opencomment

  • I took the time to work 3 hours on OpenComment, and I made some impressive progress...
    • I am able to understand xajax development and error messages faster now
    • Nearly all basic functions are AJAX enable: rating, admin function, publishing, sorting, filtering etc...
    • I have start to refactore the code and clean out dead and bad code,
    • I am able to use some basic Joomla library (while not being in a Joomla session).
    And in order to thank You all for Your patience, I have create a FLASH movie with WINK

    Wink is a Tutorial and Presentation creation software, primarily aimed at creating tutorials on how to use software (like a tutor for MS-Word/Excel etc). Using Wink you can capture screenshots, add explanations boxes, buttons, titles etc and generate a highly effective tutorial for your users.

    Carbon Viewlet being too expensive: 200$ right now for my usage but if someone has a licence to offer me ;-)

    The video is  here GO for OpenComment video  (a little bit rough for 300kB, but the WOW effect should be here)

    • All operation are done WITHOUT reloading the whole page,
    • This thing is lightning fast
    • The AJAX library has reduce the code of at least 30% (no more form, no submit, no code to compute redirect url etc...)
    BUT
    • Dont ask for a release date, it will be ready when it is ready!
    • Adding security and reviewing code has to be done, I dont want to let hackers missuse the system.
    • The PHP code is commited to Joomla forge,
    • The PHP code is right now still joomla 1.0.9 compatible, I think I need less than a day to migrate code to Joomla 1.5 API
    • No installer or complete admin panel (70%) right now, will be done at the end.
    • Contact me if You want to help.
    more news soon....ENJOY

  • Please Note:
    • Opencomment Betado not migrate previous akocomment entries, it use its own mysql tables. But he final version will.
    • Do not use in production, it shall not break anything but we never know ;-)
    • Opencomment Beta do not require captcha (com_SecurityImages) [www.captcha.net], since it use a derivative of com_Hashcash [www.hashcash.org]. Robots or Bots can't submit entries wihtout parsing the form and sending at each request a valid serverTicket and articleTicket. Both have timeout and are encrypted to avoid replaying attacks. If somehow it wont be enough, I am currently polishing the integration of  com_SecurityImages and may also release com_askimet[Askimet]

    Install:
    You need to install the component com_opencomment3.0.0beta.zip AND mos_opencomment3.0.0beta.zip. You can download them OpenComment Installation, all beta version will be available there. based on your finding, I will increase the patch number: 3.0.1, 3.0.2 and so on...

    Bugs & change requests:
    Please report them in the forums: OpenComment Bugtracker and Feature Requests

    Know Bugs:
    • Not all translations are  done, a lot of fix texts are still in  code.
  • You can see here the state of com_opencomment cvs HEAD after a coding marathon...

    Dont be so enthousiast, there is some nasty bugs in it...and not all functionalities are in place (email, rating) but the opencommentbot is more than finished...

    The feature show/hide a la Phil Taylor (many request) is working but do not forget that it use a trick: it only change wih javascript the visibility of a DIV element -> the user is still loading all comments and the page is still as heavy as before, the only win is that the user do not get disturb by the number of comments...

    Concerning existing comments, no worry, I will provide during the install scripts to rename, alter the akocomment tables.

    New functionnalities are what You see in the picture +
    //below are settings with still no panel entries
    $opencomment_allowcommenttracking = "1";
    $opencomment_allowrevisiontracking = "0";
    $opencomment_textAreaSize = "8";
    $opencomment_textAreaWidth = "75%";
    //0 beside textarea
    //1 below toolbar
    //2 below textarea
    $opencomment_smiley_position = "0";
    $opencomment_smiley_perLine = "3";
    //mail sent to user as html or txt?
    $opencomment_templateAs = "html";

    //show unhide link in each comment footer
    $opencomment_commentRating = "1";
    $opencomment_commentPermalink = "1";
    $opencomment_commentDisplayRate = "1";
    $opencomment_commentEmailIt = "1";

    Code is in CVS, any help or support as always is appreciated ;-)


  • You can play with OpenComment 3.0.0alpha on
    demo.waltercedric.com

    The code wont be release now, mainly because:
    • I am still hardening code,
    • Admin panel is not finished, maybe it will also use AJAX
    • Installation scripts are not up to date,
    • SecurityImage not working: I am still working on the plugin system.
    • Migration scripts are not ready (existing but not wrapped in a PHP friendly page)
    I did not deploy OpenComment manually to stress You all, but more to show what the status is. I will put the latest code there each week.

