' . t('A captcha is a tool to fight automated spam submission of forms (e.g. user registration forms, comment forms, guestbook forms, etc.) by malicious users. A captcha is an extra field (or several fields) on a form presented to the user. It represents a challenge, which should be easy for a normal human to solve (e.g. a simple math problem), but hard enough to keep automated scripts and spam bots out.') . '
'; case 'admin/user/captcha': case 'admin/user/captcha/captcha': case 'admin/user/captcha/captcha/settings': - return t('A captcha can be added to virtually each drupal form (which is identified by a form_id). The captcha module comes with some default forms to add a captcha to, but arbitrary forms can be easily added and managed when the option "%adminlinks" is enabled.
Users with the "%skipcaptcha" permission won\'t be offered a captcha. Be sure to grant this permission to the trusted users (e.g. site administrators). If you want to test the captcha challenges, be sure to do it as a user without the "%skipcaptcha" permission (e.g. as unauthenticated user).
', array( '@perm' => url('admin/user/access'), - '%adminlinks' => t('Add captcha adminstration links to forms'), - '%skipcaptcha' => 'skip captcha challenges', )); } - return $output; } /** --- 22,38 ---- function captcha_help($section = 'admin/help#captcha') { switch ($section) { case 'admin/help#captcha': + return t('"CAPTCHA" is an acronym for "Completely Automated Public Turing test to tell Computers and Humans Apart". It is typically a challenge-response test to determine whether the user is human. The CAPTCHA module is a tool to fight automated submission by malicious users (spamming) of for example comments forms, user registration forms, guestbook forms, etc. You can extend the desired forms with an additional question or challenge, which should be easy for a human to solve correctly, but hard enough to keep automated scripts and spam bots out.
CAPTCHA is a trademark of Carnegie Mellon University.
'); case 'admin/user/captcha': case 'admin/user/captcha/captcha': case 'admin/user/captcha/captcha/settings': + return t('A CAPTCHA can be added to virtually each Drupal form (which is identified by a form_id). The CAPTCHA module comes with some default forms to add a CAPTCHA to, but arbitrary forms can be easily added and managed when the option "%adminlinks" is enabled.
Users with the "%skipcaptcha" permission won\'t be offered a CAPTCHA. Be sure to grant this permission to the trusted users (e.g. site administrators). If you want to test a CAPTCHA, be sure to do it as a user without the "%skipcaptcha" permission (e.g. as anonymous user).
', array( '@perm' => url('admin/user/access'), + '%adminlinks' => t('Add CAPTCHA adminstration links to forms'), + '%skipcaptcha' => 'skip CAPTCHA', )); } } /** *************** *** 321,336 **** /** * Implementation of hook_form_alter(). * - * This function adds a captcha to forms for untrusted users if needed and adds - * captcha adminstration links for site adminstrators if this option is enabled. */ function captcha_form_alter($form_id, &$form) { global $user; - if (!user_access('skip captcha challenges')) { - // Visitor does not have permission to skip the captcha challenge - // Get captcha type and module for this form. Return if no captcha was set. $result = db_query("SELECT module, type FROM {captcha_points} WHERE form_id = '%s'", $form_id); if (!$result) { return; --- 322,337 ---- /** * Implementation of hook_form_alter(). * + * This function adds a CAPTCHA to forms for untrusted users if needed and adds + * CAPTCHA adminstration links for site adminstrators if this option is enabled. */ function captcha_form_alter($form_id, &$form) { global $user; + if (!user_access('skip CAPTCHA')) { + // Visitor does not have permission to skip the CAPTCHA + // Get CAPTCHA type and module for this form. Return if no CAPTCHA was set. $result = db_query("SELECT module, type FROM {captcha_points} WHERE form_id = '%s'", $form_id); if (!$result) { return; *************** *** 493,528 **** /** * Implementation of form #pre_render. * - * The main purpose of this function is to store the solution of the captcha - * challenge in the $_SESSION variable. */ function captcha_pre_render($form_id, &$form) { - // Unset the captcha challenge if non-captcha persistent and the captcha has // already been successfully solved for this form. // This needs to be done in this pre_render phase when previewing for example // nodes and comments before submission. // On submission of such a forms for preview, captcha_form_alter() is called - // *before* the captcha validation function (which sets // $_SESSION['captcha'][$form_id]['success'] to TRUE on a correctly answered - // captcha). After this the form_values are entered in the generated form // and this form is presented with the preview. - // This means that captcha_form_alter() can't know if the captcha was - // correctly answered and consequently adds a captcha challenge to the form. // The pre_render phase happens after the validation phase and makes it - // possible to remove the captcha from the form after all. if (_captcha_persistence_skip($form_id)) { unset($form['captcha']); return; } - // count the number of unsolved captcha challenges and flush those if too many // minus 1 is needed because 'success' is also an item of $_SESSION['captcha'][$form_id] if (count($_SESSION['captcha'][$form_id]) - 1 > CAPTCHA_UNSOLVED_CHALLENGES_MAX) { unset($_SESSION['captcha'][$form_id]); - drupal_set_message(t('You can\'t request more than @num captcha challenges without solving them. Your previous captcha challenges were flushed.', array('@num' => CAPTCHA_UNSOLVED_CHALLENGES_MAX))); } - // store the current captcha solution in $_SESSION $captcha_token = $form['captcha']['captcha_token']['#value']; $_SESSION['captcha'][$form_id][$captcha_token] = $form['captcha']['captcha_solution']['#value']; $_SESSION['captcha'][$form_id]['success'] = FALSE; --- 494,529 ---- /** * Implementation of form #pre_render. * + * The main purpose of this function is to store the solution of the CAPTCHA + * in the $_SESSION variable. */ function captcha_pre_render($form_id, &$form) { + // Unset the CAPTCHA if non-CAPTCHA persistent and the CAPTCHA has // already been successfully solved for this form. // This needs to be done in this pre_render phase when previewing for example // nodes and comments before submission. // On submission of such a forms for preview, captcha_form_alter() is called + // *before* the CAPTCHA validation function (which sets // $_SESSION['captcha'][$form_id]['success'] to TRUE on a correctly answered + // CAPTCHA). After this the form_values are entered in the generated form // and this form is presented with the preview. + // This means that captcha_form_alter() can't know if the CAPTCHA was + // correctly answered and consequently adds a CAPTCHA to the form. // The pre_render phase happens after the validation phase and makes it + // possible to remove the CAPTCHA from the form after all. if (_captcha_persistence_skip($form_id)) { unset($form['captcha']); return; } + // count the number of unsolved CAPTCHAs and flush those if too many // minus 1 is needed because 'success' is also an item of $_SESSION['captcha'][$form_id] if (count($_SESSION['captcha'][$form_id]) - 1 > CAPTCHA_UNSOLVED_CHALLENGES_MAX) { unset($_SESSION['captcha'][$form_id]); + drupal_set_message(t('You can\'t request more than @num CAPTCHAs without solving them. Your previous CAPTCHA were flushed.', array('@num' => CAPTCHA_UNSOLVED_CHALLENGES_MAX))); } + // store the current CAPTCHA solution in $_SESSION $captcha_token = $form['captcha']['captcha_token']['#value']; $_SESSION['captcha'][$form_id][$captcha_token] = $form['captcha']['captcha_solution']['#value']; $_SESSION['captcha'][$form_id]['success'] = FALSE;