Print

[Joe Carver]

See second post for improved modification
For Plugin version click here

This modification will put a Captcha (recaptcha) on the Login page. Users will have to enter two words to log in. One file - login.php is modified. Two files - captcha_errmssg.php and recaptchalib.php - are added to the Coppermine root directory. You will need to get a set of keys and the file - recaptchalib.php - from recaptcha.net. They are all free. Like the other recaptcha mods I have posted this will run without other changes to your database or gallery configuration. To uninstall the mod. simply replace file - login.php - with a clean copy. Example is now running at http://gallery.josephcarver.com/natural/ see link below for newer demo.

in file login.php find:

Code: [Select]

$cookie_warning = '';

insert the following to look like this with your key where indicated

Code: [Select]

if ((isset($_POST['submitted'])) && (!(USER_ID))){
require_once('recaptchalib.php');    
$privatekey = "YOUR PRIVATE RECAPTCHA KEY HERE";
$resp = recaptcha_check_answer ($privatekey,
$_SERVER["REMOTE_ADDR"],
$_POST["recaptcha_challenge_field"],
$_POST["recaptcha_response_field"]);
if (!$resp->is_valid) {
die(header('Location: captcha_errmssg.php'));
}
}

find the following:

Code: [Select]

             <td align="center" class="tablef"><a href="forgot_passwd.php" class="topmenu">{$lang_login_php['forgot_password_link']}</a></td>

Insert the following to look like this with your key where indicated

Code: [Select]

 </tr>
<tr>
<td class="tableb_compact" align ="center" valign= "top" colspan="3" height="150">
<br>Type the two words with a space. Then click Login <br>
<script>
var RecaptchaOptions = {
   theme : 'white'
};
</script>
<script type="text/javascript"
   src="http://api.recaptcha.net/challenge?k=<YOUR PUBLIC RECAPTCHA KEY HERE>">
</script>
<noscript><h3> <br><u>YOU HAVE NO JAVASCRIPT!<br>1) Solve the challenge<br>2) Copy and Paste the key
  into the lower box<br>3) Click Submit (it's easy with javascript on)</u><h3>
   <iframe src="http://api.recaptcha.net/noscript?k=<YOUR PUBLIC RECAPTCHA KEY HERE>"
       height="300" width="500" frameborder="0"></iframe><br>
   <textarea name="recaptcha_challenge_field" rows="3" cols="40">
   </textarea>
   <input type="hidden" name="recaptcha_response_field"
       value="manual_challenge">
</noscript>
  <h3>Click Get a new challenge (above) for new words</h3>
                                </td>
</tr>
                                <tr>


Create a response file, name it captcha_errmssg.php

Code: [Select]

                 

<?php
define('IN_COPPERMINE', true);
require('include/init.inc.php');
pageheader('RECAPTCHA ERROR PAGE');
// 090308// 090407
     starttable("100%");
     ?>
     <tr>
<h1 align="center">
<a href="#" onclick="history.go(-1);return false;"><b><font color= "red">
SORRY, THERE WAS AN ERROR WITH THE </br>RECAPTCHA.
CLICK HERE AND TRY AGAIN.</br></br>(OR USE THE BACK BUTTON ON YOUR BROWSER)</b></font></a>
</br>
</h1> </div>
  </tr>
<?php
endtable();
//  ends here
pagefooter();
ob_end_flush();
?>

Upload the mod.file  login.php , the files recaptchalib.php and captcha_errmssg.php to your gallery root directory. Test and you will now have captcha protection for your log in page. The example above puts the Login button below the captcha and has only one style applied to the image. Other css styles can be applied to the display. The mod was applied to  Coppermine version: 1.4.21. Both of my gallery installations are now running these captchas ( i-imagine.net and login captcha here at gallery.josephcarver.com/natural/ see link below for newer version)with sef urls, remove_modify and cpmfetch. See my other post for comments, ecards and registration mods. Hoping this helps......
i-imagine

[Joe Carver]

AJAX method is used here to display a visual challenge - ReCAPTCHA - for users trying to log in. This method is an improvement over the javascript method above, solving conflicts with other scripts and plugins that rewrite the page header.

Demonstration link here: gallery.josephcarver.com/natural/demo_recaptcha_login.php
user = foo   password = bar  This link is not accessible from the normal gallery login link from the menu. It will act the same, but with a cookie error.

