Enter CAPTCHA (thanks, hide, for turning me on to that!). We can generate an image with letters, numbers, etc. and display them on our form, then ask our user to tell us what they are. The easiest way I have found to do this is using GD::SecurityImage. With a little work, we can produce an image like so:
use GD::SecurityImage;
my $image = GD::SecurityImage->new(width => 150,
height => 40,
lines => 10,
font => "/Library/Fonts/Arial",
ptsize => 18,
bgcolor => "#FFFF00",
);
$image->random();
$image->create(ttf => 'rect');
$image->particle(300);
my($image_data, $mime_type, $random_number) = $image->out;
open IMAGE, "> /path/to/images/image.png";
binmode IMAGE;
print IMAGE $image_data;
close IMAGE;
print $request->header($mime_type);
print $request->start_html, "<img src=\"http://localhost/images/
image.png\">", $request->end_html;
(yes, ugly, but it's a quick example).What an awful lot of work just to get a random string of characters and an image that goes with it! This is just asking for a plugin!
I've been toying with some ideas since last night, and what I am looking for is an easier way to generate images, get the random string, verify the security string, and eventually clean up the images we generate. So far, my (rough) interface looks something like this:
use CGI::Application::Plugin::CAPTCHA;
sub setup
{
my $self = shift;
$self->captcha_config(
IMAGE_OPTIONS => {
width => 150,
height => 40,
lines => 10,
font => "/Library/Fonts/Arial",
ptsize => 18,
bgcolor => "#FFFF00",
},
CREATE_OPTIONS => [ 'ttf', 'rect' ],
PARTICLE_OPTIONS => [ 300 ],
PATH => "/tmp/",
);
}
sub runmode
{
my $self = shift;
my ($sec_string, $image_file) = $self->create_captcha();
}
sub runmode_process
{
return "Verified!" if $self->verify_captcha('cgi_param_name');
# or...
return "Verified!" if $self->verify_captcha($session_id,
'cgi_param_name');
}I think the above will work, but I'm not sure if I like how verify_captcha() works.
I still have the following things I'm not sure about how to best implement:
- Image storage: I can either create the images on the filesystem, or build them in a memory-based cache (which would mean the plugin needs to add a runmode that returns an image only - doesn't sound like the best way to me). In any case, there needs to be a good way of cleaning up old images. Suggestions?
- Session management: We need a good place to store the session id => captcha mappings. An in-memory cache would be good, but if we're already using a session management mechanism, why not use it? Problem is how do we integrate with multiple session management mechanisms? My thought, for now, would be to have an in-memory cache, and if the programmer is using CAP::Session to use it instead,
I leave it up to the user to determine best how to put the CAPTCHA on their form. create_captcha() will give them the ability to get the random string of characters produced and the path and filename to the image.
I could really use some feedback for this one - it's a much more ambitious plugin than I've tried before, and I'm not sure if my methods are the best way that some of this could be implemented. It seems as if this could be a pretty useful plugin if I could just get a few more things hammered down.
Thanks in advance, looking forward to a discussion!
--- Jason
---------------------------------------------------------------------
Web Archive: http://www.mail-archive.com/suppressed/
http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2
To unsubscribe, e-mail: suppressed
For additional commands, e-mail: suppressed
Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.