forum.coppermine-gallery.net
No Support => Modifications/Add-Ons/Hacks => Mods: Emails/Notifications => Topic started by: Joe Carver on March 29, 2009, 03:31:01 am
-
SEE REPLY #3 BELOW FOR THE LATEST REVISIONS
For Plugin version click here (http://forum.coppermine-gallery.net/index.php/topic,60626.0.html)
This one is easy, instructions are below and attached in the .zip file.
The mod will add a captcha (Recaptcha) visual confirmation to the ecard function.
It preserves the preview function and is now running on my two cpg galleries.
http://i-imagine.net/artists/index.php (a public user's gallery)
http://gallery.josephcarver.com/natural/index.php (my photo gallery)
(ver. 1.4.2 with cpmfetch, sef urls, remove_modify)
The mod. should prevent bots from using ecards Users have to match two obscured words.
_______________________
FUNCTION: TO ADD CAPTCHA - RECAPTCHA PROTECTION TO ECARDS - STOP SPAMMERS -
INSTRUCTION:
1) Get keys and files from recaptcha.net
- public and private keys for your site(s)/domains - it's free
- recaptchalib.php
2) Modify the included file ecard.php
- around line 208 put your private recaptcha key between the quotes
- around lines 351 and 355 put your public recaptcha key between the < >'s
3) Upload files captcha_errmssg.php and recaptchalib.php to your cpg root
4) Upload the new modified ecard.php after backing up original
5) Your ecards are now captcha protected from spambots
_____
All of the cpg files needed are in the .zip. You will need to get your own keys and make sure they work
with your domain. Practice is easy. I can say that because I really don't know code.
Read the readme.
This is a small way to say thanks to the developers and the board.
I have had no need to ask for support so far. Searching has been good
for me. (and yes, I despise spammers too)
i-imagine
For Comments captcha see this post: http://forum.coppermine-gallery.net/index.php/topic,58757.0.html (http://forum.coppermine-gallery.net/index.php/topic,58757.0.html)
-
Thanks for your readiness to share. However, I have some remarks:
(ver. 1.4.2 with cpmfetch, sef urls, remove_modify)
Running such an ancient version is not an option, as it would mean that you've missed 19 maintenance releases - most recent version currently is cpg1.4.21. All versions prior cpg1.4.21 contain serious security flaws and must be upgraded instantly. Side-note: in case that you meant "cpg1.4.20" (that's what you use on http://gallery.josephcarver.com/natural/index.php): cpg1.4.20 is the version that came after cpg1.4.19 and before cpg1.4.21. The last number after the dot is being counted upwards. The versions cpg1.4.2 and cpg1.4.20 are not the same, but entirely different animals.
However, mods should work with all minor releases, so your mod should work with all cpg1.4.x releases.
Anyway, we're not fond of mods that contain pre-modded files. We prefer instructions likeedit filename.php, find foo and replace with bar
Then findblaand insert after itwhatever
Only genuine mod files that don't exist in coppermine's core should be added as separate files to a mod zip attachment.
-
Hello,
Apologies for my terrible typing and descriptions of my gallery's Coppermine version.
I did make more than one error - the gallery version is actually cpg1.4.20 Also
I have applied the changes (but not yet the complete upgrade) against the milw0rm exploits.
It was interesting to see the bb coded links already on the galleries disappear....
For the future posts I will now also make changes in what I upload to the board.
That zip previously attached will be pared down and resent too.
This Captcha/Recaptcha system seems to work with Registration too.
It is now on here: http://gallery.josephcarver.com/natural/ (http://gallery.josephcarver.com/natural/) for temporary testing
and here http://i-imagine.net/artists/index.php (http://i-imagine.net/artists/index.php) for permanent use
however I need to test it a little more before posting the changes (maybe later today).
Thanks for the input.
i-imagine
(and yes, my typo errors extend to this post too http://forum.coppermine-gallery.net/index.php/topic,58757.0.html (http://forum.coppermine-gallery.net/index.php/topic,58757.0.html) where I have left a noscript tag open......it will also be corrected)
-
AJAX is used to deliver a visual confirmation - reCAPTCHA - for a user to enter before submitting an ecard. This will stop automated bots from sending ecards from your gallery.
The mod. will reverse the code for ecard preview and send. This way the user will not have to solve the captcha to see the ecard preview. Because of this the main code mod. is quite large, but is done with one change.
To use ReCAPTCHA you need you need a public/private API key pair from recaptcha.net (http://recaptcha.net) [it is a free service]. To see how this works - check this link http://recaptcha.net/apidocs/captcha/client.html (http://recaptcha.net/apidocs/captcha/client.html) .
