Gossamer Forum
Home : Products : Links 2.0 : Customization :

Alternativ Solution to Antibot?

(Page 1 of 4)
> >
Quote Reply
Alternativ Solution to Antibot?
Hi,

i found this perl code at

http://www.firstproductions.com/cgi/human/

It is the same idea to fight autosumission spammers like in the Antibot solution which uses phyton, but this script uses perl looks better and you dont have to keep the backlink.

This is an example page:
http://www.firstproductions.com/...n/gd/captchatest.cgi

I am not able to intergrate it into add.cgi

Maybe one of the perl cracks over here is able to do it?

Best,
Karl

Last edited by:

Karl: Jan 7, 2006, 6:31 AM
Quote Reply
Re: [Karl] Alternativ Solution to Antibot? In reply to
Good find! Incorporating this security feature is not too hard; the code is below.


1. Get a copy of the files (you have to register, but it's free), extract the zip file, and
edit captcha.pl (shown below) to suit your server. I put the files in a directory named captcha inside the admin directory, so that is how the code below is written. Upload the files captcha.pl, codes.txt, and the images directory into the captcha directory. I left out the data directory, and captchtest.cgi, as it won't be used.
Code:
##### SETTINGS #####
$captcha_datafolder = "/full/path/to/cgi-bin/links/admin/captcha"; # not web accessible to store database (no trailing slash)
$captcha_database = "$captcha_datafolder/codes.txt"; # path to database file
$captcha_imagesfolder = "$captcha_datafolder/images"; # not web accessible to store png image files (no trailing slash)
$captcha_outputfolder = "/full/path/to/www/links/captcha"; # path to store output (no trailing slash)
$captcha_webfolder = "http://your_url.com/links/captcha"; # url to outputfolder (no trailing slash)




2. Edit add.cgi, sub main as shown:

Code:
# We are processing the form.
if (keys %in != 0) {
$in{'captcha'} ? &captcha : &site_html_add_failure("You are attempting to bypass our security.") and return;
}




3. Add this new sub to add.cgi, above sub process_form:
Code:

sub captcha {
#------------------------------------------
require "admin/captcha/captcha.pl";
$code = ($in{'code'});
$crypt = ($in{'crypt'});
if ($code && $crypt){

# check code
$result = &checkCode($code,$crypt);

if ($result == 1){
&process_form;
}
elsif ($result == -1){
&site_html_add_failure("<b>Failed!</b> Reason: code expired. Possible cause: code was issued too long ago. Try the new code below.") and return;
}
elsif ($result == -2){
&site_html_add_failure("<b>Failed!</b> Reason: invalid code (not in database). Possible causes: code already used or expired. Try the new code below.") and return;
}
elsif ($result == -3){
&site_html_add_failure("<b>Failed!</b> Reason: invalid code (code does not match crypt). Possible cause: characters not entered correctly. Try the new code below.") and return;
# note - once a solution is tried it is expired, even if it failed
}
else {
&site_html_add_failure("You did not enter the security code.") and return;
}
}

} # end sub




4. Edit site_html_templates.pl as shown:
Code:
sub site_html_add_form {
# --------------------------------------------------------
# This routine determines how the add form page will look like.
&html_print_headers;
my $get_captcha_form = &create_captcha_form; #in db_utils.pl
my $category = shift;
$category ?
($category = qq~$category <input type=hidden name="Category" value="$category">~) :
($category = &build_select_field ("Category", "$in{'Category'}"));

print &load_template ('add.html', {
Category => $category,
captcha_form => $get_captcha_form,
%globals
});
} sub site_html_add_failure {
# --------------------------------------------------------
# This routine determines how the add failure page will look like. my ($errormsg) = shift;
my $get_captcha_form = &create_captcha_form; # in db_utils.pl
$in{'Category'} ?
($in{'Category'} = qq~<input type=hidden name="Category" value="$in{'Category'}">$in{'Category'}~) :
($in{'Category'} = &build_select_field ("Category"));

&html_print_headers;
print &load_template ('add_error.html', {
error => $errormsg,
captcha_form => $get_captcha_form,
%in,
%globals
});}




5. Add a new sub to db_utils.pl, at the end of the file just abpve the '1;'. This is where you can edit the HTML code to match your site.

