Blog

3.0.6 CAPTCHA plugins and you

Posted by Kellanved in Development, Moderating, Modifications, Styles, Support with the tags , , , on June 27th, 2009

You probably have already heard about it: the next release will include a host of new features. This post will present one of them in detail, showing the idea and the impact on users, style and MOD authors.

Most admins are experiencing problems with spam, which is taking away lots of energy that would be better spent on the enjoyable parts of administrating a community. We tried our best in the arms race against spambot programmers, but have to admit failure with our previous approach. Since 3.0.x became as popular as it is, any default visual confirmation gets broken almost instantly. After long discussion in and outside the teams, we came to the conclusion that diversity is the answer: every board admin should be able to use a non-default anti-bot measure without it being a pain.

The visual confirmation system that shipped with 3.0.0 is already pluggable in nature. It uses a captcha class to render an image with letters and expects the end user to enter those letters. Exchanging the class exchanged the kind of image. Still, we deemed this to be too restrictive. The system does not allow captchas which are not based on entering a code shown on an image. It did not allow adding HTML to the registration screen. It was thus not able to accommodate services like reCaptcha or approaches like Question & Answer.

What we have added to 3.0.6 goes far beyond that. It completely removed the gritty details of the captcha from the core code and instead moved them to a multi-purpose API. Want to change the captcha? Sure, just upload the files and select it in the ACP. Done. As easy as that. No code changes whatsoever required. The current state can be found in our repository.

Board Admins

For board admins the new system promises a very easy approach to fighting bot registrations. Select a plugin – for instance from the MODDB – , upload the files and activate it in the ACP.

Select a CAPTCHA from the ACP.

Select a CAPTCHA from the ACP.

Plugins can bring their own ACP pages.

Plugins can bring their own ACP pages.

captcha_reg

Taaaa-daaaa

The condition is that you have to update your files. While 3.0.5 styles will continue to work with the old captcha types, they will not benefit from the new plugin system. So, be ready to update your styles. Even more, you should remove any installed  anti-Bot MODs before performing the update.

MOD Authors

Disclaimer: The captcha API is at the moment not finalized. We are and will be open to improvement proposals until the release of 3.0.6RC1 and not a minute longer. If you believe that there are severe limitations or issues with the API as it is documented, please tell us ASAP, before it is too late.

Well, there is a price and sadly the authors of anti-bot MODs have to pay a big share of it. The captcha related code vanished from the old core files entirely, so that the install instructions for existing MODs will not work any more. Worse, they are very likely to cause update issues, so that we can only recommend to remove anti-Bot MODs entirely for the update. We would greatly appreciate if you would provide your users with a clear upgrade path to make everything as simple as possible.

Variations of the basic 3.0.1-5 CAPTCHA can be easily done by extending the plugin classes, but thinking-outside-of-the-box approaches will need work. You will find most of the “old” captcha code in captcha_abstract.php.

What MOD authors can expect is a far easier support of their MODs. The encapsulation of the MOD code in independent plugins makes it extremely unlikely that a phpBB update will break the MOD ever again. The edit-less concept makes the installation almost bulletproof.  The extra style files make it easier to adapt different styles. The object-oriented nature will remove many dirty requirements – want a slight alteration? – just extend the class. Want to know more?  The wiki gives an overview of the  API.

The new possibility are endless – want to do a round-robin plugin that accumulates different CAPTCHA types? possible. Want to use something that requires HTML changes? now easy. Something drastically different – yup!.

Style Authors

Style authors will be hit equally hard. We have designed the plugins based on the old CAPTCHA in a way that will allow the continued use of 3.0.5 styles, but all style authors should strive to make the new plugin functionality available to their users. The essential new code in the templates is this:

Code: Select all
<!-- IF CAPTCHA_TEMPLATE -->
<!-- INCLUDE {CAPTCHA_TEMPLATE} -->
<!-- ENDIF -->

However, remember that the layout can be more complex in some files.

Another important change is that each plugin uses its own template files, which need to be present for every style. On subsilver2/prosilver based styles, simply copying – or even better: using template inheritance – will suffice.

Updates

As the release draws nearer, there are a few exciting updates.

Included Plugins

No-GD

The old 2.0 CAPTCHA

The old 2.0 CAPTCHA

The simple, old phpBB 2 captcha.
Type: image
Requires: Nothing
Config options: none
pro

  • Works on all installs
  • Easy to read
  • Works with 3.0.5 styles

con

  • very weak

Classic GD CAPTCHA

Classic GD captcha

Classic GD captcha

The well-known 3.0 GD captcha.
Type: image
Requires: GD
Config options:
1 Page

  • Noise
  • Font

pro

  • Many options
  • Works with 3.0.5 styles

con

  • spambots are able to break default settings
  • can be hard to read

3D Wave

ACP page with 3D-CAPTCHA

ACP page with 3D-CAPTCHA

A 3D captcha by Robert “Xore” Hetzler.
Type: image
Requires: GD
Config options: none
pro

  • Cool look
  • Works with 3.0.5 styles

con

  • CPU intensive
  • unreadable for a percentage of users

reCAPTCHA

reCAPTCHA ACP page

reCAPTCHA ACP page

The reCAPTCHA service.

Type: text/3rd Party
Requires: Signup at recaptcha.net
Config options:
1 Page

  • reCaptcha account information

pro

  • Accessible
  • centralized service
  • well-known

con

  • requires signup
  • not 100% effective
  • privacy issues
  • Does not work in prosilver using IE without javascript

Q&A CAPTCHA

Q&A Demo

Q&A Demo

Q&A ACP list

Q&A ACP list

Q&A Editor

Q&A Editor

The often demanded questions captcha. Allows to set questions which are asked on registration. Questions are language-specific and can have multiple answers. A strict setting allows questions on punctuation and capitalization.

Type: text
Requires: At least one question in the board’s default lang.
Config options:
2 Pages

  • add/edit/remove questions.
  • strictness
  • language

pro

  • Accessible
  • Effective with original questions

con

  • Easy to break with poor questions
  • Impossible to solve with poor questions
  • High-maintenance

Plugin Competition

And there are more to come from the MOD community. We are offering three cuddly Berties for the best CAPTCHA plugins from the community.

Competition Announcement
Bertie!
Ladies and Gentlemen, open your editors!

Discussion

Please discuss this topic and its various aspects in the phpBB Discussion, MOD writer’s discussion and Styles Discussion forums.

One Response to “3.0.6 CAPTCHA plugins and you”

Posted by phpBB • Blog • CAPTCHAs in phpBB on October 21st, 2009 at 11:06 am:

[...] This post no longer reflects the state of the art. See here . [...]

Commenting is disabled for this blog post