Working on new CAPTCHA system

Email
Comment *
Verification *
File	Select/drop/paste files here
* = required field	[▶ Show post options & limits] Confused? See the FAQ.

Embed	(replaces files and can be used instead)
Oekaki	Show oekaki applet (replaces files and can be used instead)
Options	Do not bump (you can also write sage in the email field) Spoiler images (this replaces the thumbnails of your images with question marks)
Password	(For file and post deletion.)
Allowed file types:jpg, jpeg, gif, png, webm, mp4, swf, pdf Max filesize is 8 MB. Max image dimensions are 10000 x 10000. You may upload 5 per post.

File: 1441536781244.png (98.53 KB, 1010x809, 1010:809, 7Xe5OV5.png)

Working on new CAPTCHA system Anonymous 09/06/15 (Sun) 10:53:00 f34466 No.822

A lot of people have pointed out that the captcha system on Infinity Next is flawed. This is primarily because of how it handles solutions.

1. Request a document.

2. Captcha is generated and solution is stored to your session.

3. Answer is provided.

4. Answer is checked and reject/accept actions handled.

The problem with this is: if you open a second tab with a captcha, it throws out the previous answer, making perfectly valid solutions suddenly invalid if you tab back. This also means that if your cookie is thrown out (or if you don't have one), then your session may be lost and you have no solution at all. In either scenario, you receive an erroneous "The captcha was not answered correctly" reply and that's very frustrating.

So, copypaste/hotwheels was kind enough to write up a new captcha system in base PHP that I'm now translating into Laravel's architecture as a plugin. This is my third time building a new package for Laravel. Although none of them are "release candidate" yet, I'll eventually redress this technology and polish them off as I continue to develop. Since I'm technically a FOSS development group now, I figure it'd be cool if I opened up some of my assets as independent systems other people might make use of.

The way the new captcha system will work is:

1. Request a document.

2. Captcha is generated and solution is stored in the database.

3. Your captcha is provided with a hash ID.

4. Answer is provided alongside hash.

5. Hash is used to pull answer from DB and is checked against input.

This really simple change makes the software more palatable to no-JS no-Cookie browsers (Tor). The captcha can also be provided with a URL like this:

/cp/captcha/300x72/c0e1c5ceddea124b2f606d310b45157449670adb.png

And that way, if you're using JS to render a new captcha or you've opened an inline document that requires a captcha, the hash can be pulled from the URL string and reliably set.

All of this will be open source as well and a companion library provided with the software.

Post last edited at 09/06/15 (Sun) 10:58:18

Anonymous 09/06/15 (Sun) 13:53:23 000000 No.823

>So, copypaste/hotwheels was kind enough to write up a new captcha system in base PHP that I'm now translating into Laravel's architecture as a plugin. This is my third time building a new package for Laravel. Although none of them are "release candidate" yet, I'll eventually redress this technology and polish them off as I continue to develop. Since I'm technically a FOSS development group now, I figure it'd be cool if I opened up some of my assets as independent systems other people might make use of.

Cute, but last time I checked, people weren't donating so you would contribute to laravel's ecosystem.

Anonymous 09/06/15 (Sun) 14:06:22 f34466 No.824

>>823

Without abstraction:

>write code

>put into infinity next

With abstraction:

>write code

>put into infinity next

Anonymous 09/06/15 (Sun) 14:21:49 535ecf No.825

>>824

Without abstraction:

>write code into infinity next

With abstraction:

>write code in a generic way thinking of a range of use cases for it

>make it a package

>integrate into infinity next

Are you really sure these two are the same?

Anonymous 09/06/15 (Sun) 14:36:56 f34466 No.826

>>825

Everything in Infinity Next is already abstracted. That's the point of a framework. I'm not just shitting out code into a big pot. All things are neatly organized, neatly written, neatly classed. Object oriented and designed to be replaced or rewritten at a moment's notice.

There is one degree of separation between writing code for the project and writing code as a generic.

It also allows other people with no interest in Infinity Next to contribute to the abstracted code. If an audio engineer comes along and adds audio captchas to the system, then we also have audio captchas. Congrats, free code and a free upgrade to 8ch. Nobody with any investment in the project or 8ch should be against abstraction and packaging of modularized components.

Anonymous 09/06/15 (Sun) 14:51:42 535ecf No.827

>>826

Thats some really wishful thinking there, given that no one but HW contributed to it and even then it was a couple of commits 3 months or so ago.

Anonymous 09/06/15 (Sun) 14:58:47 f34466 No.828

>>827

Except the current package was already written entirely by him. He sent it over as a download instead of making it a git commit.