    How can You speed up this release?
    By providing help with your feedback, testing, coding....

  • I've receive a great logo submission for opencomment from Takster:

    Also available in gallery, do not forget to vote :-)
  • Click on the mindmap to see how OpenComment development is running...the latest OpenComment beta1 will be put on demo.waltercedric.com soon

  • The component OpenComment is under heavy testing, a big thanks to all users posting bugs report in the Bug tracker Forums
    • NEW: Search function in query control panel
    • BUG: Found latest error in installer file
    • BUG:No more <?starting tag but <?php    was revealed by users using PHP5 and Magic_Quote = OFF in PHP.ini
    • BUG:Solve small bugs in administrator panel.
    • NEW: A new settings:  Users Posting History, how long a user can not submit a new comment in the same article This do not let user press submit more than once. Default is 10 minutes. Algorithm is based on a new table opencomment_postinghistorywhich store ip, referrer, article id
    • NEW: No more using the PHP mail API but the Joomla! mosMail(), this solve also the bug  HTML feedback sent as text.
    • BUG:Internet Explorer layout no more disturb by missing columns.
    • BUG:Comment footer is looking better.
    • PENDING: Encoding problem, problem occurring in IE under some conditions, not in FIREFOX. Since AJAX do not access to Joomla APIs, I've put an encoding selector in the administrator panel (utf-8 or iso-8859-1)
    • PENDING: Add  a mode feedback, telling the user if he is replying or submitting a new comment.
    • PENDING: putting presentation layer in PatTemplate file (Priority 2 but needed for speeding output as code is a mess and doing too much string concatenations)
    You can download the latest version at the forge or on my site.

    Note: I have some problem with the server: 44 000 visitor in 8 days, 200.000 hits a days, Apache is eating the CPU at breakfast (load goes up to 97%, and is steady at 11%, recommended is < 1.00%). While I am sure that the problem is software related, I have temporary switch OpenComment and the demo site off. This has not reduce the load. So the problem is elsewhere.
  • A minor release because a lot of thing need to be done behind the scene....
    • NEW: AJAX Encoding  can be freely defined by user. This is a temporary solution, ideally it must be read from Joomla Language file.
    • BUG: the "write comment only visible for first article" is solved.
    • BUG: fully translated Administrator panel and localized in English.php. File now contains 370 keys
    Soon:
    • PENDING prio1: Ajax problem still persist that it did not work with Jim IM and whosonlineext modules.it will be soon  mandatory to install and publish a Mambot before using OpenComment. Ive tried to use it,  but it does not currently work. The encoding problem should solve itself, because the mambot will use your Joomla! encoding.
    • PENDING prio2: Add  a mode feedback, telling the user if he is replying or submitting a new comment.
    • PENDINGprio1putting presentation layer in PatTemplate file (Priority 2 but needed for speeding output as code is a mess and doing too much string concatenations)
    Download at Joomla developer forge or in my download section.
     
  • The list of corrections...
    • NEW: full german translation courtesy of Joern Gerken successwiki.com
    • BUG:can not update value of  opencomment_cleanupPostingUsersHistoryfromDatabaseAfter (default was 10 minute)
    • BUG: \r\n and/or \n (Newline) were not translated into <br />
    • BUG:The openComment menu shows an entry called "editOpencommentCSS", which does the same as "Edit newpost feedback template".
    • OPEN:  Warning: mysql_errno(): supplied argument is not a valid MySQL-Link resource
      I can not reproduce it on XAMPP 1.5.4a  ( Apache 2.2.3 - MySQL 5.0.24a - PHP 5.1.6 & PHP 4.4.4 ) with following PHP settings:
      safe_mode = On
      register_globals = Off
      and Joomla!  define( 'RG_EMULATION', 0 );   (from globals.php)
    All future release will be tested in XAMPP 1.5.4a.

