Forum OpenACS Q&A: Captchas for the register form

Posted by César Clavería on 03/14/07 07:20 PM

Hello,

I want to share something we have been using for some time to generate a captcha image in the user registration form.

We use the ImageMagick library with the TclMagick interface to create an image, based of a background image, and then we write some random text on it, you can see how this working in (https://oacsrocks.org/register/user-new )

ImageMagick comes pre-installed in many linux distributions and TclMagick is usually not hard to get (out from repositories or compiled from source) or even you can get a really simple build from pragana.net http://www.pragana.net/tclmagick-simple-build.tar.gz

First you will need some images for use as backgrounds and place them in some public directory, for example the first time I did this the backgrounds and generated captchas went to /myserverroot/www/captchas

I made a little zip with some background images and the captchas-proc.tcl file, I usually place this file under the acs-subsite/tcl/ directory.

here is the zip:

Then we edited the file at /acs-subsite/lib/user-new.tcl and added this ad_page_contract

ad_page_contract {
register form with captchas
} {
{captcha_id {[captcha::create]} }
}

Then we extended the register form with this new couple of fields, the captcha_id and the captcha_text:

ad_form -extend -name register -form {
{captcha_id:text(hidden) {value $captcha_id } {after_html "<td> </td><td><img src=[captcha::get_filename $captcha_id] ></td>" } }
{captcha_text:text {label "Enter the text above"} }
}

The database table for the captchas is very simple, we use a definition like this:

create table captchas
(
captcha_id integer default nextval('captcha_seq'),
captcha_file varchar(200),
captcha_text varchar(20),
primary key (captcha_id)
);

with a sequence for the captcha_id

CREATE SEQUENCE captcha_seq;

I hope this helps someone, any doubts, comments, corrections and tips for improvement will be greatly appreciated.

2: Re: Captchas for the register form (response to 1)

Posted by César Clavería on 03/14/07 08:13 PM

Here is the zip with the files: https://openacs.org/storage/view/captchas.zip

3: Re: Captchas for the register form (response to 1)

Posted by Orzenil Silva Junior on 03/18/07 09:43 PM

Hi César,

Your approach to generate image captchas to openacs forms is very easy to implement. I just downloaded tclmagick simple build from Praganas' website as you suggested and unzipped it inside tcldir in my linux box.

The only additional step i did was create a validation block for ad_form in the tcl page script:

} -validate {captcha_text
{[captcha::validate $captcha_id $captcha_text]}
"Text must match!"
}
}

It works fine!

My only concern with this approach is inaccessibility of image CAPTCHA to users who are blind, have low vision, or have a learning disability such as dyslexia.

My question is: are you working on some kind of alternative to image captchas like audio CAPTCHAs or other? Maybe it could be a good openacs web accessibility project for google summer of code 2007 (see http://www.openacs.org/xowiki/GSoC).

Alternatives to image captchas see this W3C paper:

http://www.w3.org/TR/turingtest/

4: Re: Captchas for the register form (response to 1)

Posted by Torben Brosten on 03/18/07 10:34 PM

I haven't had a chance to follow up on those links, but just wanted to mention that..

Festival may be able to provide the alternative audio file[1], or with a library of audio files that spell out letters (such as from asterisk[2]), one could join files to produce the alternate audio.

1. http://www.cstr.ed.ac.uk/projects/festival/
2. http://www.voip-info.org/wiki/view/Asterisk+sound+files

5: Re: Captchas for the register form (response to 4)

Posted by Orzenil Silva Junior on 03/19/07 12:22 AM

Thanks, Torben. As i could read about it festival works with MBROLA system and the voices database that project already has. It sounds very interesting.

Here in Brazil one of our federal universities - Universidade Federal do Rio de Janeiro - is developing a software called SINAL - Sistema Interativo de Navegação no Linux (Linux Interactive Navigation System) to enable web accessibility to users who are blind. SINAL is going to use MBROLA as far as i know.

link to MBROLA voices database:
http://tcts.fpms.ac.be/synthesis/mbrola/mbrcopybin.html

link to MBROLA project website:
http://tcts.fpms.ac.be/synthesis/mbrola.html

6: Re: Captchas for the register form (response to 1)

Posted by Matthew Burke on 03/20/07 04:04 PM

Two things to point out:

1. I cannot recall where I read this, but one approach I've seen described works roughly as follows:

Use the CSS nodisplay to hide a field on a form and then reject the form if the field is filled in. The idea is that spambots won't see the css and fill the field in. In case a human browser has disabled or doesn't have CSS and actually sees this dummy field, you can label it something like "Email address, but don't actually fill this in"

Anyway you get the idea.

