Author image Masatoshi Mizuno
and 1 contributors


Authen::Quiz - The person's input is confirmed by setting the quiz.


  use Authen::Quiz;
  my $q= Authen::Quiz->new(
    data_folder => '/path/to/authen_quiz',  ## Passing that arranges data file.
    expire      => 30,                      ## Expiration date of setting questions(amount).
  ## Setting of quiz.
  my $question= $q->question;
  ## When 'question' method is called, 'session_id' is set.
  ## This value is buried under the form, and it passes it to 'check_answer' method later.
  my $session_id= $q->session_id;
  ## Check on input answer.
  my $session_id = $cgi->param('quiz_session') || return valid_error( ..... );
  my $answer     = $cgi->param('quiz_answer')  || return valid_error( ..... );
  if ($q->check_answer($session_id, $answer)) {
    # ... is success.
  } else {
        return valid_error( ..... );


This module sets the quiz to the input of the form, and confirms whether it is artificially done.

Recently, to take the place of it because there seemed to be a thing that the capture attestation is broken by improving the image analysis technology, it produced it.

Moreover, I think that it can limit the user who can use the input form if the difficulty of the quiz is adjusted.

Method of checking artificial input.

1. Setting of problem.

The problem of receiving it by the question method is displayed on the screen.

ID received by the session_id method is set in the hidden field of the input form.

2. Confirmation of input answer.

The answer input to the check_answer method as session_id of 1. is passed, and whether it agrees is confirmed.

Preparation for quiz data of YAML form.

First of all, it is necessary to make use the quiz data of the following YAML formats.

    - What color is the color of the apple ?
    - red
    - What color is the color of the lemon ?
    - yellow
    - The color of the orange and the cherry ties by '+' and is answered.
    - orange+red

'F01' etc. It is an identification name of the quiz data. Any name is not and is not cared about by the rule if it is a unique name.

And, the first element in ARRAY becomes the value under the control of the identification name and "Problem" and the second element are made to become to "Answer".

The file of the name 'authen_quiz.yaml' is made under the control of 'data_folder' when completing it.

Preparation for session data.

Permission that can make the empty file of the name 'authen_quiz_session.txt', and write it from CGI script is set.

The preparation is completed by this.

Please produce the part of the WEB input form and the input confirmation according to this now.




HASH including the following items is passed as an option.

  • data_folder

    Passing of place where data file was arranged.

    There is no default. Please specify it.

  • expire

    The expiration date of setting questions is set in each amount.

    Default is 30 minutes.

  my $q= Authen::Quiz->new(
    data_folder => '/path/to/temp',
    expire      => 60,


Passing the quiz data is returned.

* It is a value that returns in which $QuizYaml ties to 'data_folder'.

To change the file name, the value is set in $QuizYaml.

  $Authen::Quiz::QuizYaml = 'orign_quiz.yaml';


Passing the session data is returned.

* It is a value that returns in which $QuizSession ties to 'data_folder'.

To change the file name, the value is set in $QuizSession.

  $Authen::Quiz::QuizSession = 'orign_quiz_session.txt';


The quiz data of the YAML form is loaded.

  my $quiz_data= $q->load_quiz;


The question displayed in the input form is set.

This method sets a unique HEX value in session_id at the same time.

  my $question= $q->question;


It is made to succeed by setting the value received by this method in the hidden field of the input form.

When the check_answer method is called, this value is needed.

  my $question   = $q->question;
  my $session_id = $q->session_id;

check_answer ([SESSION_ID], [ANSWER_STRING])

It checks whether the answer input to the form is correct.

The value received by the session_id method is passed to SESSION_ID.

The input data is passed to ANSWER_STRING as it is.

* It is a caution needed because it doesn't do Validation.

  my $session_id = validate($cgi->param('quiz_session')) || return valid_error( ..... );
  my $answer     = validate($cgi->param('quiz_answer'))  || return valid_error( ..... );
  if ($q->check_answer($session_id, $answer)) {
        # success.
  } else {
        return valid_error( ..... );

remove_session ([SESSION_ID])

The data of the quiz session is deleted.

When SESSION_ID is omitted, all data is deleted.

  $q->session_remove( $session_id );


There might be a problem in the response because it reads the quiz data every time. If the Wrapper module is made and cash is used, this can be solved.

  package MyAPP::AuthQuizWrapper;
  use strict;
  use warnings;
  use Cache::Memcached;
  use base qw/ Authen::Quiz /;
  sub load_quiz {
     my $cache= Cache::Memcached->new;
     $cache->get('authen_quiz_data') || do {
         my $data= $_[0]->SUPER::load_quiz;
         $cache->set('authen_quiz_data'=> $data, 600);

Or, please use Authen::Quiz::Plugin::Memcached.


Carp, Class::Accessor::First, Digest::SHA1, File::Spec, YAML::Syck, YAML,,


Masatoshi Mizuno <>


Copyright (C) 2008 by Bee Flag, Corp. <>.

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself, either Perl version 5.8.8 or, at your option, any later version of Perl 5 you may have available.