     Download at Joomla developer forge or in my download section.
  • The code is getting better at each release...but may have encounter some regressions. So Your feedback is welcomed
    • NEW: use the project xajax-joomla.org which let you run multiple XAJAX modules or components  (1)
    • BUG: encoding problem should be defacto solve as XAJAX now use Joomla encoding 
    • NEW: Version able to run on hardened PHP server: Register globall OFF (php.ini) + SAFE_MODE On (php.ini) + RG_EMULATION = 0 (Joomla globals.php). Should solve different issues like "You are trying to hack me"
    • BUG: User homepage was not saved or displayed
    • NEW: Better CSS support  (see OpenCommentUpdaterA)
    • NEW: code refactored and enhance compatibility during sanitization of inputs (mysql_real_escape_string was not existing on all host) see OpenCommentSanitizer
    • BUG: minor translations problem.
    • NEW: german translations credits
    Note: You MUST install the Mambot mambot_xajax4joomla.plugin.zip and activate it prior the installation of OpenComment. That may still disturb others components which prefer to include XAJAX by themselves...
    Next version (3.0.21) will have
    • Correct all new bugs
    • Administration functions (delete then edit)
    • Report abuse button
    Security Images 4.0.0will follow hopefully tommorrow evening.
  •  3.0.21
    • NEW: Hungarian translations
    • BUG:Small bug during settings save, the key opencomment_cleanupPostingUsersHistoryfromDatabaseAfter was set to blank
    • NEW: new admin menu entry: View last posting, it show the content of table which contains last comments entries, OpenComment use it internally for avoiding users to post more than one in the allowed interval You have set.
    • BUG: (regression) Admin menu entry: akocomment migration was no more working
    • BUG:on some Joomla! install including mine ;-) wenn a mambot for replacing BBCODE (mos_smilies) were active, the javascript code javascript:openCommentNewEntry(... was replaced by :-)penCommentNewEntry(...
    And now test this release, You can propose me some new features, ideas, translations. But I need a PHP break...I need to do some sport to relax.
  • It will be a huge patch release this time. Let me first start with the new features list...
    • NEW:Search contains the word "search" now as default.
    • NEW:Following rules apply now to the form field "Name":
      If a user is logged in, he can not change his name
      If a guest is around, he can change his name only if the admin settings "name field: No Yes Is the field name read only?" is set to NO
    • NEW: Avoid logged in user to rate up and down his own comments (he will never be able to rate them). But logged in user can rate his comments as guest!
    • NEW: Auto moderation function: this do not auto publish automatically comments based on external conditions.
      done: check if one url is in comment or title
      future: check if comment contains at least one or more bad words.
    • NEW:  Use a lot of new CSS tags.
    • NEW:Replying to an existing comment also now Quote automatically the text, not only the title.
    And the never ending list of bugs corrected...
    • BUG: Edit comment CSS file was no more available...
    • BUG: Administrator notification was always disabled during save of configuration settings.
    • BUG:if "allow anonymous entry" then comment form is visible. If "allow anonymous entry" = false then only logged in user see the comment form
    • BUG: Comment header missing space
    • BUG: "Additionally the title seems mandatory, but if you don't put title you are not able to
      submit again the message since it says "you already posted a comment"..."
      1. The anti posting measure can now be switch off
      2. anti posting check is now done after form input validations.
    • BUG: Replying to a comment with special characters in the title was not working, tested in Firefox and IE
    • BUG:Back end: Settings/InputForm/name field = Yes. BUT... name field in comment input form is still editable.
    Translations, new keys are in each language file.
    • Dear translations team, Ive duplicated new English keys in other files. (Hungarian, german)
    Anti Spamming measures
    OpenComment do not need Captcha (com_securityimages component) or Hashcash (com_Hashcash). And this because OpenComment use internally a sort of HASHCASH. This should be more than enough against spammers, If it ever failed, I will switch Captcha on in less than a day. I simply do not want to force users resolving  a Captcha when I can propose something different.

    Here also a freemind mindmap with what should be in that release.



    Concerning the development, I must also says, that it is not a long term objective for me to try to make OpenComment a commercial grade application, at least not alone ;-). If You want a more complex/easy to use commenting system, maybe You'll have to look at OpenWordpress or any equivalent.
     
  • This new version is now able to
    • Paging algorithm using a navigation bar a la www.digg.com (I've took a part of their cascading style sheet)




    This version has now a  nearly feature complete "query panel", where only a "search option" may  needed.



    The whole system being powered by Ajax, so the response time and load on server is optimal. See the  ScreenCast demo (Flash file created with WINK)(soon) or
    experience it liveat demo.waltercedric.com 

    I've created 15 dummy  comments on the first article, so You can play with the paging and filtering panel.

    I am pretty satisfied with the speed at which I can add new features, it seems that the software architecture is not that bad, even if I am forced to do refactoring by hand. The biggest issues for the future, is the presentation code (HTML tags) which are mixed in the code. (spaghetti anti pattern). I think its time to learn how to use PatTemplate.

    Your ideas are always welcomed: use the forum forums.waltercedric.com or contact me.

