# Copyright (c) 2003, James Seng. (http://james.seng.cc/)
# This code is released under the Artistic License.
#
# scode-0.1.5b

+++++++++++++++++++++++++++++++++++
INTRODUCTION
+++++++++++++++++++++++++++++++++++

This package patches MT so it will verify if it is a human before allowing
comments to be posted. The idea is simple: Display an image with a Security
Code and demand the user to enter the Security Code manually. Hopefully,
this will stop a stop to the MT's comments spambots.

To see how this works, check out my blog at http://james.seng.cc/

You can contact me at jseng_at_pobox.org.sg if you have any questions or
comments.

There are two sets of installation instructions (for older and newer
versions of MT) followed by a FAQ. 

+++++++++++++++++++++++++++++++++++
INSTALLATION MT 2.x
+++++++++++++++++++++++++++++++++++

1. Check if you have GD.pm installed on your sever. 
   If you have command line access to your server you can use the command 
   perldoc GD. Alternatively there may be a link to a list of the perl 
   extension libraries may be linked from the left hand side of "CPanel."
   Alternatively, you can ask your Internet Service Provider directly "Is
   the Perl extension library, GD.pm installed on the server I am using?"
   
   If not, download from www.cpan.org and install GD on your system.
   
   See the FAQ at the end of this file for symptoms of not having GD installed.

2. Edit SCode.pm and define your temp directory (preferably in your own
   home directory) and the length of the security code you want (default 6).
   
   Create a temporary directory, where codes are stored, above the directory
   public_html in your server directory heirarchy, so that it is not viewable
   from the Web, otherwise spam robots will look inside the folder to see
   what code to automatically input. 
    
   Make sure the temp directory is writable by your webengine, which may not
   be your userid. Generally, speaking a setting the permissions to 1755 
   (using chmod 1755 <tmp>) should do the trick but if not, you can try 
   1775 or 1777. I wouldn't recommend the later two though for security reasons.

3. Upload SCode.pm to the lib/MT/ directory 
   (MT::SCode)

4. Upload mt-scode.cgi to the main Movable Type CGI directory, where there is mt.cgi
  (Make sure it is executable, ie, set the permission (chmod) mt-scode.cgi to 755 of)

5. Upload scode.pl to the plugins/ directory

6. Make the following changes to the file Comments.pm
   which is in the folder lib/MT/App/ 
   of your Movable Type installation.

   Look for the following three lines and then add the "Security code hack," code
   between # SecurityCode hack start and  # Security hack ends. 
   
   
    if (!$q->param('text')) {
        return $app->handle_error($app->translate("Comment text is required."));
    }
    
    # SecurityCode hack start 
    #
    require MT::SCode;
    my $code = $q->param('code');
    my $scode = $q->param('scode');
    my $sscode = MT::SCode::scode_get($code);
    if ($scode ne $sscode) {
        return $app->handle_error($app->translate(
           "Wrong or missing Security Code."));
    }
    MT::SCode::scode_delete($code);
    MT::SCode::scode_create($code);
    #
    # Security hack ends
    

For your reference, the next lines after the Security Code Hack you
have just insterted should be

    my $comment = MT::Comment->new;
    $comment->ip($app->remote_ip);

7. Logon to your Movable Type installation, and edit the following
   templates in all the blogs that you wish to protect. 
   
   - Individual Entry Template
   - Comment Listing Template
   - Comment Preview Template
   - Comment Error Template

   In the above templates, just before the submit button line which begins
    
   <input type="submit"
   
   add the following block:

   <!-- Security Code Check -->
   <input type="hidden" id="code" name="code" value="<$MTSecurityCode$>" />
   <img border="0" src="<$MTCGIPath$><$MTSecurityImage$>?code=<$MTSecurityCode$>"><br />
   <input tabindex=3 id="scode" name="scode" /><br /><br />
   <!-- end of Security Code Check -->
   
8. If you are using Jay Allen's MTBlacklist then you will have to disable it
   or add the same code as you added to Comment.pm to MTBlPost.pm, which 
   should be in /plugins/jayallen

9. Try it out!

+++++++++++++++++++++++++++++++++++
INSTALLATION MT 3.x
+++++++++++++++++++++++++++++++++++

From: http://www.setcomputing.com/blog/archives/computing/2004-September/incorporating_mtsecu.html

Follow Step 1 to 9 as above and then...

