Captcha mod. for Login using recaptcha. Easy mod. to slow down abusers. Captcha mod. for Login using recaptcha. Easy mod. to slow down abusers.
 

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Main Menu

Captcha mod. for Login using recaptcha. Easy mod. to slow down abusers.

Started by Joe Carver, April 07, 2009, 10:04:32 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Joe Carver

See second post for improved modification
For Plugin version click here


This modification will put a Captcha (recaptcha) on the Login page. Users will have to enter two words to log in. One file - login.php is modified. Two files - captcha_errmssg.php and recaptchalib.php - are added to the Coppermine root directory. You will need to get a set of keys and the file - recaptchalib.php - from recaptcha.net. They are all free. Like the other recaptcha mods I have posted this will run without other changes to your database or gallery configuration. To uninstall the mod. simply replace file - login.php - with a clean copy. Example is now running at http://gallery.josephcarver.com/natural/ see link below for newer demo.

Quotein file login.php find:$cookie_warning = '';
Quoteinsert the following to look like this with your key where indicated
if ((isset($_POST['submitted'])) && (!(USER_ID))){
require_once('recaptchalib.php');    
$privatekey = "YOUR PRIVATE RECAPTCHA KEY HERE";
$resp = recaptcha_check_answer ($privatekey,
$_SERVER["REMOTE_ADDR"],
$_POST["recaptcha_challenge_field"],
$_POST["recaptcha_response_field"]);
if (!$resp->is_valid) {
die(header('Location: captcha_errmssg.php'));
}
}
Quotefind the following:
             <td align="center" class="tablef"><a href="forgot_passwd.php" class="topmenu">{$lang_login_php['forgot_password_link']}</a></td>
QuoteInsert the following to look like this with your key where indicated  </tr>
<tr>
<td class="tableb_compact" align ="center" valign= "top" colspan="3" height="150">
<br>Type the two words with a space. Then click Login <br>
<script>
var RecaptchaOptions = {
  theme : 'white'
};
</script>
<script type="text/javascript"
  src="http://api.recaptcha.net/challenge?k=<YOUR PUBLIC RECAPTCHA KEY HERE>">
</script>
<noscript><h3> <br><u>YOU HAVE NO JAVASCRIPT!<br>1) Solve the challenge<br>2) Copy and Paste the key
into the lower box<br>3) Click Submit (it's easy with javascript on)</u><h3>
  <iframe src="http://api.recaptcha.net/noscript?k=<YOUR PUBLIC RECAPTCHA KEY HERE>"
      height="300" width="500" frameborder="0"></iframe><br>
  <textarea name="recaptcha_challenge_field" rows="3" cols="40">
  </textarea>
  <input type="hidden" name="recaptcha_response_field"
      value="manual_challenge">
</noscript>
<h3>Click Get a new challenge (above) for new words</h3>
                               </td>
</tr>
                               <tr>
QuoteCreate a response file, name it captcha_errmssg.php                  

<?php
define('IN_COPPERMINE'true);
require('include/init.inc.php');
pageheader('RECAPTCHA ERROR PAGE');
// 090308// 090407
   
 starttable("100%");
    
?>

    <tr>
<h1 align="center">
<a href="#" onclick="history.go(-1);return false;"><b><font color= "red">
SORRY, THERE WAS AN ERROR WITH THE </br>RECAPTCHA.
CLICK HERE AND TRY AGAIN.</br></br>(OR USE THE BACK BUTTON ON YOUR BROWSER)</b></font></a>
</br>
</h1> </div>
</tr>
<?php
endtable();
//  ends here
pagefooter();
ob_end_flush();
?>

Upload the mod.file  login.php , the files recaptchalib.php and captcha_errmssg.php to your gallery root directory. Test and you will now have captcha protection for your log in page. The example above puts the Login button below the captcha and has only one style applied to the image. Other css styles can be applied to the display. The mod was applied to  Coppermine version: 1.4.21. Both of my gallery installations are now running these captchas ( i-imagine.net and login captcha here at gallery.josephcarver.com/natural/ see link below for newer version)with sef urls, remove_modify and cpmfetch. See my other post for comments, ecards and registration mods. Hoping this helps......
i-imagine

Joe Carver

AJAX method is used here to display a visual challenge - ReCAPTCHA - for users trying to log in. This method is an improvement over the javascript method above, solving conflicts with other scripts and plugins that rewrite the page header.

