ReCaptcha

Summary: Slow down spammers with Google reCAPTCHA.

Version: 0.0.3

Prerequisites: Javascript enabled, two most recent versions of Chrome, Firefox, IE, Safari

Status: Active

Maintainer: DaveG

Download: ZIP

License: Dual licensed under the MIT and GPL licenses.

Discussion: Comments and Questions ?

Users: (View ? / Edit)

Description

This recipe implements Google reCAPTCHA. reCAPTCHA can be embedded into forms used by PmWiki. The ReCaptcha recipe works by displaying a "I'm not a robot" test as part of an input form. Requests to save a page that don't pass the ReCaptcha will be denied, with an opportunity to re-submit. For example:

(:input form action={*$PageUrl} method=post:)
(:input default request=1:)
(:recaptcha:)
(:input submit:)
(:input end:)

The ReCaptcha widget looks like this using default settings:

Download and Install

Register: Register a new site and obtain public and private keys from Google:
- Goto reCAPTCHA Admin
- Register a new site. You can enter mutiple domains.
- Once registered, you'll be shown a "Site Key" and a "Secret Key". You'll need these in the config step.
- Optional: Further down the registration page you'll see Advanced settings where you can make the reCAPTCHA easier, or more difficult.
Download: Download the latest version as a ZIP file.
- Copy contents into the cookbook/ directory. You'll have a recaptcha directory in cookbook.

Configure: Add this to local/config.php, using your own site and secret keys between quotes. The condition will allow users with Edit permissions to by-pass the ReCaptcha:

$rc_Settings = array (
   'sitekey' => '',  // paste your Site Key between quotes
   'secret' => ''    // paste your Secret Key between quotes
);
if (!CondAuth($pagename,'edit'))
   include_once("$FarmD/cookbook/recaptcha/recaptcha.php");

Display: Add the widget towards the end of the form you want to protect. For example, to require a captcha in order to edit a page, add the following markup to an appropriate place in the Site.EditForm page:
```
(:recaptcha:)
```
Settings: Optionally change the behavior or look of the widget.

Settings

Global Settings

Some settings apply to all ReCaptchas.

enabled	0, 1	default is 1
sitekey		Required: Site Key
secret		Required: Secret Key
language	en	Full language code list: https://developers.google.com/recaptcha/docs/language
curl	0	Set this to 1 if you get 'invalid-json' errors.
script	https://www.google.com/recaptcha/api.js	Don't change this!

These are defined in config.php:

$rc_Settings = array (
	'enabled' => 1,
   'sitekey' => '',  // paste your Site Key between quotes
	'secret' => '',   // paste your Secret Key between quotes
	'language' => 'en',
	'curl' => 0,
	'script' => 'https://www.google.com/recaptcha/api.js'
);

Widget Specific Settings

The following settings can be applied to each widget can be defined either globally or for each widget:

theme'	light, dark	default is light
type	audio, image	default is image
size	compact, normal	default is normal
tabindex	0	The tabindex of the widget and challenge. If other elements in your page use tabindex, it should be set to make user navigation easier.
callback		The name of your callback function to be executed when the user submits a successful CAPTCHA response. The user's response, g-recaptcha-response, will be the input for your callback function.
expired-callback		The name of your callback function to be executed when the recaptcha response expires and the user needs to solve a new CAPTCHA.

You can define these settings per widget, or globally:

Per widget, in the (:recaptcha:) markup.

(:recaptcha theme=dark type=audio size=compact tabindex=2:)

Globally in config.php:

$rc_Settings['options'] = array(
   'theme' => 'light',
   'type' => 'image',
   'size' => 'normal',
   'tabindex' => '0',
   'callback' => '',
   'expired-callback' => ''
);

Internationalization

Add this to config.php to translate error codes:

XLSDV('en', array('missing-input-response'=>'Please verify you are not a robot.'));

FAQ

invalid-json

If your host doesn't support or enable PHP setting file_get_contents you may receive 'invalid-json' errors. In which case there are two options:

either change the setting in php.ini. Be aware of security implications of doing this.
```
  allow_url_fopen = on
```
turn on the ReCaptcha 'curl' setting, which uses an alternate communication mechanism:
```
$rc_Settings = array ( 'curl' => 1 );
```

Selective Enabling

If you want all users to have to enter the ReCaptcha just include the configuration with no condition:

$rc_Settings = array (
   'sitekey' => '',  // paste your Site Key between quotes
   'secret' => ''    // paste your Secret Key between quotes
);
include_once("$FarmD/cookbook/recaptcha/recaptcha.php");

Captcha not Displayed

If you don't see a captcha box, ensure your skin specifies a  directive.

Libraries

Code and idea based on Captcha
Implementation of the captcha is by Google reCAPTCHA
Also uses Google reCAPTCHA PHP library

Known Issues

None known.

Change Log

0.0.3 (28-Mar-2016)

bug: Added 'curl' parameter to prevent 'invalid-json' errors.

0.0.2 (28-Mar-2016)

chg: First release.

User notes ? : If you use, used or reviewed this recipe, you can add your name. These statistics appear in the Cookbook listings and will help newcomers browsing through the wiki.