Migration SecurityImages 4.X to SecurityImages 5.X how to

Friday, 04 April 2008 21:30

SecurityImages 5.X is only running with Joomla! 1.5 and the redesign of API has introduced some incompatibilities.
Developers/Hackers/Individuals who want to use the latest version of SecurityImages may want to read the
following. Basic PHP knowledge is recommended.

Architecture

SecurityImages 4.0.X

Only work with Joomla! 1.0.X
Provide 2 files that 3rd party code must include:
client.php in order to quickly create a captcha and the input box
server.php in order to validate user entries and check correctness
Everything is packed in one component.
Patches for common 3rd party tool are included in code so it ca be referenced by external extensions :
akobook, akocomment, joomla to name a few.
You have to overwrite Joomla! files to add protection of form for login, register, lost password, contact

SecurityImages 5.0.X

Only work with Joomla! 1.5.X
Use the event handling mechanism of Joomla! 1.5 to create captcha and check correctness
You'll have to install a system content plugin and a component,
it do not contains any patches anymore
You have to overwrite Joomla! files to add protection of form for login, register, lost password, contact

Main differences in securityImages 5.X

There is no client.php and server.php file anymore
API are a lot simpler, and dependency are reduced (no PHP code to include) as it use events.
More object oriented
Image creation is done inside the Joomla! framework while in 4.0.X it was done without any Joomla!
framework support.

with SecurityImages 4.0.X

In your PHP code displaying the form, can be a Pat template or a html code

1. Include my library in page scope

if (file_exist($mosConfig_absolute_path.'/administrator/components/com_securityimages/client.php')) {

<?php include ($mosConfig_absolute_path.'/administrator/components/com_securityimages/client.php'); ?>

$packageName = 'securityChooseUniqueKeyName';

2. At the position where You want the Captcha image to be inserted

<?php echo insertSecurityImage($packageName); ?>

3. This insert the help text and the input box where the user will have to enter his text

<?php echo getSecurityImageText($packageName); ?>

Line at point 3. can be, in some case, depending how much space You have in the presentation HTML layer, replace with

 //will be replace at runtime, depending on user locale

//with "Please Enter what You see:"

<?php echo getSecurityImageTextHeader(); ?>

//will be replace at run time, depending on user locale with

//"If You do not see ...Hit reload"

<?php echo getSecurityImageTextHelp(); ?>

//will be replace at run time with the input box

<?php echo getSecurityImageField($packageName); ?>

The code above insert the image, and the text, You page normally submit information to the server for processing. Most of the time, the last 2 lines are inserted in a <form> </form> HTML tags

In the server code where you process the data...
Few lines are required...

if (file_exist($mosConfig_absolute_path.'/administrator/components/com_securityimages/server.php')) {

include ($mosConfig_absolute_path.'/administrator/components/com_securityimages/server.php');

$packageName = 'securityChooseUniqueKeyName';

$security_refid  = mosGetParam( $_POST, $packageName.'_refid', '' );

$security_try      = mosGetParam( $_POST, $packageName.'_try', '' );

$security_reload = mosGetParam( $_POST, $packageName.'_reload', '' );

$checkSecurity = checkSecurityImage($security_refid, $security_try);

If the has entered the right text then $checkSecurity = true

with SecurityImages 5.0.X

Due to the Joomla! 1.5 object model, you have basically 2 options:

If your component has been made for running natively and follow Joomla! 1.5 best practices and
recommendations..you' did probably use a real MVC paradigm in the front end part (N views,
M models and one controller), go to point A
If your component has been made for running natively or in legacy mode and do not use a MVC pattern
(HTML code embedded in PHP code, or you use pat templates), go to point B

Point A, MVC approach

Lets take the contact section of Joomla! 1.5 as an example.

It is always recommended to use a switch in all your component to activate deactivate SecurityImages per
components through the administrator control panel.

This is done by adding to administrator/components/com_contact/contact_items.xml the following code:

<param

   name="useSecurityImages" type="radio" default="1"

   label="Use SecurityImage Captcha"

   description="Enable Captcha verification">

         <option value="0">No</option>

          <option value="1">Yes</option>

</param>

Joomla will read this xml file on the fly and build the graphical user interface for the contact settings.

