multipart-mixed

Adding reCAPTCHA to Movable Type

UPDATE 2007.07.11: version 1.2 released.
UPDATE 2007.08.29: instructions for MT 4.0.
UPDATE 2008.05.01: instructions for MT 4.1.

Joel just clued me in on a new Captcha system called reCAPTCHA. What's different about reCAPTCHA is that they use the verification words to correct OCR mistakes in scanned books. In their words: "About 60 million CAPTCHAs are solved by humans around the world every day.... in aggregate these little puzzles consume more than 150,000 hours of work each day. What if we could make positive use of this human effort?"

They provide PHP code and a WordPress plugin, but I'm using Movable Type here, so I wrote a Movable Type plugin to use this system. Details follow...

Installing in Movable Type

I've tested this plugin with Movable Type 3.2. It should work with 3.3 also. NOTE: skip to the bottom for Movable Type 4.x.

  • Download the reCAPTCHA plugin: Recaptcha.zip
  • Copy the Recaptcha.pl file to your mt/plugins directory.
  • Edit your mt/lib/MT/App/Comments.pm file, somewhere around line 230, adding the block below noted with "begin addition":

# Run all the Comment-throttling callbacks
my $passed_filter = MT->run_callbacks('CommentThrottleFilter',
                                      $app, $entry);
$passed_filter ||
    return $app->handle_error($app->translate("_THROTTLED_COMMENT"),
                              "403 Throttled");

### BEGIN ADDITION FOR RECAPTCHA PLUGIN ###
my $error_message = MT->run_callbacks('CommentErrorFilter', $app, $entry);
if ($error_message) {
    return $app->handle_error($error_message);
}
### END ADDITION FOR RECAPTCHA PLUGIN ###
  • Edit your templates for comments and comment preview to include something like:

<p>
  Verification (needed to reduce spam):
  <$MTRecaptchaBox$>
</p>
  • Go into the Movable Type admin interface, click "Settings" (left bar), then "Plugins" (across the top). You should see "reCAPTCHA" listed with your plugins. Click "Show Settings" and enter the public and private keys you got from recaptcha.net when you signed up. Click "Save Changes."
  • You should now rebuild your site so the reCAPTCHA box will show up on your pages. Click "Rebuild Site" (left bar).

Notes for Version 1.2 Upgrade

If you are upgrading from a version prior to 1.2, you'll notice the public/private keys have moved out of the Recaptcha.pl source file and into the MT settings page, where they belong. Also, the change to Comments.pm is different. Please replace the change with the new text shown above.

Notes on the Plugin

The plugin adds two features: the MTRecaptchaBox tag and a callback hook for comment posting. The tag simply generates the correct HTML for displaying a Recaptcha box.

The comment posting hook contacts recaptcha.net to validate the contents of the Recaptcha box. Unfortunately, I couldn't properly implement this without changing Comments.pm; I needed to add a new callback which would allow a plugin to cause comment submission failure and return an error message to the user. The existing mechanisms (throttling, junk, and 'CommentFilter') weren't good enough. I did this the nicest way possible, though, by adding another callback hook.

Movable Type 4.0

MT 4.0 has a new CAPTCHA plugin API, and they supply a reCAPTCHA plugin. Unfortunately, it's busted. Here's how to make it work:

  • Copy the reCaptcha folder from extras/examples/plugins to your plugins directory.
  • Edit the reCaptcha.pl file: change system_config_template to config_template at line 20.
  • Also in reCaptcha.pl at line 29, add your keys like so:

['recaptcha_publickey', { Default => 'YOUR-PUBLIC-KEY-HERE' }],
['recaptcha_privatekey', { Default => 'YOUR-PRIVATE-KEY-HERE' }],
  • Now go to the Movable Type dashboard in your browser, Preferences > Blog Settings > Comments. Set "Immediately Approve Comments From" to "anyone." Near the bottom is a chooser called "CAPTCHA provider." Select reCAPTCHA and click Save Changes.
  • In the sidebar select Registration. Check the "Anonymous Comments" checkbox and deselect the rest, click Save Changes.
  • Rebuild your site.

