are processing an add request.
if ($IN->param('add')) {
my $results = GT::Plugins->dispatch ($CFG->{admin_root_path} . '/Plugins', 'user_add_link', \&add_link, {});
if (defined $results->{error}) {
print $IN->header();
print Links::SiteHTML::display ('add_error', $results);
}
else {
print $IN->header();
print Links::SiteHTML::display ('add_success', $results);
}
}
# We are displaying an add form.
else {
my ($name, $category);
my $id = $IN->param('ID');
# If we don't have an id, and can't generate a list, let's send the user a message.
if (! $id and ! $CFG->{db_gen_category_list}) {
print $IN->header();
print Links::SiteHTML::display('error', { error => Links::language('ADD_SELCAT')});
return;
}
else {
# Otherwise display the add form.
my $category = _category_list();
if ($USER) {
$IN->param('Contact_Name') or ($IN->param('Contact_Name', $USER->{Name} || $USER->{Username}));
$IN->param('Contact_Email') or ($IN->param('Contact_Email', $USER->{Email}));
}
print $IN->header();
if (! $category) {
print Links::SiteHTML::display('error', { error => Links::language('ADD_INVALIDCAT', $IN->param('ID')) });
}
else {
print Links::SiteHTML::display('add', { Category => $category });
}
}
}
}
sub add_link {
# --------------------------------------------------------
# Add the link to the database.
#
# Get the category box for any errors.
my $category = _category_list();
# Check the referer.
if (@{$CFG->{db_referers}}) {
my $found = 0;
if ($ENV{'HTTP_REFERER'}) {
foreach (@{$CFG->{db_referers}}) { $ENV{'HTTP_REFERER'} =~ /\Q$_\E/i and $found++ and last; }
}
if (! $found) {
$category = _category_list();
return { error => Links::language('ADD_BADREFER', $ENV{'HTTP_REFERER'}), Category => $category };
}
A Team FOG

I am not familiar with the SQL versions' code, I'd have to study it a bit more.
Did you read this thread? http://www.gossamer-threads.com/perl/gforum/gforum.cgi?post=288261#288261
It does the same thing, but is written in perl instead of python.


Leonard
aka PerlFlunkie

Thank for the link.. I down loaded the file and ready if can make minor alterations.
My Problem Below from instructions (Do you think it is a simple problem to change the if (keys %in != 0)

# We are processing an add request.
if ($IN->param('add')) {
******************************************
2. Edit add.cgi, sub main as shown:
--------------------------------------------------------------------------------
Code
--------------------------------------------------------------------------------
# We are processing the form. if (keys %in != 0) { $in{'captcha'} ? &captcha : &site_html_add_failure("You are attempting to bypass our security.") and return; }
********************************************************************************************************************
use strict;
use lib '/home/username/mysite.com/linkssql/cgi-bin/admin';
use Links qw/$DB $IN $USER $CFG/;
use Links::SiteHTML;
Links::reset_env( { load_user => 1 } ) if ($Links::PERSIST);
local $SIG{__DIE__} = \&Links::fatal;
main();
sub main {
# -------------------------------------------------------------------
# Display either an add form or process an add request.
#
if ($CFG->{user_required} and ! $USER) {
print $IN->redirect( Links::redirect_login_url ('add') );
return;
}
# We are processing an add request.
if ($IN->param('add')) {
my $results = GT::Plugins->dispatch ($CFG->{admin_root_path} . '/Plugins', 'user_add_link', \&add_link, {});
if (defined $results->{error}) {
print $IN->header();
print Links::SiteHTML::display ('add_error', $results);
A Team FOG

Perl Flunkie

Do you think you can get this to work? If you have done it or can get it done..

I need add.cgi to have the captcha method of security.. I use it on all our guest books but it is a mixture of perl and php.. The Sgt. Major who got it done has retired.

If you can please leave me a message..
A Team FOG