From a215ae01538546363c8011702b8a934102812a33 Mon Sep 17 00:00:00 2001 From: Myron Turner Date: Sun, 28 Dec 2014 08:31:33 -0600 Subject: [PATCH 1/5] adds facility for using captcha at login --- action.php | 43 ++++++++++++++++++++++++++++++++++++++++++- conf/default.php | 1 + conf/metadata.php | 1 + lang/en/settings.php | 1 + plugin.info.txt | 2 +- 5 files changed, 46 insertions(+), 2 deletions(-) diff --git a/action.php b/action.php index 92aab02..2999ddf 100644 --- a/action.php +++ b/action.php @@ -63,6 +63,15 @@ function register(&$controller) { array('editform' => false, 'oldhook' => false) ); } + if($this->getConf('loginprotect')) { + $controller->register_hook( + 'HTML_LOGINFORM_OUTPUT', + 'BEFORE', + $this, + 'handle_login_form', + array() + ); + } } /** @@ -70,6 +79,12 @@ function register(&$controller) { */ function handle_act_preprocess(&$event, $param) { $act = $this->_act_clean($event->data); + + if($this->getConf('loginprotect')) { + $this->handle_login(); + return; + } + if(!('save' == $act || ($this->getConf('regprotect') && 'register' == $act && $_POST['save'])) @@ -97,6 +112,7 @@ function handle_act_preprocess(&$event, $param) { /** * Create the additional fields for the edit form + * @author Myron Turner */ function handle_editform_output(&$event, $param) { // check if source view -> no captcha needed @@ -125,7 +141,32 @@ function handle_editform_output(&$event, $param) { $event->data->insertElement($pos++, $out); } } - + /** + * Insert captcha into login form if loginprotect is true + * url parameter: chk=captcha_check, identifies login mode + * @author Myron Turner + */ + function handle_login_form(&$event, $param) { + $pos = $event->data->findElementByAttribute('type', 'submit'); + $helper = plugin_load('helper', 'captcha'); + $out = $helper->getHTML(); + $event->data->_hidden['chk'] = 'captcha_check'; + $event->data->insertElement($pos+1, $out); + } + + function handle_login() { + if(isset($_REQUEST['capt']) && $_REQUEST['capt'] == 'r') { + msg($this->getLang('testfailed'), -1); + } + if(isset($_REQUEST['chk'])) { + $helper = $this->loadHelper('captcha', true); + if(!$helper->check()) { + $url = DOKU_URL . 'doku.php?&do=logout&capt=r'; + header("Location: $url"); + exit(); + } + } + } /** * Pre-Sanitize the action command * diff --git a/conf/default.php b/conf/default.php index 7861b94..8f5fbf6 100644 --- a/conf/default.php +++ b/conf/default.php @@ -13,3 +13,4 @@ $conf['height'] = 22; $conf['question'] = 'What\'s the answer to life, the universe and everything?'; $conf['answer'] = '42'; +$conf['loginprotect'] = 0; diff --git a/conf/metadata.php b/conf/metadata.php index c0c66d4..e17ebb7 100644 --- a/conf/metadata.php +++ b/conf/metadata.php @@ -13,3 +13,4 @@ $meta['height'] = array('numeric', '_pattern' => '/[0-9]+/'); $meta['question'] = array('string'); $meta['answer'] = array('string'); +$meta['loginprotect'] = array('onoff'); diff --git a/lang/en/settings.php b/lang/en/settings.php index eee2f82..94889c0 100644 --- a/lang/en/settings.php +++ b/lang/en/settings.php @@ -21,3 +21,4 @@ $lang['height'] = "Height of the CAPTCHA image (pixel)"; $lang['question'] = "Question for fixed question mode"; $lang['answer'] = "Answer for fixed question mode"; +$lang['loginprotect'] = "Protect login form"; diff --git a/plugin.info.txt b/plugin.info.txt index ae49ee6..cfbc5a6 100644 --- a/plugin.info.txt +++ b/plugin.info.txt @@ -1,7 +1,7 @@ base captcha author Andreas Gohr email andi@splitbrain.org -date 2014-01-05 +date 2014-12-28 name CAPTCHA Plugin desc Use a CAPTCHA challenge to protect DokuWiki against automated spam url http://www.dokuwiki.org/plugin:captcha From 232a7427cfba262fb51e944981e446f20f667e59 Mon Sep 17 00:00:00 2001 From: Myron Turner Date: Sun, 28 Dec 2014 08:45:24 -0600 Subject: [PATCH 2/5] updates to comments --- action.php | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/action.php