1
vamptrix
Webinstall and reCaptcha
  • 2008/11/13 8:14

  • vamptrix

  • Theme Designer

  • Posts: 424

  • Since: 2008/5/3 1


Well I've asked for reCaptcha before, but probably at the wrong place. The Captcha in the XOOPS core is too easy and can be worked around in a few secs. It would be alot better to support reCaptcha and let it be activated in a few seconds, by just entering your API-key in the System Module => Captcha or something, so your site will be protected many times better.

The Webinstall: this should be 1 file which downloads all of XOOPS files on the webserver and which installs more easily for new users as they don't have to worry as much about uploading files, much like the SMF webinstall (fully below this page: http://www.simplemachines.org/download/). In this way we might also be able to download packages like modules and themes easier. This is a lot of work, I know that, but this isn't something impossible: it's something that makes SMF good, and if XOOPS uses a simular system it would become a WHOLE lot easier and therefore better. (the current way should stay though)

I hope somebody agrees with my ideas ^^
I used to use this account, but no longer.

2
fiammy
Re: Webinstall and reCaptcha
  • 2008/12/9 18:44

  • fiammy

  • Just popping in

  • Posts: 19

  • Since: 2003/1/14


reCaptcha : that could be turned into a module, and hooks into the core. This might be difficult however.

Webinstall : if you want some security, you will need to devise a way to store hash signatures on a server, with the webinstall verifying if the signatures match before proceeding with the install.
Doing that might also give the impression to users that you vouch for the files that you distribute, making them come to you when a badly written module screws up their site, or makes it vulnerable.
Making XOOPS easier to install will lower the barrier, and will create an influx of users that in many cases don't have a clue what they're doing. The number of support requests will certainly rise sharply.
I'm not saying not to do it. Having an easy setup routine is great. XOOPS needs the resources (time, people and bandwidth) to make it work as smoothly and professionally as possible.

3
alfred
Re: Webinstall and reCaptcha
  • 2009/11/14 12:53

  • alfred

  • Quite a regular

  • Posts: 249

  • Since: 2005/10/29


reCaptcha :
http://www.myxoops.org/forum/newtopic.php?forum=13
(Scroll to bottom)

is this OK
i have added reCaptcha into /captcha

4
Mamba
Re: Webinstall and reCaptcha
  • 2009/11/14 14:01

  • Mamba

  • Moderator

  • Posts: 11409

  • Since: 2004/4/23


Do you have steps to patch XOOPS it order to make reCaptcha the default?

We would need one for 2.3.3 and one for 2.4.1

5
ghia
Re: Webinstall and reCaptcha
  • 2009/11/14 16:32

  • ghia

  • Community Support Member

  • Posts: 4953

  • Since: 2008/7/3 1


Ok this is my take on adding the recaptcha.
It is pure alpha, nothing tested, simply written by the instructions of ReCaptcha for PHP. All operations are done in /class/captcha/ and all needed things are in the link above.
-1- download the Recaptcha and extract recaptchalib.php
-2- register and obtain an API key
-3- modify config.php and fill in your private key
return $config = array(
    
"disabled"              => false,                   // Disable CAPTCHA
    
"mode"                  => 'recaptcha',             // default mode  image, text or recaptcha
    
"name"                  => 'xoopscaptcha',          // captcha name
    
"skipmember"            => true,                    // Skip CAPTCHA check for members
    
"maxattempt"            => 10,                      // Maximum attempts for each session
    
"num_chars"             => 4,                       // Maximum characters
    
"rule_text"             => _CAPTCHA_RULE_TEXT,
    
"maxattempt_text"       => _CAPTCHA_MAXATTEMPTS,
    
"private_key"           => 'myAPIkey'
    
);
?>

-4- add config.recaptcha.php and fill in your public key

return $config = array(
    
"public_key"           => 'myAPIkey'
    
);
?>

-5- add recaptcha.php

class XoopsCaptchaRecaptcha extends XoopsCaptchaMethod
{

    
    function 
__construct($handler null)
    {
        
parent::__construct($handler);
        
parent::loadConfig('recaptcha');
    }
    
    function 
XoopsCaptchaImage($handler null)
    {
        
$this->__construct($handler);
    }
    
    function 
isActive()
    {
        
        return 
true;
    }
    
    function 
render()
    {
        
$image $this->loadImage();
        return 
$image '';
    }

    function 
loadImage()
    {
        require_once(
XOOPS_ROOT_PATH '/class/captcha/'.'recaptchalib.php');
        
