Advanced search  

News:

cpg1.5.28 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.26 or older update to this latest version as soon as possible.
[more]

Pages: [1] 2 3 4 5 ... 24   Go Down

Author Topic: Captcha (Visual Confirmation) for adding comments  (Read 341915 times)

0 Members and 1 Guest are viewing this topic.

Abbas Ali

  • Administrator
  • Coppermine addict
  • *****
  • Country: in
  • Offline Offline
  • Gender: Male
  • Posts: 2158
  • Spread the PHP Web
    • Ranium Systems
Captcha (Visual Confirmation) for adding comments
« on: March 25, 2006, 09:39:59 AM »

Recently i saw a lot of comment spamming on my personal gallery by bots. I thought why not implement the captcha for adding comments. I know that i can disallow Anonymous user to post comments to stop spamming but many of us don't want to do that since there are always genuine anonymous users who want to post comments.

Thanks to Edward Eliot for PhpCaptcha class which is used by this mod.

What will this mod do?
  • Will show an image with some text while adding comment
  • User will be required to enter the text exactly as shown in image in the text box provided
  • If the text entered by user doesn't matches with text shown on image then comment won't be added

The mod

Files modified
  • db_input.php
  • themes/yourtheme/theme.php
  • lang/english.php

New Files
  • captcha.php
  • include/captcha.class.php
  • fonts

First extract the attached zip file and place captcha.php and fonts directory in your coppermine root directory. Place captcha.class.php in include directory.

Then edit lang/english.php

Add
Code: [Select]
'captcha_error' => 'The confirmation code didn\'t matched',

just after
Code: [Select]
'non_exist_comment' => 'The selected comment does not exist', //cpg1.4

Add
Code: [Select]
'confirm' => 'Confirmation',

just after
Code: [Select]
'report_comment_title' => 'Report this comment to the administrator', //cpg1.4

##############

Edit themes/yourtheme/theme.php

Add
Code: [Select]
'{CONFIRM}' => $lang_display_comments['confirm'],

just after
Code: [Select]
'{COMMENT}' => $lang_display_comments['comment'],

Add
Code: [Select]
<tr>
  <td class="tableb_compact" colspan="2">
    {CONFIRM}
  </td>
  <td class="tableb_compact" colspan="2">
    <input type="text" name="confirmCode" size="5" class="textinput"> <img src="captcha.php" align="middle">
  </td>
</tr>

just after
Code: [Select]
<!-- END input_box_no_smilies -->
                                </td>
                                <td class="tableb_compact">
                                <input type="hidden" name="event" value="comment" />
                                <input type="hidden" name="pid" value="{PIC_ID}" />
                                <input type="submit" class="comment_button" name="submit" value="{OK}" />
                                </td></tr>

##################

Edit db_input.php

Add

Code: [Select]
        require("include/captcha.class.php");
        if (!PhpCaptcha::Validate($_POST['confirmCode'])) {
          cpg_die(ERROR, "Confirmation code didn't matched", __FILE__, __LINE__);
        }

just after

Code: [Select]
    case 'comment':
        if (!(USER_CAN_POST_COMMENTS)) cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);


That's it. Hope this helps some of you out there....


Abbas

P.S: I don't know whether this can be done using a plugin or not. If someone can come out with a plugin then it will be better.



[edit GauGau 2007-04-05]
This wonderful mod has been turned into a plugin that you should try out as well: coppermine-gallery.net > Support > cpg1.4.x Support > cpg1.4 plugins > cpg1.4 plugin contributions >Captcha (Visual Confirmation) for adding comments
[/edit]
« Last Edit: April 05, 2007, 09:03:25 PM by GauGau »
Logged
Chief Geek at Ranium Systems

TranzNDance

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Female
  • Posts: 6148
    • Take Thu! Gallery
Re: Captcha (Visual Confirmation) for adding comments
« Reply #1 on: June 02, 2006, 03:05:26 PM »

Thanks, Abbas! Very useful mod.  :-* I had to disable comments due to the crazy spamming. Let's see how it goes now. :)
Logged

Dr Preacox

  • Contributor
  • Coppermine frequent poster
  • ***
  • Offline Offline
  • Gender: Male
  • Posts: 122
  • Is the Matrix...
    • Dynamic Creations
Re: Captcha (Visual Confirmation) for adding comments
« Reply #2 on: June 02, 2006, 04:21:36 PM »

Hmm do you have a demo? I know how it would look in my head, but on CPG I havn't the foggiest ... either way its a good mod, I might install it
Logged
My Mods:
Making Memberlist Public - VIEW
Different Way of Displaying Categories - VIEW
Coming Soon - Automated Sub Domains -MOD

majay

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 33
Registration form captcha?
« Reply #3 on: June 02, 2006, 06:20:58 PM »

Hi,

I just discovered Abbas' mod to add a security code to comments, and I have been trying to find a way to apply it to the user registration form. I'm simply experimenting, to see if it could work.
Here is the mod: http://forum.coppermine-gallery.net/index.php?topic=29564.0

First, I added the captcha_error and the confirm bits from the language file under lang_register_php instead of lang_display_xxx.

