I always dislike doing this (changing core file of Joomla!) but here they ARE...

If any core developer of Joomla! read this, can't we look together to have more event hook (in views, more in controller) in Joomla! core?

Patches:

  • Allow login views, login modules, register, lost password, lost user account and contact section to be protected by SecurityImages
  • Are for Joomla! 1.5.1 only and SecurityImages 5.0.0Beta2
  • 14 files has been altered, mostly views, and com_contact/com_user controller, click on picture below for more details
    patches.altered.files
  • Download file Joomla_1.5.1-Stable-Full_PackageForSecurityImages5.0.0.zip (33kB) and overwrite file on your server

Report all bugs in the forums in the new section

Below are some screen shots of the BETA2 in Joomla! 1.5 in action

 

User operations

confirm.your.account

forgot.your.password

 

forgot.your.username

To switch these patches ON/Off, go to the Global Configuration page as seen in the screen shot below

 

global,configuration

 

You want to customize the error message? then edit the file language\en-GB\en-GB.com_user.ini and change the key

SECURITYIMAGES REJECT USER ENTRY=Invalid Captcha word, Please enter the correct value you see in picture

SECURITYIMAGES LABEL=Anti-spamming protection:

Contact section

On a per user/contact basis, a new switch is available:

contact.settings.securityimages.5.0

Result:

contact.sections

 

Login area

 

Customize labels, keys are in language\en-GB\en-GB.mod_login.ini

 

login.joomla

and in module

mod.login

Administrator area

Patches for administrator area are missing because the plugin SecurityImages in front end start a session that is different from the backend. I will for sure find a way to get around it. In between I recommend You to use htaccess login to enhance admin login protection and reduce brute force attacks.