StructureCMS

November 30, 2009

StructureCMS 1.3 Released.

Filed under: StructureCMS, Web Development — joel.cass @ 3:43 pm

Well, it’s been a while in the making, but the third point-release of StructureCMS has been released.

What’s new?

  • Password Encryption
  • Installer Script
  • Latest TinyMCE
  • Integrated SWFUpload functionality with TinyMCE
  • Site settings node
  • Themes, including a suckerfish interface and a new lo-fi “classic” theme currently used on jozza.net
  • Admin display tweaks (logout link, tweaked buttons, menus etc)

Give it a shot and let me know what you think!

Project Home Page: http://code.google.com/p/structure-cms/

Direct Download: http://structure-cms.googlecode.com/files/structurecms-1.3.zip

Generating a memorable string and other CAPTCHA tips

Filed under: Web Development — joel.cass @ 2:52 pm

Recently I was asked to create a CAPTCHA interface for a form. Other than the pretty cool browser plugins already available, support for CAPTCHA in ColdFusion is pretty easy, considering that CF9 supports it with the CFIMAGE tag and tags such as LylaCaptcha have been around for a while.

I’m not going to provide details on your implementation, but much rather some useful tips for adding CAPTCHA to your page.

Firstly, make sure that users have to use CAPTCHA as little as possible. If a user has successfully posted a form with CAPTCHA once, assume that they are human for the rest of the session, or at least until what they wanted to post has been validated and completed. There is nothing more annoying than having enter CAPTCHA over and over again.

Secondly, if other options are available, use them. For example, if you are targeting “robot” submissions, add a hidden field, and enforce validation that the field must be empty. Common robots just fill in all fields with crap containing URLs and advertisements for viagra. They rarely leave a field blank, so this method can work.

Another option might be to just ask the user a question, e.g. “what colour is the sky”? Or “please enter the word “yes” below. You could even have a button populates the answer using javascript to save the user some time.

So, if you’ve investigated the options above and still have to use CAPTCHA, here something that can make it easier for users to remember the string.

Consider the two CAPTCHA’s below. Which one is easier to remember?

FgSaNF or GaTsIF?

jGuSlR or kArDeF?

ajfhes or heslor?

The secret comes from the ordering of the letters – the first sets (green) are simply random. The second set (red) follows a consonant-vowel-consonant pattern. Many words follow this pattern (dog, cat, cure, full,¬†wombat, copcar, tophat, hello, cassette, mustache to name a few), so it’s easier for users to understand.

I have some example code below can help in recreating these patterns:

JavaScript:

var alphas = "bcdfghjklmnpqrstvwxyzBCDFGHJKLMNPQRSTVWXYZ";
var vowels = "aeiouAEIOU";
var aryChars = [alphas, vowels, alphas];

function createCaptchaString (length) {
	var strReturn = "";
	var strChars = "";
	for (var i = 0; i < length; i++) {
		strChars = aryChars[i % aryChars.length];
		strReturn += strChars.substr( Math.floor(Math.random() * strChars.length), 1);
	}
	return strReturn;
}

Note that alphas and vowels are represented by the two strings declared at the top. Currently all characters can appear as likely as each other. One could make some characters more likely to appear than others by inreasing the numbers of characters in each string, e.g. "aaaaaeeeeeeeiiiioouuu" would make "a" and "e" more likely to appear than "o" or "u".

To take things even further, consonants such as "th", "ch", "ng" could be added to the list, but this would require the addition of a delimiter to the mix.