Code:
sub create_captcha_form {
#-----------------------------------------------------------
# Create the form for add.cgi security
require "admin/captcha/captcha.pl";
$crypt = &generateCode(8);
if ($crypt){
$i_width = $captcha_length*$captcha_width;
$output = qq|<img src="$captcha_webfolder/$crypt.png" width="$i_width" height="$captcha_height" border="0"><br>
<input type="hidden" name="crypt" value="$crypt">
Enter the characters you see in the image:
<input type="text" name="code" value=""><br>
Note: the numbers zero (0) and one (1) do not appear in the image. Refresh/reload this page for a new image. If you are uncertain of a character, take your best guess.|;
return $output;
}
else{
&site_html_add_failure("Code not generated (file error)! Check to be sure that the script is properly configured.") and return;
}
}




6. Edit the add.html and add_error.html templates as shown. The bold part is what is actually required.
Code:
<td><input name="Contact Email" value="" size="40"></td></tr>
<tr><td align="right" valign="top">Security:</td>
<td><%captcha_form%></td></tr>

<tr><td></td><td><input type="SUBMIT" value="Add Resource" name="captcha"></td></tr>



That should do it! If you have any trouble, let me know.


Leonard
aka PerlFlunkie

Last edited by:

PerlFlunkie: Jan 8, 2006, 4:41 PM
Quote Reply
Re: [PerlFlunkie] Alternativ Solution to Antibot? In reply to
Forgot to mention, you will also need to create a directory named captcha within your www/links directory. You don't need to put anything in it; this is where the temporary, randomly-generated security image is stored.


Leonard
aka PerlFlunkie
Quote Reply
Re: [PerlFlunkie] Alternativ Solution to Antibot? In reply to
Hi Leonard.

many thanks! It works like a dream. :-)

There is only one problem left. When i dont input the Code i get an 500 Server error (premature end of script) instead of the error message.

Best,
Karl.
Quote Reply
Re: [Karl] Alternativ Solution to Antibot? In reply to
Glad it works for you! To fix the problem, change this is add.cgi:

if (keys %in != 0) {
($in{'code'} ne '') ? &captcha : &site_html_add_failure("You did not enter the security code.") and return;
}

Note also that to make it a bit easier for users to enter the correct code, you can change the length of the code to less than 8. In the new sub you added in db_utils.pl, change this number:

# generate crypt
$crypt = &generateCode(8);


Leonard
aka PerlFlunkie
Quote Reply
Re: [PerlFlunkie] Alternativ Solution to Antibot? In reply to
Hi Leonard,

thanks a lot, it works now!

is the line

else {
&site_html_add_failure("You did not enter the security code.") and return;
}


in add.cgi still nessesary?

many thanks for your help.

Best,
Karl

Last edited by:

Karl: Jan 9, 2006, 2:41 PM
Quote Reply
Re: [Karl] Alternativ Solution to Antibot? In reply to
Yes, but the message should be changed to something more like, "There is a problem with this page; please report it to site admin."

This should only show up if the code does not run correctly through captcha.pl.


Leonard
aka PerlFlunkie
Quote Reply
Re: [PerlFlunkie] Alternativ Solution to Antibot? In reply to
I am just trying this because it looks a little simpler and cleaner than the antibot.

I have just got this error.

CGI ERROR
==========================================
Error Message : fatal error: Undefined subroutine &main::generateCode called at /home/swapmeet/public_html/cgi-bin/links/admin/db_utils.pl line 629.