Since Joomla! 1.5 now use a Model View Controller paradigm, we have to alter the controller, and add a new Task displaySecurityImagesCaptcha()in components/com_contact/controller.php:

function displaySecurityImagesCaptcha() {

        global $mainframe;

        //Per contact you can define if the user has to resolve the capctha

$contactId = JRequest::getVar('contact_id', 0, '', 'int');

// load the contact details

$model    = &$this->getModel('contact');

$qOptions['id'] = $contactId;

$contact        = $model->getContact( $qOptions );

$params = new JParameter( $contact->params );

        if ($params->get('useSecurityImages')) {

            $check = null;

            $mainframe->triggerEvent('onSecurityImagesDisplay', array($check));

            if (!$check) {

                echo "<br/>Erreur affichage du Captcha<br/>";

As you can see, the event "onSecurityImagesDisplay" is triggered on a per contact name basis.
That mean that some contact can have a Captcha while other have not. You are free to define
your own activation rules in the controller method.
The next step is to add the task checkSecurityImagesCaptcha() checking the captcha in the
components/com_contact/controller.php

function checkSecurityImagesCaptcha() {

        global $mainframe;

$contactId = JRequest::getVar('id', 0, '', 'int');

// load the contact details

$model    = &$this->getModel('contact');

$qOptions['id'] = $contactId;

$contact        = $model->getContact( $qOptions );

$params = new JParameter( $contact->params );

        //check if that user has a capctha

if (!$params->get('useSecurityImages')) {

            return true;

$return = false;

$securityImagesJoomlaContactUserTry = JRequest::getVar('securityImagesJoomlaContactUserTry', false, '', 'CMD');

$mainframe->triggerEvent('onSecurityImagesCheck', array($securityImagesJoomlaContactUserTry &$return));

        return $return;

One more step is to alter the original submit() method of the controller in components/com_contact/controller.php

global $mainframe;

if (!$this->checkSecurityImagesCaptcha()) {

JError::raiseWarning("999","Invalid Captcha Code");

$this->display();

            return false;

And finally altering the view /com_contact/views/contact/tmpl/default_form.php
to display the Captcha field

<?php if ($this->params->get('useSecurityImages')) { ?>

<img src="/index.php?option=com_contact&task=displaySecurityImagesCaptcha&contact_id=<?php echo $this->contact->id; ?>">

<br />

<input type="text" name="securityImagesJoomlaContactUserTry" />

<br />

<?php } ?>

Point B, Legacy approach

In your PHP code displaying the form, can be a Pat template or a html code

if you want to display the captcha define in administrator panel

<img src="/index.php?option=com_securityimages&task=displaySecurityImagesCaptcha?>">

<br />

<input type="text" name="securityImagesmy3rdpartyExtensions" />

If you want to use a particular implementation different than the one define in administrator panel, useful where you know that you want to use a smaller/bigger captcha than usual

<img src="/index.php?option=com_securityimages&task=displayCaptchaByPlugin&plugin=hncaptcha&version=1.0?>">

<br />

<input type="text" name="securityImagesmy3rdpartyExtensions" />

To check user entry with the captcha define in administrator panel

$check = null;$userEntry = JRequest::getVar('userEntry', false, '', 'CMD');

$mainframe->triggerEvent('onSecurityImagesCheck', array($userEntry, $check));

if $check ==  true then user has solved the captcha

To check user entry with the captcha against a particular plugin implementation

$check = null;$check = null;

$userEntry = JRequest::getVar('userEntry', false, '', 'CMD');

$mainframe->triggerEvent('onSecurityImagesCheckByPlugin', array('hncaptcha', '1.0', $userEntry, $check));

Post your questions in the forums or enhance the WIKI with your finding. I will start to maintain more and more the WIKI and put
good documentation there.

Comments

Add New

RSS

< Prev		Next >

Last Updated ( Friday, 04 April 2008 19:46 )

Another articles:

Joomla_1.5.2-Stable-Full_PackageForSecurityImages5.0.0.zip (2008-03-24) Joomla! 1.5 patches for SecurityImages 5.0.0Beta2 (2008-03-22) SecurityImages 5.0.0Beta2 (2008-03-22) SecurityImages 5.0.0 BETA for Joomla! 1.5 (2008-03-21) Contact section of Joomla! 1.5 using SecurityImages 5.0 (2008-03-20) SecurityImages 5.0 BETA for Joomla! 1.5 (2008-03-20) JoomlaPatches for Joomla 1.0.15 for SecurityImages 4.x only (2008-03-06) PHP5 required for SecurityImages 4.3.0 (2008-03-06) SecurityImages which version should I use? (2008-03-05) CAPTCHA security system from Yahoo hacked (2008-02-27)

Another articles: