AJAX method is used here to display a visual challenge - ReCAPTCHA - for users trying to log in. This method is an improvement over the javascript method above, solving conflicts with other scripts and plugins that rewrite the page header.
Demonstration link here:
gallery.josephcarver.com/natural/demo_recaptcha_login.phpuser = foo password = bar This link is not accessible from the normal gallery login link from the menu. It will act the same, but with a cookie error.
In order to use reCAPTCHA, you need a public/private API key pair. Links are below.
Error handling is performed by the cpg die function. The captcha validation occurs before testing the user input (username/password validation) and will not be logged as a failed log in attempt. This might slightly "harden" login since the validation is tested on a remote server and only the validation response is passed to login.php. The captcha depends on the user having javascript enabled, with no <noscript> alternative. Because of the bad traffic that I see trying to register, make comments, etc comes from "agents" that don't have js. and my galleries needs js for users nothing seems lost to users without js (opinion!)
To uninstall this mod. (if you can't log in) just replace file login.php with a clean copy. This mod. does not affect the database or gallery configuration. ReCAPTCHA has proven so far to be reliable for me on comments, ecard and registration forms.
1 - Register and get keys and file from recaptcha.net - Private (hidden) and Public (in form) Keys
- file recaptchalib.php copy to your gallery root directory
2 - Modify these files - login.php - code as below - with your keys where shown
- template.htm (for each theme that you use)
in file login.php find[/list][/list]$cookie_warning = '';
add this below, insert your PRIVATE key where shown
if ((isset($_POST['submitted']))) {
require_once('recaptchalib.php');
$privatekey = "YOUR PRIVATE RECAPTCHA KEY GOES IN HERE";
$resp = recaptcha_check_answer ($privatekey,
$_SERVER["REMOTE_ADDR"],
$_POST["recaptcha_challenge_field"],
$_POST["recaptcha_response_field"]);
if (!$resp->is_valid) {
cpg_die(CRITICAL_ERROR, 'Sorry, Captcha Error - Go Back and Try Again');
}
}
in file login.php find<td align="left" class="tablef"><input name="submitted" type="submit" class="button"
value="{$lang_login_php['login']}" tabindex="4" /></td>
replace it with - insert your PUBLIC key where shown <tr>
<td class="tableb_compact" align ="center" colspan="3">
<div><br></div>
<script>
function showRecaptcha(element, submitButton, themeName) {
Recaptcha.create("YOUR PUBLIC RECAPTCHA KEY GOES IN HERE", element, {
theme: 'white',
tabindex: 0,
callback: Recaptcha.focus_response_field
});
hideSubmitButtons();
document.getElementById(submitButton).style.visibility = "visible";
}
function hideSubmitButtons() {
document.getElementById('submit_button_1').style.visibility = "hidden";
}
function destroyRecaptchaWidget() {
hideSubmitButtons();
Recaptcha.destroy();
}
</script>
<form method="post" action="">
<p>
<input type="button" class="button" value="Click here - type the words - click
{$lang_login_php['login']}" onclick="showRecaptcha('dynamic_recaptcha_1', 'submit_button_1',
'red');"></input>
<div id="dynamic_recaptcha_1"></div>
<input name="submitted" style="visibility: hidden" type="submit" class="button"
value="{$lang_login_php['login']}" tabindex="4" id="submit_button_1" /></input>
<div><br></div>
<input type="button" class="comment_button" value="Hide the reCAPTCHA widget"
onclick="destroyRecaptchaWidget();"></input>
<br><br>
</td>
insert in the <head> in your template.htm file(s) - for each theme you use <script type="text/javascript"
src="http://api.recaptcha.net/js/recaptcha_ajax.js"></script>
Upload and you are done. This style places the captcha box above the login link and it is hidden until called. Other styles and language options can be used. For information on how this works see this link:
http://recaptcha.net/apidocs/captcha/client.htmlFor my gallery, it's content and my users this mod. would be one too many "speedbumps". For those that have trouble with abusers trying to log in, I hope it helps.
To create a testing file for a live gallerymake one more mod. to login.php and rename it. demo_recaptcha_login.php
in file login.php find:echo '<form action="login.php?referer='.$referer.'" method="post" name="loginbox">';
replace with echo '<form action="demo_recaptcha_login.php?referer='.$referer.'" method="post" name="loginbox">';
This will return you to the mod. form if user data input is in error. Otherwise it would return to login.php. This will also keep your mod. hidden from users until you undo this change and rename it back to login.php.