hello,
as you may remember I was asking for captcha support for instiki a week ago, to
stop the crazy
spambot submission on our wiki site. as a perl user, i did hack it up with less
than 100 lines of
perl code and some ruby code i just learned. it works fine, so far. it may not
worth much to the
instiki community, but i would like some of you do a quick check on my ruby code
before i actually
use them for a project. thanks!
basically, an image showing a combination of alpharbets and numbers appears on
a wiki page where
user is about to make change to. the combination is associated with a token and
the token is
embeded into the same page. the combination submitted by the user is checked
against with a
backend
perl script based on the embeded token when someone click the save button. if
the combination
submited by the user match with the combination associated with the token, page
saved.
the perl script does the image generation for combination and identify the
combination user
sbubmited.
I have made changes on controllers/wiki_controller.rb and views/wiki/edit.rhtml
new.rhtml
rollback.rhtml. following are the diff
################## diff for edit.rhtml ##################
--- /home/qiang/tmp/instiki/instiki-0.10.1/app/views/wiki/edit.rhtml
2005-05-01
22:30:39.000000000 -0400
+++ edit.rhtml 2005-07-25 16:55:41.000000000 -0400
@@ -18,6 +18,12 @@
<p>
<textarea name="content" style="width: 450px; height:
500px"><%= h @page.content
%></xtextarea>
</p>
+<p>
+ verify yourself: <input type="text"
name="p_verify">
+ |
+ <img src=http://dev.econ.yorku.ca/bin/captcha.pl?p_session=<%= @mymd5
%> >
+ <input name="p_session" type="hidden"
value="<%= @mymd5 %>" />
+</p>
<p>
<input type="submit" value="Submit"
accesskey="s"/> as
<input type="text" name="author"
id="authorName" value="<%= @author %>"
############### diff for wiki_controller.rb ##############
--- /home/qiang/tmp/instiki/instiki-0.10.1/app/controllers/wiki_controller.rb
2005-05-01
22:30:39.000000000 -0400
+++ wiki_controller.rb 2005-07-26 22:02:51.000000000 -0400
@@ -2,6 +2,7 @@
require ''fileutils''
require ''redcloth_for_tex''
require ''parsedate''
+require ''digest/md5''
class WikiController < ApplicationController
@@ -121,6 +122,7 @@ end
def edit
+ generate_md5
if @page.nil?
redirect_to :action => ''index''
elsif @page.locked?(Time.now) and not
@params[''break_lock'']
@@ -136,6 +138,7 @@
def new
# to template
+ generate_md5
end
def pdf
@@ -169,14 +172,19 @@
def rollback
get_page_and_revision
+ generate_md5
end
def save
redirect_to :action => ''index'' if @page_name.nil?
cookies[''author''] = @params[''author'']
+ p_session = @params[''p_session'']
+ p_verify = @params[''p_verify'']
+ page = @web.pages[@page_name]
+ if validate_sid(p_session) ==1 and validate_sid(p_verify)==1 and
`/usr/bin/perl
/www/bin/captcha.pl #{p_session} #{p_verify}`=="1"
+#if validate_sid(p_session) ==1 and validate_sid(p_verify)==1
begin
- page = @web.pages[@page_name]
if @web.pages[@page_name]
wiki.revise_page(
@web_name, @page_name, @params[''content''],
Time.now,
@@ -195,6 +203,17 @@
flash[:error] = e
return_to_last_remembered
end
+
+ else
+ # page.unlock if page and @page.locked?(Time.now)
+ #redirect_to :action => ''index''
+ if page
+ page.unlock
+ redirect_to_page @page_name
+ else
+ redirect_to :action => ''index''
+ end
+ end
end
def show
@@ -228,6 +247,13 @@
private
+ def validate_sid(p_data)
+ (p_data =~ %r{\A([0-9a-z]+)\z}i) ? 1 : 0
+ end
+ def generate_md5
+ @mymd5 = Digest::MD5.hexdigest(Time.now.to_s + rand.to_s + $$.to_s)
+ end
+
def convert_tex_to_pdf(tex_path)
# TODO remove earlier PDF files with the same prefix
# TODO handle gracefully situation where pdflatex is not available
@@ -283,6 +309,7 @@
@revision = @page.revisions[@params[''rev''].to_i]
end
+
def parse_category
@categories = @web.categories
@category = @params[''category'']
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com