[ZendTo] Re: AreYouAHuman v reCAPTCHA

Paul Winnick pwinnick at temple.edu
Fri Feb 14 21:29:14 GMT 2014 

Hi Mike,

We had a similar situation where we preferred using AreYouAHuman but needed to provide Google's reCAPTCHA as an alternative for users that met the following conditions.


1.       Web browser does not support HTML5.

2.       Adobe Flash player is not installed.

We added the code below to pickupcheck.tpl and pickup.php, which  does a quick check for HTML5 & Flash compatibility then uses a simple PHP variable to determine whether AreYouAHuman or reCaptcha should be used. You'll also want to make sure your key information for both AreYouAHuman and reCAPTCHA is specified in preferences.php.

pickupcheck.tpl

<tr>
  <td colspan="2" align="center">
    To confirm that you are a <i>real</i> person (and not a computer), please play the quick game below then click "Pickup Files":<br />&nbsp;<br />
    <!-- Start HTML5/Flash check -->
    <script type="text/javascript" src="js/modernizr.js"></script>
    <script type="text/javascript" src="js/flash_detect.js"></script>
    <script>
      var supportsAYAH = "{$supportsAYAH}";
      if (!(Modernizr.canvas)) {
        if (!FlashDetect.installed) {
          if (supportsAYAH != "no") {
            window.location = "{$zendToURL}pickup.php?claimID={$claimID}&claimPasscode={$claimPasscode}&emailAddr={$emailAddr}&supportsAYAH=no";
          }
        }
      }
    </script>
    <!-- End HTML5/Flash check -->
    {$recaptchaHTML}
    <br />
  </td>
</tr>


pickup.php

$supportsAYAH = isset($_POST['supportsAYAH'])?$_POST['supportsAYAH']:(isset($_GET['supportsAYAH'])?$_GET['supportsAYAH']:NULL);
$smarty->assign('supportsAYAH', $supportsAYAH);

$ayah = new AYAH();
$captcha = $theDropbox->captcha();

// Check their recaptcha result. If they passed, then write an AuthData
// record with their IP in the Name field. This is then used by download.php.
// If they failed, re-present the pickup page as if they just went there
// again, but with an error message at the top telling them they were wrong.
if ( $authSuccess ||
    ( isset($_POST['Action']) && $_POST['Action'] == "Pickup" )
   ) {
    $resp = FALSE;
   if (!$authSuccess) {
      if ($captcha == 'areyouahuman' && $supportsAYAH == '') {
     //if ($captcha == 'areyouahuman') {
        $resp = $ayah->scoreResult();
      } elseif ($supportsAYAH == 'no' || $captcha == '') {
      //elseif ($captcha == 'google' || $captcha == '') {
        // Using Google or an old version without this set
        $reCaptchaPrivateKey = $theDropbox->recaptchaPrivateKey();
        if ($reCaptchaPrivateKey == 'disabled') {
         $resp = TRUE;
        } else {
        $resp = recaptcha_check_answer($reCaptchaPrivateKey,
                                     $_SERVER["REMOTE_ADDR"],
                                     $_POST["recaptcha_challenge_field"],
                                     $_POST["recaptcha_response_field"]);
        $resp = $resp->is_valid;
        }
      } else {
        // Must be disabled
        $resp = TRUE;
      }
    }

    if ($authSuccess || $resp) {
      // They have passed the CAPTCHA so write an AuthData record for them.
      if (!$authSuccess) {
        // But only if they haven't already been auth-ed once.
        $auth = $theDropbox->WriteAuthData($_SERVER['REMOTE_ADDR'], '', '');
      }
      if ( $auth == '') {
        // Write failed.
        NSSError("Database failure writing authentication key. Please contact your system administrator.","Internal Error");
        displayPickupCheck($theDropbox, $smarty, $ayah, $auth, $supportsAYAH);
       //displayPickupCheck($theDropbox, $smarty, $ayah, $auth);
        exit(0);
      }
    } else {
      // The CAPTCHA response was wrong, so re-present the page with an error
      NSSError($smarty->getConfigVariable('ErrorNotPerson'),"Test failed");
      displayPickupCheck($theDropbox, $smarty, $ayah, $auth, $supportsAYAH);
      //displayPickupCheck($theDropbox, $smarty, $ayah, $auth);
      exit(0);
   }

    // They have passed the test and we have written their AuthData record.

