Captcha image for registration and login

Discussion regarding Joomla! 1.5 security issues.
Joomla! Vulnerable Extensions: http://feeds.joomla.org/JoomlaSecurityV ... Extensions

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Locked
borexino
Joomla! Apprentice
Joomla! Apprentice
Posts: 22
Joined: Wed Dec 26, 2007 11:15 pm

Captcha image for registration and login

Post by borexino » Thu Feb 14, 2008 3:17 pm

Hi to all!
I need a component for create captcha image for registration adn login.
Now I try to use kcaptcha. I find this hack for joomla 1.1.x but i had modified it for joomla 1.5. At the moment the problem is only the validation of image.

http://physicist.phpnet.us/2007/07/13/c ... word-form/

who help me?

borexino
Joomla! Apprentice
Joomla! Apprentice
Posts: 22
Joined: Wed Dec 26, 2007 11:15 pm

Re: Captcha image for registration and login

Post by borexino » Thu Feb 14, 2008 6:03 pm

Solved! :D
This is my hack for joomla 1.5.x
Download Kcaptcha from HERE and unzip the folder into your root (/)
Configure the kcaptcha: It is possible to change options of the script in a file /kcaptcha/kcaptcha_config.php. You can test the kcaptcha opening http://yoursite/kcaptcha/index.php?

After mod your joomla index.php as follow (around line 17 & EndOfFile):

Code: Select all

<?php
/**
* @version		$Id: index.php 9764 2007-12-30 07:48:11Z ircmaxell $
* @package		Joomla
* @copyright	Copyright (C) 2005 - 2008 Open Source Matters. All rights reserved.
* @license		GNU/GPL, see LICENSE.php
* Joomla! is free software. This version may have been modified pursuant
* to the GNU General Public License, and as distributed it includes or
* is derivative of works licensed under the GNU General Public License or
* other free or open source software licenses.
* See COPYRIGHT.php for copyright notices and details.
*/

// Set flag that this is a parent file
define( '_JEXEC', 1 );

//HACK START HERE
session_start();
if(isset($_SESSION['captcha_keystring'])&&($_SESSION['captcha_keystring']==$_POST['captcha']))
	$_POST['captcha']=1;
else
	$_POST['captcha']=0;
session_destroy();

//HACK STOP HERE BUT YOU GO TO THE END OF THIS FILE

define('JPATH_BASE', dirname(__FILE__) );

define( 'DS', DIRECTORY_SEPARATOR );
.
.
.
.
.
/*END OF FILE*/

/* CLOSE THE SESSION */
JSession::close();

/**
 * RETURN THE RESPONSE
 */
echo JResponse::toString($mainframe->getCfg('gzip'));

After mod the controller.php into ./components/com_user/controller.php
In this file you must mod the login and registration functions
Find the function login and mod like this (around line 114):

Code: Select all

.
.
.
.

function login()
	{

//START HERE
		if(1!==$_POST['captcha'])
		{
		// To raise a warning
			JError::raiseWarning( "Uno", "Devi inserire correttamente il testo riportato sull'immagine! Tenta di nuovo!!", "Tre" );
			$this->setRedirect('index.php?');
			return false;
		}
//STOP HERE

		// Check for request forgeries
		JRequest::checkToken() or die( 'Invalid Token' );

		global $mainframe;
.
.
.
.

... Now mod registration function (around line 237)

Code: Select all

.
.
.
.
.
	function register_save()
	{
		global $mainframe;

		// Check for request forgeries
		JRequest::checkToken() or die( 'Invalid Token' );

		// Get required system objects
		$user 		= clone(JFactory::getUser());
		$pathway 	=& $mainframe->getPathway();
		$config		=& JFactory::getConfig();
		$authorize	=& JFactory::getACL();
		$document   =& JFactory::getDocument();

//START HERE
		if(1!==$_POST['captcha'])
		{

			// To raise a warning
			JError::raiseWarning( "Uno", "Devi inserire correttamente il testo riportato sull'immagine! Tenta di nuovo!!", "Tre" );
			$this->setRedirect('index.php?option=com_user&task=register');
			return false;
		}

//STOP HERE
.
.
.
.

