Captcha (Visual Confirmation) for adding comments

[Abbas Ali]

Recently i saw a lot of comment spamming on my personal gallery by bots. I thought why not implement the captcha for adding comments. I know that i can disallow Anonymous user to post comments to stop spamming but many of us don't want to do that since there are always genuine anonymous users who want to post comments.

Thanks to Edward Eliot for PhpCaptcha class which is used by this mod.

What will this mod do?

• Will show an image with some text while adding comment
• User will be required to enter the text exactly as shown in image in the text box provided
• If the text entered by user doesn't matches with text shown on image then comment won't be added

The mod

Files modified

• db_input.php
• themes/yourtheme/theme.php
• lang/english.php

New Files

• captcha.php
• include/captcha.class.php
• fonts

First extract the attached zip file and place captcha.php and fonts directory in your coppermine root directory. Place captcha.class.php in include directory.

Then edit lang/english.php

Add

Code Select Expand


'captcha_error' => 'The confirmation code didn\'t matched',


just after

Code Select Expand


'non_exist_comment' => 'The selected comment does not exist', //cpg1.4


Add

Code Select Expand


'confirm' => 'Confirmation',


just after

Code Select Expand


'report_comment_title' => 'Report this comment to the administrator', //cpg1.4


##############

Edit themes/yourtheme/theme.php

Add

Code Select Expand


'{CONFIRM}' => $lang_display_comments['confirm'],


just after

Code Select Expand


'{COMMENT}' => $lang_display_comments['comment'],


Add

Code Select Expand


<tr>
  <td class="tableb_compact" colspan="2">
    {CONFIRM}
  </td>
  <td class="tableb_compact" colspan="2">
    <input type="text" name="confirmCode" size="5" class="textinput"> <img src="captcha.php" align="middle">
  </td>
</tr>


just after

Code Select Expand


<!-- END input_box_no_smilies -->
                                </td>
                                <td class="tableb_compact">
                                <input type="hidden" name="event" value="comment" />
                                <input type="hidden" name="pid" value="{PIC_ID}" />
                                <input type="submit" class="comment_button" name="submit" value="{OK}" />
                                </td></tr>


##################

Edit db_input.php

Add

Code Select Expand


        require("include/captcha.class.php");
        if (!PhpCaptcha::Validate($_POST['confirmCode'])) {
          cpg_die(ERROR, "Confirmation code didn't matched", __FILE__, __LINE__);
        }


just after

Code Select Expand


    case 'comment':
        if (!(USER_CAN_POST_COMMENTS)) cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);



That's it. Hope this helps some of you out there....


Abbas

P.S: I don't know whether this can be done using a plugin or not. If someone can come out with a plugin then it will be better.



[edit GauGau 2007-04-05]
This wonderful mod has been turned into a plugin that you should try out as well: coppermine-gallery.net > Support > cpg1.4.x Support > cpg1.4 plugins > cpg1.4 plugin contributions >Captcha (Visual Confirmation) for adding comments
[/edit]

[Tranz]

Thanks, Abbas! Very useful mod.  I had to disable comments due to the crazy spamming. Let's see how it goes now.

[Dr Preacox]

Hmm do you have a demo? I know how it would look in my head, but on CPG I havn't the foggiest ... either way its a good mod, I might install it

[majay]

Hi,

I just discovered Abbas' mod to add a security code to comments, and I have been trying to find a way to apply it to the user registration form. I'm simply experimenting, to see if it could work.
Here is the mod: http://forum.coppermine-gallery.net/index.php?topic=29564.0

First, I added the captcha_error and the confirm bits from the language file under lang_register_php instead of lang_display_xxx.

So far, by adding the <tr> code in register.php, I have managed to make the Captcha appear fine on my registration page in several ways (under the Submit button, under both "required_info" and "optional_info" labels, under the password field), but no matter where I put it, the registration process does not take it into account. Ie if the verifiaction code doesn't match the image, CPG won't detect the error and the registration will go through anyway. 

I tried to insert the following code between the "password_verification" and "email" rows, just to see what would happen:

Code Select Expand

EOT;
break;
<tr>
  <td class="tableb_compact" colspan="2">
    {$lang_register_php['confirm']}
<br>
    <input type="text" name="confirmCode" size="5" class="textinput"> <img src="captcha.php" align="middle">
  </td>
</tr>

But that caused an error, as it is obviously incomplete and I assume that changes should be made within the $form_data = array( bit and perhaps the function check_user_info(&$error) bit.