Something is busted with the Preferences > Plugins panel (it won't save the keys if you enter them there) so that's why you need to hard-code them in reCaptcha.pl. I've submitted a bug to SixApart so hopefully these problems will be fixed in the next release of MT 4.

Movable Type 4.1

SixApart has fixed the reCATCHA plugin in 4.1. Here's what you need to do:

  • Copy the mt/extras/examples/plugins/reCaptcha directory to mt/plugins/reCaptcha.
  • Edit the comment form template as indicated in the README file. Ignore the part about the JavaScript index template.
  • Go to Preferences > Blog Settings > Comment and set "CAPTCHA Provider" to reCAPTCHA. Save your changes.
  • Go to Preferences > Plugin Settings > reCaptcha > Settings and fill in the public and private keys. Save changes.
  • Rebuild your site.

Update 2008.05.02: Marcos Lara adds: if you've turned on Movable Type's built-in spam protection, turn that back down to zero when using reCAPTCHA. Otherwise all comments will get marked as needing moderator approval.

Thanks

Many thanks to Ian Peters for getting the plugin integrated with the MT settings page, and other tasty improvements.

Comments

I'm giving the recaptcha plugin a try here. The first word is easy to read, but the second one, which must be the OCR error... Well, let's just say that it's obvious why this OCR attempt failed. I'm giving it my best guess. (The one that it's giving me here on the preview is a lot better.)

I'm just trying out a few more captchas. Ignore this comment... (Ah, here's one with an n with a tilde. I don't know how to type that on this keyboard.)

Josh, thanks so much for creating this. I've installed it and it works really well, which is something of a first for Movable Type captcha software in my limited experience.

I can't get past your Captcha step whether I type the 2 words with one space between them or two spaces.Help!

Just curious if it ignores a space between the words

Thanks for doing this! I've always manually moderated comments but I hate the way it stops any sort of conversation happening. Will be installing this very soon.

I installed the plug-in but the test consistently fails.

hi.. I'm Jaanus, just testing your system and considering to use on my own MovableType installation.

Sylvia, In the Recaptcha.pl file there's two lines that say 'YOUR_PUBLIC_KEY_HERE' and 'YOUR_PRIVATE_KEY_HERE'; did you set those with the info recaptcha.net gave you? If so, can you copy-n-paste the error message you're seeing into an email?

I finally got it to work - after a bit of trial and error with placement of the template code. Since they were test comments on a test post, I deleted all of it. THANK YOU very much for your assistance - and for whatever work you did on the plug-in.

Hi Josh, this works awesome from the first comment post, but all comments attempted from the COMMENT PREVIEW page fail the Captcha test on my blog. Any ideas?

I'm also unable to get the plugin working from the preview page. Anyone had any luck with this?

It's working from the preview page here. Can you give me more detail on the version of MT you have installed? Also, send me your mt/lib/MT/App/Comments.pm file so I can double-check the changes there.

Sorry about that. Turned out to be a misconfiguration in the MTKeystrokes plugin that had been installed. Preview's working just fine.

HI, I am trying to get the reCaptcha plug in to work on version 3.2 - I have the plug in installed, and keysin place, I see the reCaptcha box - but it doesn't seem to work. I can type anything in the box and it doesn't authenticate - doesn't fail the post. Any ideas?

I tried installing your plugin on the MT4 version to no avail. MT4 ships with an example reCaptcha plugin that didn't seem to work either, but by using the two plugins in conjunction I have got this to work (finally after two days pulling my hair out). It doesn't require any fiddling with the comments.pm file, and I had to manually enter the keys into the Recapture.pl file. Also had to remove the id from the div where the code goes in the comment form template. But now it works and I couldn't be happier.

Do you think this will work with Movable Type version 2.65?

I'll try it out if you think it might.

Emmanuel: I have no idea what the plugin system for MT 2.65 looks like. If I had to guess, this plugin wouldn't work without a fair bit of modification.

Ok I followed the above directions but I do not get the "Show Settings" button in the plugin manager. Plugin is enabled, I tried playing with the permissions on the .pl to no avail. MT version 3.32

Josh,

I am trying to install on MT4 and all I have are the cryptic hints that Toni mentioned above.

