Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: Captcha Recaptcha protection for Registration easy mod. to stop spambots  (Read 15390 times)

0 Members and 1 Guest are viewing this topic.

Joe Carver

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: us
  • Offline Offline
  • Gender: Male
  • Posts: 1504
  • aka 'i-imagine'
    • Home Page

See Reply #4 below for latest revision
- For Plugin version click here


Hello, Here is a Captcha mod. for registration using recaptcha. One file, register.php is modified. One file captcha_errmssg_reg.php is added to the gallery root. This mod. will provide a visual confirmation for new registrations and should slow down spambots. It is now running on my two Coppermine installations. Users gallery i-imagine.net    |||   Personal gallery gallery.josephcarver.com you can try testing at the personal gallery http://gallery.josephcarver.com/natural/register.php
(no email needed or privileges gained).

There is an attached zip with the error response file and a readme with these instructions. The register.php file modified in this example is Coppermine version: 1.4.21. The galleries above are running patched 1.4.2 with sef urls, remove_modify, cpmfetch.
 Instructions
1) Get keys and files from recaptcha.net you will have to register      
         - public and private keys for your site(s)/domains - it's free
         - recaptchalib.php
2) Backup then modify the file  register.php  Insert your public and private keys where shown
         - find around line 194 - 196 , the code will look like this
Code: [Select]
<pre style="margin-top: 0pt; display: inline;">
<tr>
                <td colspan="2" align="center" class="tablef">
                        <input type="submit" name="submit" value="{$lang_register_php['submit']}" class="button" />

      - insert the following to look like this (between 194-196)
   
Code: [Select]
<tr>
<td colspan="3" align="center" class="tablef"><br>Type the two words with a space. Then click
Submit<br><br>
<script>
var RecaptchaOptions = {
   theme : 'white'};
</script>
<script type="text/javascript"
   src="http://api.recaptcha.net/challenge?k=<YOUR PUBLIC RECAPTCHA KEY IN HERE>">
</script>
<noscript><h3> <br><u>YOU HAVE NO JAVASCRIPT</u>!<h3>
   <iframe src="http://api.recaptcha.net/noscript?k=<YOUR PUBLIC RECAPTCHA KEY HERE>"
       height="300" width="500" frameborder="0"></iframe><br>
   <textarea name="recaptcha_challenge_field" rows="3" cols="40">
   </textarea>
   <input type="hidden" name="recaptcha_response_field"
       value="manual_challenge">
</noscript>
<br>Click Get a  new challenge (above) for new words<br></td></tr><tr>
<td colspan="2" align="center" class="tablef">
<input type="submit" name="submit" value="{$lang_register_php['submit']}" class="button" />
      
         - find around line 285 , the code will look like this
Code: [Select]
   }

   if ($CONFIG['reg_requires_valid_email'] || $CONFIG['admin_activation']) {
 
         - insert the following to look like this (between 285-287)
   
Code: [Select]

}
$errmssg = implode("", file('errmssg.html'));
         require_once('recaptchalib.php');    
$privatekey = "YOUR PRIVATE RECAPTCHA KEY HERE";
$resp = recaptcha_check_answer ($privatekey,
$_SERVER["REMOTE_ADDR"],
$_POST["recaptcha_challenge_field"],
$_POST["recaptcha_response_field"]);
if (!$resp->is_valid) {
die(header('Location: captcha_errmssg_reg.php'));
  }
  if ($CONFIG['reg_requires_valid_email'] || $CONFIG['admin_activation']) {
3) Upload files:  captcha_errmssg_reg.php and recaptchalib.php  to your cpg root
4) Upload the new modified register.php after backing up original
5) Test and your registration process is now captcha protected from spambots

I hope this can stop more spammers. Have fun with it as you like, this mod is very simple and could be improved too.
i-imagine
captcha for comments is here http://forum.coppermine-gallery.net/index.php/topic,58757.0.html  and captcha for ecards is here http://forum.coppermine-gallery.net/index.php/topic,58782.0.html


« Last Edit: September 06, 2009, 06:02:16 pm by i-imagine »
Logged

Hein Traag

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: nl
  • Offline Offline
  • Gender: Male
  • Posts: 2166
  • A, B, Cpg
    • Personal website - Spintires.nl

Thanks for the mod. And you need to upgrade to 1.4.21.
Logged

Joe Carver

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: us
  • Offline Offline
  • Gender: Male
  • Posts: 1504
  • aka 'i-imagine'
    • Home Page

Upgrades done and all three captcha mods. are now installed into ver. 1.4.21 files. Upgrade was easy, thanks for all of the reminding to do so. It has been only a short time and my sites have low rankings, but I have not had any obvious spam activity and new users have registered through the captcha.

