WebHashcash Installation
WebHashcash can be installed on virtually any collaborative web site, such as a weblog, discussion forum, or wiki, to guard against automated content posting, fake user registration, or ballot stuffing.
It is compatible with all server-side languages, including Perl, PHP, ASP, and JSP.
Installation is an easy, three-step process. First, you must insert the WebHashcash JavaScript code into your web form's HTML. Second, copy the WebHashcash.jar file to your web server. Finally, modify the target page of your form to check for valid hashcash stamps and act accordingly.
- Insert the JavaScript into your web form
- Copy the Java applet to your web server
- Modify server-side code on target page
Step 1: Insert the JavaScript into your web form
All of the following code must be inserted between the <form ...> and </form> tags of the appropriate form on your web page.
A — Include this block of code anywhere inside the form:
<script type="text/javascript" src="http://www.davidsj.com/webhashcash/embed-before.js"></script>
<script type="text/javascript"><!--
function WHCConfig() {
WHCResource = "<resource>";
WHCSubmitButton = document.<form name>.<submit button name>;
WHCPostage = <postage>;
}
//--></script>
That is the code for the WebHashcash status display. It will appear like this on your page:
You can customize its appearance like you would any other page element by surrounding it with web formatting tags.
That code also contains all custom parameters for WebHashcash. You will need to modify it as follows:
Replace <resource> with a unique identifying string for your web form.
Example: WHCResource = "john_doe_blog_comments";
Replace <form name> with the name of your web form as found in the name property of its <form ...> tag, and replace <submit button name> with the name of your submit button as found in the name property of its <input ...> tag.
Example: WHCSubmitButton = document.addcomment.submit; That allows WebHashcash to enable and disable the submit button as appropriate.
Replace <postage> with the amount of postage your form requires. There are two ways to do this: · Specify your postage relative to the default postage (currently 22).
Example: WHCPostage = WHCDefaultPostage + 5;
The advantage of that approach is that as computers become more powerful, more postage will be necessary to discourage spammers. WebHashcash's default postage will gradually increase with time.
· If you prefer, you can instead specify an exact amount of postage.
Example: WHCPostage = 18;
In addition to WHCResource, WHCSubmitButton, and WHCPostage, you can also customize any of these optional parameters:
WHCWorkingMessage = "<working message>";
WHCFinishedMessage = "<finished message>";
WHCManualFinishedMessage = "<manual entry finished message>";
WHCErrorMessage = "<error message>";
All of the above are self-explanatory, except perhaps for WHCManualFinishedMessage, which is the message displayed when a stamp is created but the user's web browser has no LiveConnect support. In those cases, the user must manually enter a string of about four or five characters.
Example:
WHCWorkingMessage = "Wait for stamp generation";
WHCFinishedMessage = "Stamp ready.";
WHCManualFinishedMessage = "Type these characters:";
WHCErrorMessage = "Failed to generate stamp.";
You can also allow the form to be submitted even if stamp generation fails, by including the following line:
WHCNeedStamp = false;
If you choose to include that line, your error message should probably reflect that fact. Example:
WHCErrorMessage = "Failed to generate stamp. Your posts are subject to moderation.";
Step 2: Copy the Java applet to your web server
Download the WebHashcash.jar file, and place it on your web server. WebHashcash will not work otherwise.
If the WebHashcash.jar file is located in a separate directory from your web form, you must insert this additional parameter into the JavaScript code from Step 1B:
WHCAppletDirectory = "<HTTP path to WebHashcash.jar directory>";
Example:
WHCAppletDirectory = "/mydirectory/appletfolder/";
Step 3: Modify server-side code on target page
The process of verifying WebHashcash stamps is very easy. However, how your target page responds in the case of invalid stamps is up to you.
In some situations, legitimate users will not be able to generate WebHashcash stamps due to browser incompatibility. In those cases, you may choose to allow some limited functionality (e.g. on a discussion forum, you might allow un-stamped comments to go through after moderator approval). See Step 1B — Further Customization to allow form submission in the case of failed stamp generation.
Below is skeleton code for determining stamp validity. You will need to fill in the remaining functionality as appropriate for your web site. Please select the language that your site uses below:
#!/usr/bin/perl
use CGI qw(:standard :netscape :shortcuts);
require LWP::UserAgent;
use URI::Escape;
sub whc_stamp_status {
return whc_url_contents(whc_stamp_status_url($_[0], $_[1], $_[2]));
}
sub whc_stamp_status_url {
my $stamp = $_[0];
my $resource = $_[1];
my $min_postage = $_[2];
return "http://www.davidsj.com/webhashcash/stamp_status.php?".
"resource=".uri_escape($resource).
"&min_postage=".uri_escape($min_postage).
"&stamp=".uri_escape($stamp);
}
sub whc_url_contents {
my $ua = LWP::UserAgent->new(timeout => 8);
my $request = HTTP::Request->new('GET', $_[0]);
my $response = $ua->request($request);
my $content = $response->content;
return $content;
}
my $stamp = param('WHCStamp');
my $stamp_status = whc_stamp_status($stamp, '<resource>', '<postage>');
if ($stamp_status eq 'accepted') {
# Success
} else {
# Failure
}
Replace <resource> and <postage> with the corresponding values from your form. To specify postage values relative to the default postage amount, use the string construction: 'default', 'default+<x>', or 'default-<x>' (e.g. 'default+5').
require_once('http://www.davidsj.com/webhashcash/lib_php.inc');
$stamp = stripslashes($_REQUEST['WHCStamp']);
$stamp_status = whc_stamp_status($stamp, '<resource>', <postage>);
if ($stamp_status == 'accepted') {
// Success
} else {
// Failure
}
Replace <resource> and <postage> with the corresponding values from your form. You may use the function whc_default_postage() to refer to WebHashcash's default postage (e.g. whc_default_postage() + 5).
Generic pseudo-code for all other languages:
stamp = GET_FORM_VARIABLE("WHCStamp")
stamp_status_url = "http://davidsj.com/webhashcash/stamp_status.php?" +
"resource=<resource>&postage=<postage>&stamp=" + stamp
stamp_status = GET_URL_CONTENTS(stamp_status_url)
IF stamp_status == "accepted" THEN
SUCCESS
ELSE
FAILURE
END
Replace <resource> and <postage> with the corresponding values from your form. To specify postage values relative to the default postage amount, use the string construction: default, default+<x>, or default-<x> (e.g. default+5).
Demonstration Form
Click here to view a demonstration form, with visible WebHashcash stamps.
You can also try out the form with either Perl or PHP targets, and examine the code for those targets.
|