Could you please explain to me how to install this on MT4? I am willing to do any kind of Perl script configuration as long as it's clearly explained, since I am not a programmer.

Much appreciated,


Jonathan

Thanks for the questions about MT 4. I just posted instructions above for making this work.

FYI, in MT 4.0, the public/private keys are actually being saved, they're just not being displayed in the settings form. You can fix that by setting the config_template to the following:

	config_template => <<TMPL,
<dl>
<dt>reCaptcha public key<dt>
<dd><input name="recaptcha_publickey" size="50"
value="<TMPL_VAR name="recaptcha_publickey" escape="html">"/></dd>
<dt>reCaptcha private key<dt>
<dd><input name="recaptcha_privatekey" size="50"
value="<TMPL_VAR name="recaptcha_privatekey" escape="html">"/></dd>
</dl>
TMPL

This way you can avoid hardcoding the reCaptcha public/private keys.

Stepan: I tried that, but the keys it was saving didn't actually match what was going into the template form. I put one set of data into the default settings, and another set into the config fields, then rebuilt the site. The reCaptcha code on the generated web page used the default settings -- not what the config fields displayed!

Thanks very much for your work, but I have a question after all.
I tried to install reCaptcha on MT4, but failed. Your guide is good, but for people with a bit of knowledge in programming.
My steps were:
1) I transfered reCaptcha directory from examples/plugins to plugins. So this ok
2) I have moderated line 20, and shortened it, by deleting 'system_'
3) At line 29 I have substituted two lines with the ones given by you. Of course I entered my public and private keys there. You call it hardcore edition or whatever. English is not my native language.
4)I have chosen Captcha provider and rebuilt the site. And nothing happens. Would please be so kind to explain step by step what to next.

is it possible to place a racaptcha box in every form that we use is the pages of the blog o site other than comments form? if so, how we can do that?

Thanks for this guide. I'm using MT4, and found ut's especially important to change the template so that the public and private keys get stored. Otherwise the reCAPTCHA box just doesn't appear (no error messages either!)

Just seeing if this works - thinking of using it.

cool

testing recaptcha

cheat

Why my recaptcha filed always fails text verification?

Excellent plugin! It looks and it works like a charm

Has anyone got this working on MT 3.31? I have installed and it is showing up, but not authenticating.

Get the following error:

Your comment submission failed for the following reasons:

Failed CAPTCHA verification; please use your browser's back button and re-enter the verification words. Error: challenge field cannot be empty.

are all verifications running very slow right now?

Wonderful, many thanks

Would it be difficult to modify your plugin for MT 3.14 (I am missing JunkFilter.pm to start with)

Just for everyones info, in 4.1 the plugin seems to work out of the box, just copy it, go to plugin settings for your blog and enter your keys there. Activate in blog settings.

Just for everyones info, in 4.1 the plugin seems to work out of the box, just copy it, go to plugin settings for your blog and enter your keys there. Activate in blog settings.

trying without space

I would very much like to use this. I just upgraded to mt 4.0, but I don't see the recaptcha plug in on my plug in page. All the plugins that show are Multi Blog 2.0, Spam Lookup - Lookups 2.11, Spam Lookup Link 2.11, and Spam Lookup Keyword Filter 2.1. My husband helped me set up the captcha he is using, but I don't like it and my readers are having problems with it. I would like to do the reCaptcha, but am not sure where to start. Any help would be appreciated! TIA!

Okay, I know I sent you a comment, but I figured out my previous question. There is now a plug in avaialable. I downloaded it and followed the instructions in the read me file. But the recaptcha is still now showing up.

The final step I am told to do is remove this from my javascript index template, but it is not there in that template. It also says I can remove from my Global Java Script, but I don't see that template. :
captcha_timer = setInterval('delayShowCaptcha()', 1000);


Any information you can share with me would be greatly appreciated! TIA!

these instructions broke my anonymous comments completely.

the result of following this was my MT4.1 w/pro pack always returned "awaiting moderator approval" after the recaptcha approval completed successfully, despite the fact the moderator never received a single request or notification of the pending request and despite the fact that anonymous comments are allowed.

is there any help?

