Skip to end of metadata
Go to start of metadata

<ac:macro ac:name="unmigrated-inline-wiki-markup"><ac:plain-text-body><![CDATA[

<ac:macro ac:name="unmigrated-inline-wiki-markup"><ac:plain-text-body><![CDATA[

Zend Framework: Zend_Service_Recaptcha Component Proposal

Proposed Component Name Zend_Service_Recaptcha
Developer Notes http://framework.zend.com/wiki/display/ZFDEV/Zend_Service_Recaptcha
Proposers Christer Edvartsen
Pádraic Brady
Matthew Weier O'Phinney (Zend Liaison)
Revision 1.1 - Ready For Zend Review (wiki revision: 12)

Table of Contents

1. Overview

Let's get the definition out of the way . A CAPTCHA is a test to determine whether the entity being tested is a real breathing human being or a computer driven facsimile. They are used predominantly to prevent automated actions, such as making comments or posting forum messages, by programs such as bots which are generally designed to distribute spam (or worse).

The effort expended by the real humans is immense. It's estimated upwards of 60-70 million CAPTCHAs are solved everyday. Not about to let that time go down in history as a waste of electrons, the reCAPTCHA team have developed their own implementation where the solutions are utilised to maximise the efficiently of digitising books where OCR errors are common.

The benefit of reCAPTCHA is not just goodwill. The program itself has a high rate of success, offers built in alternatives for individuals without the benefit of perfect eyesight, and uses a public/private key security to prevent chained attacks (i.e. using the answers of real humans to drive those of bots elsewhere).

2. References

3. Component Requirements, Constraints, and Acceptance Criteria

  • This component will allow insertion of a reCAPTCHA into forms.
  • This component will allow verification of reCAPTCHA answers.
  • This component will optionally output XHTML valid markup (this is unsupported by reCAPTCHA itself).
  • This component will not assume the role of generating a custom themed reCAPTCHA.
  • This component will allow setting of SSL mode, and a custom error message.
  • This component will allow setting of options for a RecaptchaOptions JS container (see reCAPTCHA API documentation).
  • This component may integrate with Zend_Form once CAPTCHA integration is finalised.

Please note that XHTML output will, and must, be disabled by default. reCAPTCHA does not officially support an XHTML option as yet, so this will remain entirely for use at the user's risk.

4. Dependencies on Other Framework Components

  • Zend_Http_Client
  • Zend_Json
  • Zend_Exception

Zend_Json is utilised to create the RecaptchaOptions Javascript container. It is almost a negligible dependency which can be removed with very little impact.

5. Theory of Operation

The detailed workflow of reCAPTCHA begins with outputting the actual CAPTCHA into a form. This requires the inclusion of Javascript into the current View, sourced from an offsite script URL and a noscript element for non-javascript enabled clients. These elements must be inserted within <form> tags which may require a backend integration point to Zend_Form (one is in development) or at least detailed documentation of a method which allows for this.

More dynamic pages can make use of the AJAX API. The AJAX API will not be addressed by this proposal since it is managed on the client side using Javascript alone. Validation may of course use this component.

Once a reCAPTCHA has been appended to a relevant form, the response may then be validated using the Service API. The process, in terms of userland implementation, is quite simple. Refer to the default use cases a typical user can expect below.

Internally, the source code for the component is expected to make use of other components to whatever extent is possible to reduce duplication.

6. Milestones / Tasks

  • Milestone 1: Assemble use cases and design comments based on draft source code
  • Milestone 2: Assemble a unit test suite for common functionality and implement
  • Milestone 3: Pending review comments, complete initial development
  • Milestone 4: Complete acceptance testing, verify unit test coverage
  • Milestone 5: Let's assume documentation is written during development

7. Class Index

  • Zend_Service_Recaptcha
  • Zend_Service_Recaptcha_Exception
  • Zend_Service_Recaptcha_Response
  • Zend_Service_Recaptcha_Mailhide
  • Zend_Service_Recaptcha_Mailhide_Exception

This is a preliminary class listing. Pending public and Zend review, the list may expand as necessary.