1. Open lib/MT/Template/Context.pm

2. Look for the sub: _hdlr_comment_fields

3. You should see something like this:

sub _hdlr_comment_fields {
  my ($ctx, $args, $cond) = @_;
  ....
  ..

4. Add the following lines after the above line:

  # Security code validation
  require MT::SCode;
  srand int (time/10)+$$;
  my $securitycode = int rand(MT::SCode::scode_tmp());
  $securitycode++;
  MT::SCode::scode_create($securitycode);
  # End Security code hack

5. Then scroll down and you should see something like this:

  ..
  ....
  <MT_TRANS phrase="Remember me?">
  <input type="radio" id="remember" name="bakecookie" />....
  ..
  ....

6. Add the following lines below that:

  <!-- Security Code Check -->
  <input type="hidden" id="code" name="code" value="$securitycode" />
  <label for="scode">Security Code:</label><br />
  <img border="0" alt="Please enter the security code you see here" src="$path/mt-scode.cgi?code=$securitycode" /><br />
  <input tabindex="3" id="scode" name="scode" /><br /><br />
  <!-- end of Security Code Check -->

7. Scroll down a little more, and once again you should see:

  ..
  ....
  <MT_TRANS phrase="Remember me?">
  <input type="radio" id="remember" name="bakecookie" />....
  ..
  ....

8. Add the following lines after that:
  <!-- Security Code Check -->
  <input type="hidden" id="code" name="code" value="$securitycode" />
  <label for="scode">Security Code:</label><br />
  <img border="0" alt="Please enter the security code you see here" src="$path/mt-scode.cgi?code=$securitycode" /><br />
  <input tabindex="3" id="scode" name="scode" /><br /><br />
  <!-- end of Security Code Check -->

+++++++++++++++++++++++++++++++++++
MORE CONFIGURATION
+++++++++++++++++++++++++++++++++++

1. You may customized the color of the image generated. 
   Open mt-scode.cgi and edit the following variables
   $c_background, $c_border, $c_line and $c_code.

2. The current default is 50 temporary security code. If you have a lot 
   of commentors, you should consider increasing $scode_maxtmp (in SCode.pm).

+++++++++++++++++++++++++++++++++++
FAQ
+++++++++++++++++++++++++++++++++++

1. I can't see any image! What's wrong?

Okay, if you don't see any image been displayed, there is only one
and only one reason. 100%, without fail, everyone who fails to get
an image is because *they did not have GD and GD perl lib*.

I repeat: You need (a) GD installed *AND* (b) GD perl lib installed.
Having one of them is not good enough. You need both of them. Check
with your hosting company. And sorry, I can't help you with your
GD installation.

2. I got error like MT::App::Comments=HASH(0x812bfd4) print() on 
   closed filehandle OUTFILE at lib/MT/SCode.pm line 50.

This problem occurs when you failed to define your temp directory properly. 
See Step 2 in the installation guide. And note the sentences that say
"Make sure the temp directory is writable by your webengine"

3. I got it installed, image display fine but it does not work!
   Comments still gets through without keying the right code!

If you are using MT-blacklist, then you have to disable it.
(Read http://james.seng.cc/archives/000156.html)

If disabling MT-blacklist is not an option to you, then you have a bit
more work to do. You also have to apply the Step 6 hacks to MTBlPost.pm
in additional to Comment.pm. (Read http://www.muhajabah.com/islamicblog/mt-tips/archives/plugins/dealing_with_crapflooding_part_two.php)

If you are not using MT-blacklist and it still don't work, then make
sure you have apply Step 6 properly. If you are using MT 3.x, then make
sure you follow the MT 3.x installaiton guide above.

4. I got an error like MT::App::Comments=HASH(0x812bfd4) use of 
   uninitialized variable in numericle (<=) at lib/MT/Code.pm at line 69. 

Then it may be because your   <!-- Security Code Check --> has not been 
correctly inserted into the right place in your movable type installation 
templates. Please check to see that it is in the right position. 

For all other problem, you can email me at james@seng.cc

+++++++++++++++++++++++++++++++++++
Acknowledgement
+++++++++++++++++++++++++++++++++++
Timothy Takemoto - for easier README