2. One of the Ruby Quizzes (http://www.rubyquiz.com/quiz48.html) outlines an approach for "Turing Test" CAPTCHAs. It would be pretty easy to port the idea into Tcl.

Matt

7: Re: Captchas for the register form (response to 6)

Posted by César Clavería on 03/20/07 04:18 PM

Both are a pretty interesting and clever approach, thanks for the info.

I have been improving the captcha script a little bit, now it doesnt requires any use of database and the images have moved to a more standard location because it seems this will be integrated to openacs in a not so distant future.

8: Re: Captchas for the register form (response to 3)

Posted by César Clavería on 03/20/07 04:26 PM

Thank you for pointing that out, I'm not working right now in anything like that but I think this is an important subject that I left out. And the idea about working on this in the summer of code is pretty good.

9: Re: Captchas for the register form (response to 1)

Posted by César Clavería on 03/21/07 08:17 PM

Hello, here is an updated version of the captchas procedures and images. https://openacs.org/storage/view/captchas.zip

Now there is no need to add tables to the database, but TclMagick is still required. The image con enabled/disabled with a parameter.

The zip contains:

The directory captchas, with some background images (this directory is expected to be placed on /acs-subsite/www/shared because the procs default to that location)

the file captcha-procs.tcl

A file, acs-subsite.diff, this needs to be applied to the acs-subsite package, the changes are:

- adds a new parameter to the acs-subsite.info file.
- Adds the necessary lines to /acs-subsite/lib/user-new.tcl for the captchas to work.

-------------------------

Entry for this subject on the bugTracker: https://openacs.org/bugtracker/openacs/bug?bug%5fnumber=3088

10: Re: Captchas for the register form (response to 1)

Posted by Atif Ali on 06/10/07 01:00 PM

HI ,

I have been trying to compile tclmagick on my linux macheins, but it always fails .

Since you have gone thru the whole cycle can you please help me understanding these ;
1) On the tclmagick site it says that it will work with pure tcl , tk is not required , but i can not compile it without tk. unfortunatley when i try to install tk it requires certain X libraries which i dont have on the server .
2) can you tell me what X libraries do i need to compile tclmagick ?
3) I installed graphicsmagick and tried to compile tclmagick against it , but it again gave me errors about tk and I get Xlib.h not found when i try to compile tclmagick.

on this post i think you mentioned pagna simple compiled tcl magick , what do i need to use it ? do i need imagemagick installed in a certain folder ? as when i tried to run ./compile in the folder of tclmagik -simple it gave me errors.

I have been trying to compile tclmagick on my servers , I dont have tk or X11 installed ? can you please help me.

thanks

11: Re: Captchas for the register form (response to 10)

Posted by César Clavería on 06/11/07 04:24 PM

Hello,

yes, TclMagick "should" work without Tk installed or X11, but I haven't been able to make it work that way neither.

for using the pragana simple build of Tcl-magick, yes, you will need ImageMagick installed, and its libraries installed in something like /usr/lib/libMagick.so.7

12: reCAPTCHA proposal (response to 11)

Posted by Alessandro Landim on 04/20/10 10:15 PM

Hi everyone,

What do you think about use reCAPTCHA.net to resolve the Inaccessibility of CAPTCHA?

I've developed a package that use this service and can provide this check in ad_form.

Try to download it at: http://dl.dropbox.com/u/6061429/recaptcha/recaptcha.tar.gz

You need create an account at www.recaptcha.net and get the public and private key. After this, add this keys in /recaptcha/public_key.txt and /recaptcha/private_key.txt.

To use it in ad_form, add this line:

recaptcha::create -form $adform_name

and add a validate in ad_form

-validate {
        {recaptcha_service
                {[recaptcha::check -challenge_field $recaptcha_challenge_field -response_field $recaptcha_response_field]}
                "\"#<span>recaptcha.Title</span>#\" #<span>recaptcha.Error</span>#"
        }
}

In my blog I posted an image of this usage http://alessandrolandim.blogspot.com/2010/04/recaptchanet-no-openacs.html

13: Re: reCAPTCHA proposal (response to 12)

Posted by Dave Bauer on 04/21/10 08:47 PM

This sounds good. I will try to review this.

14: Re: reCAPTCHA proposal (response to 13)

Posted by Torben Brosten on 04/21/10 09:05 PM

This is great.

Please make sure code works well when connecting securely.

More info under "Using reCAPTCHA on an https site" at http://recaptcha.net/apidocs/captcha/client.html