Support

submit a bug report if you need technical support or have questions.

Documentation

Visit the Wiki extensive and up to date documentation at your fingertips.

Contact Me

Missing images/links, any comments, suggestions, need help? Contact me

SecurityImages 5.X is only running with Joomla! 1.5 and the redesign of API has introduced some incompatibilities.
Developers/Hackers/Individuals who want to use the latest version of SecurityImages may want to read the
following. Basic PHP knowledge  is recommended.

joomla_1.5

Architecture

SecurityImages 4.0.X

  • Only work with Joomla! 1.0.X
  • Provide 2 files that 3rd party code must include:
  • client.php in order to quickly create a captcha and the input box
  • server.php in order to validate user entries and check correctness
  • Everything is packed in one component.
  • Patches for common 3rd party tool are included in code so it ca be referenced by external extensions :
    akobook, akocomment, joomla to name a few.
  • You have to overwrite Joomla! files to add protection of form for login, register, lost password, contact

SecurityImages 5.0.X

  • Only work with Joomla! 1.5.X
  • Use the event handling mechanism of Joomla! 1.5 to  create captcha and check correctness
  • You'll have to install a system content plugin and a component,
  • it do not contains any patches anymore
  • You have to overwrite Joomla! files to add protection of form for login, register, lost password, contact

Main differences in securityImages 5.X

  1. There is no client.php and server.php file anymore
  2. API are a lot simpler, and dependency are reduced (no PHP code to include) as it use events.
  3. More object oriented
  4. Image creation is done inside the Joomla! framework while in 4.0.X it was done without any Joomla!
    framework support.

 

with SecurityImages 4.0.X


In your PHP code displaying the form, can be a Pat template or a html code

1. Include my library in page scope

if (file_exist($mosConfig_absolute_path.'/administrator/components/com_securityimages/client.php')) {
<?php include ($mosConfig_absolute_path.'/administrator/components/com_securityimages/client.php'); ?>
}
$packageName = 'securityChooseUniqueKeyName';
 
2. At the position where You want the Captcha image to be inserted 
 
<?php echo insertSecurityImage($packageName); ?>

3. This insert the help text and the input box where the user will have to enter his text
<?php echo getSecurityImageText($packageName); ?>

Line at point 3. can be, in some case, depending how much space You have in the presentation HTML layer, replace with
 //will be replace at runtime, depending on user locale 
//with "Please Enter what You see:" 
<?php echo getSecurityImageTextHeader(); ?> 
 
//will be replace at run time, depending on user locale with 
//"If You do not see ...Hit reload" 
<?php echo getSecurityImageTextHelp(); ?>  
 
//will be replace at run time with the input box
<?php echo getSecurityImageField($packageName); ?>  

The code above insert the image, and the text, You page normally submit information to the server for processing. Most of the time, the last 2 lines are inserted in a <form> </form> HTML tags

In the server code where you process the data...
Few lines are required...

if (file_exist($mosConfig_absolute_path.'/administrator/components/com_securityimages/server.php')) {
include ($mosConfig_absolute_path.'/administrator/components/com_securityimages/server.php');
}
$packageName = 'securityChooseUniqueKeyName';
$security_refid  = mosGetParam( $_POST, $packageName.'_refid', '' );
$security_try      = mosGetParam( $_POST, $packageName.'_try', '' );
$security_reload = mosGetParam( $_POST, $packageName.'_reload', '' );
$checkSecurity = checkSecurityImage($security_refid, $security_try);


If the has entered the right text then $checkSecurity = true

 


with SecurityImages 5.0.X   joomla_1.5

Due to the Joomla! 1.5 object model, you have basically 2 options:

  1. If your component has been made for running natively and follow Joomla! 1.5 best practices and
    recommendations..you' did probably use a real MVC paradigm in the front end part (N views,
    M models and one controller), go to point A
  2. If your component has been made for running natively or in legacy mode and do not use a MVC pattern
    (HTML code embedded in PHP code, or you use pat templates), go to point B

Point A, MVC approach joomla_1.5

Lets take the contact section of Joomla! 1.5 as  an example.

It is always recommended to use a switch in all your component to activate deactivate SecurityImages per
components  through the administrator control panel.

This is done by adding to administrator/components/com_contact/contact_items.xml the following code:

<param 
   name="useSecurityImages" type="radio" default="1" 
   label="Use SecurityImage Captcha"
   description="Enable Captcha verification">   
         <option value="0">No</option>
          <option value="1">Yes</option>
</param>

Joomla will read this xml file on the fly  and build the graphical user interface for the contact settings.