Now you must mod the the defaulf file of the components for show the capcha image
For mod the registration module you must open ./components/com_user/views/register/tmpl/default.php (around line 80)

Code: Select all

.
.
.
.
<tr>
	<td colspan="2" height="40">
		<?php echo JText::_( 'REGISTER_REQUIRED' ); ?>
	</td>
</tr>
<td>
<!--INIZIO HACK-->


<?php //session_start(); ?>
			<label for="captcha">Inserisci il testo che vedi:</label>
			<br />
			<input type="text" name="captcha" class="inputbox" size="20" id="captcha" />
			<br />
			<img src="kcaptcha/index.php?<?php echo session_name()?>=<?php echo session_id(); ?>" />


<!--FINE HACK-->
</td>
</table>
	<button class="button validate" type="submit"><?php echo JText::_('Register'); ?></button>
	<input type="hidden" name="task" value="register_save" />
	<input type="hidden" name="id" value="0" />
	<input type="hidden" name="gid" value="0" />
	<?php echo JHTML::_( 'form.token' ); ?>
</form>

<!-- END OF FILE -->
After mod the login module into ./modules/mod_login/tmpl/default.php (around line 37)

Code: Select all

	<?php if(JPluginHelper::isEnabled('system', 'remember')) : ?>
	<p id="form-login-remember">
		<label for="modlgn_remember"><?php echo JText::_('Remember me') ?></label>
		<input id="modlgn_remember" type="checkbox" name="remember" class="inputbox" value="yes" alt="Remember Me" />
	</p>

	<!--INIZIO HACK-->

<label for="captcha">Inserisci il testo che vedi:</label>
			<br />
			<img src="kcaptcha/index.php?<?php echo session_name()?>=<?php echo session_id(); ?>" />
			<br />
			<input type="text" name="captcha" class="inputbox" size="20" id="captcha" />


<!--FINE HACK-->


	<?php endif; ?>
It's all!! :laugh: :laugh:

Congratulations!!!!

tarkin789
Joomla! Apprentice
Joomla! Apprentice
Posts: 47
Joined: Mon Aug 14, 2006 6:54 am

Re: Captcha image for registration and login

Post by tarkin789 » Thu Aug 14, 2008 11:30 am

Hi - this is very helpful!

Could you also give instructions for modifying com_contact? I would like to use this in the contact form, that is my main security concern.

Thank you.

User avatar
sheva77
Joomla! Explorer
Joomla! Explorer
Posts: 274
Joined: Wed Jun 14, 2006 2:47 pm
Contact:

Re: Captcha image for registration and login

Post by sheva77 » Thu Aug 14, 2008 12:37 pm

you can use some form extension like the one in my signature!
Max
ChronoForms For all your Joomla forms needs, ChronoConnectivity for Data Management tasks, ChronoForums is a leading free Joomla forums extension:
http://www.ChronoEngine.com

tarkin789
Joomla! Apprentice
Joomla! Apprentice
Posts: 47
Joined: Mon Aug 14, 2006 6:54 am

Re: Captcha image for registration and login

Post by tarkin789 » Thu Aug 14, 2008 2:32 pm

thanks max, but I don't need any more functionality than what com_contact offers - except captcha support! I've tried so many of hte extensions in the JED and just can't get them working. I had success with kcaptcha with Joomla 1.0, so I'm hoping borexino can give the same step by step guidance on how to get kcaptcha working with com_contact in Joomla 1.5. Or if you have any suggestions, I'm all ears!

User avatar
sheva77
Joomla! Explorer
Joomla! Explorer
Posts: 274
Joined: Wed Jun 14, 2006 2:47 pm
Contact:

Re: Captcha image for registration and login

Post by sheva77 » Thu Aug 14, 2008 5:11 pm

I have no suggestions on hacking core components because simply by the next joomla upgrade, you may lose them, but I'm sure its not that hard however, while developing Chronoforms for J1.5, we always faced session issues with J1.5 which is the core for captcha (the sessions i mean), the best solution was using J1.5 sessions handlers which may not be an easy task when you hack the files, you can keep looking for a solution with com_contact or try Chronoforms and look at our forums or post a message for help if needed!