So far, by adding the <tr> code in register.php, I have managed to make the Captcha appear fine on my registration page in several ways (under the Submit button, under both "required_info" and "optional_info" labels, under the password field), but no matter where I put it, the registration process does not take it into account. Ie if the verifiaction code doesn't match the image, CPG won't detect the error and the registration will go through anyway. 

I tried to insert the following code between the "password_verification" and "email" rows, just to see what would happen:

Code: [Select]
EOT;
break;
<tr>
  <td class="tableb_compact" colspan="2">
    {$lang_register_php['confirm']}
<br>
    <input type="text" name="confirmCode" size="5" class="textinput"> <img src="captcha.php" align="middle">
  </td>
</tr>

But that caused an error, as it is obviously incomplete and I assume that changes should be made within the $form_data = array( bit and perhaps the function check_user_info(&$error) bit.

I don't know enough about PHP to know what I should change/add, so I was wondering if anybody might have an idea of what should be done? Or if you think that what I'm trying to achieve is too complicated and requires real knowledge of PHP, please let me know.

Thank you!
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47844
  • aka "GauGau"
    • gaugau.de
Re: Captcha (Visual Confirmation) for adding comments
« Reply #4 on: June 03, 2006, 01:50:47 AM »

This thread deals with a particular mod, please don't clutter it by asking for an entirely different mod.
Logged

Abbas Ali

  • Administrator
  • Coppermine addict
  • *****
  • Country: in
  • Offline Offline
  • Gender: Male
  • Posts: 2158
  • Spread the PHP Web
    • Ranium Systems
Re: Captcha (Visual Confirmation) for adding comments
« Reply #5 on: June 03, 2006, 07:28:50 AM »

Hmm do you have a demo? I know how it would look in my head, but on CPG I havn't the foggiest ... either way its a good mod, I might install it

This is how it looks http://www.abbasali.net/photos/displayimage.php?pid=70

@Morgane: Start a new thread for discussing captcha on registration page.
Logged
Chief Geek at Ranium Systems

Dr Preacox

  • Contributor
  • Coppermine frequent poster
  • ***
  • Offline Offline
  • Gender: Male
  • Posts: 122
  • Is the Matrix...
    • Dynamic Creations
Re: Captcha (Visual Confirmation) for adding comments
« Reply #6 on: June 03, 2006, 01:43:57 PM »

Thanxs Abbas, nice mod, may I suggest changing the TAB index so you can tab to submit after you enter the confirmation code, and also moving the submit button after the Captcha Image?
Logged
My Mods:
Making Memberlist Public - VIEW
Different Way of Displaying Categories - VIEW
Coming Soon - Automated Sub Domains -MOD

Abbas Ali

  • Administrator
  • Coppermine addict
  • *****
  • Country: in
  • Offline Offline
  • Gender: Male
  • Posts: 2158
  • Spread the PHP Web
    • Ranium Systems
Re: Captcha (Visual Confirmation) for adding comments
« Reply #7 on: June 03, 2006, 01:50:37 PM »

Sure why not... you can modify the code to whatever your needs be.
Logged
Chief Geek at Ranium Systems

Dr Preacox

  • Contributor
  • Coppermine frequent poster
  • ***
  • Offline Offline
  • Gender: Male
  • Posts: 122
  • Is the Matrix...
    • Dynamic Creations
Re: Captcha (Visual Confirmation) for adding comments
« Reply #8 on: June 04, 2006, 06:10:03 AM »

Oh I guess I could do that  :D

I'll modify this post once im done :)
Logged
My Mods:
Making Memberlist Public - VIEW
Different Way of Displaying Categories - VIEW
Coming Soon - Automated Sub Domains -MOD

mqcarpenter

  • Coppermine newbie
  • Offline Offline
  • Posts: 14
    • OTB Design
Re: Captcha (Visual Confirmation) for adding comments
« Reply #9 on: June 21, 2006, 05:13:14 AM »

I do not want to sound like a total newb moron, but I just upgraded to 1.4.8 and the upgrade instructions basically have the theme.php blank. The content referenced here is not in that file. In fact, here is my theme.php content:

Code: [Select]
<?php
/*************************
  Coppermine Photo Gallery
  ************************
  Copyright (c) 2003-2006 Coppermine Dev Team
  v1.1 originally written by Gregory DEMAR

  This program is free software; you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
  the Free Software Foundation; either version 2 of the License, or
  (at your option) any later version.
  ********************************************
  Coppermine version: 1.4.8
  $Source:
  $Revision:
  $Author:
  $Date:
**********************************************/
define('THEME_HAS_RATING_GRAPHICS'1);
define('THEME_HAS_NAVBAR_GRAPHICS'1);
define('THEME_HAS_FILM_STRIP_GRAPHIC'1);
// HTML template for template sys_menu spacer
$template_sys_menu_spacer ="|";
?>


This is per the instructions. I am trying to do a deep search to find where the theme.php code you mention is so I can implement this. Is it in another theme file? TIA
Logged
Football is gearing up @ www.returnofthechampions.com

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47844
  • aka "GauGau"
    • gaugau.de
Re: Captcha (Visual Confirmation) for adding comments
« Reply #10 on: June 21, 2006, 07:16:44 AM »

If the section in question doesn't exist in your custom theme, copy the corresponding section from themes/sample/theme.php into themes/yourtheme/theme.php and then modify as suggested. In your case, paste
Code: [Select]
// Displays comments for a specific picture
function theme_html_comments($pid)
{
    global $CONFIG, $USER, $CURRENT_ALBUM_DATA, $comment_date_fmt, $HTML_SUBST;
    global $template_image_comments, $template_add_your_comment, $lang_display_comments;

    $html = '';

//report to moderator buttons
    if (!(($CONFIG['report_post']==1) && (USER_CAN_SEND_ECARDS))) {
        template_extract_block($template_image_comments, 'report_comment_button');
    }

    if (!$CONFIG['enable_smilies']) {
        $tmpl_comment_edit_box = template_extract_block($template_image_comments, 'edit_box_no_smilies', '{EDIT}');
        template_extract_block($template_image_comments, 'edit_box_smilies');
        template_extract_block($template_add_your_comment, 'input_box_smilies');
    } else {
        $tmpl_comment_edit_box = template_extract_block($template_image_comments, 'edit_box_smilies', '{EDIT}');
        template_extract_block($template_image_comments, 'edit_box_no_smilies');
        template_extract_block($template_add_your_comment, 'input_box_no_smilies');
    }

    $tmpl_comments_buttons = template_extract_block($template_image_comments, 'buttons', '{BUTTONS}');
    $tmpl_comments_ipinfo = template_extract_block($template_image_comments, 'ipinfo', '{IPINFO}');

    if ($CONFIG['comments_sort_descending'] == 1) {
        $comment_sort_order = 'DESC';
    } else {
        $comment_sort_order = 'ASC';
    }
    $result = cpg_db_query("SELECT msg_id, msg_author, msg_body, UNIX_TIMESTAMP(msg_date) AS msg_date, author_id, author_md5_id, msg_raw_ip, msg_hdr_ip, pid FROM {$CONFIG['TABLE_COMMENTS']} WHERE pid='$pid' ORDER BY msg_id $comment_sort_order");

    while ($row = mysql_fetch_array($result)) {
        $user_can_edit = (GALLERY_ADMIN_MODE) || (USER_ID && USER_ID == $row['author_id'] && USER_CAN_POST_COMMENTS) || (!USER_ID && USER_CAN_POST_COMMENTS && ($USER['ID'] == $row['author_md5_id']));
        $comment_buttons = $user_can_edit ? $tmpl_comments_buttons : '';
        $comment_edit_box = $user_can_edit ? $tmpl_comment_edit_box : '';
        $comment_ipinfo = ($row['msg_raw_ip'] && GALLERY_ADMIN_MODE)?$tmpl_comments_ipinfo : '';

        if ($CONFIG['enable_smilies']) {
            $comment_body = process_smilies(make_clickable($row['msg_body']));
            $smilies = generate_smilies("f{$row['msg_id']}", 'msg_body');
        } else {
            $comment_body = make_clickable($row['msg_body']);
            $smilies = '';
        }

        $ip = $row['msg_hdr_ip'];
        if ($row['msg_hdr_ip'] != $row['msg_raw_ip']) {
            $ip .= ' [' . $row['msg_raw_ip'] . ']';
        }

        $params = array('{EDIT}' => &$comment_edit_box,
            '{BUTTONS}' => &$comment_buttons,
            '{IPINFO}' => &$comment_ipinfo
            );

        $template = template_eval($template_image_comments, $params);