Hi. Hope someone can help. I installed this plugin with MT 3.2. Everything seemed to work fine except I can't get the actual reCAPTCHA box to display. Can you help.

Ok, one more problem, I tried unchecking the box in the reCAPTCHA settings that says, 'Enable reCAPTCHA filtering for this blog.' But now comments don't work at all for my site. The error message I get is '1.' Any help would really be appreciated.

my recaptcha is working fine but not in the new firefox 3 - the box disappears :(

I just upgraded to 4.1, and I can't find any comments form or template. I tried adding the README instructons directly to the comments form on the Individual Entry Archive, but that didn't work.

Thanks!
-John

I've been fielding some issues with people trying to post comments and register to my blogs. If I turn reCaptcha off, then a user can register, but anonymous comments are then open. If I turn it on, the reCaptcha shows up for anonymous commenting, but the registration page gives the "Text entered was wrong. Try again." response. Is reCaptch supposed to be showing up on that page("create an account")? if so, any ideas how to get it up there?

Hi. So I upgraded to MT 4.1 and now the recaptcha works fine. I was wondering, is the widget comfigurable at all? Can you change the size and color etc that displays on your site?

John & James - I'm experiencing the same thing with MT 4.12 (upgrade from 4.1 from 4.0) and the recapthca disappears on the anonymous comment page in both IE 6 and FF 3. If I use the MT default plugin, it works fine. I'll be trying to look more into this and may see if I can get some insight from the people at Six Apart.

For the disappearing captcha issue. Make sure that you *do* edit the JavaScript template.
As for the broken registration - I've got a ticket in with SixApart through work, but not sure if I'll hear back on that. It may be as simple as adding a tag or something...I'm going to play around a bit more later.

I have the same problem as James above with MT 4.13. No image, and when I look at the source for the browser page, there is nothing at all referencing any kind of Captcha, at all in the page source.

I have the same problem as James above with MT 4.13. No image, and when I look at the source for the browser page, there is nothing at all referencing any kind of Captcha, at all in the page source.

We've had terrible problems with spam in our MT installation, but getting this plugin to install involved one minor change.

If you use an older MT version (ours is 3.36), you might find this useful.

Following the instructions exactly produces no reCaptcha box and submitting the form gives a meaningless error "1".

The activity log displays something along the lines of:

Plugin error: /cgi-bin/mt/plugins/Recaptcha.pl Can't locate object
method "add_tag" via package "MT::Template::Context" at
/cgi-bin/mt/plugins/Recaptcha.pl line 96.

Turns out it's very easy to fix, just add

use MT::Template::Context;
at the top of the Recaptcha.pl and it seems to function.

Also, the private and public keys need to be set per blog, so that's why some users aren't seeing "Show settings" next to the plugin - they're probably looking at the site plugin listings. We have dozens of blogs, so I just put the keys in Recaptcha.pl directly.

Movable Type version 4.21-en works but took me a while to sort it out, being new to Movable Type.

The documentation is ok, but I needed to learn MT a little....

You apply the plug-in to your entire MT site (not the one Blog).

Then you set the Keys (provided with your sign up with Recaptcha) at the specific Blog Level's pluggin settings (each Blog needs the keys) If you don't put the keys recaptcha doesn't show up.

Finally on the comments template to the change to:
[div id="comments-open-captcha"][$MTCaptchaFields$][/[/div] (change brackets to greater then and less than)

finally on the individual Blog set the preferences to allow anyone and CAPTCHA Provider to reCaptcha.

Of course publish each change and test from an account that is not logged in to the site. (I thought it wasn't working but my credentials had been cached so I was already an authenticated user.)

Hope this help


I've got MT 3.36 and I've got my keys and I see the Captcha image but when I try to post a test comment I get:

"Failed CAPTCHA verification; please use your browser's back button and re-enter the verification words. Error: challenge field cannot be empty."


What am I doing wrong.

I know this plugin and topic might be ancient history but I've followed the directions using MT 4.23.