8. Use Cases

UC-01

At its simplest, output of a reCAPTCHA can be generated utilising default options.

UC-02

Validation then follows, again using default options.

UC-03

The component allows for two customisation means. Three parameter options for enabling SSL compatible requests, setting a custom error message on invalid responses, and to enable XHTML output. There is also support for reCAPTCHA specific options which are prepended to any Javascript to tailor the reCAPTCHA as documented in the reCAPTCHA client API.

9. Class Skeletons

Source code for the above component has been in progress and may be made available upon request. Once a more finalised version is complete, it will be attached to this proposal (if not already reviewed).

]]></ac:plain-text-body></ac:macro>

]]></ac:plain-text-body></ac:macro>

Labels:
zend_webservices zend_webservices Delete
captcha captcha Delete
recaptcha recaptcha Delete
proposals proposals Delete
proposal proposal Delete
validate validate Delete
form form Delete
claims claims Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.
  1. May 14, 2008

    <p>Paddy, looks like you were on a placeholder creation spree on 2/8. <ac:emoticon ac:name="laugh" /> You know the drill- please resurrect it from the 'archived' section with some content.</p>

    <p>,Wil</p>

  2. May 22, 2008

    <p>Your wish is my command, Oh Master. I live but to server and obey!</p>

    <p>I've added actual words. I expect to attach source code (this one is being developed off list) and another contributor during the next week. I may also hit Matthew for a questions on a few things since I know he keeps muttering Form and CAPTCHA in the same sentence occasionally and I want to ensure this component is compatible with future CAPTCHA plans (if any) for Zend_Form.</p>

    <p>As to source code, it does exist, and it even works. Primarily it needs some tidying and closer relations to Zend_View and Zend_Form to reduce duplication and make implementation simpler for end users.</p>

  3. May 25, 2008

    fc

    <p>Hi Paddy, </p>

    <p>I've used reCaptcha in the past and I got some emails from users complaining that the image was difficult to read. I hope they add more options in the future, so users can customise it a little bit more. </p>

    1. May 26, 2008

      <p>It's hard to read because one of the two terms they display failed in OCR. If an OCR can't read it, it adds comfort that a spammer will also fail. CAPTCHA's are intentionally hard to read.</p>

      <p>As for options, you can reload the CAPTCHA, select an audio option, until something clicks. If all else fails, select an alternate CAPTCHA service or generator (though secure options are few and far between).</p>

      1. May 30, 2008

        fc

        <p>Yes, I'm sure users are going to find this component very useful. I can see a lot of people using it, there's a huge demand for this type of services. If I'm not wrong Facebook is also using it, with the only difference that they managed to customize it (<a href="http://tinyurl.com/6jxmc9">Image</a>).</p>

        1. Aug 15, 2008

          <p>reCaptcha : <strong>Look & Feel Customization</strong>
          <a class="external-link" href="http://recaptcha.net/apidocs/captcha/client.html#customization">http://recaptcha.net/apidocs/captcha/client.html#customization</a></p>

          1. Aug 16, 2008

            fc

            <p>Yes, thanks. It was added after I left the message.</p>

  4. Jun 02, 2008

    <p>Christer did a great job with the initial code (I mainly added some small enhancements and a little cleanup). It will be even better when Matthew has CAPTCHA integration for Zend_Form. In the meantime I've written a Zend_Form_Element_Recaptcha, Zend_View_Helper_FormRecaptcha and Zend_Validate_Recaptcha for integration - I'll check with Christer as to whether it's worth adding those to the proposal and seeing whether the Zend Review offers up better namespacing for the final Zend_Form CAPTCHA proposal in the future. They work great for me and I hope to illustrate that in my series on writing a Zend Framework Blog Application during the week.</p>

  5. Jun 02, 2008

    <p>What about doing something with a view helper so you don't have to create and pass the object to the view object. I think if the helper is done right it could be structured like the form helpers are.</p>

