Update to Drupal 5.0

Thanks Egon, but I will wait a bit more before port the module to 5.0, I want to make it more stable in 4.7 before.

I'm working on making this apply correctly and removing use of $_SESSION, since anonymous users no longer have sessions.

here's a re-roll that applies cleanly. i also added an info file, cleaned up the module description, and simplified the way the settings form was called.

Hi, I decided to check out this port to 5.0. I have 5.0beta1 and am working on converting one of my existing sites.

The replacement captcha.module on this thread works pretty well. I didn't see an info file so I made the following:

And it does show up in the modules listing after that.

The issue is about behavior. The test system it's installed on doesn't have GD nor TextImage .. it's Mac OS X with the default apache+PHP. For the captcha challenge it's showing a math question. So, it asks what is "1+5" and I enter "6" and it says that's wrong. I tried this several times, giving the right answer each time, and it keeps saying my answer is wrong.

It's because captca relies on sessions, see comment #2 ...

any updates drumm?

nope, sorry

drumm, i'd be willing to work on this if you'll provide some guidance. is this something that'd even be doable without sessions for anon users? what did you have in mind?

My idea:

1. generate a "private key" when the module is installed, something like variable_set('captcha_key', rand(1, 10000))
2. store the captcha challenge result in a hidden form value, combined with the key, and md5 hashed
3. on form validation combine user submitted captcha value with the key, and test its md5 with the hidden field value

What do you think about it?

The random key is not a bad idea. Though, I would think that there needs to be a better random key than a single number. The overall lookup table a bot would need to find the number associated with the key in a hidden field wouldn't be that big. Maybe some random string instead.

Another option, that might be more secure, is to create a captcha_id and put that in a hidden field. When the form is submitted it looks up the result associated with the id. Just to make sure the database doesn't get to big a cron job removed the old ones every day or so. This will keep the result out of the form completely but does add another database table. Could this table be a cache table?

Well maybe I was just reinventing the wheel: http://drupal.org/node/89999, the standard form token mechanism should already handle it ...

Maybe I am missing something (wouldn't be surprising) but how does the token solve this problem? Maybe I am misunderstanding what the token does.

Disregard my last post. I went and learned. I is smarter now.

to the captcha.info file:

shouldn't textimage be added as a dependency?

bloomaniac, no, it's an optional dependency, not a a required one.

I've started writing a patch but run into a roadblock. It works with captchas to post but fails when previewing a post comes into play. Not storing that it passed the captcha it gives a new question. Any ideas how to store this without sessions? Does this need to be multistep forms?

To clarify on my last post the reason I am having trouble is the removal of sessions. Patch attached addes .info file, updates captcha.module, and figures for it being in the sites/all/modules/captcha folder.

This one is actually a small rewrite, it makes better use of the Drupal API. The issue with preview isn't fixed ... but i noticed that it works if leave the user leaves the captcha response to the initial value

Anonymous sessions still work (verified both on my own and with chx) so storing captcha info in $_SESSION is still ok. This patch updates the menu changes to 5.x. Also, updated grabbing the captcha_response variable from the form from $_POST['edit']['captcha_response'] to $_POST['captcha_response'] because my captchas kept failing because it was grabbing the variable from the wrong place.

Removed a couple of testing functions that got left behind and added some comments.

It's working for me ... thanks for getting the session thing clear

It's working for me too. Thanks!

i'm not sure this is working. i tried putting in the wrong answer to the math problem and it still posted the comments.

What version of 5.x are you running? RC1? When I enter the wrong answer it can't post.

What version of PHP? Web server?

mfer, i'm running a freshly updated copy of HEAD. try posting a comment to http://defordbailey.info/

@drewish - I just tried your test site and for incorrect captcha answers I get the expected "The answer you entered to the math problem is incorrect." Were you an anonymous user when you tried to post that comment? Or, admin user?

I was not logged. The problem seems to occur when using IE 6. It does appear to work in Firefox.

@drewish - Not sure how this would be a browser side problem but I checked it in IE6 and it worked like a charm. Couldn't duplicate your issue. I checked both the site you posted here and my test site. Can anyone else duplicate his issue?

No, but it's not working for anonymous users because 5.x doesn't use $_SESSION for them.

@aries - It works for me with anonymous users without a problem. And, on my test install of 5.x-RC1 anonymous users show up in the sessions table just like they previously have. Can you point me to documentation showing the removal of $_SESSION for anonymous users? And, any ideas why it still works for me?

Marking this as needs work. The code does work but the patch does not take into account the changes needed to the language files. While the translations should not have to change the line numbers do.

Here is a new patch that cleans up some more code and follows the coding standards better. The translations should probably be opened as a separate issue and not hold this up.

Fix priority.

This worked great on a site of mine using the default captcha (e.g. not the image based one).

Thanks!

I have been using the patch from #32 with the ported (& extended -> #104952) textimage functionality and it seems to work like a charm.

Setting as RTBC.

Phil

Whops, sorry, wrong issue#. http://drupal.org/node/107897 is the correct one

I think it would be good to post this update and release a 5.0-1.0 version. When the captcha module is rewritten to add new features release a 5.0-2.0 version. This was this module can get out the door soon.

+1 on that, i've been testing the latest patch and it's working fine. i'm not sure what was causing my earlier problems with IE.

#32 doesn't seen to work with Drupal 5RC2 and math question.

Sorry it's working, but not with webforms