Heine

While browsing Drupal Planet as part of my morning 'wake-up' ritual, I wanted to contact the authors of one of those sites about a problem. I wanted to, until my eye fell on the travesty that they call contact form.

Update: MyCaptcha 1.0 has been released.

I've been adding some settings to the math captcha module I created earlier. An important setting is on which forms you want to have a captcha. While it is possible to hardcode the possible forms a captcha can appear on, I've opted for another approach.

I've created two helper modules called Form store and Form collect. If you enable Form collect, it will collect forms on your site while you visit them. You can view the collected forms on the Form store page. In the image below, you can see that I limited the collection to forms I thought useful for Captcha and that I've given most a more readable description. While I intend to include and add a description to all core forms, this has to be done manually for now.

This morning I broke down and wrote a simple math captcha module (for Drupal) to use with user registration and anonymous commenting on this site.

Because this site uses caching for anonymous users, the module needs to make sure that whenever a captcha is displayed, the page is not added to the cache.

Caching is handled by includes/common.inc:

I've a few extra scripts in the webroot of several sites to provide me with server information when I need it. These scripts tend to provide too much information to just anyone. Here's how you can quickly limit access to the Drupal admin user (the first user created on the site).

Create a file restrict.php. The example assumes all files (restrict.php, info.php and apc.php) are in the Drupal root directory. You need to adapt the include paths if you save the files elsewhere. You can make the access criteria as baroque as you need; the example simply checks on user id.

Adapted from a mail I sent to the Drupal development list.

Porting a module is an excellent opportunity to keep an eye out for security problems (evidence: DRUPAL-SA-2006-031). Here's a quick security reminder regarding input (user-supplied data). Code samples are only included to make a point, do not hold them against me.

Why, please tell! What are the advantages of illegal software?

Seriously, I feel sorry for them; all the effort spend to 'explain' (market) WGA in the previous screens, only to be undone by a translation error.