captcha.cgi

#!/usr/local/bin/perl -wT

use strict;

use lib qw(. lib);

use Bugzilla;
use GD::SecurityImage;

my $dbh = Bugzilla->dbh;
my $cgi = Bugzilla->cgi;

my $captcha_cookie = $cgi->cookie( 'Captcha_cookie' );
my $captcha_value  = $dbh->selectrow_array('select captcha from captcha where session = ?', undef, $captcha_cookie) or die $!;
$captcha_value ||= '';

my $image = GD::SecurityImage->new(
                width   => 80, height  => 30, lines   => 3, font => '/var/www/bugzilla/data/fonts/lucon.ttf', rndmax => 3,
                ptsize  => 16,  send_ctobg      => 1,
);
$image->random( $captcha_value );
$image->create( 'ttf', 'default',  '#508090', '#0F644B' );
$image->particle( 800 );
print $cgi->header( -type => 'image/png', );

print $image->out( force => 'png' );

gistfile1.diff

--- bugzilla.orig/createaccount.cgi     2010-01-09 20:41:47.727879656 +0400
+++ bugzilla/createaccount.cgi  2010-01-16 15:27:08.947848543 +0400
@@ -47,6 +47,10 @@
 
 $vars->{'doc_section'} = 'myaccount.html';
 
+my $captcha_cookie = $cgi->cookie( 'Captcha_cookie' );
+unless( length $captcha_cookie  ){ $captcha_cookie = generate_random_password; }
+$cgi->send_cookie( -name => 'Captcha_cookie', -value => $captcha_cookie, );
+
 print $cgi->header();
 
 # If we're using LDAP for login, then we can't create a new account here.
@@ -65,8 +69,17 @@
     $login = Bugzilla::User->check_login_name_for_creation($login);
     $vars->{'login'} = $login;
 
-    if ($login !~ /$createexp/) {
+
+               my $captcha = $cgi->param( 'captcha' );
+               my $captcha_cookie = $cgi->cookie( 'Captcha_cookie' );
+    unless ( length( $captcha_cookie ) and length $captcha ) {
+        ThrowUserError("account_creation_restricted");
+    }
+
+               my $captcha_value  = $dbh->selectrow_array('select captcha from captcha where session = ?', undef, $captcha_cookie);
+    unless ( length( $captcha_value ) and $captcha eq $captcha_value ){
         ThrowUserError("account_creation_restricted");
+    exit;
     }
 
     # Create and send a token for this new account.
@@ -77,6 +90,14 @@
     exit;
 }
 
+my $captcha_value  = generate_random_password( 4 );
+$dbh->do( 'delete from captcha where ts < now() - interval 1 day' );
+$dbh->do( 'insert into captcha values ( ?, ?, null )
+                                               on duplicate key update captcha = ? 
+                                       ', {}, $captcha_cookie, $captcha_value, $captcha_value, ) or die $dbh->errstr;
+
+$vars->{'captcha_random'} = generate_random_password( 15 );
+
 # Show the standard "would you like to create an account?" form.
 $template->process("account/create.html.tmpl", $vars)
   || ThrowTemplateError($template->error());

--- bugzilla.orig/template/en/default/account/create.html.tmpl  2010-01-09 20:39:09.000000000 +0400
+++ bugzilla/template/en/default/account/create.html.tmpl       2010-01-15 15:54:50.138186977 +0400
@@ -71,6 +71,15 @@
         [% Param('emailsuffix') FILTER html %]
       </td>
     </tr>
+    <tr>
+      <td align="right">
+        <b>The text on a picture:</b>
+      </td>
+      <td>
+                               <img border='0' src="captcha.cgi?rnd=[% captcha_random %]">
+        <input size="4" id="captcha" name="captcha">
+      </td>
+    </tr>
   </table>
   <br>
   <input type="submit" id="send" value="Send">

gistfile2.sql

CREATE TABLE `captcha` (
  `session` varchar(10) NOT NULL,
  `captcha` varchar(10) NOT NULL,
  `ts` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
  PRIMARY KEY (`session`),
  KEY `ts_idx` (`ts`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8