    1. Jun 03, 2008

      <p>Have done <ac:emoticon ac:name="wink" /></p>

      <p><a class="external-link" href="http://svn.astrumfutura.org/zfblog/trunk/library/ZFBlog/Form/Element/Recaptcha.php">http://svn.astrumfutura.org/zfblog/trunk/library/ZFBlog/Form/Element/Recaptcha.php</a>
      <a class="external-link" href="http://svn.astrumfutura.org/zfblog/trunk/library/ZFBlog/View/Helper/FormRecaptcha.php">http://svn.astrumfutura.org/zfblog/trunk/library/ZFBlog/View/Helper/FormRecaptcha.php</a></p>

      <p>Documenting all this for a new ZFBlog posting to my tutorial series.</p>

  6. Jun 04, 2008

    <p>first, thank for this service. its very interesting and working fine.</p>

    <p>second, I juste have a small problem when I try to include this in a zend subform.</p>

    <p>This is a dump of the $_POST after submit the form.</p>

    <p>array(3) <<br />
      ["user"] => array(6) <<br />
        ["username"] => string(6) "asdsad"<br />
        ["email"] => string(21) "***"<br />
        ["password"] => string(0) ""<br />
        ["password_confirm"] => string(0) ""<br />
        ["no_csrf_foo"] => string(32) "4ea1742a394f4f95c92e8bfa22298779"<br />
        ["save"] => string(17) "Save and continue"<br />
      <<br />
      ["recaptcha_challenge_field"] => string(182) "02-LjB3CFwLqTsjt5YVRK4As5ryejOFb-zPlgqXWuodwPCCu--uXzu5JDnd02DOzFA4RT6efwb292KwTHZFv88Hf3aStSxJxB7zog_i9EYOxT6qKeQQZyemvHAU2F4UkroONiNnxE1dAnS4z7eVokzlCU_zSmGO-huCOaQgohBfso8eYP6AwMD"<br />
      ["recaptcha_response_field"] => string(7) "opening"<br />
    <
    <br class="atl-forced-newline" /></p>

    <p>the recaptcha field are not in the <ac:link><ri:page ri:content-title=""user"" /></ac:link> array so the form validation fail.</p>

    <p>Here is the code I use to add the Recapcha to the subform</p>

    <p>new ZFBlog_Form_Element_Recaptcha('recaptcha', array(<br />
    'label' => 'Are you human?',<br />
    'required' => true,<br />
    'recaptchaParams' =>array('ssl'=>true, 'xhtml'=>true, 'privateKey'=> $config->system->recaptcha->privatekey,'publicKey'=> $config->system->recaptcha->publickey),<br />
    'recaptchaOptions' =>array('theme'=>'clean', 'lang'=>'fr','tabindex'=>2),<br />
    'validators' => array(new Phenix_Validate_Recaptcha())<br />
    ))</p>

    1. Jun 05, 2008

      <p>I'll take a look at subforms - it's not a use case I've tried yet in the ZFBlog tutorial series.</p>

  7. Jun 19, 2008

    <ac:macro ac:name="note"><ac:parameter ac:name="title">Zend Comments</ac:parameter><ac:rich-text-body>
    <p>Zend_Service_Recaptcha is accepted for inclusion in standard/incubator as a basis for Zend Framework's CAPTCHA offering. We have no design notes at this time, other than a request for a form element that utilizes it; however, this is not required for acceptance.</p></ac:rich-text-body></ac:macro>

  8. Jul 12, 2008

    <p>Hi Christer and Pádraic,</p>

    <p>Zym has had a reCaptcha component in it's incubator for a while now. It's not really been tested, but perhaps you could get some ideas from it <ac:emoticon ac:name="smile" /> There's also a View helper.</p>

    <p><a class="external-link" href="http://code.google.com/p/zym/source/browse/trunk/incubator/library/Zym/">http://code.google.com/p/zym/source/browse/trunk/incubator/library/Zym/</a></p>