Step 1
- Register your domains - get Private and Public key set from reCAPTCHA.net (http://reCAPTCHA.net)
- Download the reCAPTCHA Library (http://code.google.com/p/recaptcha/downloads/list?q=label:phplib-Latest) , unzip it, and copy recaptchalib.php to your gallery root directory
Step 2
- Modify file template.html
- Modify file ecard.php
Insert this into the <head> of your template.html file [/list][/list]<script type="text/javascript" src="http://api.recaptcha.net/js/recaptcha_ajax.js"></script>
In file ecard.php find the section that starts and ends as shown here
if (isset($_POST['submit'])) {
....CODE
....CODE
....CODE
}//preview
Replace everything with this - insert your PRIVATE KEY where shown
// mod here to reverse preview and post
if (isset($_POST['preview'])) {
if ($CONFIG['make_intermediate'] && max($row['pwidth'], $row['pheight']) > $CONFIG['picture_width']) {
$n_picname = get_pic_url($row, 'normal');
} else {
$n_picname = get_pic_url($row, 'fullsize');
}
if (!stristr($n_picname, 'http:')) $n_picname = $gallery_url_prefix . $n_picname;
$msg_content = process_smilies($message, $gallery_url_prefix);
$data = array(
'sn' => $_POST['sender_name'],
'se' => $sender_email,
'p' => $n_picname,
'g' => $greetings,
'm' => $message,
'pid' => $pid,
'pt' => $pic_title,
'pc' => $pic_caption,
);
$encoded_data = urlencode(base64_encode(serialize($data)));
$params = array('{LANG_DIR}' => $lang_text_dir,
'{TITLE}' => sprintf($lang_ecard_php['ecard_title'], $sender_name),
'{CHARSET}' => $CONFIG['charset'] == 'language file' ? $lang_charset : $CONFIG['charset'],
'{VIEW_ECARD_TGT}' => "{$gallery_url_prefix}displayecard.php?data=$encoded_data",
'{VIEW_ECARD_LNK}' => $lang_ecard_php['preview_view_ecard'],
'{PIC_URL}' => $n_picname,
'{URL_PREFIX}' => $gallery_url_prefix,
'{GREETINGS}' => $greetings,
'{MESSAGE}' => bb_decode($msg_content),
'{SENDER_EMAIL}' => $sender_email,
'{SENDER_NAME}' => $sender_name,
'{VIEW_MORE_TGT}' => $CONFIG['ecards_more_pic_target'],
'{VIEW_MORE_LNK}' => $lang_ecard_php['view_more_pics'],
'{PID}' => $pid,
'{PIC_TITLE}' => $pic_title,
'{PIC_CAPTION}' => $pic_caption,
);
$eccontent = template_eval($template_ecard, $params);
if (preg_match('#<body[^>]*>(.*)</body>#s', $eccontent, $matches)) {
$eccontent = $matches[1];
}
starttable('100%', $lang_ecard_php['preview']);
echo '<tr><td>';
echo $eccontent;
echo '</td></tr>';
endtable();
echo '<br />';
}//preview
elseif (isset($_POST['submit'])) {
require_once('recaptchalib.php');
$privatekey = "YOUR_PRIVATE_RECAPTCHA_KEY_BETWEEN_THESE_QUOTES";
$resp = recaptcha_check_answer ($privatekey,
$_SERVER["REMOTE_ADDR"],
$_POST["recaptcha_challenge_field"],
$_POST["recaptcha_response_field"]);
if (!$resp->is_valid) {
cpg_die(CRITICAL_ERROR, 'Sorry, Captcha Error - Go Back and Try Again');
}
// Create and send the e-card
if (count($_POST) > 0 && $valid_sender_email && $valid_recipient_email) {
$gallery_url_prefix = $CONFIG['ecards_more_pic_target']. (substr($CONFIG['ecards_more_pic_target'], -1) == '/'
? '' : '/');
if ($CONFIG['make_intermediate'] && max($row['pwidth'], $row['pheight']) > $CONFIG['picture_width']) {
$n_picname = get_pic_url($row, 'normal');
} else {
$n_picname = get_pic_url($row, 'fullsize');
}
if (!stristr($n_picname, 'http:')) $n_picname = $gallery_url_prefix . $n_picname;
$msg_content = process_smilies($message, $gallery_url_prefix);
$data = array('rn' => $_POST['recipient_name'],
'sn' => $_POST['sender_name'],
'se' => $sender_email,
'p' => $n_picname,
'g' => $greetings,
'm' => $message,
'pid' => $pid,
'pt' => $pic_title,
'pc' => $pic_caption,
);
$encoded_data = urlencode(base64_encode(serialize($data)));
$params = array('{LANG_DIR}' => $lang_text_dir,
'{TITLE}' => sprintf($lang_ecard_php['ecard_title'], $sender_name),
'{CHARSET}' => $CONFIG['charset'] == 'language file' ? $lang_charset : $CONFIG['charset'],
'{VIEW_ECARD_TGT}' => "{$gallery_url_prefix}displayecard.php?data=$encoded_data",
'{VIEW_ECARD_LNK}' => $lang_ecard_php['view_ecard'],
'{VIEW_ECARD_LNK_PLAINTEXT}' => $lang_ecard_php['view_ecard_plaintext'],
'{PIC_URL}' => $n_picname,
'{URL_PREFIX}' => $gallery_url_prefix,
'{GREETINGS}' => $greetings,
'{MESSAGE}' => bb_decode($msg_content),
'{PLAINTEXT_MESSAGE}' => $message,
