Extension:KittenAuth

This extension is a variation on the KittenAuth plugin for other pieces of software. It allows wiki admins to set certain actions that need verification from the user, to prevent automated spam. KittenAuth lets users pick a kitten from a list of five images to verify themselves as human.

This plugin uses a lot of the code from the ConfirmEdit extension, but it differs in some functions and allows wiki admins to configure the settings from LocalSettings.php instead of in the plugin's core file.

Authors
The basic framework for ConfirmEdit was designed largely by Brion Vibber, as well as the SimpleCaptcha module that was used to base this plugin on. The rewrite was done by Stephan Muller.

Installation

 * 1) Download the plugin here: KittenAuth.zip
 * 2) Extract the folder inside the .zip and upload it to your wiki's /w/extensions/ folder
 * 3) Add the following line to your LocalSettings.php:

Settings
By default, KittenAuth will only ask unregistered users to pick a kitten when they create a page, when they add a new external link to a page, and when they register an account. KittenAuth comes with 17 images of birds and 8 images of cats, and there's the option to add URL and/or IP whitelists. All these settings can be changed.

To start using custom settings at all, first add the following line to LocalSettings.php, after the require_once rule that should already have been added:

After this you can use the $kittenAuth->someFunction functions to configure the plugin as described below.

Custom images
Instead of using kittens, any images can be used. By default all images should go into the 'images' directory of the plugin, but this can be changed (see the bottom of this section). There are no rules for the image names, as long as they are all image files (.png, .jpg, .jpeg, .gif).

All images in the images folder will automatically be included. There should always be at least one kitten and four non-kittens, but the more variety the harder it will get for spammers to automatically detect the kittens. By default the extension comes with 8 kittens and 17 non-kittens. These files are named 1.png through 25.png but any name will do.

It is very important to indicate which images are kittens. If you change the images, define which are kittens (or if the images contain something else, which are the correct answers). You can use this code in LocalSettings (after the ::setup rule from above):

Also: if you switch from kittens to something else, make sure to change the texts in KittenAuth.i18n.php, which uses the word 'kitten' several times

To see a working example of KittenAuth with custom images, see MansonWiki

Skipping KittenAuth for certain usergroups
By default the kittens will show up only for unregistered users (all the other usergroups have 'skip' set to true). If you want to show KittenAuth to other usergroups as well, use the setSkippedUserGroups function with an array of usergroups and their 'skip' value. Examples:


 * To also force regular users to use KittenAuth, place this in your LocalSettings.php (after the ::setup line from before):


 * To force everyone except bots and bureaucrats to use KittenAuth, place this in your LocalSettings.php (after the ::setup line):


 * To skip KittenAuth for users that confirmed their email, you need to both set the usergroup 'emailconfirmed' to true using the above function, and add the following line:

Triggering KittenAuth
There are five "triggers" on which KittenAuth can be displayed:
 * 'edit' - triggered on every attempted page save
 * 'create' - triggered on page creation
 * 'addurl' - triggered on a page save that would add one or more URLs to the page
 * 'createaccount' - triggered on creation of a new account
 * 'badlogin' - triggered on the next login attempt after a failed one

By default, the only active triggers are 'create', 'addurl' and 'createaccount'. Badlogin is currently not working, see below. To change the settings for each trigger, use the setKittenTriggers function with an array of actions and their 'trigger' value. Example:


 * To show KittenAuth on edits and new accounts but not on new page creation, place this in your LocalSettings.php (after the ::setup line):

Bear in mind that these rules only apply to usergroups that have been set NOT to skip KittenAuth.

URL and IP whitelists
It is possible to define a whitelist of known "good" sites for which the KittenAuth should not kick in, when the 'addurl' action is triggered.

Sysop users can do this by editing the system message page called MediaWiki:captcha-addurl-whitelist (this is kept the same as in ConfirmEdit to allow combined usage or easy switches between plugins). The expected format is a set of regex's one per line. Comments can be added with # prefix. You can see an example of this usage here, on OpenStreetMap.

This set of whitelist regexes can also be defined using the $kittenAuth->CaptchaWhitelist config variable in LocalSettings.php, to keep the value(s) a secret.

Some other variables you can add to LocalSettings.php:
 * $kittenAuth->IPWhitelist- List of IP ranges to allow to skip the KittenAuth
 * $kittenAuth->skipConfirmedEmail - Allow users who have confirmed their e-mail addresses to post URL links
 * $kittenAuth->kittenDir - set the folder where the images of kittens are located

To Do
The following items are still lacking or not working. I'm planning to fix these, but I'm not sure if they are within my capabilities. If any developer would like to give it a try, please let me know and I'd be happy to update the code with new stuff.


 * Managing settings through a Special Page instead of LocalSettings
 * Showing KittenAuth on bad login (code is in place but $wgMemc seems to break on my side... help would be appreciated)
 * Allow customization of image sizes

Changelog

 * Version 0.9:
 * Initial release