[ZendTo] {Disarmed} RE: Re: AreYouAHuman v reCAPTCHA

Erik Britt ebritt at cshlaw.com
Wed Mar 12 14:42:40 GMT 2014 

Hello folks,

I’m trying to insert Paul’s code but continue to get Parse errors on my pickup.php page. Has anyone been able to use the code? Is there any edits that need to be made out of the box?

Thank you,


From: Mike Brudenell [mailto:mike.brudenell at york.ac.uk]
Sent: Monday, February 17, 2014 4:28 AM
To: zendto at zend.to
Subject: [ZendTo] Re: AreYouAHuman v reCAPTCHA

Hi, Paul -

Many thanks for that; we might see if we can tweak your code to meet our needs. We have been required to ensure that the reCAPTCHA version is available so need either to present both or a toggle to flip between them.

Cheers,
Mike B-)

On 14 February 2014 21:29, Paul Winnick <pwinnick at temple.edu<mailto:pwinnick at temple.edu>> wrote:
Hi Mike,

We had a similar situation where we preferred using AreYouAHuman but needed to provide Google’s reCAPTCHA as an alternative for users that met the following conditions.


1.       Web browser does not support HTML5.

2.       Adobe Flash player is not installed.

We added the code below to pickupcheck.tpl and pickup.php, which  does a quick check for HTML5 & Flash compatibility then uses a simple PHP variable to determine whether AreYouAHuman or reCaptcha should be used. You’ll also want to make sure your key information for both AreYouAHuman and reCAPTCHA is specified in preferences.php.

pickupcheck.tpl

<tr>
  <td colspan="2" align="center">
    To confirm that you are a <i>real</i> person (and not a computer), please play the quick game below then click "Pickup Files":<br />&nbsp;<br />
    <!-- Start HTML5/Flash check -->
    <script type="text/javascript" src="js/modernizr.js"></script>
    <script type="text/javascript" src="js/flash_detect.js"></script>
    <script>
      var supportsAYAH = "{$supportsAYAH}";
      if (!(Modernizr.canvas)) {
        if (!FlashDetect.installed) {
          if (supportsAYAH != "no") {
            window.location = "{$zendToURL}pickup.php?claimID={$claimID}&claimPasscode={$claimPasscode}&emailAddr={$emailAddr}&supportsAYAH=no";
          }
        }
      }
    </script>
    <!-- End HTML5/Flash check -->
    {$recaptchaHTML}
    <br />
  </td>
</tr>


pickup.php

$supportsAYAH = isset($_POST['supportsAYAH'])?$_POST['supportsAYAH']:(isset($_GET['supportsAYAH'])?$_GET['supportsAYAH']:NULL);
$smarty->assign('supportsAYAH', $supportsAYAH);

$ayah = new AYAH();
$captcha = $theDropbox->captcha();

// Check their recaptcha result. If they passed, then write an AuthData
// record with their IP in the Name field. This is then used by download.php.
// If they failed, re-present the pickup page as if they just went there
// again, but with an error message at the top telling them they were wrong.
if ( $authSuccess ||
    ( isset($_POST['Action']) && $_POST['Action'] == "Pickup" )
   ) {
    $resp = FALSE;
   if (!$authSuccess) {
      if ($captcha == 'areyouahuman' && $supportsAYAH == '') {
     //if ($captcha == 'areyouahuman') {
        $resp = $ayah->scoreResult();
      } elseif ($supportsAYAH == 'no' || $captcha == '') {
      //elseif ($captcha == 'google' || $captcha == '') {
        // Using Google or an old version without this set
        $reCaptchaPrivateKey = $theDropbox->recaptchaPrivateKey();
        if ($reCaptchaPrivateKey == 'disabled') {
         $resp = TRUE;
        } else {
        $resp = recaptcha_check_answer($reCaptchaPrivateKey,
                                     $_SERVER["REMOTE_ADDR"],
                                     $_POST["recaptcha_challenge_field"],
                                     $_POST["recaptcha_response_field"]);
        $resp = $resp->is_valid;
        }
      } else {
        // Must be disabled
        $resp = TRUE;
      }
    }

    if ($authSuccess || $resp) {
      // They have passed the CAPTCHA so write an AuthData record for them.
      if (!$authSuccess) {
        // But only if they haven't already been auth-ed once.
        $auth = $theDropbox->WriteAuthData($_SERVER['REMOTE_ADDR'], '', '');
      }
      if ( $auth == '') {
        // Write failed.
        NSSError("Database failure writing authentication key. Please contact your system administrator.","Internal Error");
        displayPickupCheck($theDropbox, $smarty, $ayah, $auth, $supportsAYAH);
       //displayPickupCheck($theDropbox, $smarty, $ayah, $auth);
        exit(0);
      }
    } else {
      // The CAPTCHA response was wrong, so re-present the page with an error
      NSSError($smarty->getConfigVariable('ErrorNotPerson'),"Test failed");
      displayPickupCheck($theDropbox, $smarty, $ayah, $auth, $supportsAYAH);
      //displayPickupCheck($theDropbox, $smarty, $ayah, $auth);
      exit(0);
   }

    // They have passed the test and we have written their AuthData record.

