locked results from the CPAN

locked

Authen-PluggableCaptcha

view release on metacpan or search on metacpan

lib/Authen/PluggableCaptcha/Tutorial.pm view on Meta::CPAN


=head3 So you want to diplay an image Dynamically?

first print the img block on a page that called Captcha Init

	my 	$captcha_embed= "<img src="/path/to/captcha/handler?section=registration" />";

then set up a sub / handler to generate the captcha on a url mapping

in this example, the captcha generator is in a central location -- /service/captcha/ -- so we supply the section name as a query arg.  
if the captcha generator were locked into a page, then you could just hardcode the section name
	
	sub render_image {
		my 	( $self )= @_ ;
	
		my 	$sectionName= $self->{'PageUser'}{'ApacheRequest'}->param('section');
	
		#initialize the captcha
		&FindMeOn::Functions::Misc::CAPTCHA_init( $self , $sectionName );
	
		$self->{'PageUser'}{'ApacheRequest'}->content_type('image/jpeg');

lib/Authen/PluggableCaptcha/Tutorial.pm view on Meta::CPAN


  public_key= sprintf "%s:%s" , md5( time , site_secret , seed ) , time
  time= temporal component that lets a captcha work for only a 5 minute window.  note that is outside of, and inside of, the hash.  this makes the time realistically unspoofably
  site_secret= non-random seed unique to website to keep spammers from spoofing captcha
  seed= something unique to build this captcha
  
  in my setup:

    $seed= $url . $session{'id'}
    
  That makes sure that only 1 captcha is made for a certain URL and a certain session_id ( locked to that time - since the time is used to create the public key,  something 1 second later or earlier would be different )
  
  The drawback is that anyone with the same session_id (which can be spoofed / hijacked) can use that same captcha url for the time window
  
  If you're comfortable storing session data, this might be better for you:

    $seed= $url . $session{'id'} . $session{'captchas_solved'}
  
  Where $session{'captchas_solved'} is undefined at first, but every time a captcha on that session is solved,  session{captchas_solved}++

In the 'equation'/'transaction', the spammer has the URL , the session_id , and the time.  BUT he does not know the site secret, or can control the session variables.

samples/mod_perl.txt view on Meta::CPAN

# so you want to display an image?

	# print the image on one page:
	
		my 	$captcha_embed= "<img src="/path/to/captcha/handler?section=registration" />";


	# then set a sub to generate it on that url mapping

	# in this example, the captcha generator is in a central location -- /service/captcha/
	# so we supply the section name as a query arg.  if the captcha generator were locked into a page, then you could just hardcode the section name
	
		sub render_image {
			my 	( $self )= @_ ;
		
			my 	$sectionName= $self->PageUser->ApacheRequest->param('section');
		
			#initialize the captcha
			&FindMeOn::Functions::Misc::CAPTCHA_init( $self , $sectionName );
		
			$self->PageUser->ApacheRequest->content_type('image/jpeg');

( run in 0.867 second using v1.01-cache-2.11-cpan-49f99fa48dc )