I am back online...my notebook crashed last week and was promptly replaced by Hewlett Packard and the new hard disk died one day after being renewed...and as usual, a lot of backup (powerquest v2i protector), but I was not able to restore them, as it seems that my disk was silently dying since weeks , and "check backup afterward for consistency" is not checked as default. I work yesterday 3 hours on securityimages, and test it with a new secure PHP4 installation.

OpenComment is also currently tested, I am removing uneeded functionnality (not fully developed or tested), as soon as it work, I will deploy it to http://demo.waltercedric.com. I hope to be able to use it here on my homepage before end of next week...So all Beta tester are welcome (Colin :-))

Click read more to see what has changed in securityimages 4.0.0





Securityimages 4.0.0 release "enhanced Security "

This version is now running with:
  • PHP.ini safe mode OFF 
  • Joomla RG Global Emulation O 
  • PHP.ini register global = Off
I' will also in the future only develop with that PHP settings, so that will mean more securities for all  users and host running my code.

Bugs solved:
artf4021: php safe mode & com_securityimages
artf1411: Save setting button changes if config.securiyimages.php is not writable
artf4989: register_globals Off patch
artf3206: com_contact
artf2777: No text displayed in security Image  

API  changes
Will work only with new release of akcomment, akobook, etc...

securityimages < 4.0.0
in PHP <form>

<?php include ($mosConfig_absolute_path.'/administrator/components/com_securityimages/client.php'); ?>
<?php echo insertSecurityImage("security_refid"); ?>
<?php echo getSecurityImageText("security_try"); ?>
<?php echo getSecurityImageTextHeader(); ?> 
<?php echo getSecurityImageTextHelp(); ?>
<?php echo getSecurityImageField("security_try"); ?> 
 

The code above insert the image, and the text, You page normally submit information to the server for processing. Most of the time, the last 2 lines are inserted in a <form>

in PHP code checking the <form>

include ($mosConfig_absolute_path.'/administrator/components/com_securityimages/server.php');

$checkSecurity = checkSecurityImage($security_refid, $security_try);

if $checkSecurity = true //then the user has entered the right text.



securityimages >= 4.0.0 Introducing a captcha hidden field visibility name
in PHP <form> include($mosConfig_absolute_path.'/administrator/components/com_securityimages/client.php');
$packageName = 'securityimage_newpass';
 echo "<tr><td>".getSecurityImageTextHeader()." *</td><td>".insertSecurityImage($packageName)."<br/>".getSecurityImageTextHelp()."".getSecurityImageField($packageName)."</td></tr>";
in PHP code checking the <form> $securityimage_newpass_refid     = mosGetParam( $_POST, securityimage_newpass_refid', '' );
$securityimage_newpass_try     = mosGetParam( $_POST, 
securityimage_newpass_try', '' );
$securityimage_newpass_reload     = mosGetParam( $_POST, '
securityimage_newpass_reload', '' );         
include_once ($mosConfig_absolute_path.'/administrator/components/com_securityimages/server.php');
$checkSecurity &= checkSecurityImage($securityimage_newpass_refid, $securityimage_newpass_try, $securityimage_newpass_reload);


New!
HNCAPTCHA: now color background is fully configurable








comments powered by Disqus

You might like also

Nasty Bug in SecurityImages 5.1.2
Thanks to Margus Pala, a security Flaw has been reported and corrected in SecurityImages version 5.1.2 and previous The flaw is of moderate level, in register forms, spammers are able to register without solving the Captcha! It affect only SecurityImages 5.x for Joomla! 1.5 SecurityImages 6.x for Joomla! 1.6 is not affected In order to resolve this issue, you don’t have to install any new version of SecurityImages, you must either Update your blog with the right version of the …
2922 Days ago
HOW to make your own patches for securityimages
Just in case I take too much time to deliver a ready to use download, duration 5 minutes, but you need to understand basic php coding Create a temporary directory c:\patch Copy an existing patch distribution, under a new name For example, lets download Joomla_1.5.13-Stable-Full_PackageForSecurityImages5.1.x_v01.01.00.zip into c:\patch\ and copy it to c:\patch\Joomla_1.5.14-Stable-Full_PackageForSecurityImages5.1.x_v01.01.00.zip Download the latest full zip package of Joomla that target the patch (here 1.5.14), so I download Joomla_1.5.14-Stable-Full_Package.zip and save it in the same directory c:\patch\ Now download …
3580 Days ago
Joomla_1.5.13-Stable-Full_PackageForSecurityImages5.1.x_v01.01.00.zip
Only for SecurityImages 5.1.x and Joomla! 1.5.13 Allow login views, login modules, register, lost password, lost user account and contact section to be protected by SecurityImages Are for Joomla! 1.5.13 only and SecurityImages 5.1.x or later 14 files has been altered, mostly views, and com_contact/com_user controller, click on picture below for more details Download file Joomla_1.5.13-Stable-Full_PackageForSecurityImages5.1.x_v01.01.00.zip (33kB) and overwrite file on your server Go to Joomla! control panel and HIT at least SAVE configuration once, this will add a new …
3590 Days ago
Joomla_1.5.12-Stable-Full_PackageForSecurityImages5.1.x_v01.01.00.zip
Only for SecurityImages 5.1.x and Joomla! 1.5.12 Allow login views, login modules, register, lost password, lost user account and contact section to be protected by SecurityImages Are for Joomla! 1.5.12 only and SecurityImages 5.1.x or later 14 files has been altered, mostly views, and com_contact/com_user controller, click on picture below for more details Download file Joomla_1.5.12-Stable-Full_PackageForSecurityImages5.1.x_v01.01.00.zip (33kB) and overwrite file on your server Go to Joomla! control panel and HIT at least SAVE config once, this will add a new …
3612 Days ago
SecurityImages 5.1.2 available
This version should improve installations on some host, where the plugin securityimages.php did not always install properly. The reason behind is that I did add falsely an additional file index.html in plugin.zip. This may lead to permissions issues during installation. SecurityImages 5.1.2 do not contains any other changes, so If you’re happily running SecurityImages 5.1.1, no need to upgrade! Download Details …
3612 Days ago
Joomla_1.5.11-Stable-Full_PackageForSecurityImages5.1.1.zip
The Joomla! community is pleased to announce the immediate availability of Joomla! 1.5.11 Since Joomla 1.5.11 is released...Here are the new patches for SecurityImages 5.1.1 AND Joomla! 1.5.11 Allow login views, login modules, register, lost password, lost user account and contact section to be protected by SecurityImages Are for Joomla! 1.5.11 only and SecurityImages 5.1.0 or later 14 files has been altered, mostly views, and com_contact/com_user controller, click on picture below for more details Download file Joomla_1.5.11-Stable-Full_PackageForSecurityImages5.1.0_v01.01.00.zip (33kB) and overwrite …
3643 Days ago
Joomla_1.5.10-Stable-Full_PackageForSecurityImages5.1.1.zip
The Joomla! community is pleased to announce the immediate availability of Joomla! 1.5.10 Since Joomla 1.5.10 is released...Here are the new patches for SecurityImages 5.1.1 Allow login views, login modules, register, lost password, lost user account and contact section to be protected by SecurityImages Are for Joomla! 1.5.10 only and SecurityImages 5.1.0 or later 14 files has been altered, mostly views, and com_contact/com_user controller, click on picture below for more details Download file Joomla_1.5.10-Stable-Full_PackageForSecurityImages5.1.0_v01.01.00.zip (33kB) and overwrite file on your …
3710 Days ago
SecurityImages 5.2.0 in active development
Following the Preview of SecurityImages 5.2.0, I am currently developing a proof of concept using the Ajax library JQUERY  jQuery is a fast and concise JavaScript Library that simplifies HTML document traversing, event handling, animating, and Ajax interactions for rapid web development. jQuery is designed to change the way that you write JavaScript. I want to allow generated captcha to be checked asynchronously without needing submit of whole page. This is a major complain since the beginning of SecurityImages, as …
3756 Days ago
New patches for Joomla 1.5.9 and Joomla 1.5.8
Some people have reported issue in the forum I've found the error in my code in some views but not all:      img src="/<?php echo JURI :: root() ?>/index.php? as a result, there is in image URL a double / which cause issues on some web host (no image displayed) I now provide a new patches versions for Joomla! 1.5.8 and 1.5.9 that can be downloaded: Joomla! 1.5 patches 1.5.9 (stable / 2009-01-19)  Download Joomla! 1.5 patches 1.5.8 (stable / …
3778 Days ago
Joomla_1.5.9-Stable-Full_PackageForSecurityImages5.1.0.zip
The Joomla! community is pleased to announce the immediate availability of Joomla! 1.5.9 Since Joomla 1.5.9 is released...Here are the new patches for SecurityImages 5.1.0 Allow login views, login modules, register, lost password, lost user account and contact section to be protected by SecurityImages Are for Joomla! 1.5.9 only and SecurityImages 5.1.0 or later 14 files has been altered, mostly views, and com_contact/com_user controller, click on picture below for more details Download file Joomla_1.5.9-Stable-Full_PackageForSecurityImages5.1.0_v01.00.00.zip (33kB) and overwrite file on your …
3785 Days ago