    Release date
    END OF WEEK!!!! 

  • This is an alpha release!
    • It do not migrate akocomment post,
    • The admin panel is not fully functionnal. 
    Please post you feedback at http://forums.waltercedric.com

    I know that there is some bugs in it. But your feedback is always welcomed.

    DO NOT USE ON PRODUCTION SITE!

    Download at Joomla Forge or in my download Section
     


  • I've update the demosite with
    • The latest Joomla! 1.0.11 and 
    • OpenComment 3.0.0beta (release 4).

    You can now head to demo.waltercedric.com and log to the admin panel with admin/admin

    The Site is renewed every hours to always improve your testing experience and limit vandal actions...

    Update: the next beta will have threaded comment list support!
     
  • OpenComment will be hopefully the commenting system for Joomla all of You are waiting for....

    CVS

    The freezed version in CVS v03_00_00 is the latest or best code tailored for Joomla 1.0.X, this version has been frozen because I want to concentrate on Joomla 1.5.X, and this after Marko Schmuck, a core developer of Joomla has get in touch with me.
    The CVS Head now contains a Joomla 1.5.X code! it wont run in Joomla 1.0.8
    While I understand a lot of people around there do not want to move to 1.5 so fast (including me, too much content on my site). I can no defend that position. As soon as 1.5 is stable We will see a lot of attack for 1.0.X and it is better to always run the latest code... the new version is also a more Object Oriented and clean.
    So You are free to create a CVS branch on v03_00_00...but try also to keep in mind that code must be also backported to CVS HEAD...
    In clear text: the CVS head you may checkout IS FOR Joomla 1.1alpha2 (soon joomla 1.5)

    SQL

    I have committed 2 minutes ago....

    • Sql script to create and feed additionnal opencomment tables. 
    • It allow You, as a developer, to install com_opencomment even without having a final XML installer
    • It also fill the database with some sample data.
    • At the end, these file can be use to create the installer in PHP

    I am working, with a database mosdev, and table are prefixed with mosdev_
    This is not an issue using an installer because Joomla/Mambo can use tablename from configuration.php
    Simply change content of all files to meet your database naming convention

    1. use right DB name 
    2. right prefix tablename
      and execute all scripts...
  • OpenComment is not DEAD

    I will be reading some sources
    during the week seeking for bugs and new functionalities you are requesting. So this is your chance! Keep cool, and be descriptive  ;-)
  •  A good component need also a new logo,  You can look at some submission in my Gallery HERE

    You want to submit one
    • Different size 78x78pix for small insertion, a 16x16 for inserting instead of "powered by opencomment 3.0.0", and a bigger one for the "About section" 170x170pix more or less
    • Preferred background is white,
    • In Any format: PNG, GIF, SVG, attention JPG is a loss compression, recommended is using vector graphics (InkScape, SVG capable editor, powerpoint) so scaling isn't an issue
    • Can be black and white or in colors
    Please end me all your draft HERE and I will publish them in my Gallery HERE

    You want to participate to the Poll
    If You like one logo more than the other then VOTE!  You can also critized but be constructive....the highest ranking logo will be chosen ;-)
  • What's new wth opencomment today? I work hard to bring some new functionnalities:

    • A new Admin tab: spammers which regroup all antispammer plugins,
    • Auto discovery of smilies pack is working, with a check to see if it is correctly install
    • Translations are nearly done, more than 90%
    • A new field in form, user can now enter his homepage
    • Bad news for all of You: com_opencomment require now com_log4php prior to installation. Sorry But I really need a logging fw since my debugger is still not functionnal.
    • New automoderation Admin tab: this idea come to my mind today when I discover 3 spams attempt on my homepage. Someone has enter manually the captcha. In order to F.. all spammer, you can now decide to moderate automatically or delete any comment that contains an URL in title or text.
    • I start looking at Askimet, a webservice to tell if a comment is spam.
    • Refactoring as usual, trying to bring size of code down to a manageable level. Note: I would have been 10 times faster with java, sic....
    • Prefilling values back if user enter something wrong in the form (like wrong captcha text...)
    • A module: mod_opencommentLatest has been also developed
    • Securities check

    Look in the gallery for the new pictures, code is in Joomla Forge CVS

  • XAJAX team has release a new version of its library for PHP and ajax: XAJAX 0.2.5

    xajax 0.2.5 has been created as a bridging step to xajax v0.5. xajax 0.2.5 aims to be forwards and backwards-compatible with xajax versions, while at the same time providing important security updates that have been lingering around in the xajax codebase for a while
    It's been just over one year since we released our last version of xajax and it was about time we released another version. Work on v0.5 has been going well and we're almost ready for a release, but there were a few things that couldn't wait for the next version. Thats where xajax 0.2.5 steps in. For a start, we're getting things ready for you to move over to the new xajax v0.5 syntax by letting you use easier to use methods to respond to client requests. We've also fixed up a few bugs that have been lingering around and been annoying everyone for some time. Last but not least, we've fixed up a couple of important security vunerabilities.