    $theDropbox->SetupPage();
    $smarty->assign('auth', $auth); // And save their auth key!

    if ( $thePickup = new NSSDropoff($theDropbox) ) {
      //
     // Start the page and add some Javascript for automatically
      // filling-in the download form and submitting it when the
      // user clicks on a file in the displayed dropoff.
     //
      $theDropbox->SetupPage($thePickup->HTMLOnLoadJavascript());
      $smarty->display($thePickup->HTMLWrite());
    } else {
      $smarty->display('error.tpl');
    }
  } else {
    // It's not a pickup attempt, it's going to display the CAPTCHA form
    // instead which will pass us back to me again.
    displayPickupCheck($theDropbox, $smarty, $ayah, '', $supportsAYAH);
    //displayPickupCheck($theDropbox, $smarty, $ayah, '');
  }
} else {
  $smarty->display('error.tpl');
}

function displayPickupCheck($theDropbox, $smarty, $ayah, $auth, $supportsAYAH) {
//function displayPickupCheck($theDropbox, $smarty, $ayah, $auth) {
  $theDropbox->SetupPage();
  $claimID = isset($_POST['claimID'])?$_POST['claimID']:(isset($_GET['claimID'])?$_GET['claimID']:NULL);
  $claimPasscode = isset($_POST['claimPasscode'])?$_POST['claimPasscode']:(isset($_GET['claimPasscode'])?$_GET['claimPasscode']:NULL);
  $emailAddr = isset($_POST['emailAddr'])?$_POST['emailAddr']:(isset($_GET['emailAddr'])?$_GET['emailAddr']:NULL);

  $claimID = preg_replace('/[^a-zA-Z0-9]/', '', $claimID);
  $claimPasscode = preg_replace('/[^a-zA-Z0-9]/', '', $claimPasscode);
  if ( isset($recipEmail) && ! preg_match($theDropbox->validEmailRegexp(),$recipEmail) ) {
    $emailAddr = 'INVALID';
  }

  $smarty->assign('claimID', $claimID);
  $smarty->assign('claimPasscode', $claimPasscode);
  $smarty->assign('emailAddr', $emailAddr);
  $smarty->assign('auth', $auth);

  // Check if the visitor's Web browser supports HTML5 or Flash. If not, use reCaptcha.
  if ($supportsAYAH == "no") {
    $reCaptchaPublicKey= $theDropbox->recaptchaPublicKey();
    $smarty->assign('recaptchaHTML',
    recaptcha_get_html($reCaptchaPublicKey,"",$_SERVER['HTTPS']));
  } else {
    $smarty->assign('recaptchaHTML', $ayah->getPublisherHTML());
  }
  //if ($theDropbox->captcha() == 'areyouahuman') {
  //  $smarty->assign('recaptchaHTML', $ayah->getPublisherHTML());
  //} else {
  //  $reCaptchaPublicKey= $theDropbox->recaptchaPublicKey();
  //  $smarty->assign('recaptchaHTML',
  //           recaptcha_get_html($reCaptchaPublicKey,"",$_SERVER['HTTPS']));
  //}
  $smarty->display('pickupcheck.tpl');
}



Paul Winnick
Systems Administrator
Temple University
Computer Services
PHONE: 215-204-3205
EMAIL: pwinnick at temple.edu

From: zendto-bounces at zend.to [mailto:zendto-bounces at zend.to] On Behalf Of Mike Brudenell
Sent: Tuesday, February 11, 2014 10:51 AM
To: ZendTo Users
Subject: [ZendTo] AreYouAHuman v reCAPTCHA

Dear all,

Does anyone have a patch that enables both the AreYouAHuman "games" and Google reCAPTCHA to be offered within ZendTo? (Either be showing both, or showing one and a button/link to toggle to the other?)

We are currently using AreYouAHuman but for various reasons we now need to offer the choice or else revert to reCAPTCHA only.

I've peered at the PHP and templates but haven't been able to figure anything out...

Cheers,
Mike B-)

--
IT Services, The University of York, Heslington, York YO10 5DD, UK
Tel: +44-1904-323811
Disclaimer: <http://www.york.ac.uk/docs/disclaimer/email.htm>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ecs.soton.ac.uk/pipermail/zendto/attachments/20140214/59cd57f5/attachment-0001.html

More information about the ZendTo mailing list