All the work I'm doing to it I would need to do anyways to make it work with Next. I'm just making it a stand-alone instead.

https://github.com/infinity-next/brennan-captcha

Be sure to fork us on github!

Anonymous 09/06/15 (Sun) 18:27:20 ca2418 No.829

>>822

>1. Request a document.

>2. Captcha is generated and solution is stored in the database.

>3. Your captcha is provided with a hash ID.

>4. Answer is provided alongside hash.

>5. Hash is used to pull answer from DB and is checked against input.

so is this about the same as https://8ch.net/8chan-captcha/entrypoint.php?mode=get&extra=abcdefghijklmnopqrstuvwxyz&nojs=true?

There's not going to be any need for JS/cookies?

Anonymous 09/06/15 (Sun) 19:23:21 f34466 No.830

>>829

Huh, no, that's savage.

You open a document, get an image and a hidden field. The hidden field contains a hash. When you submit your answer, you submit it alongside the hash. The answer is checked against the value stored in the database.

There's no need for cookies or javascript because it's all handled on the server. I'm concerned about overhead with having to generate an image on page loads, but if that becomes a problem, we can think of something else. For instance, we can just send the hash and on JS-enabled browsers (the majority of users) the image resource can not be loaded until requested. For no-JS browsers, the user could be taken to a full-page post edit form with the actual image after submitting the post once.

I am not going to add shitty links all over the place that make you open some captcha page in a second tab. I hate that garbage.

Post last edited at 09/06/15 (Sun) 19:29:22

Anonymous 09/06/15 (Sun) 21:54:57 ca2418 No.831

>>830

>You open a document, get an image and a hidden field. The hidden field contains a hash. When you submit your answer, you submit it alongside the hash.

>For no-JS browsers, the user could be taken [..] with the actual image after submitting the post once.

That's kinda what the current one is like.

The current captcha has a hidden input field with the class captcha_cookie, which on https://8ch.net/8chan-captcha/entrypoint.php?mode=get&extra=abcdefghijklmnopqrstuvwxyz&nojs=true, is the captcha ID.

The actual answer is an input field with the class captcha_text. If I remember correctly, both are submitted when you make a post.

Anonymous 09/06/15 (Sun) 22:00:45 ca2418 No.833

File: 1441576845779.png (28.71 KB, 1155x374, 105:34, 6Z1EJhLBtbEB[1].png)

>>831

yeah, that's basically how it works right now

>name="captcha_text"

>pzrdgr

>name="captcha_cookie"

>rjegqrwyjdakaeuqlraj

Anonymous 09/07/15 (Mon) 14:31:37 f34466 No.836

Most of the tough work is done, but now I'm waiting on copypaste to finish some changes to how the image is rendered. There are a few small things I need to do (mostly presentational), but for the most part its complete. I'll version control it once I get the update.

Josh 09/10/15 (Thu) 19:18:31 051c36 No.868

Brennan Captcha is now version 1.

https://github.com/infinity-next/brennan-captcha

Anonymous 09/13/15 (Sun) 08:14:59 ca2418 No.898

File: 1442132100600.png (15.3 KB, 280x80, 7:2, t1YiNKXSqnO5[1].png)

>>868

I don't like this font holy shit

Anonymous 09/13/15 (Sun) 08:15:30 ca2418 No.899

File: 1442132131933.png (10.03 KB, 1366x349, 1366:349, TVcRf6mWFSpJ[1].png)

>>898

also:

reporting is broken on infinitydev.org

Josh 09/13/15 (Sun) 09:11:12 051c36 No.900

>>899

Oops. That's because I forgot to replace the old captcha there.

Anonymous 09/13/15 (Sun) 14:20:44 a4c0b3 No.901

>>898

Its not about whether you like or not but whether a machine can learn it quickly or not. A font that easier for humans to learn would be a improvement however.

Anonymous 09/13/15 (Sun) 19:05:57 bf6960 No.903

>>898

>he can't read this

nigger detected

Anonymous 09/18/15 (Fri) 08:27:59 59a076 No.980

>>903

really, this font is shit. we need proper Frakturschrift, not Textura or Schwabacher or whatever this is. I recommend this book to take out images from https://ia800301.us.archive.org/3/items/Hitler-Adolf-Mein-Kampf/HitlerAdolf-MeinKampf-Band1Und2173.Auflage1936828S.ScanFraktur.pdf

Anonymous 09/18/15 (Fri) 08:31:51 bf6960 No.981

>>980

may I propose UnifrakturMaguntia

Anonymous 11/12/15 (Thu) 11:37:25 cb9691 No.2536

test