Not signed in ( Sign In)

Welcome, Guest

Want to take part in these discussions? Sign in if you have an account, or apply for one below

Feeds
- RSS2

Vanilla 1.1.10 is a product of Lussumo. More Information: Documentation, Community Support.

Plugins: Securimage plugin (phpCaptcha)

Bottom of Page

1 to 23 of 23

- CommentAuthormacmathan
- CommentTimeSep 30th 2008 edited
permalink
I wanted a captcha (those images you have to get a headache from and enter into a form manually) for my FP-sites as a better local replacement for the Accessible Antispam plugin.

I found the GNU licenced PHP-Capcha securimage that wasn't that hard to implement on FP. Kind of flexible as well.

[edit]UPDATED WITH THE LATEST INSTRUCTIONS NOW.[/edit]
[edit]Also available for download (as requested further down in the thread)at: http://macmathan.info/index.php/2009/01/12/captcha/[/edit]

INSTALLATION AND CONFIGURATION
------------------------------
1. Download securimage from http://phpcaptcha.org

2. Make a "securimage" directory in the fp-plugin directory and install the files. (The usual naming convention applies) You need secureimage.php, a ttf-file or the gdfonts, the audiofiles from the securimage package (might be a separate download from the securimage page) and the plugin-.securimage.php (described below) to get going with a basic setup.
Install the securimage package and audiofiles relative to the securimage directory, in other words, the securimage.php file in that directory and the audiofiles in a new dir called audio (unless you reconfigure in the securimage.php file).

3. configure securimage.php (explained inside the file). Put the path to the font file as an absolute path.
(In other words, specify it from the root like /home/myaccount/www/fp-plugins/securimage/font.ttf)

4. Make and configure plugin.securimage.php

5. Make a new file called service.php in the root of the FP install.

Here is the plugin code. Use it, steal it, make it better, take over the development, whatever :)
Thanks NoWhereMan for a lot of ideas and help! (I shouldn't have too much credits for this work.)

http://www.flatpress.org/forums/comments.php?DiscussionID=428&page=1#Item_17 (Or just scroll down...)

NOTE: The code above is coded to look for two images in the plugin directory (reload.png and speaker.png). Make your own, they are not included :)

Here is the lang/lang.en-us.php file as well:
<?php $lang['plugin']['securimage'] = array( 'prefix' => 'As a way to prevent abuses of this commenting system, '. 'we must ask you to reproduce the text on the image above, please: ', 'reload' => 'Reload image', 'speaker' => 'Audible version of CAPTCHA-image', 'error' => 'Result was incorrect, please retry.' ); ?>

And finally the new service.php code from NoWhereMan: (Repeated here from a post below for convenience)

<?php include 'defaults.php'; include INCLUDES_DIR .'includes.php'; // system setup: loads plugins, setups session, cookies etc. system_init(); // call the action hook 'fp-service' do_action('fp-service'); ?>

I think that was it, have fun with it :)
- CommentAuthormarcoverga86
- CommentTimeSep 30th 2008 edited
permalink
Well, if you tried it and it works, you can also add it to the wiki!!! :)
- CommentAuthorNoWhereMan
- CommentTimeSep 30th 2008
permalink
5. Add session_start(); on the very first line of the flatpress files index.php and comments.php in the main installation directory.

this shouldn't be needed.
- CommentAuthormacmathan
- CommentTimeSep 30th 2008
permalink
Posted By: marcoverga86Well, if you tried it and it works, you can also add it to thewiki!!! :)

Been there, done that. But it took some minutes to figure the wiki out :)
- CommentAuthormacmathan
- CommentTimeSep 30th 2008
permalink
Posted By: NoWhereManthis shouldn't be needed.

Doesn't work else :/
- CommentAuthorNoWhereMan
- CommentTimeSep 30th 2008
permalink
Doesn't work else :/

FP session name is set to a particular value, the captcha in securimage_show.php uses the default name, therefore it can't read the correct value.

theorethically, this should be the right way to do it

<?php include 'securimage.php'; include '../../defaults.php'; include INCLUDES_DIR .'includes.php'; $fp_config = config_load(); cookie_setup(); sess_setup(); $img = new securimage(); $img->show(); // alternate use: $img->show('/path/to/background.jpg');

but it doesn't work either. I'd not suggest to edit core files, but the less-sucking solution might be editing the fp-plugins/core/core.session.php and change the first function removing the session_name(SESS_COOKIE) line. Non that I suggest that either, really... :/
- CommentAuthormacmathan
- CommentTimeSep 30th 2008
permalink
Posted By: NoWhereMan
FP session name is set to a particular value, the captcha in securimage_show.php uses the default name, therefore it can't read the correct value.

Perhaps the securimage code is as easy to change the session name in? Any thoughts?

theorethically, this should be the right way to do it

Read the securimage installation hints
They suggests the approach I did it :)

But as said, the challenge is open if anyone finds another way to do it that is better.

(I still like the capchas as a plugin to FP though, and especially the opensource part of it)
- CommentAuthormacmathan
- CommentTimeSep 30th 2008
permalink
Posted By: NoWhereMan
<?php include 'securimage.php'; include '../../defaults.php'; include INCLUDES_DIR .'includes.php';

What file were you thinking of there?
It looks like having a FP-core file call securimage.php should work as there is a code piece in securimage.php not starting a session if there is one?
The question is probably how to call and from where? :)
- CommentAuthorNoWhereMan
- CommentTimeSep 30th 2008 edited
permalink
Perhaps the securimage code is as easy to change the session name in? Any thoughts?

that's what the code I posted tried to do

Read the securimage installation hints
They suggests the approach I did it :)

of course that's how they suggest to use it in general.
FlatPress already starts a session on its own with a custom session_name(). When the plugin is loaded, the session is already started.

The image generator is a stand-alone script (securimage_show.php) which is run through the <img src="BLAH-BLAH/fp-plugins/securimage/securimage_show.php?sid=etcetc" etc etc /> tag.

That script is not hooked into FlatPress, and therefore the session is not started properly (using the custom unique session_name())

forcing the session to start before by manually editing index.php and comments.php overrides the settings in FlatPress. Usually an error is thrown , so it's not really good. You don't see the error because during the "bootstrap" part FlatPress suppresses errors.

The "clean" way is reverting the session id to the standard one, and you get this by editing core.session.php as I said in my previous post.

What file were you thinking of there?

that snippet loads the securimage class, then your FP_ROOT/defaults.php and FP_ROOT/fp-includes/core/includes.php, so that the system can be init'ed properly.

The following three lines setup a minimal system in order to correctly start the session and hopefully make the stand-alone image script work (but it doesn't).

It looks like having a FP-core file call securimage.php should work as there is a code piece in securimage.php not starting a session if there is one?

no, that code is exactly the source of securimage_show.php (shipped with the package your plugin uses) edited to correctly load the session/cookie setup of FlatPress. Unfortunately there's probably something still conflicts. Maybe some constant is not defined properly because the securimage_show.php script is not in the flatpress root.
- CommentAuthorNoWhereMan
- CommentTimeSep 30th 2008
permalink
PS: sorry if I might sound a bit harsh here :p

one of the aim of FP when it started was giving people enough tools so they didn't have to tweak the system files manually: each time I read to "edit" index.php and such it means FP is failing :p
- CommentAuthormacmathan
- CommentTimeSep 30th 2008
permalink
Posted By: NoWhereManPS: sorry if I might sound a bit harsh here :p

It's ok, as the developer you have to keep things in line.

It's too late to dig into this tonight, but I'll digest the stuff during the week and see if I can find something, although I'm not that good with coding. :/

Does the throwing of a premature (from FP view) session (as above) hurt a lot while this kink is worked out?

(macmathan <= is not a php guru)
- CommentAuthorNoWhereMan
- CommentTimeSep 30th 2008 edited
permalink
Does the throwing of a premature (from FP view) session (as above) hurt a lot while this kink is worked out?

probably not really. but the core.session.php tweak it's better (at least it's one edit instead of two)
- CommentAuthormacmathan
- CommentTimeOct 2nd 2008
permalink
One step closer to the right solution finally :P

I have gotten it working without changing the core files of FP now by editing the securimage.php (main php-file) and change the securimage() function to include the session_name() php-function.

However there are a couple of strange phenomenas to straigten out still...

1, it doesn't work calling FP core includes as NWM suggests and confirms above, and I haven't the slightest idea of how to get the actual session name else without hardcoding it by hand in the securimage php-file.

2. securimage doesn't like session names with "-" in it seems. (I get more than one cookie/session set when trying). So to get things working as intended, I also had to edit the blogid in the FP-config file as my original id was formated like fp-12345678. (Is there any naming conventions for things like this?)

NoWhereMan and all the others, anyone with thoughts about it?
At least it gets less and less changing of FP and more and more plugin by now :)
- CommentAuthorNoWhereMan
- CommentTimeOct 3rd 2008
permalink
(Is there any naming conventions for things like this?)

not that i'm aware of :S
- CommentAuthorNoWhereMan
- CommentTimeOct 3rd 2008 edited
permalink
I've got an idea which might become useful for other thingies too

let's create a /service.php in the root of the blog.

let these be the contents:

<?php include 'defaults.php'; include INCLUDES_DIR .'includes.php'; // system setup: loads plugins, setups session, cookies etc. system_init(); // call the action hook 'fp-service' do_action('fp-service');

now, let's add to the plugin the following lines

// register an action (a function) called plugin_securimage_service to the fp-service hook add_action('fp-service', 'plugin_securimage_service'); function plugin_securimage_service() { include_once("securimage.php"); global $fp_params; // check whether URL params contain 'securimage', else skip if (!isset($fp_params['securimage'])) return; // if securimage == 'show' outputs the gif, if equals 'play' outputs the wav and quit. // Otherwise just skips. switch ($fp_params['securimage']) { case 'show' : $img = new securimage(); $img->show(); exit(); case 'play' : $img = new Securimage(); header('Content-type: audio/x-wav'); header('Content-Disposition: attachment; name="securimage.wav"'); header('Cache-Control: no-store, no-cache, must-revalidate'); header('Expires: Sun, 1 Jan 2000 12:00:00 GMT'); header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . 'GMT'); echo $img->getAudibleCode(); exit(); } }

now, let's use the proper URLs to call the captcha, which will be in the form
BLOG_BASEURL.'service.php?x=securimage:PARAMETER;sid:12312312321321' where PARAMETER is either 'play' or 'show' and SID the random sid

function plugin_securimage_comment_form() { // load plugin strings // they're located under plugin.PLUGINNAME/lang/LANGID/ $lang = lang_load('plugin:securimage'); $langstrings =& $lang['plugin']['securimage']; // echoes the question and the form part echo '<img src="'.BLOG_BASEURL.'service.php?x=securimage:show;sid:'.md5(uniqid(time())).'" id="captcha" alt="CAPTCHA image" />'; echo '<a style="border-bottom: none;" href="#" onclick="document.getElementById(\'captcha\').src = \''.BLOG_BASEURL.'service.php?x=securimage:show;sid:\' + Math.random(); return false"><img src="'.plugin_geturl('securimage').'reload.png" alt="'. $lang['plugin']['securimage']['reload'] . '" title="'. $lang['plugin']['securimage']['reload'] . '" border="0" style="vertical-align: top;" /></a>'; echo '<a style="border-bottom: none;" href="'.BLOG_BASEURL.'service.php?x=securimage:play"><img src="'.plugin_geturl('securimage').'speaker.png" alt="'. $lang['plugin']['securimage']['speaker'] . '" title="'. $lang['plugin']['securimage']['speaker'] . '" border="0" style="vertical-align: top;" /></a>'; echo ' '; echo '<label class="textlabel" for="securimagecode">'. $lang['plugin']['securimage']['prefix'] . '</label>'; echo ' <input type="text" name="captcha_code" id="securimagecode" maxlength="5"/> '; echo ''; }

PS: just tested, works like a charm
- CommentAuthormacmathan
- CommentTimeOct 3rd 2008
permalink
Posted By: NoWhereManPS: just tested, works like a charm

Comfirmed in my evironment too, with one small config twist. The path to the font in securimage.php needed to be absolute and not relative :) (Should probably have tried to keep things well declared from the start, duh!)

Thanks NoWhereMan, I'm updating the top post to be accurate and with due credit of course.
- CommentAuthormacmathan
- CommentTimeOct 3rd 2008
permalink
Posted By: macmathanI wanted a captcha (those images you have to get a headache from and enter into a form manually) for my FP-sites as a better local replacement for the Accessible Antispam plugin.

<?php /* Plugin Name: securimage Plugin URI: http://www.flatpress.org/forums/comments.php?DiscussionID=428/ Description: phpcaptcha with flatpress. Author: David MacMathan & NoWhereMan (thanks!) Version: 1.1 Author URI: http://www.flatpress.org/ */ //*** ONE CONFIGURATION NEEDED: //*** SET MAXLENGTH FOR THE FORM INPUT FIELD ACCORDING //*** TO THE SELECTION DONE IN SECURIMAGE.PHP! // register an action (a function) called plugin_securimage_service to the fp-service hook add_action('fp-service', 'plugin_securimage_service'); // register securimage actions add_action('comment_validate', 'plugin_securimage_validate', 5, 2); add_action('comment_form', 'plugin_securimage_comment_form'); function plugin_securimage_service() { include_once("securimage.php"); global $fp_params; // check whether URL params contain 'securimage', else skip if (!isset($fp_params['securimage'])) return; // if securimage == 'show' outputs the gif, if equals 'play' outputs the wav and quit. // Otherwise just skips. switch ($fp_params['securimage']) { case 'show' : $img = new securimage(); $img->show(); exit(); case 'play' : $img = new Securimage(); header('Content-type: audio/x-wav'); header('Content-Disposition: attachment; name="securimage.wav"'); header('Cache-Control: no-store, no-cache, must-revalidate'); header('Expires: Sun, 1 Jan 2000 12:00:00 GMT'); header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . 'GMT'); echo $img->getAudibleCode(); exit(); } } function plugin_securimage_validate($bool, $arr) { // if boolean $bool==false // the test is forced to fail if (!$bool) return false; // if user is loggedin we ignore the plugin if (user_loggedin()) return true; // call class for check include_once("securimage.php"); $img = new Securimage(); if ($img->check($_POST['captcha_code']) == false) { global $smarty; $lang = lang_load('plugin:securimage'); $smarty->append('error', $lang['plugin']['securimage']['error']); $ret = false; } else {$ret = true;} return $ret; } function plugin_securimage_comment_form() { // load plugin strings // they're located under plugin.PLUGINNAME/lang/LANGID/ $lang = lang_load('plugin:securimage'); $langstrings =& $lang['plugin']['securimage']; // echoes the question and the form part echo '<img src="'.BLOG_BASEURL.'service.php?x=securimage:show;sid:'.md5(uniqid(time())).'" id="captcha" alt="CAPTCHA image" />'; echo '<a style="border-bottom: none;" href="#" onclick="document.getElementById(\'captcha\').src = \''.BLOG_BASEURL.'service.php?x=securimage:show;sid:\' + Math.random(); return false"><img src="'.plugin_geturl('securimage').'reload.png" alt="'. $lang['plugin']['securimage']['reload'] . '" title="'. $lang['plugin']['securimage']['reload'] . '" border="0" style="vertical-align: top;" /></a>'; echo '<a style="border-bottom: none;" href="'.BLOG_BASEURL.'service.php?x=securimage:play"><img src="'.plugin_geturl('securimage').'speaker.png" alt="'. $lang['plugin']['securimage']['speaker'] . '" title="'. $lang['plugin']['securimage']['speaker'] . '" border="0" style="vertical-align: top;" /></a>'; echo ' '; echo '<label class="textlabel" for="securimagecode">'. $lang['plugin']['securimage']['prefix'] . '</label>'; echo ' <input type="text" name="captcha_code" id="securimagecode" maxlength="5"/> '; echo ''; }