Cheers

Max
Max
ChronoForms For all your Joomla forms needs, ChronoConnectivity for Data Management tasks, ChronoForums is a leading free Joomla forums extension:
http://www.ChronoEngine.com

borexino
Joomla! Apprentice
Joomla! Apprentice
Posts: 22
Joined: Wed Dec 26, 2007 11:15 pm

Re: Captcha image for registration and login

Post by borexino » Thu Aug 14, 2008 6:39 pm

I am very happy that this topic has been helpful! Although at the time was only useful to you ahahahahah ;) ;) ;)
I hope that our future will be integrated realase captcha, also starting from my Hack.
In these days I am in holiday, but I hope that I can help you in September. It should not be very difficult!! ??? ???

However I hope that this feature will become native in the next release... :'( :'(

Good summer
David

borexino
Joomla! Apprentice
Joomla! Apprentice
Posts: 22
Joined: Wed Dec 26, 2007 11:15 pm

Re: Captcha image for registration and login

Post by borexino » Sat Sep 13, 2008 9:28 am

This is the hack for con_contact:

..\components\com_contact\controller.php
aroud line 165:

Code: Select all

			// Prepare email body
			$prefix = JText::sprintf('ENQUIRY_TEXT', JURI::base());
			$body 	= $prefix."\n".$name.' <'.$email.'>'."\r\n\r\n".stripslashes($body);

			$mail = JFactory::getMailer();

			$mail->addRecipient( $contact->email_to );
			$mail->setSender( array( $email, $name ) );
			$mail->setSubject( $FromName.': '.$subject );
			$mail->setBody( $body );
//START HERE
      if(1!==$_POST['captcha'])
      {
      // To raise a warning
         JError::raiseWarning( "Uno", "Devi inserire correttamente il testo riportato sull'immagine! Tenta di nuovo!!", "Tre" );
         $this->setRedirect('index.php?');
         return false;
      }
//STOP HERE
			$sent = $mail->Send();

			/*
			 * If we are supposed to copy the admin, do so.
			 */
			// parameter check



After mod this file ..\components\com_contact\views\contact\tmpl\default_form.php like this
around line 64

Code: Select all

				<input type="checkbox" name="email_copy" id="contact_email_copy" value="1"  />
				<label for="contact_email_copy">
					<?php echo JText::_( 'EMAIL_A_COPY' ); ?>
				</label>
			<?php endif; ?>

		<!--INIZIO HACK-->

		<?php //session_start(); ?>
         <label for="captcha">Inserisci il testo che vedi:</label>
         <br />
         <input type="text" name="captcha" class="inputbox" size="20" id="captcha" />
         <br />
         <img src="kcaptcha/index.php?<?php echo session_name()?>=<?php echo session_id(); ?>" />

		<!--FINE HACK-->


			<br />
			<br />

			<button class="button validate" type="submit"><?php echo JText::_('Send'); ?></button>
		</div>

It's all! I try this hack on joomla 1.5.6

Bye

trilateral
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Sun Sep 14, 2008 7:18 am

Re: Captcha image for registration and login

Post by trilateral » Sun Sep 14, 2008 7:24 am

Thanks a million borexino. Your solution worked perfectly! :)

Mitja Bonca
Joomla! Intern
Joomla! Intern
Posts: 80
Joined: Fri Jan 09, 2009 2:49 pm
Contact:

Re: Captcha image for registration and login

Post by Mitja Bonca » Wed Jan 21, 2009 10:40 pm

Is this the same component (module) as GD CAPTCHA?
Cause I would like to put it into joomla login component (when you register and there has to be a visual confirmation window). Is thisi it?
And I have phpbb forum installed, which has GD CAPTCHA already in it`s registration form. Will there be no problems between them? Or I can use the one from the pbpbb in joomla login component? If so, how?
thx
http://www.skywalker.si - Mitja Bonca webiste

borexino
Joomla! Apprentice
Joomla! Apprentice
Posts: 22
Joined: Wed Dec 26, 2007 11:15 pm

Re: Captcha image for registration and login

Post by borexino » Thu Jan 22, 2009 9:23 am

Hi
this is only hack not module. I never tried GD module but i think that u don't have any problem with your GD module installed in Phpbb!

Have fun!!

User avatar
pedrosoft
Joomla! Apprentice
Joomla! Apprentice
Posts: 5
Joined: Tue Aug 07, 2007 8:05 pm

Re: Captcha image for registration and login

Post by pedrosoft » Sat Feb 07, 2009 8:29 pm

Hi borexino!

Do I have to open session in joomla index.php or you can do it directly in the component that will use kcaptcha (as it did Physicist for joomla 1.0)?

borexino
Joomla! Apprentice
Joomla! Apprentice
Posts: 22
Joined: Wed Dec 26, 2007 11:15 pm

Re: Captcha image for registration and login

Post by borexino » Sun Feb 08, 2009 7:58 am

pedrosoft wrote:Hi borexino!

Do I have to open session in joomla index.php or you can do it directly in the component that will use kcaptcha (as it did Physicist for joomla 1.0)?
The session is started into index.php

Girevik
Joomla! Apprentice
Joomla! Apprentice
Posts: 11
Joined: Thu Feb 19, 2009 1:11 pm
Contact:

Re: Captcha image for registration and login

Post by Girevik » Thu Feb 19, 2009 1:19 pm

I have problem with hack for registration :(
After using this hack mod_login doesn't work
My website reload only, login not work...
Why???

borexino
Joomla! Apprentice
Joomla! Apprentice
Posts: 22
Joined: Wed Dec 26, 2007 11:15 pm

Re: Captcha image for registration and login

Post by borexino » Fri Feb 20, 2009 6:30 am

Girevik wrote:I have problem with hack for registration :(
After using this hack mod_login doesn't work
My website reload only, login not work...
Why???
you mast mod all files i try hack on joomla 1.5.5- 1.5.6 - 1.5.7

Girevik
Joomla! Apprentice
Joomla! Apprentice
Posts: 11
Joined: Thu Feb 19, 2009 1:11 pm
Contact:

Re: Captcha image for registration and login

Post by Girevik » Fri Feb 20, 2009 6:59 am

I was mod all files:
index.php
./components/com_user/controller.php
./components/com_user/views/register/tmpl/default.php
./modules/mod_login/tmpl/default.php
what else??

borexino
Joomla! Apprentice
Joomla! Apprentice
Posts: 22
Joined: Wed Dec 26, 2007 11:15 pm

Re: Captcha image for registration and login

Post by borexino » Fri Feb 20, 2009 10:08 am

Girevik wrote:I was mod all files:
index.php
./components/com_user/controller.php
./components/com_user/views/register/tmpl/default.php
./modules/mod_login/tmpl/default.php
what else??
Ummmh i don't know sorry! This hack work perfectly with 1.5.5, 1.5.6, 1.5.7. I don't try this mod with another version.
i think or your version of joomla is incopatible with this hack, or you haven't perfectly mod the files.

Good Luck

Girevik
Joomla! Apprentice
Joomla! Apprentice
Posts: 11
Joined: Thu Feb 19, 2009 1:11 pm
Contact:

Re: Captcha image for registration and login

Post by Girevik » Fri Feb 20, 2009 11:04 am

My version of joomla 1.5.7

Girevik
Joomla! Apprentice
Joomla! Apprentice
Posts: 11
Joined: Thu Feb 19, 2009 1:11 pm
Contact:

Re: Captcha image for registration and login

Post by Girevik » Tue Feb 24, 2009 6:21 am

all work without mod mod_login ;)
thank you for topic

outsource
Joomla! Apprentice
Joomla! Apprentice
Posts: 46
Joined: Wed Sep 30, 2009 6:11 pm
Contact:

Re: Captcha image for registration and login

Post by outsource » Thu Mar 11, 2010 4:40 pm

for those who are looking for a captcha for contactus ,registration and login form try this
[mod deleted my self promotion link]
Last edited by mandville on Thu Mar 11, 2010 5:21 pm, edited 1 time in total.
Reason: self promotion is against forum rules http://forum.joomla.org/viewtopic.php?f=8&t=65
Best regards
Sreekanth Dayanand
http://www.outsource-online.net

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 15091
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: Captcha image for registration and login

Post by mandville » Thu Mar 11, 2010 5:22 pm

outsource wrote:for those who are looking for a captcha for contactus ,registration and login form try this
[mod deleted my self promotion link]
Any posts deemed to be self promotion, advertising, or spam can and will be removed. NO SPAM - NO ADVERTISING eg. Posting and making excessive, inappropriate and unnecessary references to your products and websites is self promotion.
Posting in such an old topic is also not a good idea.

Captcha extensions vailable at
http://extensions.joomla.org/extensions ... ty/captcha

Topic locked to prevent further misuses
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}


Locked

Return to “Security in Joomla! 1.5”