        $params = array('{MSG_AUTHOR}' => $row['msg_author'],
            '{MSG_ID}' => $row['msg_id'],
            '{PID}' => $row['pid'],
            '{EDIT_TITLE}' => &$lang_display_comments['edit_title'],
            '{CONFIRM_DELETE}' => &$lang_display_comments['confirm_delete'],
            '{MSG_DATE}' => localised_date($row['msg_date'], $comment_date_fmt),
            '{MSG_BODY}' => bb_decode($comment_body),
            '{MSG_BODY_RAW}' => $row['msg_body'],
            '{OK}' => &$lang_display_comments['OK'],
            '{SMILIES}' => $smilies,
            '{IP}' => $ip,
            '{REPORT_COMMENT_TITLE}' => &$lang_display_comments['report_comment_title'],
            '{WIDTH}' => $CONFIG['picture_table_width']
            );

        $html .= template_eval($template, $params);
    }

    if (USER_CAN_POST_COMMENTS && $CURRENT_ALBUM_DATA['comments'] == 'YES') {
        if (USER_ID) {
            $user_name_input = '<tr><td><input type="hidden" name="msg_author" value="' . USER_NAME . '" /></td>';
            template_extract_block($template_add_your_comment, 'user_name_input', $user_name_input);
            $user_name = '';
        } else {
            $user_name = isset($USER['name']) ? '"' . strtr($USER['name'], $HTML_SUBST) . '"' : $lang_display_comments['your_name'] . '" onclick="javascript:this.value=\'\';';
        }

        $params = array('{ADD_YOUR_COMMENT}' => $lang_display_comments['add_your_comment'],
            // Modified Name and comment field
            '{NAME}' => $lang_display_comments['name'],
            '{COMMENT}' => $lang_display_comments['comment'],
            '{PIC_ID}' => $pid,
            '{USER_NAME}' => $user_name,
            '{MAX_COM_LENGTH}' => $CONFIG['max_com_size'],
            '{OK}' => $lang_display_comments['OK'],
            '{SMILIES}' => '',
            '{WIDTH}' => $CONFIG['picture_table_width'],
            );

        if ($CONFIG['enable_smilies']) $params['{SMILIES}'] = generate_smilies();

        $html .= template_eval($template_add_your_comment, $params);
    }

    return $html;
}
into themes/yourtheme/theme.php into a new line before
Code: [Select]
?>
Logged

Prisoner_24601

  • Contributor
  • Coppermine novice
  • ***
  • Offline Offline
  • Posts: 47
Re: Captcha (Visual Confirmation) for adding comments
« Reply #11 on: July 13, 2006, 11:02:05 PM »

Code: [Select]
<!-- END input_box_no_smilies -->
                                </td>
                                <td class="tableb_compact">
                                <input type="hidden" name="event" value="comment" />
                                <input type="hidden" name="pid" value="{PIC_ID}" />
                                <input type="submit" class="comment_button" name="submit" value="{OK}" />
                                </td></tr>

Doesn't exist, except in themes/sample/theme.php, even after adding the section GauGau mentions above (at least, using the default themes provided in CPG 1.4.8).

I tried renaming the "sample" theme to "testing_theme" to get it to show up in my list -- making no other changes -- and I got "Fatal Error" when I tried to use that theme (and I had to replace it with a theme.php from a theme I knew worked to get rid of the error).  I also tried not including the code Abbas Ali mentions to include after the code I quoted above and I got "Fatal Error".
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47844
  • aka "GauGau"
    • gaugau.de
Re: Captcha (Visual Confirmation) for adding comments
« Reply #12 on: July 14, 2006, 08:31:05 AM »

Do not use the sample theme for anything else but copying parts from it into your custom theme.
Logged

Abbas Ali

  • Administrator
  • Coppermine addict
  • *****
  • Country: in
  • Offline Offline
  • Gender: Male
  • Posts: 2158
  • Spread the PHP Web
    • Ranium Systems
Re: Captcha (Visual Confirmation) for adding comments
« Reply #13 on: July 14, 2006, 08:34:12 AM »

Don't use sample theme directly...

First copy the theme_html_comments function from sample theme to your theme as suggested by GauGau.