I don't know enough about PHP to know what I should change/add, so I was wondering if anybody might have an idea of what should be done? Or if you think that what I'm trying to achieve is too complicated and requires real knowledge of PHP, please let me know.

Thank you!

[Joachim Müller]

This thread deals with a particular mod, please don't clutter it by asking for an entirely different mod.

[Abbas Ali]

Hmm do you have a demo? I know how it would look in my head, but on CPG I havn't the foggiest ... either way its a good mod, I might install it

This is how it looks http://www.abbasali.net/photos/displayimage.php?pid=70

@Morgane: Start a new thread for discussing captcha on registration page.

[Dr Preacox]

Thanxs Abbas, nice mod, may I suggest changing the TAB index so you can tab to submit after you enter the confirmation code, and also moving the submit button after the Captcha Image?

[Abbas Ali]

Sure why not... you can modify the code to whatever your needs be.

[Dr Preacox]

Oh I guess I could do that 

I'll modify this post once im done

[mqcarpenter]

I do not want to sound like a total newb moron, but I just upgraded to 1.4.8 and the upgrade instructions basically have the theme.php blank. The content referenced here is not in that file. In fact, here is my theme.php content:

Code Select Expand

<?php
/*************************
  Coppermine Photo Gallery
  ************************
  Copyright (c) 2003-2006 Coppermine Dev Team
  v1.1 originally written by Gregory DEMAR

  This program is free software; you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
  the Free Software Foundation; either version 2 of the License, or
  (at your option) any later version.
  ********************************************
  Coppermine version: 1.4.8
  $Source:
  $Revision:
  $Author:
  $Date:
**********************************************/
define('THEME_HAS_RATING_GRAPHICS', 1);
define('THEME_HAS_NAVBAR_GRAPHICS', 1);
define('THEME_HAS_FILM_STRIP_GRAPHIC', 1);
// HTML template for template sys_menu spacer
$template_sys_menu_spacer ="|";
?>


This is per the instructions. I am trying to do a deep search to find where the theme.php code you mention is so I can implement this. Is it in another theme file? TIA

[Joachim Müller]

If the section in question doesn't exist in your custom theme, copy the corresponding section from themes/sample/theme.php into themes/yourtheme/theme.php and then modify as suggested. In your case, paste

Code Select Expand

// Displays comments for a specific picture
function theme_html_comments($pid)
{
    global $CONFIG, $USER, $CURRENT_ALBUM_DATA, $comment_date_fmt, $HTML_SUBST;
    global $template_image_comments, $template_add_your_comment, $lang_display_comments;

    $html = '';

//report to moderator buttons
    if (!(($CONFIG['report_post']==1) && (USER_CAN_SEND_ECARDS))) {
        template_extract_block($template_image_comments, 'report_comment_button');
    }

    if (!$CONFIG['enable_smilies']) {
        $tmpl_comment_edit_box = template_extract_block($template_image_comments, 'edit_box_no_smilies', '{EDIT}');
        template_extract_block($template_image_comments, 'edit_box_smilies');
        template_extract_block($template_add_your_comment, 'input_box_smilies');
    } else {
        $tmpl_comment_edit_box = template_extract_block($template_image_comments, 'edit_box_smilies', '{EDIT}');
        template_extract_block($template_image_comments, 'edit_box_no_smilies');
        template_extract_block($template_add_your_comment, 'input_box_no_smilies');
    }

    $tmpl_comments_buttons = template_extract_block($template_image_comments, 'buttons', '{BUTTONS}');
    $tmpl_comments_ipinfo = template_extract_block($template_image_comments, 'ipinfo', '{IPINFO}');

    if ($CONFIG['comments_sort_descending'] == 1) {
        $comment_sort_order = 'DESC';
    } else {
        $comment_sort_order = 'ASC';
    }
    $result = cpg_db_query("SELECT msg_id, msg_author, msg_body, UNIX_TIMESTAMP(msg_date) AS msg_date, author_id, author_md5_id, msg_raw_ip, msg_hdr_ip, pid FROM {$CONFIG['TABLE_COMMENTS']} WHERE pid='$pid' ORDER BY msg_id $comment_sort_order");