    I've made a new version of the mambot http://www.xajax-joomla.com/

    Just remove the mambot and install this new version XAJAX System Mambot For Joomla v0.2.zip (look in my download section). I am running also now OpenComment 3.0.30 with the latest version of Xajax
  • I've tried to improve the security of OpenComment, and I want it to present it here, so You can give it  look and have the chance to provide me feedback:

    First I've create an Oracle with is creating highly depending oracleKeys (class OpenCommentSecurities)

    Each oracleKeys  create by the Oracle has the following properties:
    • oracleKeys  returned are always MD5 encrypted
    • oracleKeys  are depending of current date and time, server and user browser agent
    • oracleKeys  can timeout
    Here is the algorithm:
    $key = session_id();
    if(!$key){
         $key = $_SERVER['REMOTE_ADDR'];
     }
    $value = $key .
       $GLOBALS['mosConfig_absolute_path'] .
       $_SERVER['HTTP_USER_AGENT'] .
        date("F j, Y, g a");
     return md5($value);

    Security 1
    All AJAX enable functions will test the oracleKey submitted by the browser, (can timeout!), so nobody should be able to make mass attack on OpenComment across multiple server  All comments will be identified by a hidden field, I name them commentChallengeKeys, they have the following properties:
    • commentChallengeKeys in page are always MD5 encrypted
    • commentChallengeKeys have a common base with the oracle, a oracleKey for each comment
    • commentChallengeKeys are made of the a Universally Unique IDentifier, version 4 (UUID), Yes Ive get rid of the id, the sql key entropy is higher and UUID should never colllide in a reasonable amount of time when You merge data across databases
    Here is the algorithm:
    return md5($oracleKeys.$commentUUID) ;

    Security 2
    All AJAX enable functions will test the oracleKey submitted by the browser AND the commentChallengeKeys, so nobody should be able to replay the same RateUp/Down attack on multiple server.

    Security 3
    All parameters pass to AJAX will be sanitized on the server to avoid XSS attacks   $commentTitle = mysql_real_escape_string(strip_tags($title));

    Open items
    • Avoiding user to Rate comments too often is still not solve...
    • I will welcome any code review or help...
    Nest steps...
    • Migration scripts...
    • Administrator panel has to be brng up to date...
    • Testing, testing...
    • Code reviews...
    Do You see something more? comments are welcomed ;-)
     

  • I am restarting the development of OpenComment, and found  that the existing code wont be practical without using AJAX. That's why I am now integrating AJAX in openComment where it make sense:
    • Comments rating,
    • Comments filtering,
    • Administration function.

    After looking on the market which framework can help me to achieve these goals, I found xajax 0.2.4

    is an open source PHP class library that allows you to easily create powerful, web-based, AJAX applications using HTML, CSS, JavaScript, and PHP. Applications developed with xajax can asynchronously call server-side PHP functions and update content without reloading the page.

    The xajax PHP object generates JavaScript wrapper functions for the PHP functions you want to be able to call asynchronously from your application. When called, these wrapper functions use JavaScript's XMLHttpRequest object to asynchronously communicate with the xajax object on the server which calls the corresponding PHP functions. Upon completion, an xajax XML response is returned from the PHP functions, which xajax passes back to the application. The XML response contains instructions and data that are parsed by xajax's JavaScript message pump and used to update the content of your application.



  • In OpenComment, the next commenting system for Joomla based on akocomment, the following functions are NOW running with AJAX.
    • Rating comments up and down,
    • Deleting comments,
    And soon, filtering operations and even publishing new comments.