It is a pleasure to share
i-imagine

Joe Carver

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: us
  • Offline Offline
  • Gender: Male
  • Posts: 1504
  • aka 'i-imagine'
    • Home Page

Corrections to the first post. Reference to .html file instead of .php for error response.
To install a recaptcha for user registration | see i-imagine.net and gallery.josephcarver.com
There is an attached zip with the error response file and a readme with these instructions. The register.php file modified in this example is Coppermine version: 1.4.21. The galleries above are running 1.4.21. with sef urls, remove_modify, cpmfetch.
 Instructions
1) Get keys and files from recaptcha.net you will have to register     
         - public and private keys for your site(s)/domains - it's free
         - recaptchalib.php
2) Backup then modify the file  register.php  Insert your public and private keys where shown
Quote
- find around line 194 - 196 , the code will look like this
Code: [Select]
<pre style="margin-top: 0pt; display: inline;">
<tr>
                <td colspan="2" align="center" class="tablef">
                        <input type="submit" name="submit" value="{$lang_register_php['submit']}" class="button" />

Quote
- insert the following to look like this (between 194-196)
Code: [Select]
<tr>
<td colspan="3" align="center" class="tablef"><br>Type the two words with a space. Then click
Submit<br><br>
<script>
var RecaptchaOptions = {
  theme : 'white'};
</script>
<script type="text/javascript"
    src="http://api.recaptcha.net/challenge?k=<YOUR PUBLIC RECAPTCHA KEY IN HERE>">
</script>
<noscript><h3> <br><u>YOU HAVE NO JAVASCRIPT</u>!<h3>
    <iframe src="http://api.recaptcha.net/noscript?k=<YOUR PUBLIC RECAPTCHA KEY HERE>"
        height="300" width="500" frameborder="0"></iframe><br>
    <textarea name="recaptcha_challenge_field" rows="3" cols="40">
    </textarea>
    <input type="hidden" name="recaptcha_response_field"
        value="manual_challenge">
</noscript>
<br>Click Get a  new challenge (above) for new words<br></td></tr><tr>
<td colspan="2" align="center" class="tablef">
<input type="submit" name="submit" value="{$lang_register_php['submit']}" class="button" />
Quote
- find around line 285 , the code will look like this
Code: [Select]
    }

    if ($CONFIG['reg_requires_valid_email'] || $CONFIG['admin_activation']) {
Quote
- insert the following to look like this (between 194-196)
Code: [Select]

}

        require_once('recaptchalib.php');   
$privatekey = "YOUR PRIVATE RECAPTCHA KEY HERE";
$resp = recaptcha_check_answer ($privatekey,
$_SERVER["REMOTE_ADDR"],
$_POST["recaptcha_challenge_field"],
$_POST["recaptcha_response_field"]);
if (!$resp->is_valid) {
die(header('Location: captcha_errmssg_reg.php'));

   }

   if ($CONFIG['reg_requires_valid_email'] || $CONFIG['admin_activation']) {
3) Upload files:  captcha_errmssg_reg.php and recaptchalib.php  to your cpg root
4) Upload the new modified register.php after backing up original
5) Test and your registration process is now captcha protected from spambots

Sorry if any trouble, I thought it would be a day or two for a break before I found another typo or error leftover | i-imagine

Joe Carver

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: us
  • Offline Offline
  • Gender: Male
  • Posts: 1504
  • aka 'i-imagine'
    • Home Page

This mod. version uses AJAX to load a third party visual (reCAPTCHA)  challenge to the registration form. It uses the error handling already built into register.php The captcha is hidden from the user until it is called. Like the above method it uses a public and private key set.

This method seems to solve two issues found when the above methods were used:1) Conflict with other mods'/plugins' javascript would cause IE to get "lost" and out of the gallery. 2) External page error handling did not cooperate well with other plugins/mods that rewrite the page header (best guess). 
 
Bots should not be able to get past the protections in this mod. so far it has worked for me.
The files register.php and template.htm are modifed and one file is added to your gallery root directory. To uninstall this mod. replace register.php with a clean copy.
 