Since Joomla! 1.5 now use a Model View Controller paradigm, we have to alter the controller, and add a new Task displaySecurityImagesCaptcha()in  components/com_contact/controller.php:

function displaySecurityImagesCaptcha() {  
        global $mainframe;  
        //Per contact you can define if the user has to resolve the capctha  
$contactId = JRequest::getVar('contact_id', 0, '', 'int');  
// load the contact details  
$model    = &$this->getModel('contact');  
$qOptions['id'] = $contactId;  
$contact        = $model->getContact( $qOptions );  
$params = new JParameter( $contact->params );  
        if ($params->get('useSecurityImages')) {      
            $check = null;  
            $mainframe->triggerEvent('onSecurityImagesDisplay', array($check));  
            if (!$check) {  
                echo "<br/>Erreur affichage du Captcha<br/>";  
            }  
        }  
    } 

As you can see, the event "onSecurityImagesDisplay" is triggered on a per contact name basis.
That mean that some contact can have a Captcha while other have not.  You are free to define
your own activation rules in the controller method.
The next step is to add the task checkSecurityImagesCaptcha() checking the captcha in the
components/com_contact/controller.php

function checkSecurityImagesCaptcha() {  
        global $mainframe;  
$contactId = JRequest::getVar('id', 0, '', 'int');  
// load the contact details  
$model    = &$this->getModel('contact');  
$qOptions['id'] = $contactId;  
$contact        = $model->getContact( $qOptions );  
$params = new JParameter( $contact->params );  
        //check if that user has a capctha  
if (!$params->get('useSecurityImages')) {   
            return true;  
        }  
$return = false;  
$securityImagesJoomlaContactUserTry = JRequest::getVar('securityImagesJoomlaContactUserTry', false, '', 'CMD');  
$mainframe->triggerEvent('onSecurityImagesCheck', array($securityImagesJoomlaContactUserTry &$return)); 
        return $return;
    }  

One more step is to alter the original submit() method of the controller in components/com_contact/controller.php

global $mainframe;  
if (!$this->checkSecurityImagesCaptcha()) { 
JError::raiseWarning("999","Invalid Captcha Code"); 
$this->display(); 
            return false; 
 }  

And finally altering the view /com_contact/views/contact/tmpl/default_form.php
to display the Captcha field

<?php if ($this->params->get('useSecurityImages')) { ?>
<img src="/index.php?option=com_contact&task=displaySecurityImagesCaptcha&contact_id=<?php echo $this->contact->id; ?>">  
<br />  
<input type="text" name="securityImagesJoomlaContactUserTry" />  
<br />  
<?php } ?> 

Point B, Legacy approachjoomla_1.5


In your PHP code displaying the form, can be a Pat template or a html code

if you want to display the captcha define in administrator panel

<img src="/index.php?option=com_securityimages&task=displaySecurityImagesCaptcha?>">  
<br />  
<input type="text" name="securityImagesmy3rdpartyExtensions" />  

If you want to use a particular implementation different than the one define in administrator panel, useful where you know that you want to use a smaller/bigger captcha than usual

<img src="/index.php?option=com_securityimages&task=displayCaptchaByPlugin&plugin=hncaptcha&version=1.0?>">  
<br />  
<input type="text" name="securityImagesmy3rdpartyExtensions" />  
 
To check user entry with the captcha define in administrator panel
$check = null;$userEntry = JRequest::getVar('userEntry', false, '', 'CMD'); 
$mainframe->triggerEvent('onSecurityImagesCheck', array($userEntry, $check));
 
if $check ==  true then user has solved the captcha
 
To check user entry with the captcha against a particular plugin implementation
 
$check = null;$check = null;
$userEntry = JRequest::getVar('userEntry', false, '', 'CMD'); 
$mainframe->triggerEvent('onSecurityImagesCheckByPlugin', array('hncaptcha', '1.0', $userEntry, $check)); 

 

 

 Post your questions in the forums or enhance the WIKI with your finding. I will start to maintain more and more the WIKI and put
good documentation there.