Script Location : add.cgi
Perl Version : 5.008


Line 629 is in the subroutine added:
$crypt = &generateCode(8); if ($crypt){

Thanks for the help!
Quote Reply
Re: [rcull] Alternativ Solution to Antibot? In reply to
I gotta look closer at how the code posts into these forums!
Looks like you probably have the 'require' line commented out. The code SHOULD look like this (I'll use preview post this time!):

Code:

sub create_captcha_form {
#-----------------------------------------------------------
# Create the form for add.cgi security

require "admin/captcha/captcha.pl"; # This is the path from add.cgi, not from db_utils.pl!
$crypt = &generateCode(8);

if ($crypt){
$i_width = $captcha_length*$captcha_width;
$output = qq|<img src="$captcha_webfolder/$crypt.png" width="$i_width" height="$captcha_height" border="0"><br>
<input type="hidden" name="crypt" value="$crypt">
Enter the characters you see in the image:
<input type="text" name="code" value=""><br>
Note: the numbers zero (0) and one (1) do not appear in the image.

Refresh/reload this page for a new image. If you are uncertain of a character, take your best guess.|;
return $output;
}
else{
&site_html_add_failure("Code not generated (file error)!
Check to be sure that the script is properly configured.") and return;
}
}


I added a comment, to clarify that the path of the required file is from add.cgi, which is where this sub is being called from. So even though this file is in the admin directory, the require statement needs to include admin/ as part of the path.


Leonard
aka PerlFlunkie

Last edited by:

PerlFlunkie: Jan 26, 2006, 6:53 PM
Quote Reply
Re: [PerlFlunkie] Alternativ Solution to Antibot? In reply to
Great, got that cleaned up, but I have moved to another error:

CGI ERROR
==========================================
Error Message : fatal error: source is not of type GD::Image at admin/captcha/captcha.pl line 162.

Script Location : add.cgi
Perl Version : 5.008



Line 162 in captcha.pl is:
$captcha_im->copy($captcha_source,$captcha_i*$captcha_width,0,0,0,$captcha_width,$captcha_height);


Thanks!
Quote Reply
Re: [rcull] Alternativ Solution to Antibot? In reply to
That's something that should be installed on your server, as a PHP module.
This site has lots of info on the GD library: http://www.boutell.com/gd/


Leonard
aka PerlFlunkie
Quote Reply
Re: [PerlFlunkie] Alternativ Solution to Antibot? In reply to
I thought this might be a good idea for me but I can't tell is the test script is working as it should or not.
http://www.fishhoo.com/...tcha/captchatest.cgi

Any thoughts?
---
Will
Webmaster
FishHoo! Search Index for Fishermen
http://www.fishhoo.com/
Quote Reply
Re: [willdeb] Alternativ Solution to Antibot? In reply to
Well, with no images appearing, I'd say not...


Leonard
aka PerlFlunkie
Quote Reply
Re: [PerlFlunkie] Alternativ Solution to Antibot? In reply to
That's what I thought too. Others seem to be having the same issue but there is not much activity on their support forum.
http://www.firstproductions.com/...splay;num=1116366363
---
Will
Webmaster
FishHoo! Search Index for Fishermen
http://www.fishhoo.com/
Quote Reply
Re: [willdeb] Alternativ Solution to Antibot? In reply to
I posted a reply there, see if it helps...


Leonard
aka PerlFlunkie
Quote Reply
Re: [PerlFlunkie] Alternativ Solution to Antibot? In reply to
Leonard,

See if you can do anything with this
http://www.scss.com.au/...ew/webdesign/msgimg/

He says it requires no modules.

Thanks
---
Will
Webmaster
FishHoo! Search Index for Fishermen
http://www.fishhoo.com/
Quote Reply
Re: [willdeb] Alternativ Solution to Antibot? In reply to
Thanks, that looks interesting. I have downloaded it and will play with it when I have time. Been trying to launch a new business, so have not been able to play with code much lately...


Leonard
aka PerlFlunkie
Quote Reply
Re: [PerlFlunkie] Alternativ Solution to Antibot? In reply to
Leo,

Did you ever get a chance to look at this?

