[Hack] ReCAPTCHA for Phocaguestbook 1.4.4

[Morl99]

Because of increasing Spam on a Clientpage, I decided to test, if ReCAPTCHA would solve the Problem. I added it to the number of available Captchas. If anybody is interested in the solution, you can find two Patch files (unified diffs). You can either add the changes manually (only 4 files really changed), or you can apply the patch with a tool (google it).

Of course, I can provide no warranty whatsoever. This is a mere hack, it may or may not work for your site. Please make sure, that you have the correct Version (1.4.4) before trying to make the changes.

Please get your own ReCAPTCHA API-Keys. If you want, you can use the test-keys I provided, but they are global and provide less security. You have to change them in

Code: Select all

helpers/phocaguestbookcaptcha.php

in the frontend code. You have to add the recaptchalibrary.php to the Frontend-folder

Code: Select all

assets/library

.

If you have questions, feel free to post them. Please note, that this is not at all perfect, It would be possible to add more config parameters. Especially the part, where I localized it to german and changed the captcha theme to white ist dirty (pure laziness). You have to change that for whatever you need. It is right below the API-Keys... If somebody is willing to add this to the config, please post your solution here.

I hope this will be helpful to somebody. I would appreciate a short thanks if you use this.

Frontend:

Code: Select all

--- controllers/phocaguestbook.php	Mon Jan 19 23:26:36 1970
+++ controllers/phocaguestbook.php	Mon Jan 19 23:26:36 1970
@@ -50,6 +50,7 @@
 		$tmpl['session_suffix']		= $params->get('session_suffix');
 		//Get Session Data (we have saved new session, because we want to check captcha
 		$session 					=& JFactory::getSession();
+		/* The saved CORRECT answer of the captcha */
 		$phoca_guestbook_session 	= $session->get('pgbsess'.$tmpl['session_suffix']);
 		
 		$tmpl['display_title_form'] 	= $params->get( 'display_title_form', 2 );
@@ -378,11 +379,13 @@
 			}
 		}
 		
+		
 		// Enable or disable Captcha
 		if ($tmpl['enable_captcha'] < 1) {
 			// is disabled
 			$phoca_guestbook_session 	= 1;
 			$post2['captcha'] 			= 1;
+			$captchaIsGood              = true;
 		}
 		
 		/*
@@ -394,11 +397,36 @@
 		//the captcha picture code is the same as captcha input code, we can save the data
 		//and other post data are OK
 
+        //ReCAPTCHA needs to be handled different
 		
-		
+        if ($tmpl['enable_captcha'] == 4){
+            $useRecaptcha = true;
+        } else {
+            $useRecaptcha = false;
+        }
+        if ($useRecaptcha){
+            $recaptchaRespone = PhocaguestbookHelperCaptchaReCAPTCHA::getResponse();
+            if ($recaptchaRespone->is_valid){
+                $captchaIsGood = true;
+            } else {
+                $captchaIsGood = false;
+                //Sichern der Fehlermeldung um sie anzuzeigen
+                JRequest::setVar( 'recaptcha-msg', $recaptchaRespone->error, 'get', true);
+            }    
+        } else {
 		if ($phoca_guestbook_session && $phoca_guestbook_session != '' &&
 			isset($post2['captcha']) && $post2['captcha'] != '' &&  // -
-			$phoca_guestbook_session == $post2['captcha'] && 
+    			$phoca_guestbook_session == $post2['captcha'])
+            {
+                $captchaIsGood = true;
+            } else {
+                $captchaIsGood = false;
+            
+            }
+        }
+		
+		
+		if ($captchaIsGood && 
 			$title == 1 && 
 			$username == 1 && 
 			$email==1 && 
@@ -445,9 +473,11 @@
 			$this->setRedirect($uri->toString(),$msg );
 
 		} else {// captcha image code is not the same as captcha input field (don't redirect because we need post data)
+			if (!$useRecaptcha){
 			if ($post2['captcha'] == 0)							{JRequest::setVar( 'captcha-msg', 1, 'get',true );}
 			if (!$post2['captcha'])								{JRequest::setVar( 'captcha-msg', 1, 'get',true );}
 			if ($phoca_guestbook_session != $post2['captcha'])	{JRequest::setVar( 'captcha-msg', 1, 'get',true );}
+    		}
 			$this->display();
 		}		
 	}
--- helpers/phocaguestbookcaptcha.php	Mon Jan 19 23:26:36 1970
+++ helpers/phocaguestbookcaptcha.php	Mon Jan 19 23:26:36 1970
@@ -575,6 +575,44 @@
 	}
 }
 
+/* The following ReCAPTCHA Support is added by 
+ * Carsten Hoffmann
+ * choffmann87@gmail.com
+ * September 2011 
+ */
+class PhocaguestbookHelperCaptchaReCAPTCHA
+{          
 