    while ($row = mysql_fetch_array($result)) {
        $user_can_edit = (GALLERY_ADMIN_MODE) || (USER_ID && USER_ID == $row['author_id'] && USER_CAN_POST_COMMENTS) || (!USER_ID && USER_CAN_POST_COMMENTS && ($USER['ID'] == $row['author_md5_id']));
        $comment_buttons = $user_can_edit ? $tmpl_comments_buttons : '';
        $comment_edit_box = $user_can_edit ? $tmpl_comment_edit_box : '';
        $comment_ipinfo = ($row['msg_raw_ip'] && GALLERY_ADMIN_MODE)?$tmpl_comments_ipinfo : '';

        if ($CONFIG['enable_smilies']) {
            $comment_body = process_smilies(make_clickable($row['msg_body']));
            $smilies = generate_smilies("f{$row['msg_id']}", 'msg_body');
        } else {
            $comment_body = make_clickable($row['msg_body']);
            $smilies = '';
        }

        $ip = $row['msg_hdr_ip'];
        if ($row['msg_hdr_ip'] != $row['msg_raw_ip']) {
            $ip .= ' [' . $row['msg_raw_ip'] . ']';
        }

        $params = array('{EDIT}' => &$comment_edit_box,
            '{BUTTONS}' => &$comment_buttons,
            '{IPINFO}' => &$comment_ipinfo
            );

        $template = template_eval($template_image_comments, $params);

        $params = array('{MSG_AUTHOR}' => $row['msg_author'],
            '{MSG_ID}' => $row['msg_id'],
            '{PID}' => $row['pid'],
            '{EDIT_TITLE}' => &$lang_display_comments['edit_title'],
            '{CONFIRM_DELETE}' => &$lang_display_comments['confirm_delete'],
            '{MSG_DATE}' => localised_date($row['msg_date'], $comment_date_fmt),
            '{MSG_BODY}' => bb_decode($comment_body),
            '{MSG_BODY_RAW}' => $row['msg_body'],
            '{OK}' => &$lang_display_comments['OK'],
            '{SMILIES}' => $smilies,
            '{IP}' => $ip,
            '{REPORT_COMMENT_TITLE}' => &$lang_display_comments['report_comment_title'],
            '{WIDTH}' => $CONFIG['picture_table_width']
            );

        $html .= template_eval($template, $params);
    }

    if (USER_CAN_POST_COMMENTS && $CURRENT_ALBUM_DATA['comments'] == 'YES') {
        if (USER_ID) {
            $user_name_input = '<tr><td><input type="hidden" name="msg_author" value="' . USER_NAME . '" /></td>';
            template_extract_block($template_add_your_comment, 'user_name_input', $user_name_input);
            $user_name = '';
        } else {
            $user_name = isset($USER['name']) ? '"' . strtr($USER['name'], $HTML_SUBST) . '"' : $lang_display_comments['your_name'] . '" onclick="javascript:this.value=\'\';';
        }

        $params = array('{ADD_YOUR_COMMENT}' => $lang_display_comments['add_your_comment'],
            // Modified Name and comment field
            '{NAME}' => $lang_display_comments['name'],
            '{COMMENT}' => $lang_display_comments['comment'],
            '{PIC_ID}' => $pid,
            '{USER_NAME}' => $user_name,
            '{MAX_COM_LENGTH}' => $CONFIG['max_com_size'],
            '{OK}' => $lang_display_comments['OK'],
            '{SMILIES}' => '',
            '{WIDTH}' => $CONFIG['picture_table_width'],
            );

        if ($CONFIG['enable_smilies']) $params['{SMILIES}'] = generate_smilies();

        $html .= template_eval($template_add_your_comment, $params);
    }

    return $html;
}into themes/yourtheme/theme.php into a new line before

Code Select Expand

?>

[Prisoner_24601]

Code Select Expand


<!-- END input_box_no_smilies -->
                                </td>
                                <td class="tableb_compact">
                                <input type="hidden" name="event" value="comment" />
                                <input type="hidden" name="pid" value="{PIC_ID}" />
                                <input type="submit" class="comment_button" name="submit" value="{OK}" />
                                </td></tr>


Doesn't exist, except in themes/sample/theme.php, even after adding the section GauGau mentions above (at least, using the default themes provided in CPG 1.4..