Thanks,
Will
---
Will
Webmaster
FishHoo! Search Index for Fishermen
http://www.fishhoo.com/
Quote Reply
Re: [willdeb] Alternativ Solution to Antibot? In reply to
Well, no. Are you wanting to utilize it for something?


Leonard
aka PerlFlunkie
Quote Reply
Re: [PerlFlunkie] Alternativ Solution to Antibot? In reply to
Very possibly.
---
Will
Webmaster
FishHoo! Search Index for Fishermen
http://www.fishhoo.com/
Quote Reply
Re: [PerlFlunkie] Alternativ Solution to Antibot? In reply to
Well yeah, Leonard. If it will work, I would like to see it intergrated into add.cgi and modify.cgi.

Thanks,
---
Will
Webmaster
FishHoo! Search Index for Fishermen
http://www.fishhoo.com/
Quote Reply
Re: [willdeb] Alternativ Solution to Antibot? In reply to
If what you're after is secure-submission, use the captcha code in the first few posts in this thread. That's a neat little script, but using a randomly-generated code should be just as effective as encoding an IP address (per: Create a script similar to my msgimgdemo.pl that creates a special string of characters for the CAPTCHA. That string should encode something specific to the visitor of your page, such as their IP address, the time, their user agent, etc.)


Leonard
aka PerlFlunkie
Quote Reply
Re: [PerlFlunkie] Alternativ Solution to Antibot? In reply to
thanks.
---
Will
Webmaster
FishHoo! Search Index for Fishermen
http://www.fishhoo.com/
Quote Reply
Re: [willdeb] Alternativ Solution to Antibot? In reply to
Can someone please help, I have now been following the instructions in this thread for 5 hours and it seems to be getting worse. I know its probably easy to fix, but I just can't see the problem.

The latest error message is

CGI ERROR
==========================================
Error Message : fatal error: Undefined subroutine &main::captcha called at /kunden/homepages/0/d125879489/htdocs/at/cgi-bin/links/add.pl line 55.

sub main {
# --------------------------------------------------------
local (%in) = &parse_form;
# We are processing the form.
if (keys %in != 0) {
$in{'captcha'} ? &captcha : &site_html_add_failure("You are attempting to bypass our security.") and return;
}
# Otherwise we are displaying the form (in site_html.pl).
else {
if ($db_single_category) {
my %is_valid = map { $_ => 1 } &category_list;
$ENV{'HTTP_REFERER'} =~ s,/[^/]+\.[^/]+$,,;
$ENV{'HTTP_REFERER'} =~ m,$build_root_url/(.+?)/?$,;
$is_valid{$1} ? &site_html_add_form ($1) : &site_html_add_form ();
}
else {
&site_html_add_form ();
}
}
}
sub create_captcha_form {
#-----------------------------------------------------------
# Create the form for add.cgi security
require "admin/captcha/captcha.pl"; # This is the path from add.cgi, not from db_utils.pl!
$crypt = &generateCode(8);
if ($crypt){
$i_width = $captcha_length*$captcha_width;
$output = qq|<img src="$captcha_webfolder/$crypt.png" width="$i_width" height="$captcha_height" border="0"><br>
<input type="hidden" name="crypt" value="$crypt">
Enter the characters you see in the image:
<input type="text" name="code" value=""><br>
Note: the numbers zero (0) and one (1) do not appear in the image.
Refresh/reload this page for a new image. If you are uncertain of a character, take your best guess.|;
return $output;
}
else{
&site_html_add_failure("Code not generated (file error)! Check to be sure that the script is properly configured.") and return;
}
}

RED TEXT IS LINE 55 I think!

Please help me

Thanks Rob
Quote Reply
Re: [robah] Alternativ Solution to Antibot? In reply to
The line after the red one is the one causing your problem, as the script is looking for the captch subroutine. That is step #3 in the instructions... did you add it, too? If you attach a copy of your add.cgi, I'll look it over for ya.


Leonard
aka PerlFlunkie
> >