The recapthca box does not show up, but the code seems to be there. There's a div that has
id="recaptcha_script" style="display:none;"

So the display none is hiding it. Is there a way remove that style? I am not linking to any javascript so I don't think that's the issue.

Note to folks having trouble with MT 4.2: I would suggest contacting Yoshimatsu-san, the author of the current MT plugin, via the MT site here:

http://www.movabletype.org/members/fumiaki

Thanks for the tutorial. (Trying out reCAPTCHA with this comment!) I'm planning on enabling comments and reCAPTCHA on my site (using MT 4.2). Unfortunately, I'm having an issue where MT isn't passing the "EntryID" to the "mt-comments.cgi" form for some reason...


I need to sit down and figure out why that's happening...

This is a very good tutorial. Thank you so much.

> So the display none is hiding it. Is there a way remove that style? I am not linking to any javascript so I don't think that's the issue.

In case anyone else has this issue, which I just did as well:

In both of these files in the reCaptcha plug-in folder:

reCaptcha.pm AND init.reCaptcha.php

Change:

div.style.display = "none";

To:

div.style.display = "block";

They appear once in each document

this very good in face book and is the best.

It gaves me an error:

Can't locate MT/I18N.pm in @INC (@INC contains: /xxx/httpdocs/extlib lib /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.7/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.8 /usr/lib/perl5/site_perl/5.8.7 /usr/lib/perl5/site_perl/5.8.6 /usr/lib/perl5/site_perl/5.8.5 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.7/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.6/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.8 /usr/lib/perl5/vendor_perl/5.8.7 /usr/lib/perl5/vendor_perl/5.8.6 /usr/lib/perl5/vendor_perl/5.8.5 /usr/lib/perl5/vendor_perl /usr/lib/perl5/5.8.8/i386-linux-thread-multi /usr/lib/perl5/5.8.8 .) at lib/MT/App/Comments.pm line 14.
BEGIN failed--compilation aborted at lib/MT/App/Comments.pm line 14.
Compilation failed in require at (eval 5) line 1.

I am having exactly the same issue as Tom. I've got MT 3.2 and I've got my keys and I see the Captcha image but when I try to post a test comment I get:

"Failed CAPTCHA verification; please use your browser's back button and re-enter the verification words. Error: challenge field cannot be empty."

What am I doing wrong??

Hey Josh!

reCaptcha is now on GitHub.

You'll find full instructions in the README file. I used your guide here to assist in the documentation.

It would be great to have your feedback to know if we've missed anything.

Thanks much.

Here is what worked for my 4.1 install - I edited the files through the moveable type control panel - NOT directly through the html files ;) once I edited through the cp the error: " Your comment submission failed for the following reasons: Text entered was wrong. Try again. "

this helped:
http://www.tildemark.com/movable-type/adding-captcha-to-comments-in-movable-type-4.html

I have been using this for awhile, and it used to work, but noticed recently that it is not, and that the comment script in my templates may be messed up. I have tried everything including uninstalling and reinstalling, modifying the templates, etc. The recaptcha box does not show up. Did anything change? What am I missing? I am using MT 3.3 but hope to get it upgraded in the next few weeks.


I've got MT 3.36 and I've got my keys and I see the Captcha image but when I try to post a test comment I get:

"Failed CAPTCHA verification; please use your browser's back button and re-enter the verification words. Error: challenge field cannot be empty."
am i doing wrong with it?

i think when want to disappearing captcha issue. Make sure that you *do* edit the JavaScript template.
As for the broken registration - I've got a ticket in with SixApart through work, but not sure if I'll hear back on that. It may be as simple as adding a tag or something...I'm going to play around a bit more later.

I know this plugin and topic might be ancient history but I've followed the directions using MT 4.23.

Has anyone installed reCaptcha with MT 4.23 enterprise edition running FastCGI?
It seems that I always get a 50% false positive (validate_catpcha is never called),
and 50% false positive (validation always get a 0).
More details can be found on my test blog entry:
http://myportfolio.usc.edu/linh/2010/06/recaptcha_testing.html
Thx,
- l -

eCaptcha with MT 4.23 enterprise edition running FastCGI?
It seems that I always get a 50% false positive (validate_catpcha is never called), sincerely