Captcha - ReCaptcha for ecards - easy spambot protection mod., visual confirm Captcha - ReCaptcha for ecards - easy spambot protection mod., visual confirm
 

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Main Menu

Captcha - ReCaptcha for ecards - easy spambot protection mod., visual confirm

Started by Joe Carver, March 29, 2009, 03:31:01 AM

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.

Joe Carver

SEE REPLY #3 BELOW FOR THE LATEST REVISIONS
For Plugin version click here


This one is easy, instructions are below and attached in the .zip file.

The mod will add a captcha (Recaptcha) visual confirmation to the ecard function.
It preserves the preview function and is now running on my two cpg galleries.

     http://i-imagine.net/artists/index.php  (a public user's gallery)
     http://gallery.josephcarver.com/natural/index.php (my photo gallery)

(ver. 1.4.2 with cpmfetch,  sef urls, remove_modify)

The mod. should prevent bots from using ecards Users have to match two obscured words.
_______________________

   FUNCTION: TO ADD CAPTCHA - RECAPTCHA PROTECTION TO ECARDS - STOP SPAMMERS -
   INSTRUCTION:
    1) Get keys and files from recaptcha.net
      - public and private keys for your site(s)/domains - it's free
      - recaptchalib.php
    2) Modify the included file  ecard.php  
      - around line 208 put your private recaptcha key between the quotes
      - around lines 351 and 355 put your public recaptcha key between the <   >'s
    3) Upload files    captcha_errmssg.php and recaptchalib.php  to your cpg root
    4) Upload the new modified ecard.php after backing up original
    5) Your ecards are now captcha protected from spambots
_____

All of the cpg files needed are in the .zip. You will need to get your own keys and make sure they work
with your domain. Practice is easy. I can say that because I really don't know code.

Read the readme.

This is a small way to say thanks to the developers and the board.
I have had no need to ask for support so far. Searching has been good
for me. (and yes, I despise spammers too)

i-imagine

For Comments captcha see this post: http://forum.coppermine-gallery.net/index.php/topic,58757.0.html



Joachim Müller

Thanks for your readiness to share. However, I have some remarks:
Quote from: i-imagine on March 29, 2009, 03:31:01 AM
(ver. 1.4.2 with cpmfetch,  sef urls, remove_modify)
Running such an ancient version is not an option, as it would mean that you've missed 19 maintenance releases - most recent version currently is cpg1.4.21. All versions prior cpg1.4.21 contain serious security flaws and must be upgraded instantly. Side-note: in case that you meant "cpg1.4.20" (that's what you use on http://gallery.josephcarver.com/natural/index.php): cpg1.4.20 is the version that came after cpg1.4.19 and before cpg1.4.21. The last number after the dot is being counted upwards. The versions cpg1.4.2 and cpg1.4.20 are not the same, but entirely different animals.
However, mods should work with all minor releases, so your mod should work with all cpg1.4.x releases.
Anyway, we're not fond of mods that contain pre-modded files. We prefer instructions like
Quoteedit filename.php, find foo and replace with bar
Then findblaand insert after itwhatever
Only genuine mod files that don't exist in coppermine's core should be added as separate files to a mod zip attachment.

Joe Carver

Hello,
Apologies for my terrible typing and descriptions of my gallery's Coppermine version.
I did make more than one error - the gallery version is actually cpg1.4.20  Also
I have applied the changes (but not yet the complete upgrade) against the milw0rm exploits.
It was interesting to see the bb coded links already on the galleries disappear....

For the future posts I will now also make changes in what I upload to the board.
That zip previously attached will be pared down and resent too.

This Captcha/Recaptcha system seems to work with Registration too.
It is now on here: http://gallery.josephcarver.com/natural/ for temporary testing
and  here http://i-imagine.net/artists/index.php for permanent use
however I need to test it a little more before posting the changes (maybe later today).

Thanks for the input.
i-imagine
(and yes, my typo errors extend to this post too http://forum.coppermine-gallery.net/index.php/topic,58757.0.html where I have left a noscript tag open......it will also be corrected)




Joe Carver

AJAX is used to deliver a visual confirmation - reCAPTCHA - for a user to enter before submitting an ecard. This will stop automated bots from sending ecards from your gallery.

The mod. will reverse the code for ecard preview and send. This way the user will not have to solve the captcha to see the ecard preview. Because of this the main code mod. is quite large, but is done with one change.

To use ReCAPTCHA you need you need a public/private API key pair from recaptcha.net [it is a free service]. To see how this works - check this link  http://recaptcha.net/apidocs/captcha/client.html .