    $theDropbox->SetupPage();
    $smarty->assign('auth', $auth); // And save their auth key!

    if ( $thePickup = new NSSDropoff($theDropbox) ) {
      //
     // Start the page and add some Javascript for automatically
      // filling-in the download form and submitting it when the
      // user clicks on a file in the displayed dropoff.
     //
      $theDropbox->SetupPage($thePickup->HTMLOnLoadJavascript());
      $smarty->display($thePickup->HTMLWrite());
    } else {
      $smarty->display('error.tpl');
    }
  } else {
    // It's not a pickup attempt, it's going to display the CAPTCHA form
    // instead which will pass us back to me again.
    displayPickupCheck($theDropbox, $smarty, $ayah, '', $supportsAYAH);
    //displayPickupCheck($theDropbox, $smarty, $ayah, '');
  }
} else {
  $smarty->display('error.tpl');
}

function displayPickupCheck($theDropbox, $smarty, $ayah, $auth, $supportsAYAH) {
//function displayPickupCheck($theDropbox, $smarty, $ayah, $auth) {
  $theDropbox->SetupPage();
  $claimID = isset($_POST['claimID'])?$_POST['claimID']:(isset($_GET['claimID'])?$_GET['claimID']:NULL);
  $claimPasscode = isset($_POST['claimPasscode'])?$_POST['claimPasscode']:(isset($_GET['claimPasscode'])?$_GET['claimPasscode']:NULL);
  $emailAddr = isset($_POST['emailAddr'])?$_POST['emailAddr']:(isset($_GET['emailAddr'])?$_GET['emailAddr']:NULL);

  $claimID = preg_replace('/[^a-zA-Z0-9]/', '', $claimID);
  $claimPasscode = preg_replace('/[^a-zA-Z0-9]/', '', $claimPasscode);
  if ( isset($recipEmail) && ! preg_match($theDropbox->validEmailRegexp(),$recipEmail) ) {
    $emailAddr = 'INVALID';
  }

  $smarty->assign('claimID', $claimID);
  $smarty->assign('claimPasscode', $claimPasscode);
  $smarty->assign('emailAddr', $emailAddr);
  $smarty->assign('auth', $auth);

  // Check if the visitor's Web browser supports HTML5 or Flash. If not, use reCaptcha.
  if ($supportsAYAH == "no") {
    $reCaptchaPublicKey= $theDropbox->recaptchaPublicKey();
    $smarty->assign('recaptchaHTML',
    recaptcha_get_html($reCaptchaPublicKey,"",$_SERVER['HTTPS']));
  } else {
    $smarty->assign('recaptchaHTML', $ayah->getPublisherHTML());
  }
  //if ($theDropbox->captcha() == 'areyouahuman') {
  //  $smarty->assign('recaptchaHTML', $ayah->getPublisherHTML());
  //} else {
  //  $reCaptchaPublicKey= $theDropbox->recaptchaPublicKey();
  //  $smarty->assign('recaptchaHTML',
  //           recaptcha_get_html($reCaptchaPublicKey,"",$_SERVER['HTTPS']));
  //}
  $smarty->display('pickupcheck.tpl');
}



Paul Winnick
Systems Administrator
Temple University
Computer Services
PHONE: 215-204-3205
EMAIL: pwinnick at temple.edu<mailto:pwinnick at temple.edu>

From: zendto-bounces at zend.to<mailto:zendto-bounces at zend.to> [mailto:zendto-bounces at zend.to<mailto:zendto-bounces at zend.to>] On Behalf Of Mike Brudenell
Sent: Tuesday, February 11, 2014 10:51 AM
To: ZendTo Users
Subject: [ZendTo] AreYouAHuman v reCAPTCHA

Dear all,

Does anyone have a patch that enables both the AreYouAHuman "games" and Google reCAPTCHA to be offered within ZendTo? (Either be showing both, or showing one and a button/link to toggle to the other?)

We are currently using AreYouAHuman but for various reasons we now need to offer the choice or else revert to reCAPTCHA only.

I've peered at the PHP and templates but haven't been able to figure anything out…

Cheers,
Mike B-)

--
IT Services, The University of York, Heslington, York YO10 5DD, UK
Tel: +44-1904-323811<tel:%2B44-1904-323811>
Disclaimer: <http://www.york.ac.uk/docs/disclaimer/email.htm>




[Cranfill Sumner & Hartzog  LLP]<http://www.cshlaw.com/>



Erik Britt
IT Department
e-mail<mailto:ebritt at cshlaw.com>
www.cshlaw.com<http:/www.cshlaw.com>


p       +19198638828
f       +19198633427

Post Office Box 27808
Raleigh NC 27611-7808


_______________________________________________
ZendTo mailing list
ZendTo at zend.to<mailto:ZendTo at zend.to>
http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto



--
IT Services, The University of York, Heslington, York YO10 5DD, UK
Tel: +44-1904-323811
Disclaimer: <http://www.york.ac.uk/docs/disclaimer/email.htm>



Confidentiality Notice:  If you are not the intended recipient of this message, you are not authorized to intercept, read, print, retain, copy, forward, or disseminate this communication. This communication may contain information that is proprietary, attorney/client privileged, attorney work product, confidential or otherwise legally exempt from disclosure. If you have received this message in error, please notify the sender immediately either by phone (800-849-4444) or by return e-mail and destroy all copies of this message (electronic, paper, or otherwise).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ecs.soton.ac.uk/pipermail/zendto/attachments/20140312/c4037829/attachment-0001.html

More information about the ZendTo mailing list