I tried renaming the "sample" theme to "testing_theme" to get it to show up in my list -- making no other changes -- and I got "Fatal Error" when I tried to use that theme (and I had to replace it with a theme.php from a theme I knew worked to get rid of the error).  I also tried not including the code Abbas Ali mentions to include after the code I quoted above and I got "Fatal Error".

[Joachim Müller]

Do not use the sample theme for anything else but copying parts from it into your custom theme.

[Abbas Ali]

Don't use sample theme directly...

First copy the theme_html_comments function from sample theme to your theme as suggested by GauGau.

Then copy (from sample theme to your theme)

Code Select Expand


$template_add_your_comment = <<<EOT
<table align="center" width="{WIDTH}" cellspacing="1" cellpadding="0" class="maintable">
        <tr>
                <td width="100%" class="tableh2_compact"><b>{ADD_YOUR_COMMENT}</b></td>
        </tr>
        <tr>
                <td colspan="3">
                <form method="post" name="post" action="db_input.php">
                        <table width="100%" cellpadding="0px" cellspacing="0px">

<!-- BEGIN user_name_input -->
                                <tr><td class="tableb_compact">
                                        {NAME}
                                </td>
                                <td class="tableb_compact">
                                        <input type="text" class="textinput" name="msg_author" size="10" maxlength="20" value="{USER_NAME}" />
                                </td>
<!-- END user_name_input -->
<!-- BEGIN input_box_smilies -->
                                <td class="tableb_compact">
                                {COMMENT} </td>
                                <td width="100%" class="tableb_compact">
                                <input type="text" class="textinput" id="message" name="msg_body" onselect="storeCaret_post(this);" onclick="storeCaret_post(this);" onkeyup="storeCaret_post(this);" maxlength="{MAX_COM_LENGTH}" style="width: 100%;" />                                        <!-- END input_box_smilies -->
<!-- BEGIN input_box_no_smilies -->
                                <input type="text" class="textinput" id="message" name="msg_body"  maxlength="{MAX_COM_LENGTH}" style="width: 100%;" />
<!-- END input_box_no_smilies -->
                                </td>
                                <td class="tableb_compact">
                                <input type="hidden" name="event" value="comment" />
                                <input type="hidden" name="pid" value="{PIC_ID}" />
                                <input type="submit" class="comment_button" name="submit" value="{OK}" />
                                </td></tr>
                        </table>
                </form>
                </td>
        </tr>
<!-- BEGIN smilies -->
        <tr>
                <td width="100%" class="tableb_compact">
                        {SMILIES}
                </td>
        </tr>
</table>
<!-- END smilies -->

EOT;


and make necessary changes to this code.

[Prisoner_24601]

I did so.  I refreshed my browser and got a completely blank screen.  No errors, just a blank, white page.

[Nibbler]

You probably pasted it incorrectly and have your server set to hide error messages. Attach a copy of your theme.php to your next post.

[scotty588]

Ok I am also confused about this. This is what my theme.php looks like.

Code Select Expand

<?php
/*************************
  Coppermine Photo Gallery
  ************************
  Copyright (c) 2003-2005 Coppermine Dev Team
  v1.1 originaly written by Gregory DEMAR

  This program is free software; you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
  the Free Software Foundation; either version 2 of the License, or
  (at your option) any later version.
  ********************************************
  Coppermine version: 1.4.1
  $Source:
  $Revision: 1.10 $
  $Author:
  $Date: 2005/04/30 07:13:16 $
**********************************************/

define('THEME_HAS_RATING_GRAPHICS', 1);
define('THEME_IS_XHTML10_TRANSITIONAL',1); // Remove this if you edit this template until
                                           // you have validated it. See docs/theme.htm.


// HTML template for template sys_menu spacer
$template_sys_menu_spacer ='::';

?>

If you could just tell me exactly what I need to paste into mine that would make it 10x easier for me. I tried reading through these posts and I looked at the sample.php and it confuses me because I have no idea what needs to be put into my theme.php Thank you for making this I am having very bad spam problems!

[mammut]

Ehmmm... Were do I download the file?   

[Nibbler]

It's attached to the first post, as stated.

[gymnastdude182]

Works great! I love it very much so (just deleted 1000+ spam comments on my site today), and came to coppermine looking for something like this. Thanks so much.