Human Beeing verification with Captchas

The purpose of the so called captchas are the verification of beeing a real person when entering anonymous data/comments (with or without giving a real name) and not a spam bot that automaticaly adds Google poisoning data to large numbers of interactive web pages. is a example for how this has been implemented in Serendipity and IMO can be done in Jaws as well.

Parts to implement

IMO this should be implemented as plugin, with all the regular activation and configuration interfaces, but not working on text contents but extending pages that need verification.

In order to do this properly, some things would be required:

  • a table where gadgets accepting captchas support can register themselves, and where the “captchas enable flag” can be stored. Sth. like:

capthas_registration (varchar gadget, bool knows_captash, bool uses_captcha)

  • each gadget using captcha support would need to have two/three hooks (variation points) where the captcha plugin is called:
    1. the first would be in the code that prints the “Comment editing” page so the captcha plugin runs, generates a code and a pixmap for it and then passes the “<img src=…>” snipped to the caller
    2. the other one would be in the current comment validation part, which would run the plugin to verify whether the passed code does match the generated one
    3. the third “cleanup” hook also in the validation plugin, removing the pixmap on the server if everything has been ok

Technical details

In theory, the char images can be drawn with php’s imagestring method and different. Then rotated, scaled and merged together (maybe even slightly overlapping). To confuse the spam bots, the background can be rendered with some patterns (using the same colors as chars).

Request for Comments

I am not very familiar with the internals of Jaws. Take all of the above as brainstorming, not strong guidelines.

Created by Eduard Bloch

  /var/www/wiki/htdocs/data/jaws/proposals/captchas.txt · Last modified: 2007/11/02 16:27