Closed chrishildebrandt closed 11 years ago
Yes ? What is the point exactly? That someone has bypassed the captcha? That is not uncommon of course. It is only a very simple captcha scheme.
Well, the point is if there is a script in the wild which did break the Formicula captcha, then we should slightly change the captcha scheme. I know it's just a simple one, but doing minimal changes to the scheme might get it un-hacked again for some time. Greetings, Chris
Hi,
ah ok in that sense. Do you have any suggestions to changing the captcha in its current form? In the end integration of re-captcha might also be an idea. This math test is just a bare minimum test. One could also think of the option of adding a question/answer combo alternative.
The little math test was actually very well working for several years with Formicula, my case is the first one I know about. Add that the math test is language independend. I would just slightly increase the complexity of the test, by adding a 3rd operation and/or making the test pics slightly less easy to read for text recognition software. And of course the option to add a question - as we already do at Core user registration - would be great. Greetings, Chris
There is now a reCaptcha hook in @craigh's repo
Ah great !!
2011/11/3 Drak < reply@reply.github.com>
There is now a reCaptcha hook in @craigh's repo
Reply to this email directly or view it on GitHub: https://github.com/landseer/Formicula/issues/23#issuecomment-2615688
See about the re-captcha hook: https://github.com/craigh/Captcha and http://www.google.com/recaptcha/learnmore
you will need an api key to use the service: http://code.google.com/apis/recaptcha/intro.html
IMPORTANT: Don't forget to set comments permissions for the Captcha module if anonymous users should use this hook.
And a re-install is needed I noticed when you were already using a github version. At least in my case, but after that it works fine. Maybe the regular Activate spamcheck should also be adjusted. When the captcha hook is available the regular spamcheck makes no sense right?
One other thing the message when the re-captcha hook does not validate:
User.php:266: return LogUtil::registerError($this->__('The validation of the hooked security module was incorrect. Please try again.'), null, ModUtil::url('Formicula', 'user', 'main', array('form' => $form)));
is not the most user friendly. Not sure if users understand that this means that they filled in the captcha part wrong.
I would be glad if you could optimize the code.
:-D ok, will take a look then. I dont think there will be other security module hooks in formicula right? Then I can change the string to something along the line of spamcheck.
It would be nice actually if the hooked module would supply some sort of string what it does. The subscriber does not know exactly what a certain hook is doing.
But some minor changes will certainly help here. Maybe when captcha is hooked then also a link to the captcha module settings would be nice in formicula settings. And some descriptive text somewhere, that this is also possible. Ah well, enough ideas to make it more clear. Will try to take a look at it.
"The subscriber does not know exactly what a certain hook is doing."
This is by design. @drak made it work that way. the subscriber isn't supposed to know.
The bundle that's we use for forms is simply designed to hook into the form submission workflow, able to veto the submission of a form if it doesn't validate and save data when the entire form validates.
Clear. Just some streamlining of the process within Formicula will make it more clear for users. It works perfect, the hook system with the validation.
Check this part and disable the regular simple captcha check when the validation hook is there and see comments above on the code.
On Tue 25/10/11 3:23 PM , Captcha bypass yhboeqfuru@hctywc.com wrote: