Posted by chadd on May 7, 2008 at 3:47pm
10 followers
| Project: | CAPTCHA |
| Version: | 7.x-1.x-dev |
| Component: | User interface |
| Category: | feature request |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | reviewed & tested by the community |
Issue Summary
i see that it is quite easy to add the captcha (reCATCHA) to all user created forms (i'm using the webform module).
but i don't want to give web authors the option of not using the captcha when they create a form.
is there a way for all forms created as a webform have captcha enabled by default? is that something i can do in the content type?
Comments
#1
No, there is currently no way in the core CAPTCHA module to automatically add a CAPTCHA to a (web)form.
If you're comfortable with writing Drupal modules:
An option/workaround is to write a small helper module that sets a CAPTCHA after the webform is created,
for example by programatically submitting the captcha point form (form_id: captcha_point_admin_form) with the desired values.
I don't think this type of functionality should be in the core CAPTCHA module, it makes more sense to put it in a separate (sub)module.
#2
I would be willing to sponsor such a module for Drupal 5.x+ if anyone is interested in working on it.
#3
How about adding wildcard (or even regular expression) matching to determine placement of captcha? It will enable us to eg. add "webform_client_form_*" or "webform_client_form_%" to the list of form_ids that will get captcha. All forms matching that pattern will get a captcha. This functionality can be used for other (future) similar cases too.
Since form names are (usually and by convention) valid PHP function names, there won't be clashes with existing IDs.
#4
working with wildcards could be a possible solution, but I'm not sure yet if it is worth the extra processing it would incur (on every form). And how to handle multiple matches?
#5
Hi,
I like the idea of working with wildcards and I would use it with modules like webform.
Maybe the extra processing can be controlled using a submodule we can activate or not.
#6
Subscribing. I'm also willing to sponsor an update/ module that will add captcha's to all webforms on a site, including newly created ones, automatically.
#7
Subscribing.
Wildcards would do it for me. in #4, Soxofaan wonders how to handle multiple matches. This is an interesting question, but in my opinion not really a hard one:
Rules:
1: Use the most specific one (IE: the one with the least wildcards)
2a: In case of a tie, pick a random option for settings (IE: if one match requires Image Captcha and the other math Captcha, for each time that form is accessed, randomly pick either of Image or Math Captcha).
2b: In case of a tie, pick the 'most secure' (needs a definition!) Captcha between the options (IE: if one match requires Image Captcha and the other math Captcha, for each time that form is accessed, use the Image Captcha, since we consider that more secure).
Either implement 2a or 2b in my opinion. For 2b, it would be nice if it were possible for the administrator to define weights for 'security' of different Captcha methods.
I don't think matching wildcarded form id's should bring a lot of extra computation time. I haven't exactly looked into the code yet, but I figure going through the list of form id's saved for using captcha's exactly once, using regular expression matching in case of wildcards.
Submitting the administration form for Captcha would need a bit more code too, since if a wildcard is used, checking wether the form id is legal currently always says illegal (which is, with the current implementation without wildcards, very reasonable).
I could take a look into developing a patch, if I find the time for it.
#8
In the meanwhile, I managed to get a CAPTCHA on all webforms for anonymous users following #743056: Document how to add a CAPTCHA programmatically. I created a custom module with this:
/*** Implementation of hook_form_alter().
*/
function mymodule_form_alter(&$form, $form_state, $form_id) {
if (ereg("^webform_client_form_[0-9]+$",$form_id) && user_is_logged_in() == FALSE) {
$form['my_captcha_element'] = array(
'#type' => 'captcha',
);
}
}
#9
I've tried this in Drupal 7 with PHP 5.3 and found that it showed some warnings because the ereg function is deprecated in php 5.3
So here's an updated version compatible with php 5.3
/*** Implementation of hook_form_alter().
*/
function mymodule_form_alter(&$form, $form_state, $form_id) {
if (preg_match("/^webform_client_form_[0-9]+$/",$form_id) && user_is_logged_in() == FALSE) {
$form['my_captcha_element'] = array(
'#type' => 'captcha',
);
}
}
#10
The attached patch causes the module to add the default CAPTCHA to any form not listed on the CAPTCHA configuration page.
#11
Apologies if this has already been discussed, but I was wondering if this wouldn't be better done using Rules? I've got something working, which supplies two actions: Add CAPTCHA to form, Remove CAPTCHA from form. To get a useful rule working it still needs a way to get the webform form ID. I've done that by adding an entity property to webform, which I think is pretty neat. An alternative would be to create it with token substitution and the patch from #1547160: Support variable substitution in direct input mode. I'd be happy to post my code up, but don't want to hijack the issue.
Thanks
#12
Patch tested and apply perfectlly for me. D7.19
Attaching screenshot (Rubik admin theme).