comments powered by Disqus

You might like also

Nasty Bug in SecurityImages 5.1.2
Thanks to Margus Pala, a security Flaw has been reported and corrected in SecurityImages version 5.1.2 and previous The flaw is of moderate level, in register forms, spammers are able to register without solving the Captcha! It affect only SecurityImages 5.x for Joomla! 1.5 SecurityImages 6.x for Joomla! 1.6 is not affected In order to resolve this issue, you don’t have to install any new version of SecurityImages, you must either Update your blog with the right version of the …
2800 Days ago
HOW to make your own patches for securityimages
Just in case I take too much time to deliver a ready to use download, duration 5 minutes, but you need to understand basic php coding Create a temporary directory c:\patch Copy an existing patch distribution, under a new name For example, lets download Joomla_1.5.13-Stable-Full_PackageForSecurityImages5.1.x_v01.01.00.zip into c:\patch\ and copy it to c:\patch\Joomla_1.5.14-Stable-Full_PackageForSecurityImages5.1.x_v01.01.00.zip Download the latest full zip package of Joomla that target the patch (here 1.5.14), so I download Joomla_1.5.14-Stable-Full_Package.zip and save it in the same directory c:\patch\ Now download …
3458 Days ago
Joomla_1.5.13-Stable-Full_PackageForSecurityImages5.1.x_v01.01.00.zip
Only for SecurityImages 5.1.x and Joomla! 1.5.13 Allow login views, login modules, register, lost password, lost user account and contact section to be protected by SecurityImages Are for Joomla! 1.5.13 only and SecurityImages 5.1.x or later 14 files has been altered, mostly views, and com_contact/com_user controller, click on picture below for more details Download file Joomla_1.5.13-Stable-Full_PackageForSecurityImages5.1.x_v01.01.00.zip (33kB) and overwrite file on your server Go to Joomla! control panel and HIT at least SAVE configuration once, this will add a new …
3468 Days ago
Joomla_1.5.12-Stable-Full_PackageForSecurityImages5.1.x_v01.01.00.zip
Only for SecurityImages 5.1.x and Joomla! 1.5.12 Allow login views, login modules, register, lost password, lost user account and contact section to be protected by SecurityImages Are for Joomla! 1.5.12 only and SecurityImages 5.1.x or later 14 files has been altered, mostly views, and com_contact/com_user controller, click on picture below for more details Download file Joomla_1.5.12-Stable-Full_PackageForSecurityImages5.1.x_v01.01.00.zip (33kB) and overwrite file on your server Go to Joomla! control panel and HIT at least SAVE config once, this will add a new …
3490 Days ago
SecurityImages 5.1.2 available
This version should improve installations on some host, where the plugin securityimages.php did not always install properly. The reason behind is that I did add falsely an additional file index.html in plugin.zip. This may lead to permissions issues during installation. SecurityImages 5.1.2 do not contains any other changes, so If you’re happily running SecurityImages 5.1.1, no need to upgrade! Download Details …
3490 Days ago
Joomla_1.5.11-Stable-Full_PackageForSecurityImages5.1.1.zip
The Joomla! community is pleased to announce the immediate availability of Joomla! 1.5.11 Since Joomla 1.5.11 is released...Here are the new patches for SecurityImages 5.1.1 AND Joomla! 1.5.11 Allow login views, login modules, register, lost password, lost user account and contact section to be protected by SecurityImages Are for Joomla! 1.5.11 only and SecurityImages 5.1.0 or later 14 files has been altered, mostly views, and com_contact/com_user controller, click on picture below for more details Download file Joomla_1.5.11-Stable-Full_PackageForSecurityImages5.1.0_v01.01.00.zip (33kB) and overwrite …
3521 Days ago
Joomla_1.5.10-Stable-Full_PackageForSecurityImages5.1.1.zip
The Joomla! community is pleased to announce the immediate availability of Joomla! 1.5.10 Since Joomla 1.5.10 is released...Here are the new patches for SecurityImages 5.1.1 Allow login views, login modules, register, lost password, lost user account and contact section to be protected by SecurityImages Are for Joomla! 1.5.10 only and SecurityImages 5.1.0 or later 14 files has been altered, mostly views, and com_contact/com_user controller, click on picture below for more details Download file Joomla_1.5.10-Stable-Full_PackageForSecurityImages5.1.0_v01.01.00.zip (33kB) and overwrite file on your …
3588 Days ago
SecurityImages 5.2.0 in active development
Following the Preview of SecurityImages 5.2.0, I am currently developing a proof of concept using the Ajax library JQUERY  jQuery is a fast and concise JavaScript Library that simplifies HTML document traversing, event handling, animating, and Ajax interactions for rapid web development. jQuery is designed to change the way that you write JavaScript. I want to allow generated captcha to be checked asynchronously without needing submit of whole page. This is a major complain since the beginning of SecurityImages, as …
3634 Days ago
New patches for Joomla 1.5.9 and Joomla 1.5.8
Some people have reported issue in the forum I've found the error in my code in some views but not all:      img src="/<?php echo JURI :: root() ?>/index.php? as a result, there is in image URL a double / which cause issues on some web host (no image displayed) I now provide a new patches versions for Joomla! 1.5.8 and 1.5.9 that can be downloaded: Joomla! 1.5 patches 1.5.9 (stable / 2009-01-19)  Download Joomla! 1.5 patches 1.5.8 (stable / …
3656 Days ago
Joomla_1.5.9-Stable-Full_PackageForSecurityImages5.1.0.zip
The Joomla! community is pleased to announce the immediate availability of Joomla! 1.5.9 Since Joomla 1.5.9 is released...Here are the new patches for SecurityImages 5.1.0 Allow login views, login modules, register, lost password, lost user account and contact section to be protected by SecurityImages Are for Joomla! 1.5.9 only and SecurityImages 5.1.0 or later 14 files has been altered, mostly views, and com_contact/com_user controller, click on picture below for more details Download file Joomla_1.5.9-Stable-Full_PackageForSecurityImages5.1.0_v01.00.00.zip (33kB) and overwrite file on your …
3663 Days ago