Extension:ConfirmEdit

From MediaWiki.org

Manual on MediaWiki Extensions
List of MediaWiki Extensions

ConfirmEdit Release status: stable
Implementation	Page action
Description	adds captchas when saving an edit.
Author(s)	Brion VIBBER
MediaWiki	1.6+
License	GPL
Download	Download snapshot Subversion [Help] Browse source code
Example	One screenshot of ConfirmEdit running on Wikimanga.net
Added rights skipcaptcha
Hooks used EditFilterMerged EditFilter UserCreateForm AbortNewAccount LoginAuthenticateAudit UserLoginForm AbortLogin APIEditBeforeSave
check usage (experimental)

The ConfirmEdit extension enables a simple text Captcha that will probably not allow most bots to edit your site. It was designed largely by Brion Vibber. The FancyCaptcha and reCAPTCHA addons create more complex image captchas.

Captchas are a way of combating automated edits, helping to ensure that wiki edits are being made by real humans rather than bots. This can be particularly useful for reducing the problem of wiki spam, but captchas reduce accessibility and cause inconvenience to human users. In addition, it will not completely spam-proof your wiki (nor will it protect it from human spammers). You may wish to use this in conjunction with other anti-spam features. Remember to clean up any spam which might slip through the net (keep an eye on your 'recent changes' page). Captcha's can also be used to foil automated login attempts that try to guess passwords.

The reCAPTCHA Plugin is based on ConfirmEdit, and works very similarly. The reCAPTCHA plugin provides an audio CAPTCHA, does not require any python libraries, and has a stronger visual CAPTCHA than ConfirmEdit.

[edit] Installation

The ConfirmEdit extension requires MediaWiki 1.11.0 or higher and PHP5 (but SVN revisions before 21970 are PHP4-compatible).

• Download the latest version and download it to your computer
• Create a folder in the extensions folder named ConfirmEdit
• Upload the files to the extensions/ConfirmEdit/ folder
• Edit LocalSettings.php in the root of your MediaWiki installation, and add the following line near the bottom:

require_once( "$IP/extensions/ConfirmEdit/ConfirmEdit.php" );

Note ConfirmEdit will not work if installed with the wrong mediawiki version (called version mismatch, see Discussion).

[edit] Customization in LocalSettings.php

If you wish, customize the following settings in LocalSettings.php (after the require_once() line):

• $wgCaptchaTriggers,
• $ceAllowConfirmedEmail, (Allow users who have confirmed their e-mail addresses to post URL links without being harassed by the captcha) and
• $wgCaptchaWhitelist. (Specific IP addresses are not harrassed by the captcha)

[edit] Configuration

ConfirmEdit introduces a ['skipcaptcha'] to wgGroupPermissions. This is useful for groups that shouldn't see captchas ever.

Defaults from ConfirmEdit.php:

$wgGroupPermissions['*'            ]['skipcaptcha'] = false;
$wgGroupPermissions['user'         ]['skipcaptcha'] = false;
$wgGroupPermissions['autoconfirmed']['skipcaptcha'] = false;
$wgGroupPermissions['bot'          ]['skipcaptcha'] = true; // registered bots
$wgGroupPermissions['sysop'        ]['skipcaptcha'] = true;

By default, because the $wgGroupPermissions is "true" for registered bots and sysops, bots and sysops are not affected by the next five captcha triggers, "edit, create, addurl, createaccount, badlogin".

There are five triggers that can generate a captcha and allow for different situations.

• $wgCaptchaTriggers['edit'] = true; -- Would check on every edit
• $wgCaptchaTriggers['create'] = true; -- Check on page creation.
• $wgCaptchaTriggers['addurl'] = true; -- Check on edits that add URLs
• $wgCaptchaTriggers['createaccount'] = true; -- Check on account creation.
• $wgCaptchaTriggers['badlogin'] = true; -- Check after a failed log-in attempt.

Default triggers from ConfirmEdit.php:

$wgCaptchaTriggers['edit']          = false; 
$wgCaptchaTriggers['create']        = false; 
$wgCaptchaTriggers['addurl']        = true; 
$wgCaptchaTriggers['createaccount'] = true;
$wgCaptchaTriggers['badlogin']      = true;

The triggers edit, create and addurl can be configured per namespace using the $wgCaptchaTriggersOnNamespace setting. If there is no $wgCaptchaTriggersOnNamespace for the current namespace, the normal $wgCaptchaTriggers apply. So suppose that in addition to the above $wgCaptchaTriggers defaults we configure the following:

$wgCaptchaTriggersOnNamespace[NS_TALK]['addurl'] = false;
$wgCaptchaTriggersOnNamespace[NS_PROJECT]['edit'] = true;

Then the captcha will not trigger when adding urls to a talk page, but you will need to solve a captcha any time you edit the project namespace, even if you aren't adding a link.