    Step 1

      Step 2
      • Modify file template.html
      • Modify file ecard.php

      QuoteInsert this into the <head> of your template.html file  [/list][/list]<script type="text/javascript" src="http://api.recaptcha.net/js/recaptcha_ajax.js"></script>

      QuoteIn file ecard.php find the section that starts and ends as shown here
      if (isset($_POST['submit'])) {

      ....CODE
      ....CODE
      ....CODE

      }//preview

      QuoteReplace everything with this - insert your PRIVATE KEY where shown
      // mod here to reverse preview and post
      if (isset($_POST['preview'])) {

         if ($CONFIG['make_intermediate'] && max($row['pwidth'], $row['pheight']) > $CONFIG['picture_width']) {
             $n_picname = get_pic_url($row, 'normal');
         } else {
             $n_picname = get_pic_url($row, 'fullsize');
         }
         if (!stristr($n_picname, 'http:')) $n_picname = $gallery_url_prefix . $n_picname;
         $msg_content = process_smilies($message, $gallery_url_prefix);
         $data = array(
             'sn' => $_POST['sender_name'],
             'se' => $sender_email,
             'p' => $n_picname,
             'g' => $greetings,
             'm' => $message,
             'pid' => $pid,
             'pt' => $pic_title,
             'pc' => $pic_caption,
             );

         $encoded_data = urlencode(base64_encode(serialize($data)));
         
         $params = array('{LANG_DIR}' => $lang_text_dir,
             '{TITLE}' => sprintf($lang_ecard_php['ecard_title'], $sender_name),
             '{CHARSET}' => $CONFIG['charset'] == 'language file' ? $lang_charset : $CONFIG['charset'],
             '{VIEW_ECARD_TGT}' => "{$gallery_url_prefix}displayecard.php?data=$encoded_data",
             '{VIEW_ECARD_LNK}' => $lang_ecard_php['preview_view_ecard'],
             '{PIC_URL}' => $n_picname,
             '{URL_PREFIX}' => $gallery_url_prefix,
             '{GREETINGS}' => $greetings,
             '{MESSAGE}' => bb_decode($msg_content),
             '{SENDER_EMAIL}' => $sender_email,
             '{SENDER_NAME}' => $sender_name,
             '{VIEW_MORE_TGT}' => $CONFIG['ecards_more_pic_target'],
             '{VIEW_MORE_LNK}' => $lang_ecard_php['view_more_pics'],
             '{PID}' => $pid,
             '{PIC_TITLE}' => $pic_title,
             '{PIC_CAPTION}' => $pic_caption,
             );

         $eccontent = template_eval($template_ecard, $params);
         if (preg_match('#<body[^>]*>(.*)</body>#s', $eccontent, $matches)) {
             $eccontent = $matches[1];
         }
         starttable('100%', $lang_ecard_php['preview']);
         echo '<tr><td>';
         echo $eccontent;
         echo '</td></tr>';
         endtable();
         echo '<br />';
      }//preview

      elseif (isset($_POST['submit'])) {

      require_once('recaptchalib.php');    
      $privatekey = "YOUR_PRIVATE_RECAPTCHA_KEY_BETWEEN_THESE_QUOTES";
      $resp = recaptcha_check_answer ($privatekey,
      $_SERVER["REMOTE_ADDR"],
      $_POST["recaptcha_challenge_field"],
      $_POST["recaptcha_response_field"]);
      if (!$resp->is_valid) {
      cpg_die(CRITICAL_ERROR, 'Sorry, Captcha Error - Go Back and Try Again');
      }

      // Create and send the e-card
      if (count($_POST) > 0 && $valid_sender_email && $valid_recipient_email) {
         $gallery_url_prefix = $CONFIG['ecards_more_pic_target']. (substr($CONFIG['ecards_more_pic_target'], -1) == '/'

      ? '' : '/');
         if ($CONFIG['make_intermediate'] && max($row['pwidth'], $row['pheight']) > $CONFIG['picture_width']) {
             $n_picname = get_pic_url($row, 'normal');
         } else {
             $n_picname = get_pic_url($row, 'fullsize');
         }

         if (!stristr($n_picname, 'http:')) $n_picname = $gallery_url_prefix . $n_picname;

         $msg_content = process_smilies($message, $gallery_url_prefix);

         $data = array('rn' => $_POST['recipient_name'],
             'sn' => $_POST['sender_name'],
             'se' => $sender_email,
             'p' => $n_picname,
             'g' => $greetings,
             'm' => $message,
             'pid' => $pid,
             'pt' => $pic_title,
             'pc' => $pic_caption,
             );

         $encoded_data = urlencode(base64_encode(serialize($data)));

         $params = array('{LANG_DIR}' => $lang_text_dir,
             '{TITLE}' => sprintf($lang_ecard_php['ecard_title'], $sender_name),
             '{CHARSET}' => $CONFIG['charset'] == 'language file' ? $lang_charset : $CONFIG['charset'],
             '{VIEW_ECARD_TGT}' => "{$gallery_url_prefix}displayecard.php?data=$encoded_data",
             '{VIEW_ECARD_LNK}' => $lang_ecard_php['view_ecard'],
             '{VIEW_ECARD_LNK_PLAINTEXT}' => $lang_ecard_php['view_ecard_plaintext'],
             '{PIC_URL}' => $n_picname,
             '{URL_PREFIX}' => $gallery_url_prefix,
             '{GREETINGS}' => $greetings,
             '{MESSAGE}' => bb_decode($msg_content),
             '{PLAINTEXT_MESSAGE}' => $message,
             '{SENDER_EMAIL}' => $sender_email,
             '{SENDER_NAME}' => $sender_name,
             '{VIEW_MORE_TGT}' => $CONFIG['ecards_more_pic_target'],
             '{VIEW_MORE_LNK}' => $lang_ecard_php['view_more_pics'],
             '{PID}' => $pid,
             '{PIC_TITLE}' => $pic_title,
             '{PIC_CAPTION}' => $pic_caption,
             );