$publickey $this->config["public_key"]; // you got this from the signup page see config.captcha.php
        
$ret recaptcha_get_html($publickey);
       
        return 
$ret;
    }
}
?>

-6- insert
// Verify the ReCaptcha code
        
} elseif ($this->config["mode"] == 'recaptcha') {
            require_once(
XOOPS_ROOT_PATH '/class/captcha/'.'recaptchalib.php');
            
$privatekey $this->config["private_key"] ;
            
$resp recaptcha_check_answer ($privatekey,
                                
$_SERVER["REMOTE_ADDR"],
                                
$_POST["recaptcha_challenge_field"],
                                
$_POST["recaptcha_response_field"]);
            if (!
$resp->is_valid) {
              
$this->message[] = $resp->error;
            }
            else {
              
$is_valid true;
            }
        
// Verify the code Captcha

before
} elseif (!empty($_SESSION["{$sessionName}_code"])) {
            
$func = !empty($this->config["casesensitive"]) ? "strcmp" "strcasecmp";
            
$is_valid = ! $functrim(@$_POST[$sessionName]), $_SESSION["{$sessionName}_code"] );
        }
in xoopscaptcha.php

You need also to change:
$this->path_plugin XOOPS_ROOT_PATH "/Frameworks/captcha";

to
$this->path_plugin XOOPS_ROOT_PATH '/class/captcha';

in xoopscaptcha.php

-7- test


Edit: corrected include path and made it clearer for public and private keys.
- Added correction for Frameworks relic

6
alfred
Re: Webinstall and reCaptcha
  • 2009/11/14 19:57

  • alfred

  • Quite a regular

  • Posts: 249

  • Since: 2005/10/29


my config.recaptcha.php

Quote:

return $config = array(
'disabled' => false, // Disable CAPTCHA
'mode' => 'recaptcha', // default mode
'publickey' => "",
'privatekey' => "",
'theme' => 'white', // 'red' | 'white' | 'blackglass' | 'clean' | 'custom'
'lang' => 'de' );


my recaptcha.php

Quote:

defined('XOOPS_ROOT_PATH') or die('Restricted access'); require_once(XOOPS_ROOT_PATH.'/class/captcha/recaptcha/recaptchalib.php');
class XoopsCaptchaRecaptcha extends XoopsCaptchaMethod {
function render() {

parent::render();
parent::loadConfig('recaptcha');

$form = "";
$form .= recaptcha_get_html($this->config['publickey']);
return $form;
}
}


add to xoopscaptcha.php into function verify()

Quote:


} else if (!empty($_POST["recaptcha_response_field"])) {
require_once(XOOPS_ROOT_PATH.'/class/captcha/recaptcha/recaptchalib.php');
require_once(XOOPS_ROOT_PATH.'/class/captcha/config.recaptcha.php');
$resp = recaptcha_check_answer ($config['privatekey'],
$_SERVER["REMOTE_ADDR"],
$_POST["recaptcha_challenge_field"],
$_POST["recaptcha_response_field"]);
$is_valid = $resp->is_valid;



7
ghia
Re: Webinstall and reCaptcha
  • 2009/11/14 22:08

  • ghia

  • Community Support Member

  • Posts: 4953

  • Since: 2008/7/3 1


I did some little tweaks to my previous code and it works!

Now the addional fine tweaks for some configuration options as showed by dhsoft (theme and language integration) and it should be usable.

8
Mamba
Re: Webinstall and reCaptcha
  • 2009/11/14 22:48

  • Mamba

  • Moderator

  • Posts: 11409

  • Since: 2004/4/23


Ghia & Dhsoft, thank you so much for your work on this.

Is this for any specific XOOPS version, or is it for any version?

9
ghia
Re: Webinstall and reCaptcha
  • 2009/11/14 22:54

  • ghia

  • Community Support Member

  • Posts: 4953

  • Since: 2008/7/3 1


Mine was tested on 2.4.0 (2.4.1 should go also)
AFAIK for 2.3.3 the same modifcations should go in /Frameworks/captcha/ but not tested nor verified.

10
Mamba
Re: Webinstall and reCaptcha
  • 2009/11/16 5:32

  • Mamba

  • Moderator

  • Posts: 11409

  • Since: 2004/4/23


Tested on 2.4.1 and it works!

Thank you Ghia and Dhsoft for your work on this!!!

Login

Who's Online

255 user(s) are online (129 user(s) are browsing Support Forums)


Members: 0


Guests: 255


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits