Moodle

I just attached a patch for the partial implementation of recaptcha on the registration form (login/signup_form.php).

Removing security issue tag

Just testing it now, needs some easy way of defining the recaptcha keys

I am trying to signup and get:
Notice: Undefined offset: 1 in /var/www/moodle/lib/recaptchalib.php on line 188
and can't sign up with the correct results (I'm behind a proxy here if it makes a difference)

todo:
1/ create admin setting for private and public key
2/ create signup setting to enable captcha
3/ add new function signup_catcha_enabled() that checks both above
4/ show recaptcha sign-up field only when requested and setup (no PEAR::raiseError)
5/ localize error strings - search & replace
6/ localize "Type the two words:" - search & replace

optional:
1/ use element property instead if session to pass around the error string
2/ hack _recaptcha_http_post to use curl or snoopy - needed for proxy support - curl only would be imho acceptable too

also looking at the validation() in signup form I think the code should be moved into element to prevent duplication in other forms

next time please give us some time for review before commit into STABLE,
also I would personally prefer if you finished all points above before commit

anyway thanks for working on this

Added help button and help file, used Snoopy in recaptchalib for proxy support, fixed lang strings, refactored validation code, used element property to pass error string around.

Added documentation on reCAPTCHA:

http://docs.moodle.org/en/Authentication
http://docs.moodle.org/en/Email-based_self-registration

Suggested recaptcha.html help file rewording:

If you are not sure what the words are, either enter your best guess or follow the "Get another CAPTCHA" link.

Visually impaired users can follow the "Get an audio CAPTCHA" link to hear a set of digits that can be entered instead of the visual challenge.

Help file updated. Thanks Helen for your documentation, it's just fine.

missing string in moodle.php: [[visualconfirmation]]

Reviewed and approved by Martin Dougiamas.

hmm, this is far from resolved:

• not xhtml strict
• do not use snoopy directly - use download_file_content() instead (I think it should be possible)
• signup_captcha_enabled() should be somehow integrated with auth plugins framework - other plugins should be able to do that too - ldap or other custom plugins (please do NOT commit anything to auth plugins, attach patch here first)
• no colons in labels anymore
• missing label for text field - not sure which one is the label myself, but at least one has to be
• recaptcha not marked required field
• "bots," in help

While testing this I found out that it is usually enough to type just one word, the one that is more readable and longer - funny. Reading more about recaptcha, it does really verify only one word, the other is just for helping them with some ocr recognition

Attached a patch fixing all the issues you reported, Petr.

Nicolas please make the auth base class return false only and override it in email auth,
then commit it into both branches and I will do a final review+testing.

thanks!

Nicolas thanks for this implementation.

However, after testing, I'm quite sure that this won't make in non english Moodle sites, as you listed this in the cons of reCAPTCHA. The words from reCAPTCHA are definitely too exotic at least for french-speaking people without english knowledge

I didn't see anything about localisation on recaptcha.net. Are you aware of any solution?

Nicolas,
I'm afraid there is no way to provide words in another language. One of the words in each challenge comes directly from a database of digitally scanned words, Most of the books digitized at the Internet Archive (http://www.archive.org/details/texts) are in English. When there are more books of different languages scanned and in need of human recognition, perhaps reCAPTCHA.net will provide an extension to their API allowing us to choose in which language the challenges should appear.

Until then, we're stucky with mostly English words. Some are German, some are French, and there are even some numbers, but most of the time it's only a matter of recognising letters, regardless of meaning. And it it's too much of an issue for users (I'm thinking of those using a different alphabet like Chinese, Arabic or Russian), the element can be switched off. It has been suggested that another, more classical CAPTCHA element be created (maybe using PEAR).

For implementation of modular CAPTCHA element, see MDL-13948

Works as described. Closing.