In order to use reCAPTCHA, you need a public/private API key pair. Links are below.

Error handling is performed by the cpg die function. The captcha validation occurs before testing the user input (username/password validation) and will not be logged as a failed log in attempt. This might slightly "harden" login since the validation is tested on a remote server and only the validation response is passed to login.php.  The captcha depends on the user having javascript enabled, with no <noscript> alternative. Because of the bad traffic that I see trying to register, make comments, etc comes from "agents" that don't have js. and my galleries needs js for users nothing seems lost to users without js (opinion!)

To uninstall this mod. (if you can't log in) just replace file login.php with a clean copy. This mod. does not affect the database or gallery configuration. ReCAPTCHA has proven so far to be reliable for me on comments, ecard and registration forms.

1 - Register and get keys and file from recaptcha.net

• Private (hidden) and Public (in form) Keys
• file  recaptchalib.php     copy to your gallery root directory

2 - Modify these files

• login.php - code as below - with your keys where shown
• template.htm (for each theme that you use)

in file login.php find[/list][/list]

Code: [Select]

$cookie_warning = '';

add this below, insert your PRIVATE key where shown

Code: [Select]


if ((isset($_POST['submitted']))) {
require_once('recaptchalib.php');    
$privatekey = "YOUR PRIVATE RECAPTCHA KEY GOES IN HERE";
$resp = recaptcha_check_answer ($privatekey,
$_SERVER["REMOTE_ADDR"],
$_POST["recaptcha_challenge_field"],
$_POST["recaptcha_response_field"]);
if (!$resp->is_valid) {
cpg_die(CRITICAL_ERROR, 'Sorry, Captcha Error - Go Back and Try Again');
}
}

in file login.php find

Code: [Select]

<td align="left" class="tablef"><input name="submitted" type="submit" class="button"

value="{$lang_login_php['login']}" tabindex="4" /></td>

replace it with - insert your PUBLIC key where shown

Code: [Select]

<tr>
       <td class="tableb_compact" align ="center" colspan="3">
<div><br></div>
<script>
function showRecaptcha(element, submitButton, themeName) {
   Recaptcha.create("YOUR PUBLIC RECAPTCHA KEY GOES IN HERE", element, {
        theme: 'white',
        tabindex: 0,
        callback: Recaptcha.focus_response_field
  });
   hideSubmitButtons();
   document.getElementById(submitButton).style.visibility = "visible";
}

function hideSubmitButtons() {
   document.getElementById('submit_button_1').style.visibility = "hidden";
  
}

function destroyRecaptchaWidget() {
   hideSubmitButtons();
   Recaptcha.destroy();
}
</script>
<form method="post" action="">
<p>
<input type="button" class="button"  value="Click here - type the words - click

{$lang_login_php['login']}" onclick="showRecaptcha('dynamic_recaptcha_1', 'submit_button_1',

'red');"></input>
<div id="dynamic_recaptcha_1"></div>
<input name="submitted"  style="visibility: hidden"  type="submit" class="button"

value="{$lang_login_php['login']}" tabindex="4" id="submit_button_1" /></input>
  <div><br></div>
      <input type="button" class="comment_button" value="Hide the reCAPTCHA widget"  

onclick="destroyRecaptchaWidget();"></input>
<br><br>
      </td>



insert in the <head> in your template.htm file(s) - for each theme you use

Code: [Select]

<script type="text/javascript"
 src="http://api.recaptcha.net/js/recaptcha_ajax.js"></script>

Upload and you are done. This style places the captcha box above the login link and it is hidden until called. Other styles and language options can be used. For information on how this works see this link: http://recaptcha.net/apidocs/captcha/client.html
For my gallery, it's content and my users this mod. would be one too many "speedbumps". For those that have trouble with abusers trying to log in, I hope it helps.

To create a testing file for a live gallery
make one more mod. to login.php and rename it. demo_recaptcha_login.php

in file login.php find:

Code: [Select]

echo '<form action="login.php?referer='.$referer.'" method="post" name="loginbox">';

replace with

Code: [Select]

echo '<form action="demo_recaptcha_login.php?referer='.$referer.'" method="post" name="loginbox">';

This will return you to the mod. form if user data input is in error. Otherwise it would return to login.php. This will also keep your mod. hidden from users until you undo this change and rename it back to login.php.