captcha for 0.3rc1 ??? (on login page)

[klonos]

In the plugin repo page, the link to it points to: myroundcube - Project Hosting on Google Code, but there is no info there and no package to download either! The only package I was able to find is for 0.2.1 (MyRoundCube)

Is there a version for 0.3? If yes, where?

Thanx in advance.

[rosali]

Please go to "Downloads" @ google code. The most recent SVN trunk snapshot contains all my plugins including captcha.

http://myroundcube.googlecode.com/files/trunk-r-2850.zip

[klonos]

Ok, thanx rosali...

I've already spotted that one, but since I wasn't sure if it was simply a collection of plugins or a mod version of roundcube I didn't touch it. You see, I use this URL to find the latest builds of rc. The 'latest' build it lists there (at the time of writing r2628) isn't always the *very latest* one, but in the same page, there is a link called 'browse all builds' that points to a list of all builds (latest one at the time of writing: roundcubemail-trunk-r2806-20090729.tgz). Now, the file you suggest is trunk-r2850(?!).

Could you please clarify what MyRoundCube actually is and on which version of rc it is based on?

Anyways, I thought all plugins are located under the '/plugins' directory, each one inside its own subdirectory. I didn't see any 'captcha' directory though. Is this sort of a 'core' plug in and all one has to do is simply add 'captcha' in the $rcmail_config['plugins'] = directive inside main.inc.php to enable it? If yes, how can I configure it? Ii mean... is there any 'captcha.php' config file or something?

Again, thank you in advance for your time.

[rosali]

You can download any trunk version from http://trac.roundcube.net/changeset/2852/trunk?old_path=%2F&format=zip ... just edit the version number in the link accordingly to myroundcube google code project (current version is SVN trunk r2850).

Download my plugin collection from googlecode and unzip it into a temporary location. Each folder under the trunk folder is a plugin. Copy plugins you want to use/test into RoundCube's "plugins" folder and follow the hints in the head section of the main plugin script to register and configure the plugin.

Captcha is included. I've just cross checked.

[klonos]

... its just that both RoundCube trunk packages and your MyRoundCube plugin collection were using the same filename format and I thought that trunk-r-2850.zip of MyRoundCube was the same file as RoundCube trunk-r2850.zip. Stupid of me!... there is a '-' there (trunk-r-2850.zip)!

Anyways... Now, I am having trouble adding a captcha in the login page. I've checked the instructions in captcha.php and followed the steps...

- #1- Configure "captcha/config/config.inc.php.dist":
    - Added 'login' to $rcmail_config['captcha_page']:

Code: [Select]

$rcmail_config['captcha_page'] = array("contactus","recpw","register"[B][COLOR=Red],"login"[/COLOR][/B]);

Is this the right way to have a captcha field in the login page?

- #2- Copy file to "config.inc.php" ("config.inc.php.dist" must still be present !!!).    - Done! made a copy of the 'config.inc.php.dist' named 'config.inc.php'
- Kept the original 'config.inc.php.dist' in place
- #3- Register plugin ("./config/main.inc.php ::: $rcmail_config['plugins']").
    - Done! Now it looks like:

Code: [Select]

$rcmail_config['plugins'] = array('markasjunk'[B][COLOR=Red], 'captcha'[/COLOR][/B]);
- #4- Captcha Challenge template hook:
   Not sure what this actually wants me to do???

Further reading of the captcha.php says:

Code: [Select]

captcha::form () will return a html string to be inserted into textarea/
[save] and alike. User input is veryfied with captcha::check ().

Lost me there... Do I need to manually edit the login page's code and add something there?

Code: [Select]

You should leave the sample COLLEGE.ttf next to this script,
else you have to define the _FONT_DIR constant correctly.
Use only 1 font type.

Ok, left font in place and used only this one.

... and also there is this config section that I didn't touch at all:

Code: [Select]

#-- config
define( 'EWIKI_FONT_DIR', dirname(__FILE__));  // which fonts to use
define( 'CAPTCHA_INVERSE', 0);                 // white or black(=1)
define( 'CAPTCHA_TIMEOUT', 5000);              // in seconds (=max 4 hours)
define( 'CAPTCHA_MAXSIZE', 4500);              // preferred image size
define( 'CAPTCHA_COOKIE', 'captcha_solved');   // to unlock captcha protection
define( 'CAPTCHA_DATA_URLS', 0);               // RFC2397-URLs exclude MSIE users
define( 'CAPTCHA_TEMP_DIR', 'plugins/captcha/temp');

Should I change something in this?

Am I missing something or doing something wrong? Any thoughts?

[rosali]

(*) roll back #1:

RC has two states "authenticated" and "not authenticated". Only add actions for captcha challenge on "not authenticated" state. Basically you need that for a contact form or a self-registration script, etc. (things which are accessible from login page without further authentication).

(*) Next is to set ...