    But working in computer science do not also mean: ready for production....because AJAX without taking precautions can be disastrous....This code is facing some strong securities issues I will have to solve:


    • AJAX code is not running in the Joomla sessions! so I have to re implement some low level operations like accessing the database (while already done in Joomla)
    • Who protect comment against replaying rating up attack? I will introduce a public key per article which has to be submitted to the server, and a private key store in the session, which will be destruct after the first operation.
    • How to make sure that the asynchronous operation on a comment is originated from a submitted page of my server?
      -> I will introduce a server challenges keys: a cryptographic fields which is highly depending of the following: server name, URL, time, and random part. This ticket will also have a time stamp in it, if you wait more than, lets say 20 minutes, you won't be able to rate or operate on comment. This is similar with com_hashcash, so nothing really new to me.
    • Avoid that a rating up operation for a comment A get hacked by injecting new parameters for comment B?
      -> Comments will be identified by their UUID (and not a simple ID like in akocomment)
      -> Users would have to know it to make an attack on multiple joomla site at the same time.
    If You see something else or know a similar code or algorithm in the open source world, contact me or post your remarks below.
  • You are all welcome to the project com_opencomment.

    • I will soon set up a new instance of joomla on waltercedric.com with an alpha release of opencomment.
    • Latest status is HERE

    To join development effort
    Please register at joomla forge (www.joomla.org) as a developer (http://forge.joomla.org/sf/sfmain/do/home)
    and ask for joining project here. So you can commit code (CVS), do you know all how to use Eclipse?  and phpeclipse?

    Shall I make a ready to run environment for all of You?



  • I am back online...my notebook crashed last week and was promptly replaced by Hewlett Packard and the new hard disk died one day after being renewed...and as usual, a lot of backup (powerquest v2i protector), but I was not able to restore them, as it seems that my disk was silently dying since weeks , and "check backup afterward for consistency" is not checked as default. I work yesterday 3 hours on securityimages, and test it with a new secure PHP4 installation.

    OpenCommentis also currently tested, I am removing uneeded functionnality (not fully developed or tested), as soon as it work, I will deploy it to http://demo.waltercedric.com. I hope to be able to use it here on my homepage before end of next week...So all Beta tester are welcome (Colin :-))

    Click read more to see what has changed in securityimages 4.0.0





    Securityimages 4.0.0 release "enhanced Security "

    This version is now running with:
    • PHP.ini safe mode OFF 
    • Joomla RG Global Emulation O 
    • PHP.ini register global = Off
    I' will also in the future only develop with that PHP settings, so that will mean more securities for all  users and host running my code.

    Bugs solved:
    artf4021: php safe mode & com_securityimages
    artf1411: Save setting button changes if config.securiyimages.php is not writable
    artf4989: register_globals Off patch
    artf3206: com_contact
    artf2777: No text displayed in security Image  

    API  changes
    Will work only with new release of akcomment, akobook, etc...

    securityimages < 4.0.0
    in PHP <form>

    <?php include ($mosConfig_absolute_path.'/administrator/components/com_securityimages/client.php'); ?>
    <?php echo insertSecurityImage("security_refid"); ?>
    <?php echo getSecurityImageText("security_try"); ?>
    <?php echo getSecurityImageTextHeader(); ?> 
    <?php echo getSecurityImageTextHelp(); ?>
    <?php echo getSecurityImageField("security_try"); ?> 
     

    The code above insert the image, and the text, You page normally submit information to the server for processing. Most of the time, the last 2 lines are inserted in a <form>

    in PHP code checking the <form>

    include ($mosConfig_absolute_path.'/administrator/components/com_securityimages/server.php');

    $checkSecurity = checkSecurityImage($security_refid, $security_try);

    if $checkSecurity = true //then the user has entered the right text.



    securityimages >= 4.0.0 Introducing a captcha hidden field visibility name
    in PHP <form> include($mosConfig_absolute_path.'/administrator/components/com_securityimages/client.php');
    $packageName = 'securityimage_newpass';
     echo "<tr><td>".getSecurityImageTextHeader()." *</td><td>".insertSecurityImage($packageName)."<br/>".getSecurityImageTextHelp()."".getSecurityImageField($packageName)."</td></tr>";
    in PHP code checking the <form> $securityimage_newpass_refid     = mosGetParam( $_POST, securityimage_newpass_refid', '' );
    $securityimage_newpass_try     = mosGetParam( $_POST, 
    securityimage_newpass_try', '' );
    $securityimage_newpass_reload     = mosGetParam( $_POST, '
    securityimage_newpass_reload', '' );         
    include_once ($mosConfig_absolute_path.'/administrator/components/com_securityimages/server.php');
    $checkSecurity &= checkSecurityImage($securityimage_newpass_refid, $securityimage_newpass_try, $securityimage_newpass_reload);


    New!
    HNCAPTCHA: now color background is fully configurable