                                     $message = template_eval($template_ecard, $params);
                                     $plaintext_message = template_eval($template_ecard_plaintext, $params);

             $tempTime = time();
             $message .= sprintf($lang_ecard_php['ecards_footer'], $sender_name, $_SERVER['REMOTE_ADDR'],

      localised_date(-1,$comment_date_fmt));
                                     $subject = sprintf($lang_ecard_php['ecard_title'], $sender_name);

                                     $result = cpg_mail($recipient_email, $subject, $message, 'text/html',

      $sender_name, $sender_email, $plaintext_message);

             //write ecard log
             if ($CONFIG['log_ecards'] == 1) {
               $result_log = cpg_db_query("INSERT INTO {$CONFIG['TABLE_ECARDS']} (sender_name, sender_email,

      recipient_name, recipient_email, link, date, sender_ip) VALUES ('$sender_name', '$sender_email',

      '$recipient_name', '$recipient_email',   '$encoded_data', '$tempTime', '{$_SERVER["REMOTE_ADDR"]}')");
               }

         if (!USER_ID) {
             $USER['name'] = $sender_name;
             $USER['email'] = $sender_email;
         }

         if ($result) {
             //pageheader($lang_ecard_php['title']);
             msg_box($lang_cpg_die[INFORMATION], $lang_ecard_php['send_success'], $lang_continue,

      "displayimage.php?album=$album&amp;pos=$pos");
                                     echo '<br />';
                                     starttable('100%', $lang_ecard_php['preview']);
                                     echo '<tr><td>';
                                     echo template_eval($template_ecard, $params);
                                     echo '</td></tr>';
                                     endtable();
             pagefooter();
             ob_end_flush();
             exit;
         } else {
             cpg_die(ERROR, $lang_ecard_php['send_failed'], __FILE__, __LINE__);
         }
             }
      }//submit

      QuoteIn file ecard.php find this &nbsp;&nbsp;
                             <input type="submit" class="button" name="submit" title="{$lang_ecard_php['submit_button']}"  value="{$lang_ecard_php['submit_button']}" />
                     </td>
             </tr>

      QuoteReplace it with this - Insert your PUBLIC reCAPTCHA key where shown </td></tr><tr>

                     <td colspan="3" align="center" class="tablef"><div><br></div>

      <script>
      function showRecaptcha(element, submitButton, themeName) {
       Recaptcha.create("INSERT YOUR PUBLIC RECAPTCHA KEY BETWEEN THESE QUOTES", element, {
             theme: 'white',
             tabindex: 0,
             callback: Recaptcha.focus_response_field
       });
       hideSubmitButtons();
       document.getElementById(submitButton).style.visibility = "visible";
      }

      function hideSubmitButtons() {
       document.getElementById('submit_button_1').style.visibility = "hidden";
       
      }

      function destroyRecaptchaWidget() {
       hideSubmitButtons();
       Recaptcha.destroy();
      }

      </script>

      <form method="post" action="">

      <p>

      <input type="button" class="button"  value="Click here - type the words - click submit"  

      onclick="showRecaptcha('dynamic_recaptcha_1', 'submit_button_1', 'red');"></input>
      <div id="dynamic_recaptcha_1"></div>

      <input type="submit"  style="visibility: hidden" id="submit_button_1" class="button" name="submit"

      title="{$lang_ecard_php['submit_button']}" value="{$lang_ecard_php['submit_button']}" /></input>

      <div><br></div>
                                 
      <input type="button" class="comment_button" value="Hide the reCAPTCHA widget"  

      onclick="destroyRecaptchaWidget();"></input>

      <br><br>
                     </td>
             </tr>

      Upload and you are done. To uninstall - replace ecard.php with a clean copy.

      This style hides the captcha until the user clicks a button. Other styles and language options can be used.

      Testing for your key and validation response can be done by the "hello world" example found on this link here

      I am now running this mod. on my personal photo gallery   with absolutely no spam.

      zeppo

      Hi Joe,

      Thank you for this great mod. The ecard.php -file has changed a bit with the update to 1.5.12 so it is a bit tricky to find the right places for the modified code.

      Does your mod work also with the current versio?

      Joe Carver

      No it would not work without modification to $GET to Supercage GET and would need some other modifications too.

      I don't have the time to look into it, but it should not be very difficult to do.
      Please post in the cpg 1.5.x boards next time as 1.4.x is no longer supported.

      zeppo

      Thanks for a swift reply. Will do that. Looking forward to see 1.5 update for this nice mod some day. =:)

      jerrykemic99

      Thanks for your information about  ReCaptcha for ecards - easy spambot protection mod and i will be happy if you write in details about it.
       *Link Removed*
      *Link Removed*
      *Link Removed*