NAME
CGI::Application::Plugin::CAPTCHA - Easily create, use, and verify
CAPTCHAs in CGI::Application-based web applications.
VERSION
Version 0.01
SYNOPSIS
# In your CGI::Application-based web application module. . .
use CGI::Application::Plugin::CAPTCHA;
sub setup
{
my $self = shift;
$self->run_modes([ qw/
create
# Your other run modes go here
/]);
$self->captcha_config(
IMAGE_OPTIONS => {
width => 150,
height => 40,
lines => 10,
font => "/Library/Fonts/Arial",
ptsize => 18,
bgcolor => "#FFFF00",
},
CREATE_OPTIONS => [ 'ttf', 'rect' ],
PARTICLE_OPTIONS => [ 300 ],
);
}
# Create a run mode that calls the CAPTCHA creation method...
sub create
{
my $self = shift;
return $self->captcha_create;
}
# In a template far, far away. . .
<img src="/delight/Ident/create"> (to generate a CAPTCHA image)
# Back in your application, to verify the CAPTCHA...
sub some_other_runmode
{
my $self = shift;
my $request = $self->query;
return unless $self->captcha_verify($request->cookie("hash"), $request->param("verify"));
}
DESCRIPTION
"CGI::Application::Plugin::CAPTCHA" allows programmers to easily add and
verify CAPTCHAs in their CGI::Application-derived web applications.
A CAPTCHA (or Completely Automated Public Turing Test to Tell Computers
and Humans Apart) is an image with a random string of characters. A user
must successfully enter the random string in order to submit a form.
This is a simple (yet annoying) procedure for humans to complete, but
one that is significantly more difficult for a form-stuffing script to
complete without having to integrate some sort of OCR.
CAPTCHAs are not a perfect solution. Any skilled, diligent cracker will
eventually be able to bypass a CAPTCHA, but it should be able to shut
down your average script-kiddie.
"CGI::Application::Plugin::CAPTCHA" is a wrapper for GD::SecurityImage.
It makes it more convenient to access GD::SecurityImage functionality,
and gives a more CGI::Application-like way of doing it.
When a CAPTCHA is created with this module, raw image data is
transmitted from your web application to the client browser. A cookie
containing an encrypted hash is also transmitted with the image. When
the client submits their form for processing (along with their
verification of the random string), "captcha_verify()" encrypts the
verification string with the same salt used to encrypt the hash sent in
the cookie. If the newly encrypted string matches the original encrypted
hash, we trust that the CAPTCHA has been successfully entered, and we
allow the user to continue processing their form.
The author recognizes that the transmission of a cookie with the CAPTCHA
image may not be a popular decision, and welcomes any patches from those
who can provide an equally easy-to-implement solution.
FUNCTIONS
captcha_config()
This method is used to customize how new CAPTCHA images will be created.
Values specified here are passed along to the appropriate functions in
GD::SecurityImage when a new CAPTCHA is created.
It is recommended that you call "captcha_config()" in the
"cgiapp_init()" method of your CGI::Application base class, and in the
"setup()" method of any derived applications.
The following parameters are currently accepted:
IMAGE_OPTIONS
This specifies what options will be passed to the constructor of
GD::SecurityImage. Please see the documentation for GD::SecurityImage
for more information.
CREATE_OPTIONS
This specifies what options will be passed to the "create()" method of
GD::SecurityImage. Please see the documentation for GD::SecurityImage
for more information.
PARTICLE_OPTIONS
This specifies what options will be passed to the "particle()" method of
GD::SecurityImage. Please see the documentation for GD::SecurityImage
for more information.
captcha_create()
Creates the CAPTCHA image, and return a cookie with the encrypted hash
of the random string. Takes no arguments.
The cookie created in this method is named "hash", and contains only the
encrypted hash. Future versions of this module will allow you to specify
cookie options in greater detail.
captcha_verify()
Verifies that the value entered by the user matches what was in the
CAPTCHA image. Argument 1 is the encrypted hash from the cookie sent by
"captcha_create()", and argument 2 is the value the user entered to
verify the CAPTCHA image. Returns true if the CAPTCHA was successfully
verified, else returns false.
AUTHOR
Jason A. Crome, "<cromedome@cpan.org>"
TODO
* Allow "captcha_config()" to take cookie configuration arguments.
* Allow the plugin to actually create a run mode in your
CGI::Application-based webapp without the developer having to
manually create one.
BUGS
Please report any bugs or feature requests to
"bug-cgi-application-plugin-captcha@rt.cpan.org", or through the web
interface at
<http://rt.cpan.org/NoAuth/ReportBug.html?Queue=CGI-Application-Plugin-C
APTCHA>. I will be notified, and then you'll automatically be notified
of progress on your bug as I make changes.
CONTRIBUTING
Patches, questions, and feedback are welcome.
ACKNOWLEDGEMENTS
A big thanks to Cees Hek for providing a great module for me to borrow
code from (CGI::Application::Plugin::Session), to Michael Peters and
Tony Fraser for all of their valuable input, and to the rest who
contributed ideas and criticisms on the CGI::Application mailing list.
SEE ALSO
CGI::Application GD::SecurityImage Wikipedia entry for CAPTCHA -
<http://en.wikipedia.org/wiki/Captcha>
COPYRIGHT & LICENSE
Copyright 2005 Jason A. Crome, all rights reserved.
This program is free software; you can redistribute it and/or modify it
under the same terms as Perl itself.