BrainBuster - A Logic Captcha For Rails ======================================= Note: http://www.robsanheim.com/brain-buster is the home for BrainBuster - please bookmark it for further information and updates. You can see the plugin in action at http://madisonrails.com. BrainBuster is a logic captcha for Rails. A logic captcha attempts to detect automated responses (ie spambots) by asking a simple quesiton, such as a word puzzle or math question. Logic captchas are often easier for humans to answer then image based captchas, but can exclude foreign users or users with cognitive disabilities. Another possible issue is that answers could be scripted fairly easily by a determined spammer, but I'm guessing in most cases spammers will move on to easier targets. Generating thousands of questions may also deter scripting. Some example question and answers are: "What is fifteen minus five?" => "10" "Which one of these doesn't fit? 'blue, red, yellow, flower'" => 'flower' "Spell the word 'dog' backwards." => "god" For more on logic captchas and alternate approaches, please see http://www.w3.org/TR/turingtest/#logic Details ======================================= BrainBuster includes a model for storing questions and answers, a module to be mixed in to controllers to help in checking the captcha, a small partial to display the question and input form, and a basic stylesheet for styling the partial. There is also a "captcha_footer" partial that is not functionally required at all, its just included to make it easy to give credit and a little link-love if you find this useful. There are many pieces because this plugin spans all of MVC, but each piece is simple and trivial so overriding or replacing certain parts would be easy. This captcha is meant to be user-friendly, so for a questions like "What is two plus two", all of the following answers will work: "4", "four", "Four", " four ". By default, a user only needs to answer a captcha _once_, then they are cookied and don't have to answer another question until they close/reopen their browser. Note that I did use tests to drive the development of this thing, the problem is extracting the tests so they work in the plugin environment. If anyone has anyone suggestions about how to do normal functional style tests with a plugin, please contact me. Installation ======================================= * Generate the migration, modifying questions and answers if you wish: script/generate brain_buster_migration * Copy the style sheet and partials into their appropriate places - this will depend upon your application cp vendor/plugins/brain_buster/assets/stylesheets/captcha.css public/stylesheets/ cp vendor/plugins/brain_buster/views/brain_busters/_*.rhtml app/views/shared/ # add the style sheet where needed <%= stylesheet_link_tag 'captcha' %> Now change any controller(s) you want protected by doing the following: * include the mixin into the controller(s): class AccountController include BrainBustersMixin ... * add the before filter to find a captcha question for any actions that need to display a question (ie the challenge to the user): class AccountController include BrainBustersMixin # we need to display captcha questions for the new and index actions before_filter BrainBustersFilter, :only => [:new, :index] ... * render the partial in appropriate templates - new.rhtml: ... inside your form somewhere <%= render :partial => 'shared/captcha' %> <%= render :partial => "shared/captcha_footer" %> * add a call to the "captcha_passed?" method which actually checks the answer against the question and returns true if the answer matches class AccountController ... def create unless captcha_passed? redirect to :action => 'new' and return end ## normal create processing follows... @account = Account.new(params[:account]) ## etc... end ... Credits ======================================= BrainBuster is by Rob Sanheim (http://www.robsanheim.com). Email: rsanheim at gmail DOT com Thanks to the creators of the Exception Logger plugin (http://svn.techno-weenie.net/projects/plugins/exception_logger/) and the Unobtrusive Javascript plugin (http://www.ujs4rails.com/), as I referred to their source code for help.