Provided by: libcgi-application-plugin-captcha-perl_0.04-2_all bug

NAME

       CGI::Application::Plugin::CAPTCHA - Easily create, use, and verify CAPTCHAs in
       CGI::Application-based web applications.

VERSION

       Version 0.04

SYNOPSIS

           # In your CGI::Application-based web application module. . .
           use CGI::Application::Plugin::CAPTCHA;

           sub setup
           {
               my $self = shift;

               $self->run_modes([ qw/
                   create
                   # Your other run modes go here
               /]);

               $self->captcha_config(
                   IMAGE_OPTIONS    => {
                       width    => 150,
                       height   => 40,
                       lines    => 10,
                       font     => "/Library/Fonts/Arial",
                       ptsize   => 18,
                       bgcolor  => "#FFFF00",
                   },
                   CREATE_OPTIONS   => [ 'ttf', 'rect' ],
                   PARTICLE_OPTIONS => [ 300 ],
               );
           }

           # Create a run mode that calls the CAPTCHA creation method...
           sub create
           {
               my $self = shift;
               return $self->captcha_create;
           }

           # In a template far, far away. . .
           <img src="/delight/Ident/create"> (to generate a CAPTCHA image)

           # Back in your application, to verify the CAPTCHA...
           sub some_other_runmode
           {
               my $self    = shift;
               my $request = $self->query;

               return unless $self->captcha_verify($request->cookie("hash"), $request->param("verify"));
           }

DESCRIPTION

       "CGI::Application::Plugin::CAPTCHA" allows programmers to easily add and verify CAPTCHAs
       in their CGI::Application-derived web applications.

       A CAPTCHA (or Completely Automated Public Turing Test to Tell Computers and Humans Apart)
       is an image with a random string of characters.  A user must successfully enter the random
       string in order to submit a form.  This is a simple (yet annoying) procedure for humans to
       complete, but one that is significantly more difficult for a form-stuffing script to
       complete without having to integrate some sort of OCR.

       CAPTCHAs are not a perfect solution.  Any skilled, diligent cracker will eventually be
       able to bypass a CAPTCHA, but it should be able to shut down your average script-kiddie.

       "CGI::Application::Plugin::CAPTCHA" is a wrapper for GD::SecurityImage.  It makes it more
       convenient to access GD::SecurityImage functionality, and gives a more
       CGI::Application-like way of doing it.

       When a CAPTCHA is created with this module, raw image data is transmitted from your web
       application to the client browser.  A cookie containing a checksum is also transmitted
       with the image.  When the client submits their form for processing (along with their
       verification of the random string), "captcha_verify()" generates a checksum of the
       verification string the user entered.  If the newly generated checksum matches the
       checksum found in the cookie, we trust that the CAPTCHA has been successfully entered, and
       we allow the user to continue processing their form.

       The checksum is generated by taking the string in question, and joining it with a SECRET.
       We then generate an SHA1 hex digest of the resulting string.  The end user will not be
       able to generate their own checksums to bypass the CAPTCHA check, because they do not know
       the value of our SECRET.  This means it is important to choose a good value for your
       SECRET.

       An easy way to generate a relatively good secret is to run the following perl snippet:

         perl -MDigest::SHA=sha1_base64 -le 'print sha1_base64($$,time(),rand(9999))'

       The author recognizes that the transmission of a cookie with the CAPTCHA image may not be
       a popular decision, and welcomes any patches from those who can provide an equally easy-
       to-implement solution.

FUNCTIONS

   captcha_config()
       This method is used to customize how new CAPTCHA images will be created.  Values specified
       here are passed along to the appropriate functions in GD::SecurityImage when a new CAPTCHA
       is created.

       It is recommended that you call "captcha_config()" in the "cgiapp_init()" method of your
       CGI::Application base class, and in the "setup()" method of any derived applications.

       The following parameters are currently accepted:

       IMAGE_OPTIONS

       This specifies what options will be passed to the constructor of GD::SecurityImage.
       Please see the documentation for GD::SecurityImage for more information.

       CREATE_OPTIONS

       This specifies what options will be passed to the "create()" method of GD::SecurityImage.
       Please see the documentation for GD::SecurityImage for more information.

       PARTICLE_OPTIONS

       This specifies what options will be passed to the "particle()" method of
       GD::SecurityImage.  Please see the documentation for GD::SecurityImage for more
       information.

       SECRET

       This specifies the secret that will be used when generating the checksum hash.

   captcha_create()
       Creates the CAPTCHA image, and return a cookie with the encrypted hash of the random
       string.  Takes no arguments.

       The cookie created in this method is named "hash", and contains only the encrypted hash.
       Future versions of this module will allow you to specify cookie options in greater detail.

   captcha_verify()
       Verifies that the value entered by the user matches what was in the CAPTCHA image.
       Argument 1 is the encrypted hash from the cookie sent by "captcha_create()", and argument
       2 is the value the user entered to verify the CAPTCHA image.  Returns true if the CAPTCHA
       was successfully verified, else returns false.

AUTHOR

       Jason A. Crome, "<cromedome@cpan.org>"

TODO

       •   Allow "captcha_config()" to take cookie configuration arguments.

       •   Allow the plugin to actually create a run mode in your CGI::Application-based webapp
           without the developer having to manually create one.

BUGS

       Please report any bugs or feature requests to
       "bug-cgi-application-plugin-captcha@rt.cpan.org", or through the web interface at
       <http://rt.cpan.org/NoAuth/ReportBug.html?Queue=CGI-Application-Plugin-CAPTCHA>.  I will
       be notified, and then you'll automatically be notified of progress on your bug as I make
       changes.

CONTRIBUTING

       Patches, questions, and feedback are welcome.

ACKNOWLEDGEMENTS

       A big thanks to Cees Hek for providing a great module for me to borrow code from
       (CGI::Application::Plugin::Session), to Michael Peters and Tony Fraser for all of their
       valuable input, and to the rest who contributed ideas and criticisms on the
       CGI::Application mailing list.

       Additional thanks to chorny and Cees for the various bug fixes and patches they have
       submitted.

SEE ALSO

       CGI::Application GD::SecurityImage Wikipedia entry for CAPTCHA -
       <http://en.wikipedia.org/wiki/Captcha>

COPYRIGHT & LICENSE

       Copyright 2005-2011 Jason A. Crome, all rights reserved.

       This program is free software; you can redistribute it and/or modify it under the same
       terms as Perl itself.