I'm already using this gem successfully in other parts of my app, and it works great. However, I can't get it to work with the comments on my blog (posts#index). Do I need to do something different for a has_many/belongs_to relationship? Here's my code: http://pastie.org/1166152

Thanks for this amazing gem, btw!

We have a project in which we are using Humanizer and our customer requested the ability to request a new humanizer question. We basically made a controller that returns the humanizer question text and input field that looks something like this:

route looks like '/captchas?current_question_id=5'

class CaptchasController < ApplicationController
  include Humanizer
  layout false
  def show
    begin
      @question_id = humanizer_question_id
      @question = humanizer_question
      humanizer_question_id = nil
    end until ( @question_id.to_i != params[:current_question_id].to_i )
  end
end

Granted this code isn't the cleanest and I don't agree with it 100% but the basic idea was to create a loop that guaranteed a new question that isn't the current question.

Based on the way humanizer works this code essentially creates a local variable named humanizer_question_id which hides the humanizer_question_id method.

Due to the humanizer_question_id almost always returning us a different question id than the parameter passed to the controller, the bug we introduced has been hidden from us for at least 2 months now.

The fix for this is really simple, given the code we have just change it to:

begin
  @humanizer_question_id = nil
  @question_id = humanizer_question_id
  @question = humanizer_question

end until ( @question_id.to_i != params[:current_question_id].to_i )

Personally I really don't think that anything should be using the @humanizer_question_id variable. I would like to change humanizer to look like this:

def humanizer_question_id
  @humanizer_question_id ||= reset_humanizer_question_id
end

def generate_random_question_id(current = nil)
  @humanizer_question_id = reset_humanizer_question_id until current.try(:to_i) != @humanizer_question_id
end

private
def reset_humanizer_question_id
  Kernel.rand(humanizer_questions.count).to_i
end

This wouldn't change any of the current functionality, the only real difference is that I'm exposing a method that I can pass a current number or string(or pass nothing) and it will set @humanizer_question_id to a different value than what is passed in, and then just extracting the Kernel.rand to a method.

I've submitted a pull request, but wanted to put in an issue to explain why I changed the code.

Any thoughts at all?

Currently using simple captcha, don't have time to make it rails 4, this does not supports rails 4 plans to make it compatible in short time? thx

After upgrading to Rails 7 and Ruby 3.0.3 I get the following error.
can't modify frozen Hash: {:question=>"Two plus two?", :answers=>["4", "four"]}

Did anyone else have this issue, and if yes, how did you fix it.

Any help is appreciated.

Thanks

hi, only can be apply to model?

When I leave the answer field blank, or enter the wrong answer. It still passes the form.

Here is the params from the create method:
Parameters: {"utf8"=>"✓", "authenticity_token"=>"FsNEHP1PUmeUpgDB7gXFH1KWrV63uDhb8rvZMze/arY=", "message"=>{"name"=>"", "email"=>"*******@gmail.com", "subject"=>"", "content"=>"Hamama", "humanizer_answer"=>"4", "humanizer_question_id"=>""}, "commit"=>"Send us message"}

I noticed the "humanizer_question_id" is empty.

I have a User model:

class User < ApplicationRecord
  require_human_on :create
end

When a guest wants to register, I display the CAPTCHA. But when an already logged in admin wants to create user manually, I don't show it.

At the time being, the easiest way to disable the CAPTCHA in the latter case is to set the question id and answer manually in the controller:

  def create
    # Make captcha mechanism pass automatically (only needed for new registrations, not when creating a user manually)
    @user.humanizer_question_id = '16'
    @user.humanizer_answer      = '5'

    @user.save
    respond_with @user
  end

But this is pretty ugly. Is there a better way to do this?

Jack and Jill went up the hill is an easy one and fairly common but the nursery rhyme might be lost on new english speakers. Also it doesnt quite fit in the rest of the mathematical and date based question set.

I understand the locale file is up for customization, but you may want to drop that question in favour of better defaults.

Great plugin!

It is a nice gem.
Is it possible to organize to get a different question every time I call the contact form.
It's changing on reload (if the sending fails) but I dont like to get the same question (the first in row: Two plus two?) every time I go to the form.

Thanks

Thanks for the gem. We have been using for years. We use the default questions and some of our own.
Lately I noticed a lot of bypasses. About 20% of a thousand requests got past the humanizer in the last 2 days.

Turns out the questions with minus, times en plus and numerical answer were solvable. 'Two plus two?', 'Five times two is what?', 'What is 14 minus 4?' and the likes.

Examples of numerical questions that are not (yet) solved are:

• What is fifteen divided by three?
• What number comes after 20?
• Ten divided by two is what?
• What is the number before twelve?

I know it will never be perfect, but for now a slightly improved default en.yml would be nice to get a better experience

Hello!