NOTE: The code above is coded to look for two images in the plugin directory (reload.png and speaker.png). Make your own, they are not included :)
- CommentAuthormat
- CommentTimeJan 12th 2009
permalink
Can you create one archive containing complete plugin (working version :-) and post it somewhere? Thanks a lot...
- CommentAuthormacmathan
- CommentTimeJan 12th 2009 edited
permalink
Posted By: matCan you create one archive containing complete plugin (working version :-) and post it somewhere? Thanks a lot...

Sure, but i'll need a little time to make it, or in more clear words - look that my own files (taken from the actual production sites) are cleaned from any installation specific data and correctly documented.

~~I'll try to get a tgz- alternatively bz2-compressed file up for download at one of my domains soon (should be done this week) and will post the link here when it's available.~~

Fast on the keyboard today :)

The plugin is available as a tarball (tgz) together with the documentation on this thread on the link http://macmathan.info/index.php/2009/01/12/captcha/
- CommentAuthormat
- CommentTimeJan 20th 2009
permalink
Perfect! Thanks...

One tip: file secureimage.php
Put into constructor (approx. line 427) following code
$this->ttf_file = dirname(__FILE__) . "/CornFed.ttf";
And user won't have to set up absolute path manualy...took me some time to find out why the image is not loading... :-)
- CommentAuthormacmathan
- CommentTimeJan 20th 2009 edited
permalink
Posted By: mat
$this->ttf_file = dirname(__FILE__) . "/CornFed.ttf";

I said in the rewritten instructions on my page that:
3. configure securimage.php (explained inside the file). Put the path to the font file as an absolute path. (In other words, specify it from the root like /home/myaccount/www/fp-plugins/securimage/font.ttf)

That was to make sure the image did load (Yes I had some issues with that too)

But your way was a nice way to solve that problem! Thanks.
- CommentAuthormacmathan
- CommentTimeFeb 5th 2009
permalink
For xhtml strict validation you need to use style instead of border for the two small images so...

// echoes the question and the form part echo '<img src="'.BLOG_BASEURL.'service.php?x=securimage:show;sid:'.md5(uniqid(time())).'" id="captcha" alt="CAPTCHA image" />'; echo '<a style="border-bottom: none;" href="#" onclick="document.getElementById(\'captcha\').src = \''.BLOG_BASEURL.'service.php?x=securimage:show;sid:\' + Math.random(); return false"><img src="'.plugin_geturl('securimage').'reload.png" alt="'. $lang['plugin']['securimage']['reload'] . '" title="'. $lang['plugin']['securimage']['reload'] . '" style="border: none; vertical-align: top;" /></a>'; echo '<a style="border-bottom: none;" href="'.BLOG_BASEURL.'service.php?x=securimage:play"><img src="'.plugin_geturl('securimage').'speaker.png" alt="'. $lang['plugin']['securimage']['speaker'] . '" title="'. $lang['plugin']['securimage']['speaker'] . '" style="border: none; vertical-align: top;" /></a>'; echo ' '; echo '<label class="textlabel" for="securimagecode">'. $lang['plugin']['securimage']['prefix'] . '</label>'; echo ' <input type="text" name="captcha_code" id="securimagecode" maxlength="5"/> '; echo '';

My err :)
- CommentAuthorNoWhereMan
- CommentTimeFeb 5th 2009
permalink
even better: use css and classes

1 to 23 of 23

FlatPress forums

Categories

Welcome, Guest

Feeds

Plugins: Securimage plugin (phpCaptcha)