/* Captcha challenge to enter authenticated state */
$rcmail_config['captcha_auth'] = TRUE; // default is FALSE

... you won't see a captcha on login page, but user is forced to captcha before he is able to do any action in authenticated state.

(*) If you want a captcha challenge on the login page (your step #4) you have to edit "./skins/default/templates/login.html".

Add ...

Code: [Select]

<roundcube:object name=&quot;captcha&quot; />
... before closing body tag.

(*) Everything else looks ok.

[klonos]

Thank you rosali!!!... this did the trick.

I tried customizing it a bit though and I run into an issue. I changed the line:

Code: [Select]

$alt = htmlentities(captcha::textual_riddle($pw));

to:

Code: [Select]

$alt = htmlentities(captcha::image($pw, $width=100, $height=60, $inverse=0, $maxsize=0xFFFFF));

in hope that I'll get an image instead of a text riddle (the riddle is only in English and there are non-english speakers that need to login).

I was looking for something like this:



..but I get this instead:



Any ideas why?

[rosali]

Well, should I make the riddle multi-lingual?

[klonos]

Well, if that is relatively easy to implement, it would be a great addition to the roundcube set of features. But we would also have to allow users that come to switch to their language (in case the default site language is not spoken by them). I am thinking by using the 'Language Selector' plugin. It already has captcha enabled by default in its config.inc.php:

Code: [Select]

$rcmail_config['lang_sel_localizations'] = array(
  'taskbar' => 'localization',
  [B]'captcha' => 'localization'[/B]
  );

Talking about the 'Language Selector' plugin, I can't enable any other language in its drop-down menu other than the defaults (English, German and French). I looked in both the config.inc.php and the lang_sel.php files, but the only thing I found was this 'limit_languages' variable that doesn't seem to be it. How can enable more languages?

... Back to the captcha and the riddle translation... I believe it is nice to have it translated as I've said above, but the image option is more convenient. You see, even if people cannot understand a riddle that is in a language they don't speak, they can surely simply type a few letters in latin if they see them in a box right next to where they are typing. So, how would I enable image instead of the riddle? ... like so:

[rosali]

#1 - lang_sel ::: config.inc.dist

You have to define which plugins are active on the site where captcha is included by ...

Code: [Select]


<roundcube:object name=&quot;captcha&quot; />


You can enable more languages in any active plugin configuration or the main.inc.php by:

Code: [Select]


$rcmail_config['limit_languages'] = array("en_US", "de_DE", "fr_FR");


In my case this is done in the config of the settings plugin, because we have to limit the languages in the user preferences too.

#2 - captcha

I don't know what's your goal to change the riddle to an image. The captcha is already an image of letters and numbers. The riddle is only used in the alt attribute of the image. So it is displayed if the image load failed for some reason or as tool tip. Doesn't it display for you like this (RoundCube Webmail :: Contact Us)?

Localization of the riddle is a minor thing. It's just a question of time.

[klonos]

This is what I get in my site:



As you can see, I get only the riddle by default and no image. So, my goal is not to change the riddle to an image, but to actually get an image to be shown instead of the riddle I get now. Can you guess what I might be doing wrong?

By the way, if GD is a requirement, I do have it on:



PS: While trying out the 'Settings' plugin, I've discovered a bug. This is not the right topic for it though, so I will be posting more info in a day or so.

[rosali]

Some suggestitons ...

#1- Right click on the riddle and post the hmtl code which is generated by the plugin. Is there an tag?

#2- Make sure that ...

Code: [Select]


define( 'CAPTCHA_TEMP_DIR', 'plugins/captcha/temp');


... exists and there are full permissions on this folder (cmod 777).

#3- If folder exists, check if jpeg files are created into this folder.

#4- If you have changed the code beside the configuration, re-install to make sure to use appropriate code.

[klonos]

I've figured this one out myself last night. I changed the ownership of the temp directory to the www-data user and it worked!

Your reply came latter on... a bit late , but your help on this issue was essential. Thank you for all your time spent!

Best regards.

[lgp171188]

(*) roll back #1:

RC has two states "authenticated" and "not authenticated". Only add actions for captcha challenge on "not authenticated" state. Basically you need that for a contact form or a self-registration script, etc. (things which are accessible from login page without further authentication).

(*) Next is to set ...

/* Captcha challenge to enter authenticated state */
$rcmail_config['captcha_auth'] = TRUE; // default is FALSE

... you won't see a captcha on login page, but user is forced to captcha before he is able to do any action in authenticated state.

I have set it to the default 'FALSE' but still, I am getting a CAPTCHA challenge when I open the webmail and on successfully passing the challenge I redirected to the login page which has yet another captcha which is gone on refreshing the page.

(*) If you want a captcha challenge on the login page (your step #4) you have to edit "./skins/default/templates/login.html".

Add ...

Code: [Select]

<roundcube:object name=&quot;captcha&quot; />I have added this in login.html page before the 'Submit' button.

Added this already.