 1) Get the keys and register your domains at recaptcha.net - they are free
 2) Get file recaptchalib.php from recaptcha.net. Upload it to your gallery root directory.
      a) you can also get a set of testing files for validation testing and practice
 3) Modify files  register.php    and    template.htm  (for every template that you use)
      a) Insert your PUBLIC and PRIVATE keys where shown below
 4) After backup, upload mod. files to their directories - you are done

Quote
Insert into the <HEAD> of your template.htm
Code: [Select]
<script type="text/javascript" src="http://api.recaptcha.net/js/recaptcha_ajax.js"></script>


Quote
in your register.php file find
Code: [Select]
         
                <td colspan="2" align="center" class="tablef">
                        <input type="submit" name="submit" value="{$lang_register_php['submit']}"

class="button" />

Quote
replace it with this - insert your key where shown
Code: [Select]

                               <td class="tableb_compact" align ="center" colspan="3">
<div><br></div>

<script>
function showRecaptcha(element, submitButton, themeName) {
  Recaptcha.create("YOUR PUBLIC RECAPTCHA KEY GOES IN HERE", element, {
        theme: 'white',
        tabindex: 0,
        callback: Recaptcha.focus_response_field
  });
  hideSubmitButtons();
  document.getElementById(submitButton).style.visibility = "visible";
}

function hideSubmitButtons() {
  document.getElementById('submit_button_1').style.visibility = "hidden";
 
}

function destroyRecaptchaWidget() {
  hideSubmitButtons();
  Recaptcha.destroy();
}

</script>

<form method="post" action="">

<p>

<input type="button" class="button"  value="Click here - type the words - click submit" 

onclick="showRecaptcha('dynamic_recaptcha_1', 'submit_button_1', 'red');"></input>
<div id="dynamic_recaptcha_1"></div>



<input type="submit"  style="visibility: hidden" id="submit_button_1" class="button" name="submit"

value="{$lang_register_php['submit']}" /></input>


<div><br></div>
                             

<input type="button" class="comment_button" value="Hide the reCAPTCHA widget" 

onclick="destroyRecaptchaWidget();"></input>

<br><br>
 
Quote
in your file register.php find
Code: [Select]
  $error = '<li>' . $lang_register_php['err_duplicate_email'];
            return false;
        }

        mysql_free_result($result);
    }
Quote
insert below it this code with your key where shown
Code: [Select]

        require_once('recaptchalib.php');   
$privatekey = "YOUR PRIVATE RECAPTCHA KEY GOES IN HERE";
$resp = recaptcha_check_answer ($privatekey,
$_SERVER["REMOTE_ADDR"],
$_POST["recaptcha_challenge_field"],
$_POST["recaptcha_response_field"]);
if (!$resp->is_valid) {
$error .= '<li>' . 'Captcha Error - Please Try Again - You Will Need to

Re-enter your Password First';
if ($error != '') return false;
}

It is now installed here i-imagine.net  and gallery.josephcarver.com/natural/ - try it, any feedback is welcome.
Other styles than this hidden one can be applied. It seems to be keeping the usual offenders away, even though their ip addresses keep showing in the logs.
i-imagine

 
« Last Edit: April 24, 2009, 04:54:13 am by i-imagine »
Logged

Criss

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 36

Since I'm fighting with spammers today, I've decided to install this mod as well. But I got an error after clicking 'Submit registration button'

Quote
Script called without the required parameter(s). (username)

http://www.jcgallery.org
Logged

Joe Carver

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: us
  • Offline Offline
  • Gender: Male
  • Posts: 1504
  • aka 'i-imagine'
    • Home Page

My first impression is that you placed the captcha as a replacement for the "I agree" submit rather than the form/data submit.
Code: [Select]
<input type="submit" name="agree" value="{$lang_register_php['i_agree']}" class="button" />

This is something I have not yet tried. Retry as instructed above. This is part of what you replace.
Code: [Select]
<input type="submit" name="submit" value="{$lang_register_php['submit']}"


Criss

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 36

I tried it 3 times on clean register.php step by step but it still shows up at that page. Please check attached file (removed recaptcha keys)..
Logged

Joe Carver

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: us
  • Offline Offline
  • Gender: Male
  • Posts: 1504
  • aka 'i-imagine'
    • Home Page

So far your edits look fine.
Are you using a mod. or plugin for the login on your main page?
If yes, you might try toggling it on/off to test the effect. That would be one thing I could not test here.

I'm also curious as to the result and what plugin/mod. it might be.

Criss

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 36

I used to have Captcha 3.0 installed. Even after I uninstalled it, I couldn't get your mod to work. Deleting Captcha directory from the server helped tho and now everything works like it should. Please check  :)
Logged

Joe Carver

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: us
  • Offline Offline
  • Gender: Male
  • Posts: 1504
  • aka 'i-imagine'
    • Home Page

 It worked just fine. I was able register after being stopped by the captcha and also having it recognize a duplicate name.
The email arrived just now
Quote
Thank you for registering at JC Source Gallery
In order to activate your account with username "i-imagine"

Thanks for the reply, I have not seen this installed anywhere else than my own gallery. Good Luck with the spammers.

Criss

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 36

Thanks for your help! It's a great mod!  ;)
Logged
Pages: [1]   Go Up
 

Page created in 0.026 seconds with 20 queries.