I can't get this gem to work with a has_many/belongs_to relationship. I've created a blank rails app with two models (Post and Comment). There's nothing fancy in the app except a nested form that allows users to create a Comment while in the Posts/Show view. Regardless the input, I get a "You are not human error message".

RubyGems.org doesn't report a license for your gem. This is because it is not specified in the gemspec of your last release.

via e.g.

spec.license = 'MIT'
# or
spec.licenses = ['MIT', 'GPL-2']

Including a license in your gemspec is an easy way for rubygems.org and other tools to check how your gem is licensed. As you can imagine, scanning your repository for a LICENSE file or parsing the README, and then attempting to identify the license or licenses is much more difficult and more error prone. So, even for projects that already specify a license, including a license in your gemspec is a good practice. See, for example, how rubygems.org uses the gemspec to display the rails gem license.

There is even a License Finder gem to help companies/individuals ensure all gems they use meet their licensing needs. This tool depends on license information being available in the gemspec. This is an important enough issue that even Bundler now generates gems with a default 'MIT' license.

I hope you'll consider specifying a license in your gemspec. If not, please just close the issue with a nice message. In either case, I'll follow up. Thanks for your time!

Appendix:

If you need help choosing a license (sorry, I haven't checked your readme or looked for a license file), GitHub has created a license picker tool. Code without a license specified defaults to 'All rights reserved'-- denying others all rights to use of the code.
Here's a list of the license names I've found and their frequencies

p.s. In case you're wondering how I found you and why I made this issue, it's because I'm collecting stats on gems (I was originally looking for download data) and decided to collect license metadata,too, and make issues for gemspecs not specifying a license as a public service :). See the previous link or my blog post about this project for more information.

Hey,

I got the following issue: wrong number of arguments (at least 1)

It gives the error in the line: = f.label :humanizer_answer, @subscription.humanizer_question. If I just put @subscription.humanizar_question as a label, the error will move to: = f.hidden_field :humanizer_question_id.

My code:

Model: NewsletterSubscription.rb

class NewsletterSubscription < ActiveRecord::Base
include Humanizer
require_human_on :create
end

form: subscription.html.haml

newsletterSubscription

    - if @sent.nil? || !@sent
        = form_for(@subscription, url: '') do |f|
            - if @subscription.errors.any?
                .errors
                    - @subscription.errors.full_messages.each do |msg|
                        %li 
                            = msg
            .field
                = f.label :sex
                = label :sex_man, 'Man'
                = f.radio_button :sex, 'man', :value => 'man'
                = label :sex_vrouw, 'Vrouw'
                = f.radio_button :sex, 'vrouw', :value => 'vrouw'
            .field
                = f.label :initials
                = f.text_field :initials
            .field
                = f.label :last_name
                = f.text_field :last_name
            .field
                = f.label :email
                = f.text_field :email
            .field
                = f.label :humanizer_answer, @subscription.humanizer_question
                = f.text_field :humanizer_answer 
                = f.hidden_field :humanizer_question_id
            .actions
                = f.submit "Submit"
    - else
        %span{style:"font-size:1.5em;"} Het formulier is verzonden. 

I can't see what I'm doing wrong. Can someone please help me.

Hi Guys,

Just wondering if you've written any apps with humanizer which have signup features which can deal with humanizer captcha. I'm kinda stumped because i'm new to cucumber. If not, feel free to close the ticket.

Hi.. any chance to make it working on Rails 7?
I get => can't modify frozen Hash: {:question=>"Zwei plus zwei?", :answers=>["4", "vier"]}.

Thanks..

That was what I was looking for: simple and editable.
Hint => when using attr_accessible... check the attributes.

I would be more than happy to expand the README if you like. Just let me know, :)

Gabe

using humanizer to ward off bots, does not work. It is very easy to by-pass, once you know one question_id and its answer then you can write a simple script such as:

require 'net/http'
require 'uri'

url = URI('http://www.sitehere.com')

(1..1000).each do |value|
        res = Net::HTTP.post_form(url, "user[humanizer_answer]"=>"15", "user[humanizer_question_id]"=>"4", 
                                            "action"=>"create", "controller"=>"controller")
end

Am I using it wrong? I have site and it can be by-passed with doing the above. Of course you have to add the values for the other fields the post is expecting, but that is very easy to figure out. But it simply offers no protection

Is there any interest in writing humanizer controller methods? Just in case someone is using a form that isn't associated with a model? Maybe something that automatically looks for humanizer params:

# app/controllers/some_controller.rb
class SomeController < ApplicationController
  def submit
     if human? 
       # do something fantastic  
     else
       flash[:failure] = I18n.translate("humanizer.validation.error")
     end 
  end 
end

If there's any interest in this, I could write the extra functionality.

undefined method `humanizer_question' for Humanizer:Module

<%= label_tag 'humanizer_answer', @home.humanizer_question %>

Not sure why this keeps coming up. Rails 4.1 on Ruby 2.1.1.