'{SENDER_EMAIL}' => $sender_email,
'{SENDER_NAME}' => $sender_name,
'{VIEW_MORE_TGT}' => $CONFIG['ecards_more_pic_target'],
'{VIEW_MORE_LNK}' => $lang_ecard_php['view_more_pics'],
'{PID}' => $pid,
'{PIC_TITLE}' => $pic_title,
'{PIC_CAPTION}' => $pic_caption,
);
$message = template_eval($template_ecard, $params);
$plaintext_message = template_eval($template_ecard_plaintext, $params);
$tempTime = time();
$message .= sprintf($lang_ecard_php['ecards_footer'], $sender_name, $_SERVER['REMOTE_ADDR'],
localised_date(-1,$comment_date_fmt));
$subject = sprintf($lang_ecard_php['ecard_title'], $sender_name);
$result = cpg_mail($recipient_email, $subject, $message, 'text/html',
$sender_name, $sender_email, $plaintext_message);
//write ecard log
if ($CONFIG['log_ecards'] == 1) {
$result_log = cpg_db_query("INSERT INTO {$CONFIG['TABLE_ECARDS']} (sender_name, sender_email,
recipient_name, recipient_email, link, date, sender_ip) VALUES ('$sender_name', '$sender_email',
'$recipient_name', '$recipient_email', '$encoded_data', '$tempTime', '{$_SERVER["REMOTE_ADDR"]}')");
}
if (!USER_ID) {
$USER['name'] = $sender_name;
$USER['email'] = $sender_email;
}
if ($result) {
//pageheader($lang_ecard_php['title']);
msg_box($lang_cpg_die[INFORMATION], $lang_ecard_php['send_success'], $lang_continue,
"displayimage.php?album=$album&pos=$pos");
echo '<br />';
starttable('100%', $lang_ecard_php['preview']);
echo '<tr><td>';
echo template_eval($template_ecard, $params);
echo '</td></tr>';
endtable();
pagefooter();
ob_end_flush();
exit;
} else {
cpg_die(ERROR, $lang_ecard_php['send_failed'], __FILE__, __LINE__);
}
}
}//submit
In file ecard.php find this
<input type="submit" class="button" name="submit" title="{$lang_ecard_php['submit_button']}" value="{$lang_ecard_php['submit_button']}" />
</td>
</tr>
Replace it with this - Insert your PUBLIC reCAPTCHA key where shown </td></tr><tr>
<td colspan="3" align="center" class="tablef"><div><br></div>
<script>
function showRecaptcha(element, submitButton, themeName) {
Recaptcha.create("INSERT YOUR PUBLIC RECAPTCHA KEY BETWEEN THESE QUOTES", element, {
theme: 'white',
tabindex: 0,
callback: Recaptcha.focus_response_field
});
hideSubmitButtons();
document.getElementById(submitButton).style.visibility = "visible";
}
function hideSubmitButtons() {
document.getElementById('submit_button_1').style.visibility = "hidden";
}
function destroyRecaptchaWidget() {
hideSubmitButtons();
Recaptcha.destroy();
}
</script>
<form method="post" action="">
<p>
<input type="button" class="button" value="Click here - type the words - click submit"
onclick="showRecaptcha('dynamic_recaptcha_1', 'submit_button_1', 'red');"></input>
<div id="dynamic_recaptcha_1"></div>
<input type="submit" style="visibility: hidden" id="submit_button_1" class="button" name="submit"
title="{$lang_ecard_php['submit_button']}" value="{$lang_ecard_php['submit_button']}" /></input>
<div><br></div>
<input type="button" class="comment_button" value="Hide the reCAPTCHA widget"
onclick="destroyRecaptchaWidget();"></input>
<br><br>
</td>
</tr>
Upload and you are done. To uninstall - replace ecard.php with a clean copy.
This style hides the captcha until the user clicks a button. Other styles and language options can be used.
Testing for your key and validation response can be done by the "hello world" example found on this link here (http://recaptcha.net/plugins/php/)
I am now running this mod. on my personal photo gallery (http://gallery.josephcarver.com/natural/) with absolutely no spam.
-
Hi Joe,
Thank you for this great mod. The ecard.php -file has changed a bit with the update to 1.5.12 so it is a bit tricky to find the right places for the modified code.
Does your mod work also with the current versio?
-
No it would not work without modification to $GET to Supercage GET and would need some other modifications too.
I don't have the time to look into it, but it should not be very difficult to do.
Please post in the cpg 1.5.x boards next time as 1.4.x is no longer supported.
-
Thanks for a swift reply. Will do that. Looking forward to see 1.5 update for this nice mod some day. =:)
-
Thanks for your information about ReCaptcha for ecards - easy spambot protection mod and i will be happy if you write in details about it.