+    const publickey = '6Ld9bsgSAAAAAMujRhY5SXTdZe0mLsMymuqAAiyn';
+    const privatekey = '6Ld9bsgSAAAAAI6696uMg2pEhoHdeb_v0IKZG-OI';
+	function createImageData($error)
+	{
+	    require_once('recaptchalib.php');   
+        $captcha = '<script type="text/javascript">
+            var RecaptchaOptions = {
+            theme : \'white\',
+            lang: \'de\'
+            };
+        </script>';
+        $captcha .= recaptcha_get_html(self::publickey, $error); 
+        return $captcha;              
+    }
+    
+    /* Returns a ReCAPTCHA Response object, or null if no captcha is filled out. */
+    function getResponse(){
+        require_once('recaptchalib.php');   
+        
+        if ($_POST["recaptcha_response_field"]) {
+            $resp = recaptcha_check_answer (self::privatekey,
+                                        $_SERVER["REMOTE_ADDR"],
+                                        $_POST["recaptcha_challenge_field"],
+                                        $_POST["recaptcha_response_field"]);
+
+        
+            return $resp;
+        }
+        return null;
+    }
+}
 
 ?>
--- views/phocaguestbook/tmpl/default.php	Mon Jan 19 23:26:36 1970
+++ views/phocaguestbook/tmpl/default.php	Mon Jan 19 23:26:36 1970
@@ -286,10 +286,10 @@
 	}
 		
 	if ((int)$this->tmpl['enable_captcha'] > 0) {
-	
+	     if ((int)$this->tmpl['enable_captcha'] != 4){
 		// Server side checking CAPTCHA 
 		echo $this->tmpl['errmsg_captcha'];
-		//-- Server side checking CAPTCHA
+		}
 			
 		// Set fix height because of pane slider
 		$imageHeight = 'style="height:105px"';
@@ -298,6 +298,12 @@
 		.'<td width="5"><strong>'. JText::_('Image Verification').PhocaguestbookHelper::getRequiredSign(2).' </strong></td>'		
 		.'<td width="5" align="left" valign="middle" '.$imageHeight . '>';
 		
+		/* ReCAPTCHA needs different output method, because Recaptcha has all the stuff included */
+		if ((int)$this->tmpl['enable_captcha'] == 4){
+		    $captchaError = JRequest::getVar('recaptcha-msg', null, 'get');
+            echo PhocaguestbookHelperCaptchaReCAPTCHA::createImageData($captchaError);
+        } else {
+            
 		if ($this->tmpl['captcha_method'] == 0) {
 			echo '<img src="'. JRoute::_('index.php?option=com_phocaguestbook&view=phocaguestbooki&id='.$this->id.'&Itemid='.JRequest::getVar('Itemid', 0, '', 'int').'&phocasid='. md5(uniqid(time()))).'" alt="'.JText::_('Captcha Image').'" id="phocacaptcha" />';
 		} else {
@@ -313,6 +319,7 @@
 		echo '<a href="javascript:reloadCaptcha();" title="'. JText::_('Reload Image').'" >'
 		. JHTML::_( 'image.site', 'components/com_phocaguestbook/assets/images/icon-reload.gif', '', '','',JText::_('Reload Image'))
 		.'</a></td>';
+    	} //Ende Recaptcha if/else
 
 		echo '</tr>';
 	}

Backend:

Code: Select all

--- administrator/components/orig/com_phocaguestbook/config.xml	Sun Sep 25 17:06:57 2011
+++ administrator/components/com_phocaguestbook/config.xml	Sun Sep 25 15:35:33 2011
@@ -159,169 +159,170 @@
-	<param name="enable_captcha" type="list" default="1" label="Enable Captcha" description="Enable Captcha DESC">
-		<option value="1">Standard Captcha</option>
-		<option value="2">Math Captcha</option>
-		<option value="3">TTF Captcha</option>
-		<option value="10">Random (Standard, Math, TTF)</option>
-		<option value="11">Random (Standard, Math)</option>
-		<option value="12">Random (Standard, TTF)</option>
-		<option value="13">Random (Math, TTF)</option>
-		<option value="0">No</option>
-	</param>
+	<param name="enable_captcha" type="list" default="1" label="Enable Captcha" description="Enable Captcha DESC">
+		<option value="1">Standard Captcha</option>
+		<option value="2">Math Captcha</option>
+		<option value="3">TTF Captcha</option>
+		<option value="4">ReCAPTCHA</option>
+		<option value="10">Random (Standard, Math, TTF)</option>
+		<option value="11">Random (Standard, Math)</option>
+		<option value="12">Random (Standard, TTF)</option>
+		<option value="13">Random (Math, TTF)</option>
+		<option value="0">No</option>
+	</param>

[Morl99]

Sadly this did not at all solve my Spam-Problem. I wonder if it is a security issue, and if the spammers somehow bypass the captcha check (manipulating Post-Values or whatever). I am not sure, how to test that...

I will try to implement http://akismet.com/ which should be fairly easy, now that I know how everything works... If I am up to it, I will post it here...

[Jan]

Hi, see:
https://www.phoca.cz/documents/3-phoca-g ... -from-spam

Mostly the spam is done by human spammers, so there is no problem to fill the captcha right,

Will be great if you can paste the akismet solution here.

Thank you, Jan

[Morl99]

But with ReCAPTCHA the Spam increased by about 5 times... Maybe it is a ReCAPTCHA Security issue? Or the human spammers had more trouble with your Captcha Solution, than they have with ReCAPTCHA (which is quite possible).

Ok I will post the solution, but again, it will be more like a Hack. Maybe I will try to at least put the API Keys into the PGB Config rather than coding it statically.

[Jan]

Ok

[Jan]

reCAPTCHA added to 1.5.0 (Joomla! 1.5)

Jan