Requiring only unregistered users to enter a captcha for every edit can be accomplished by:

$wgGroupPermissions['user' ]['skipcaptcha'] = true;

$wgCaptchaTriggers['edit'] = true;

There are different captcha engines included with ConfirmEdit:

• $wgCaptchaClass = 'SimpleCaptcha'; (default) - a simple addition/substraction
• require_once "$IP/extensions/ConfirmEdit/MathCaptcha.php"; $wgCaptchaClass = 'MathCaptcha'; - generates an image using TeX (texvc)
• require_once "$IP/extensions/ConfirmEdit/QuestyCaptcha.php"; $wgCaptchaClass = 'QuestyCaptcha'; - asks questions that you configured ("TextCha"):

$wgCaptchaQuestions[] = array( 'question' => "A question?", 'answer' => "An answer!" );
$wgCaptchaQuestions[] = array( 'question' => 'How much wood would a woodchuck chuck if a woodchuck could chuck wood?', 'answer' => 'as much wood as...' );
$wgCaptchaQuestions[] = array( 'question' => "What is this wiki's name?", 'answer' => "$wgSitename" );

• FancyCaptcha: see below

[edit] Addons

[edit] FancyCaptcha addon

The FancyCaptcha addon extension requires MediaWiki 1.11.0 or higher and the ConfirmEdit extension. The Python Imaging Library must be installed to create the captcha images, but isn't needed after that.

1. Download the files from Wikimedia SVN (latest FancyCaptcha.php, FancyCaptcha.i18n.php, FancyCaptcha.class.php and captcha.py). Note: your copy of ConfirmEdit might already have these files in it.
2. Upload the files to the extensions/ConfirmEdit/ from the root of your MediaWiki installation.
3. If you wish, open ConfirmEdit.php and customize $wgCaptchaTriggers, $ceAllowConfirmedEmail, and $wgCaptchaWhitelist.
4. Change the $wgCaptchaClass line in ConfirmEdit.php to:

   $wgCaptchaClass = 'FancyCaptcha';

5. Add the following lines to LocalSettings.php in the root of your MediaWiki installation:

   require_once( "$IP/extensions/ConfirmEdit/ConfirmEdit.php" );
require_once( "$IP/extensions/ConfirmEdit/FancyCaptcha.php" );

6. Open FancyCaptcha.php and set the variable $wgCaptchaDirectory to the directory where you will store Captcha images. Below it set $wgCaptchaSecret to your passphrase.
7. Create the images by running the following, where:
   • font is a path to some font, for instance AriBlk.TTF.
   • wordlist is a path to some word list, for instance /usr/share/dict/words. (Note: on Debian/Ubuntu, the 'wbritish' and 'wamerican' packages provide such lists. On Fedora, use the 'words' package).
   • key is the the exact passphrase you set $wgCaptchaSecret to. Use quotes if necessary.
   • output is the path to where the images should be stored (defined in $wgCaptchaDirectory).
   • count is how many images to generate.

   python /path/to/captcha.py --font=<font> --wordlist=<wordlist> --key=<key> --output=<output> --count=<count>

   • An example, assuming you're in the extensions/ConfirmEdit directory (font location from Ubuntu 6.06, probably different on other operating systems):

   python captcha.py --font=/usr/share/fonts/truetype/freefont/FreeSans.ttf --wordlist=/usr/share/dict/words --key=FOO --output=../../../captcha --count=100

   • If you are not satisfied with the results of the words you've generated you can simply remove the images and create a new set. Comic_Sans_MS_Bold.ttf seems to generate relatively legible words, and you could also edit the last line of captcha.py to increase the font size from the default of 40.

Note that FancyCaptcha is quite sensitive to version mismatch. In order to successfully install FancyCaptcha on the legacy versions of MediaWiki, try to use FancyCaptcha revisions, that are known to work for your MediaWiki version:

[edit] How to avoid common problems running Python

1. The captcha.py version 29357 is not supported on newer versions of Python, this is due to deprecated md5 although you can use 2.4x.
2. Install the properly version of Python Imaging Library (PIL) 1.5 for Python 2.4.
3. Make the installation of Python on a short folder name. Like C:\Python\
4. Create folder like C:\Ex and place files CAPTCHA.py / FONT.ttf / LIST.txt into the folder.
5. To execute easily run the following example as a batch file:

C:\python\python.exe C:\Ex\CAPTCHA.py --font C:\Ex\FONT.ttf --wordlist C:\Ex\LIST.txt --key=YOURPASSWORD --output C:\Ex\ --count=20

[edit] VisualMathCaptcha

Extension VisualMathCaptcha can be used, as FancyCaptcha, to do so :

1. Open ConfirmEdit.php, in ConfirmEdit extension directory, and change $wgCaptchaClass value to VisualMathConfirmCaptcha.
2. Add following line in LocalSettings.php, VisualCaptcha inclusion lines :

  $wgAutoloadClasses['VisualMathConfirmCaptcha'] = "$IP/extensions/VisualMathCaptcha/VisualMathConfirmCaptcha.class.php";

[edit] Captcha url whitelist

It is now possible to define a whitelist of known good sites for which the captcha should not kick in.

Sysops users can do this simply be editing the system message page called [[MediaWiki:captcha-addurl-whitelist]]. The expected format is a set of regex's one per line. Comments can be added with # prefix. Example in use on OpenStreetMap

Server administrators might prefer to create a regex more directly/secretly with the $wgCaptchaWhitelist config variable

Some other new config vars:

• $wgCaptchaWhitelistIP - List of IP ranges to allow to skip the captcha
• $ceAllowConfirmedEmail - Allow users who have confirmed their e-mail addresses to post URL links

These are are described more thoroughly in the code comments