Archives: 2009

Posted on
by

A new CAPTCHA approachOne thing we try and do when working on a new Elgg feature is – where we can – couple things together as loosely as possible and provide hooks for third party developers to extend Elgg and fill in any blanks.

A good example of where this has been done is the newly introduced Captcha functionality available in the latest nightly testing builds of Elgg.

The Captcha functionality is provided by a module which extends a view called “input/captcha“. This view is blank by default but is used in several places such as user registration and the lost password form.

This means two things; firstly that if a Captcha module isn’t installed or enabled then forms behave normally, and secondly it becomes a trivial matter for third party modules to provide their own Captcha functionality.

This same mechanism is how the URL shortener module works by the way.

Next, the Captcha module extends a number of actions to require a correctly validated Captcha code. This list itself is the product of a plugin hook which returns an array of actions which require Captcha validation:

$actions = array();
$actions = trigger_plugin_hook('actionlist', 'captcha', null, $actions);

...

function captcha_actionlist_hook($hook, $entity_type, $returnvalue, $params)
{
if (!is_array($returnvalue))
$returnvalue = array();

$returnvalue[] = 'register';
$returnvalue[] = 'user/requestnewpassword';

return $returnvalue;
}

The reason why the list of actions is provided this way is twofold, firstly it lets modules use Captcha functionality in their own code through a generic interface, and secondly it is harder to spoof than looking for some marker in the form code.

The Captcha itself injects a server generated token into the form, which together with the user’s response to the characters generated in an image are used to validate that the user is indeed human.

As we can see, Elgg asks to be provided with a Captcha if one is available by including a specific view, but is agnostic as to where (or indeed if) this functionality is supplied.

By using the techniques available to an Elgg programmer I was able to loosely couple the Captcha system to Elgg in such a way that a third party can easily use the same techniques to provide a more advanced module.

Happy coding!

Image “A new Captcha approach” by XKCD

Posted on
by

Hard at work
Today I spent a productive and thoroughly enjoyable day at Oxford Geek Jam.

This was a techy event organised by @mattythorne and @loleg at the Jam Factory in Oxford bringing together hackers, ideas people and general interested populous to bash out some ideas and start hacking on some projects.

The group split into two main camps based around a couple of ideas; Oleg wanted to hack on a visual wiki representation, and my off the cuff idea which I’ve been playing on for a little while – the Stalk-O-Matic.

Stalk-O-Matic is a little data mining toy I have had in skunk for a while which uses the Google Social Graph api to aggregate much of the public information available on the internet about you into an easily explorable form. This is done for the purposes of education and illustrates just how public private information is – something that I might talk about at Barcamp Transparency.

Off the back of the Geek Jam I have open sourced the code and have started a Google Code project which I’d be interested in seeing people get involved in – usual “It was a private hack made public so is a total mess” disclaimer applies!

Anyway, I found today both enjoyable and thoroughly useful. I hope that there will be many more events like this in Oxford!

Posted on
by

BarCamp Transparency UKBarcamp Transparency is gaining momentum fast. Our sponsorship list is growing and we already have already confirmed a number of high profile people who are going to attend!

I therefore urge you to keep the 26th of July free in your calendar! Tell your friends!

On a somewhat related note, I vote for Global Voices Advocacy, because they are doing some very important work regarding freedom of speech and the fight against censorship – and without those you can’t have transparency or democracy.

This blog post is part of Zemanta’s “Blogging For a Cause” (http://www.zemanta.com/bloggingforacause/) campaign to raise awareness and funds for worthy causes that bloggers care about.