Demonstration link here: gallery.josephcarver.com/natural/demo_recaptcha_login.php
user = foo   password = bar  This link is not accessible from the normal gallery login link from the menu. It will act the same, but with a cookie error.

In order to use reCAPTCHA, you need a public/private API key pair. Links are below.

Error handling is performed by the cpg die function. The captcha validation occurs before testing the user input (username/password validation) and will not be logged as a failed log in attempt. This might slightly "harden" login since the validation is tested on a remote server and only the validation response is passed to login.php.  The captcha depends on the user having javascript enabled, with no <noscript> alternative. Because of the bad traffic that I see trying to register, make comments, etc comes from "agents" that don't have js. and my galleries needs js for users nothing seems lost to users without js (opinion!)

To uninstall this mod. (if you can't log in) just replace file login.php with a clean copy. This mod. does not affect the database or gallery configuration. ReCAPTCHA has proven so far to be reliable for me on comments, ecard and registration forms.

    1 - Register and get keys and file from recaptcha.net

    • Private (hidden) and Public (in form) Keys
    • file  recaptchalib.php     copy to your gallery root directory

      2 - Modify these files
      • login.php - code as below - with your keys where shown
      • template.htm (for each theme that you use)


      Quotein file login.php find[/list][/list]$cookie_warning = '';
      Quoteadd this below, insert your PRIVATE key where shown
      if ((isset($_POST['submitted']))) {
      require_once('recaptchalib.php');    
      $privatekey = "YOUR PRIVATE RECAPTCHA KEY GOES IN HERE";
      $resp = recaptcha_check_answer ($privatekey,
      $_SERVER["REMOTE_ADDR"],
      $_POST["recaptcha_challenge_field"],
      $_POST["recaptcha_response_field"]);
      if (!$resp->is_valid) {
      cpg_die(CRITICAL_ERROR, 'Sorry, Captcha Error - Go Back and Try Again');
      }
      }

      Quotein file login.php find<td align="left" class="tablef"><input name="submitted" type="submit" class="button"

      value="{$lang_login_php['login']}" tabindex="4" /></td>
      Quotereplace it with - insert your PUBLIC key where shown <tr>
            <td class="tableb_compact" align ="center" colspan="3">
      <div><br></div>
      <script>
      function showRecaptcha(element, submitButton, themeName) {
        Recaptcha.create("YOUR PUBLIC RECAPTCHA KEY GOES IN HERE", element, {
             theme: 'white',
             tabindex: 0,
             callback: Recaptcha.focus_response_field
      });
        hideSubmitButtons();
        document.getElementById(submitButton).style.visibility = "visible";
      }

      function hideSubmitButtons() {
        document.getElementById('submit_button_1').style.visibility = "hidden";
       
      }

      function destroyRecaptchaWidget() {
        hideSubmitButtons();
        Recaptcha.destroy();
      }
      </script>
      <form method="post" action="">
      <p>
      <input type="button" class="button"  value="Click here - type the words - click

      {$lang_login_php['login']}" onclick="showRecaptcha('dynamic_recaptcha_1', 'submit_button_1',

      'red');"></input>
      <div id="dynamic_recaptcha_1"></div>
      <input name="submitted"  style="visibility: hidden"  type="submit" class="button"

      value="{$lang_login_php['login']}" tabindex="4" id="submit_button_1" /></input>
      <div><br></div>
           <input type="button" class="comment_button" value="Hide the reCAPTCHA widget"  

      onclick="destroyRecaptchaWidget();"></input>
      <br><br>
           </td>


      Quoteinsert in the <head> in your template.htm file(s) - for each theme you use <script type="text/javascript"
      src="http://api.recaptcha.net/js/recaptcha_ajax.js"></script>

      Upload and you are done. This style places the captcha box above the login link and it is hidden until called. Other styles and language options can be used. For information on how this works see this link: http://recaptcha.net/apidocs/captcha/client.html
      For my gallery, it's content and my users this mod. would be one too many "speedbumps". For those that have trouble with abusers trying to log in, I hope it helps.

      To create a testing file for a live gallery
      make one more mod. to login.php and rename it. demo_recaptcha_login.php
      Quotein file login.php find:echo '<form action="login.php?referer='.$referer.'" method="post" name="loginbox">';
      Quotereplace with echo '<form action="demo_recaptcha_login.php?referer='.$referer.'" method="post" name="loginbox">';
      This will return you to the mod. form if user data input is in error. Otherwise it would return to login.php. This will also keep your mod. hidden from users until you undo this change and rename it back to login.php.