WikiToLearn/mediawiki-extensions-ConfirmEdit

Name: mediawiki-extensions-ConfirmEdit

Owner: WikiToLearn

Description: Github mirror of MediaWiki extension ConfirmEdit - our actual code is hosted with Gerrit (please see https://www.mediawiki.org/wiki/Developer_access for contributing)

Created: 2016-09-03 12:12:03.0

Updated: 2016-09-03 12:12:06.0

Pushed: 2016-09-03 12:20:33.0

Homepage: https://gerrit.wikimedia.org

Size: 4537

Language: PHP

GitHub Committers

User	Most Recent Commit	# Commits

Other Committers

User	Email	Most Recent Commit	# Commits

README

ConfirmEdit

ConfirmEdit extension for MediaWiki

This extension provides various CAPTCHA tools for MediaWiki, to allow for protection against spambots and other automated tools.

For more information, see the extension homepage at: http://www.mediawiki.org/wiki/Extension:ConfirmEdit

Overview

The following modules are included in ConfirmEdit:

• SimpleCaptcha - users have to solve an arithmetic math problem
• MathCaptcha - users have to solve a math problem that's displayed as an image
• FancyCaptcha - users have to identify a series of characters, displayed in a stylized way
• QuestyCaptcha - users have to answer a question, out of a series of questions defined by the administrator(s)
• ReCaptcha - users have to identify a series of characters, either visually or audially, from a widget provided by the reCAPTCHA service

License

ConfirmEdit is published under the GPL license.

Authors

The main framework, and the SimpleCaptcha and FancyCaptcha modules, were written by Brion Vibber.

The MathCaptcha module was written by Rob Church.

The QuestyCaptcha module was written by Benjamin Lees.

The reCAPTCHA module was written by Mike Crawford and Ben Maurer.

Additional maintenance work was done by Yaron Koren.

Configuations Comments

ist of IP ranges to allow to skip the captcha, similar to the group setting:
$wgGroupPermission[...]['skipcaptcha'] = true"

pecific IP addresses or CIDR-style ranges may be used,
or instance:
wgCaptchaWhitelistIP = array('192.168.1.0/24', '10.1.0.0/16');

aptchaWhitelistIP = false;


ctions which can trigger a captcha

f the 'edit' trigger is on, *every* edit will trigger the captcha.
his may be useful for protecting against vandalbot attacks.

f using the default 'addurl' trigger, the captcha will trigger on
dits that include URLs that aren't in the current version of the page.
his should catch automated linkspammers without annoying people when
hey make more typical edits.

he captcha code should not use $wgCaptchaTriggers, but CaptchaTriggers()
hich also takes into account per namespace triggering.

aptchaTriggers = array();
aptchaTriggers['edit']          = false; // Would check on every edit
aptchaTriggers['create']        = false; // Check on page creation.
aptchaTriggers['sendemail']     = false; // Special:Emailuser
aptchaTriggers['addurl']        = true;  // Check on edits that add URLs
aptchaTriggers['createaccount'] = true;  // Special:Userlogin&type=signup
aptchaTriggers['badlogin']      = true;  // Special:Userlogin after failure


ou may wish to apply special rules for captcha triggering on some namespaces.
wgCaptchaTriggersOnNamespace[<namespace id>][<trigger>] forces an always on /
lways off configuration with that trigger for the given namespace.
eave unset to use the global options ($wgCaptchaTriggers).

hall not be used with 'createaccount' (it is not checked).

aptchaTriggersOnNamespace = array();

ample:
gCaptchaTriggersOnNamespace[NS_TALK]['create'] = false; //Allow creation of talk pages without captchas.
gCaptchaTriggersOnNamespace[NS_PROJECT]['edit'] = true; //Show captcha whenever editing Project pages.


ndicate how to store per-session data required to match up the
nternal captcha data with the editor.

CaptchaSessionStore' uses PHP's session storage, which is cookie-based
nd may fail for anons with cookies disabled.

CaptchaCacheStore' uses $wgMemc, which avoids the cookie dependency
ut may be fragile depending on cache configuration.

aptchaStorageClass = 'CaptchaSessionStore';


umber of seconds a captcha session should last in the data cache
efore expiring when managing through CaptchaCacheStore class.

efault is a half hour.

aptchaSessionExpiration = 30 * 60;


umber of seconds after a bad login that a captcha will be shown to
hat client on the login form to slow down password-guessing bots.

as no effect if 'badlogin' is disabled in $wgCaptchaTriggers or
f there is not a caching engine enabled.

efault is five minutes.

aptchaBadLoginExpiration = 5 * 60;


llow users who have confirmed their email addresses to post
RL links without being harassed by the captcha.

llowConfirmedEmail = false;


umber of bad login attempts before triggering the captcha.  0 means the
aptcha is presented on the first login.

aptchaBadLoginAttempts = 3;


egex to whitelist URLs to known-good sites...
or instance:
wgCaptchaWhitelist = '#^https?://([a-z0-9-]+\\.)?(wikimedia|wikipedia)\.org/#i';
ocal admins can define a whitelist under [[MediaWiki:captcha-addurl-whitelist]]

aptchaWhitelist = false;


dditional regexes to check for. Use full regexes; can match things
ther than URLs such as junk edits.

f the new version matches one and the old version doesn't,
oss up the captcha screen.

fixme Add a message for local admins to add items as well.

aptchaRegexes = array();