• N/A

• Custom settings (defaults shown):
  • Characters to use in generated strings:
    • Set CHARACTERS = ABCDEFGHKLMNPRSTVWXYZabcdeghpqsuvwxy@
  • Truetype font to use:
    • Set FONT = luxisbi.ttf
  • Number of random lines to add (use none for 0):
    • Set LINES = 10
  • Number of random circles to add (use none for 0):
    • Set CIRCLES = 10
  • Noise, percentage of pixels to flip randomly after generating graphics (use none for 0%):
    • Set NOISE = 15

• Apply the patch register.patch to bin/register (alternatively, patch register manual, see section below):
  • cd bin
  • patch < ../register.patch
• Create the directories visualconfirm and visualconfirm/db in your pub/ directory, and make sure it is readable and writable by the user that TWiki is executing as.
  • mkdir -p pub/visualconfirm/db
  • chown -R nobody pub/visualconfirm
  • chmod -R 644 pub/visualconfirm
• Restrict access to the database files, for example, by including the following in your httpd.conf:

         <Directory "/path/to/twiki/pub/visualconfirm/db">
           deny from all
         </Directory>

• Make sure the plugin has access to the preferred truetype font, by putting the .ttf file in pub/visualconfirm/

• • Create a topic containing <IMG SRC="%VISUALCONFIRMURL%"> and %VISUALCONFIRMHASH%
  • When loading this topic you should see an obfuscated character string loaded as a png and a hexadecimal hash.
  • Check whether the hash database is properly protected by going to the url http://my.twiki.server/my/twiki/path/pub/visualconfirm/db/hashes.pag, you should see a permission denied message.
• Now edit your TWikiRegistration topic
  • Display the image %VISUALCONFIRMURL% somewhere in your form, along with a text instructing new users to copy the obfuscated text into the appropriate text input.
  • Add the appropriate text input as Twk1VisualConfirm
  • Add a hidden input as Twk1VisualConfirmHash
  • For example, add this to your TWikiRegistration:

            <tr>
              <td valign="top" align="right"><IMG SRC="%VISUALCONFIRMURL%">: <br /> (..)   </td>
              <td><input type="hidden" name="Twk1VisualConfirmHash" value="%VISUALCONFIRMHASH%">
                  <input type="text" name="Twk1VisualConfirm" size="5"></td>
            </tr>

• That's it.

Manually patching the register binary

Find the line in bin/register that says:

    # everything OK

Insert the code below directly BEFORE that line:

    # check valid visual confirmation
    for( $x = 0; $x < $formLen; $x++ ) {
      $vcHash=$formDataValue[$x]
        unless(not($formDataName[$x] eq "Visual Confirm Hash"));
      $vcTxt=$formDataValue[$x]
        unless(not($formDataName[$x] eq "Visual Confirm"));
    }

    open(LOCKFILE,">".&TWiki::getPubDir()."/visualconfirm/db/hashes.lock");
    flock(LOCKFILE,2);

    dbmopen(%database, &TWiki::getPubDir()."/visualconfirm/db/hashes" ,0644);

    if(!defined($database{$vcHash})) {
      $url = &TWiki::getOopsUrl( $webName, $topic, "oopsregvisualconfirm",
        "The visual confirmation has expired.");
      TWiki::redirect( $query, $url );
      return;
    }

    my ($time,$txt)=split(',',$database{$vcHash});

    if(not(lc($txt) eq lc($vcTxt))) {
      $url = &TWiki::getOopsUrl( $webName, $topic, "oopsregvisualconfirm",
        "The character string you entered for visual confirmation is incorrect.");
      TWiki::redirect( $query, $url );
      return;
    }
    dbmclose(%database);

    close(LOCKFILE);

Further Development

• Make number of characters configurable
• Make font size configurable
• Find out how to safely delete images from the register binary

• • Set CHARACTERS = ABC
  • Set FONT = luximb.ttf
  • Set NOISE = kjfksd
  • Set LINES = 3
  • Set CIRCLES = 20

VisualConfirmPlugin

Plugin for visual confirmation of new user registration.

Syntax Rules

• None

Examples

• None yet

Plugin Settings

Plugin settings are stored as preferences variables. To reference a plugin setting write %<plugin>_<setting>%, i.e. %INTERWIKIPLUGIN_SHORTDESCRIPTION%

• One line description, is shown in the TextFormattingRules topic:
  • Set SHORTDESCRIPTION = Plugin for visual confirmation of new user registration.

• Debug plugin: (See output in data/debug.txt)
  • Set DEBUG = 1

• My own setting:
  • Set HOWTO = got it!

Plugin Installation Instructions

Note: You do not need to install anything on the browser to use this plugin. The following instructions are for the administrator who installs the plugin on the server where TWiki is running.

• Download the ZIP file from the Plugin web (see below)
• Unzip VisualConfirmPlugin.zip in your twiki installation directory. Content:

  File:	Description:
  data/TWiki/VisualConfirmPlugin.txt	Plugin topic
  data/TWiki/VisualConfirmPlugin.txt,v	Plugin topic repository
  lib/TWiki/Plugins/VisualConfirmPlugin.pm	Plugin Perl module

• Test if the installation was successful:
  • enter samples here

Plugin Info

Related Topics: TWikiPreferences, TWikiPlugins

-- KoenMartens^? - 07 Oct 2005