b/action.php index 2999ddf..c9f4586 100644 --- a/action.php +++ b/action.php @@ -143,7 +143,7 @@ function handle_editform_output(&$event, $param) { } /** * Insert captcha into login form if loginprotect is true - * url parameter: chk=captcha_check, identifies login mode + * @url parameter: chk=captcha_check, identifies login mode * @author Myron Turner */ function handle_login_form(&$event, $param) { @@ -154,6 +154,16 @@ function handle_login_form(&$event, $param) { $event->data->insertElement($pos+1, $out); } + /** + * Redirect with additional parameters if captcha fails and + * output 'testfailed' message on re-load + * + * @url_params: + * do=logout => to force logout + * capt=r => to identify on reload that the captcha has failed + * + * @author Myron Turner + */ function handle_login() { if(isset($_REQUEST['capt']) && $_REQUEST['capt'] == 'r') { msg($this->getLang('testfailed'), -1); From c9054e29ee7ddd4997b59e5976a27a91d4ab0315 Mon Sep 17 00:00:00 2001 From: Myron Turner Date: Sun, 28 Dec 2014 08:55:02 -0600 Subject: [PATCH 3/5] some tidying --- action.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/action.php b/action.php index c9f4586..7bc01ab 100644 --- a/action.php +++ b/action.php @@ -112,7 +112,7 @@ function handle_act_preprocess(&$event, $param) { /** * Create the additional fields for the edit form - * @author Myron Turner + * @author Myron Turner */ function handle_editform_output(&$event, $param) { // check if source view -> no captcha needed @@ -144,7 +144,7 @@ function handle_editform_output(&$event, $param) { /** * Insert captcha into login form if loginprotect is true * @url parameter: chk=captcha_check, identifies login mode - * @author Myron Turner + * @author Myron Turner */ function handle_login_form(&$event, $param) { $pos = $event->data->findElementByAttribute('type', 'submit'); @@ -153,12 +153,12 @@ function handle_login_form(&$event, $param) { $event->data->_hidden['chk'] = 'captcha_check'; $event->data->insertElement($pos+1, $out); } - + /** * Redirect with additional parameters if captcha fails and * output 'testfailed' message on re-load * - * @url_params: + * @url_params * do=logout => to force logout * capt=r => to identify on reload that the captcha has failed * From 8577fb96e48e4bdc01e10c76b3afea654a07ab0d Mon Sep 17 00:00:00 2001 From: Myron Turner Date: Wed, 31 Dec 2014 10:18:13 -0600 Subject: [PATCH 4/5] Updates on recommendations from Andi --- action.php | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/action.php b/action.php index 7bc01ab..a71f7d3 100644 --- a/action.php +++ b/action.php @@ -164,15 +164,13 @@ function handle_login_form(&$event, $param) { * * @author Myron Turner */ - function handle_login() { - if(isset($_REQUEST['capt']) && $_REQUEST['capt'] == 'r') { - msg($this->getLang('testfailed'), -1); - } + function handle_login() { if(isset($_REQUEST['chk'])) { $helper = $this->loadHelper('captcha', true); if(!$helper->check()) { - $url = DOKU_URL . 'doku.php?&do=logout&capt=r'; - header("Location: $url"); + msg($helper->getLang('testfailed'), -1); + $url = wl('',array('do'=>'logout'), true, '&') ; + send_redirect($url); exit(); } } From 645e2f17e75b521544473945e875fbef10210d7a Mon Sep 17 00:00:00 2001 From: Myron Turner Date: Wed, 31 Dec 2014 10:26:03 -0600 Subject: [PATCH 5/5] Update to handel_login() comment --- action.php | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/action.php b/action.php index a71f7d3..36b3667 100644 --- a/action.php +++ b/action.php @@ -158,9 +158,7 @@ function handle_login_form(&$event, $param) { * Redirect with additional parameters if captcha fails and * output 'testfailed' message on re-load * - * @url_params - * do=logout => to force logout - * capt=r => to identify on reload that the captcha has failed + * @url_param: do=logout => to force logout * * @author Myron Turner */