create new tag
, view all tags
THIS PLUGIN IS OBSOLETE, as it was renamed to CaptchaPlugin when it was updated for TWiki 4 release. Please use this VisualConfirmPlugin only if you need the functionality for older TWiki versions.

VisualConfirmPluginDev Discussion: Page for developer collaboration, enhancement requests, patches and improved versions on VisualConfirmPlugin contributed by the TWikiCommunity.
• Please let us know what you think of this extension.
• For support, check the existing questions, or ask a new support question in the Support web!
• Please report bugs below

Feedback on VisualConfirmPlugin

Where to put private data?

Any suggestions on where to store the hash db files?? Somehow, pub/visualconfirm/db is not such a good place, since private is not public smile

-- KoenMartens - 09 Oct 2005

To confirm the need for an answer to your question, just try your code against DakarRelease with AutomaticAttachments switched on! Same goes when it is turned off - see SecuringAttachments - you will note that just going to yourserver.com/twiki/pub/visualconfirm/db will likely show a listing.

Koen, does this produce a visual Capature confirmation code? That would be useful as a standard feature for Dakar.

I'd be concerned at needing the whole of the GD library though: is there a lighter weight one available?

-- MartinCleaver - 12 Oct 2005

About the dakar release problem, renaming db to _db should fix this, right? The db directory should be protected in the httpd configuration anyway to prevent direct access, unfortunatelly the standard setup of twiki (sept04 release) does not allow one to do this with .htaccess.. I'll have to try dakar release myself, didn't install that before.

About the question whether it produces Capature confirmation code, you'd have to provide me with some info/url about what Capature is first smile

Finally, I see there is a more light-weight alternative in cpan: Imager which only needs freetype2 and libpng to produce the same sort of graphics. I'll put that in.

-- KoenMartens - 12 Oct 2005

Thanks Koen for contributing this Plugin and sharing it with the TWikiCommunity smile

I made a small change to the SHORTDESCRIPTION.

How about measuring and documenting the PluginBenchmarks?

-- PeterThoeny - 02 Nov 2005

I'll measure this soon, when i've got some more time on it.. I'll have to look into how this works anyway. Been off this for a while now, busy busy busy.. I will get that light weight version done too, can someone please make the earth rotate just a slight bit slower so that there are more hours in a day! Thanks smile

-- KoenMartens - 03 Nov 2005

I tried to slow down the rotation, I need it myself. No luck.

It think the db file is reasonably safe if in the Plugin's attachment directory you prefix it with an underscore and if you protect the directory with an .htaccess file. See also TWikiPlugins#Recommended_Storage_of_Plugin_Da

-- PeterThoeny - 03 Nov 2005

There is a problem when running Perl in Safe-Mode (-T). The parameter to unlink in line 126 of VisualConfirmPlugin.pm is considered unsafe. So unlink fails.

-- ChrisHuebsch - 07 Nov 2005

What version of perl is that? Seems to unlink fine here with tainted mode (-T) on, but just to be sure i'll untaint it.. While doing that, i noticed there is more wrong with that part of the code, which i'll be fixing now.. Finally found some time, so I guess Peter succeeded in slowing down that rotation afterall smile

-- KoenMartens - 02 Jan 2006

Oh, and i checked Imager as a light-weight alternative to GD, but is doesn't provide some of the functionality in the same easy way. Maybe i will add some of the wanted functionality to Imager, or remove some functionality from the plugin if Imager is used.

Still have to work on the data dir issue though.

-- KoenMartens - 03 Jan 2006

I did not really pay attention to what the Plugin does (there are so many Plugins smile ) This is a CAPTCHA for TWiki registration.

-- PeterThoeny - 03 Jan 2006

A couple of months ago I wrote a little plugin (VisualConfirmPlugin) that asks for visual confirmation when a user registers. It is a bit unpolished yet, and untested with DakarRelease (although that will soon come as i am in the process of upgrading all my twiki installations to DakarRelease).

-- KoenMartens - 09 Feb 2006

(I cross-posted Koen's comment above from WikiSpam.)

When you upgrade the Plugin, could you try to keep it compabile with Cairo and Dakar codebase? HandlingCairoDakarPluginDifferences has more.

-- PeterThoeny - 09 Feb 2006

Quite useful, would be killer with BlackListPlugin since it does registrations filtering too as well as the topic text filtering. Please update this ASAP smile .

-- EricCote - 27 Feb 2006

I've been a bit lazy at this one lately. Since Dakar had its email confirmation regime, i thought i was safe. But at least one spammer went to the trouble of setting up a throw-away email address to use for confirmation in the past month, so my interest in this plugin is renewed. Maybe I better check what state CAPTCHA is in first..

-- KoenMartens - 20 Jun 2006

FYI - I tried to install this plugin a while back but got hung-up somewhere in the process of finding & installing all of the necessary PNG libraries.

The first user to try and register since that time received an error message :

   Visual Confirmation failed
   Common.TWikiRegistration (oops)

The visual confirmation has expired.

Please go back in your browser and try again.

My first response to this was to add the VisualConfirmPlugin to the disabled plugins list in TWikiPreferences. However, this was not sufficient to disable the plugin.

The only way to get 'round the error was to back out the edits made to /bin/register

Guess the reason for this post is to share that perhaps this plugin does not check whether it has been disabled in TWikiPreferences ?

-- KeithHelfrich - 30 Jun 2006

Koen, if you re-work the Plugin for Dakar, how about renaming it CaptchaPlugin?

-- PeterThoeny - 03 Jul 2006

I think the rework for dakar will come very soon, and renaming it sounds like plan.

I will also see whether i can make the changes to register a bit more friendly in combination with the disabling of the plugin..

-- KoenMartens - 24 Jul 2006

THIS PLUGIN IS OBSOLETE, as it was renamed to CaptchaPlugin when it was updated for TWiki 4 release. Please use this VisualConfirmPlugin only if you need the functionality for older TWiki versions.

Edit | Attach | Watch | Print version | History: r16 < r15 < r14 < r13 < r12 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r16 - 2006-08-03 - PeterThoeny
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2018 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.