Then copy (from sample theme to your theme)

Code: [Select]
$template_add_your_comment = <<<EOT
<table align="center" width="{WIDTH}" cellspacing="1" cellpadding="0" class="maintable">
        <tr>
                <td width="100%" class="tableh2_compact"><b>{ADD_YOUR_COMMENT}</b></td>
        </tr>
        <tr>
                <td colspan="3">
                <form method="post" name="post" action="db_input.php">
                        <table width="100%" cellpadding="0px" cellspacing="0px">

<!-- BEGIN user_name_input -->
                                <tr><td class="tableb_compact">
                                        {NAME}
                                </td>
                                <td class="tableb_compact">
                                        <input type="text" class="textinput" name="msg_author" size="10" maxlength="20" value="{USER_NAME}" />
                                </td>
<!-- END user_name_input -->
<!-- BEGIN input_box_smilies -->
                                <td class="tableb_compact">
                                {COMMENT} </td>
                                <td width="100%" class="tableb_compact">
                                <input type="text" class="textinput" id="message" name="msg_body" onselect="storeCaret_post(this);" onclick="storeCaret_post(this);" onkeyup="storeCaret_post(this);" maxlength="{MAX_COM_LENGTH}" style="width: 100%;" />                                        <!-- END input_box_smilies -->
<!-- BEGIN input_box_no_smilies -->
                                <input type="text" class="textinput" id="message" name="msg_body"  maxlength="{MAX_COM_LENGTH}" style="width: 100%;" />
<!-- END input_box_no_smilies -->
                                </td>
                                <td class="tableb_compact">
                                <input type="hidden" name="event" value="comment" />
                                <input type="hidden" name="pid" value="{PIC_ID}" />
                                <input type="submit" class="comment_button" name="submit" value="{OK}" />
                                </td></tr>
                        </table>
                </form>
                </td>
        </tr>
<!-- BEGIN smilies -->
        <tr>
                <td width="100%" class="tableb_compact">
                        {SMILIES}
                </td>
        </tr>
</table>
<!-- END smilies -->

EOT;

and make necessary changes to this code.
Logged
Chief Geek at Ranium Systems

Prisoner_24601

  • Contributor
  • Coppermine novice
  • ***
  • Offline Offline
  • Posts: 47
Re: Captcha (Visual Confirmation) for adding comments
« Reply #14 on: July 14, 2006, 10:09:58 PM »

I did so.  I refreshed my browser and got a completely blank screen.  No errors, just a blank, white page.
Logged

Nibbler

  • Guest
Re: Captcha (Visual Confirmation) for adding comments
« Reply #15 on: July 14, 2006, 10:15:36 PM »

You probably pasted it incorrectly and have your server set to hide error messages. Attach a copy of your theme.php to your next post.
Logged

scotty588

  • Coppermine novice
  • *
  • Offline Offline
  • Gender: Male
  • Posts: 23
Re: Captcha (Visual Confirmation) for adding comments
« Reply #16 on: July 15, 2006, 11:25:56 AM »

Ok I am also confused about this. This is what my theme.php looks like.
Code: [Select]
<?php
/*************************
  Coppermine Photo Gallery
  ************************
  Copyright (c) 2003-2005 Coppermine Dev Team
  v1.1 originaly written by Gregory DEMAR

  This program is free software; you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
  the Free Software Foundation; either version 2 of the License, or
  (at your option) any later version.
  ********************************************
  Coppermine version: 1.4.1
  $Source:
  $Revision: 1.10 $
  $Author:
  $Date: 2005/04/30 07:13:16 $
**********************************************/

define('THEME_HAS_RATING_GRAPHICS'1);
define('THEME_IS_XHTML10_TRANSITIONAL',1); // Remove this if you edit this template until
                                           // you have validated it. See docs/theme.htm.


// HTML template for template sys_menu spacer
$template_sys_menu_spacer ='::';

?>

If you could just tell me exactly what I need to paste into mine that would make it 10x easier for me. I tried reading through these posts and I looked at the sample.php and it confuses me because I have no idea what needs to be put into my theme.php Thank you for making this I am having very bad spam problems!
Logged

mammut

  • Coppermine newbie
  • Offline Offline
  • Posts: 5
Re: Captcha (Visual Confirmation) for adding comments
« Reply #17 on: July 15, 2006, 04:08:35 PM »

Ehmmm... Were do I download the file?    :-[
Logged

Nibbler

  • Guest
Re: Captcha (Visual Confirmation) for adding comments
« Reply #18 on: July 15, 2006, 04:11:27 PM »

It's attached to the first post, as stated.
Logged

gymnastdude182

  • Coppermine regular visitor
  • **
  • Offline Offline
  • Posts: 72
Re: Captcha (Visual Confirmation) for adding comments
« Reply #19 on: July 16, 2006, 04:11:19 AM »

Works great! I love it very much so (just deleted 1000+ spam comments on my site today), and came to coppermine looking for something like this. Thanks so much.
Logged
Pages: [1] 2 3 4 5 ... 24   Go Up
 

Page created in 0.101 seconds with 19 queries.