securityimages


  • Joomla! 1.0.10 is now available at www.joomla.org

    All existing Joomla! users MUST UPGRADE to this version, due to several High Level vulnerabilities that affect ALL Previous versions of Joomla! 

    1.0.10 contains the following important security fixes:

    • 03 High Level Security Fixes
    • 01 Medium Level Security Fixes
    • 05 Low Level security
    • 40+ General bug fixes
    And onebusiness day after (Ive done my homework), I release:

    Joomla 1.0.10 support for SecurityImages
    these files are from the 1.0.10 distributions plus all changes required to support securityimages in

    • com_contact  "The contact Us section"
    • com_login for the login module
    • com_registration  all registration functions
    Please Note:
    1. this is a FTP patch!
    2. There is now way to deactivate securityimages in com_contact (other than deactivating securityimages sitewide) 

    Do yourself a favor use the latest securityimages version 3.0.5 :-)
    Files are available at Joomla forge in file release and or in my download section. 
     
  • New beta version of securityimages 4.2.0 beta

    NEW: Better troubleshooting section with some entries copied from the  forum
    NEW:: A new plugin calculator which propose a simple challenge to user: resolve a simple addition
    NEW: freecap, hncaptcha, calculator are also now creating logs files (success or failed user attempt) in the database.
    NEW: German translation by Tom Eppensteiner http://www.igamt.ch
    NEW: Session code patch submitted by Soeren  for better VirtueMart compatibility (HERE) part of the 4.2.0 version....Note to be able to profit of securityimages in VirtueMart, you'll have to use VirtueMart 1.1. This should also help users trying to protect JoomlaBoard with securityimages.
    BUG: better compatibility with host REGISTER GLOBALS OFF ( SecurityImages 4.0.1 Language Fix)

  • security images
    for Mambo
    can help YOU
    Ever been to a site where you had to register and the registration form required that you type in the same phrase that is found in a hard-to-read image?  Mambo has since now not have this possibility. That's why I created an administration component com_securityimages.

    The component is not release yet but will be tomorrow!!!

    The engine is based on this great article at DevShed, I have only modified it to be more flexible, create an admin panel and extend it for Mambo.

    In order to appreciate my work, by clicking read more You will be able to read the manual...
    A GNU/GPL release ;-)

    Update 15.08.2005: I will release the component soon, I have add today:
    • Localization: french, english and german!
    • The core component com_contact is also now using security images (will be installable only as patch, sorry)
    • A new tab in the admin panel: file logging to keep track of the bad boys posting crap to Your site...
    • AkoComment and AkoBook can now live/be used without hashcash and security images if required (switch on/off) in their admin panel
    • com_securityimages is currently in test, but no big error has been found, I am only adding functionnalities (bad before delivery ;-( )
    • Remarq: I can give You installable component version of all components I've changed, but be careful! only use them if You have a fresh install of mambo (or none of the component involved) or You will loose Your comments or Guestbook entries -> It may be safer to carefully overwrite all file with FTP...



    Security images for Mambo

    Installation

    com_securityimages is a regular Mambo component, You can install it like any other component using the backend admin panel.

    After installation, verify that

    You can access the admin panel...
    By pointing your browser to
    http://youhost/administrator/components/com_securityimages/imageGenerator.php

    You see a security image (HIT reload page or refresh to receive a new one)

    Prerequisite

    NONE, but this component use the GD library (PHP extension), it should be present on your Mambo server.

    Already done

    I already modified akocomment and akobook from Arthur Konze to support security images. You can find the component bundled in the ZIP distribution BUT if You decide to use them....

    • Akocomment require com_hashcash which required com_log4php -> so first intall com_log4php then com_hashcash then com_akocomment (component and mambot)
    • Akobook require com_hashcash which required com_log4php -> so first intall com_log4php then com_hashcash then com_akobook

    Usage (for developer)

    Using this framework is very simple.

    In the page your code send to the user...

    <?php include
    ($mosConfig_absolute_path.'/administrator/components/com_securityimages/client.inc');
    ?>
    <?php echo insertSecurityImage("security_refid" );
    ?>
    <?php echo getSecurityImageText("security_try" );
    ?>

    The code above insert the image, and the text, You page normally submit information to the server for processing. Most of the time using the tag form action

    In the server code where you process the data...

    include $mosConfig_absolute_path.'/administrator/components/com_securityimages/server.inc'); $checkSecurity = checkSecurityImage($security_refid, $security_try);



    if $checkSecurity = true then the user has entered the right text.

    Admin panel Screenshots...

    security images for Mambo is highly configurable

    have fun...

  • I have receive 3 email yesterday asking me how to integrate com_securityimages into the contact section

    just wondering how you have implemented the CAPtcha for this contact us form, i mean the integration of your wonderful component with the com_contact or the joomla/mambo contact us page...

    thanks for the compliments I always appreciate  :-)

    Some remarqs:
    • com_contact is a core component of Mambo/Joomla
    • com_contact has no extension mechanism, no way till today to plug code on the fly -> I must add 8 lines of ly code in a portion of code manually. I am doing this for You, and publish the latest Joomla version at joomlaforge
    • I have never tried to deinstall com_contact, (You can try if you want), and use the installer to install my modified version, I personnally prefer using FTP and overwrite files at the right place...since I am a developer I feel I have more control

    Download: com_contact HERE(choose the right version for You Joomla install) and overwrite file on your server


  • The core component of JOOMLA: com_login and com_registration will soon be able to support my framework com_securityimages, here is a screenshot of an already running code. I've made change in com_securityimages in order to scale the resulting picture (which is in login 75% smaller than in normal case).

    • The code will be check in com_securityimages CVS
    • A binary installer will be release soon (will require com_securityimages1.1.3.zip)
  • Has been released at Joomla Forge, see details here

    It is also rnning on my homepage so it is a pretty stable version ;-) tested against akcomment, akobook, contact

    Securityimages 3.0.0rc2

    • new: Logged in Users No/Yes Switch off the system for logged in users? 
    • new: new plugin HNCapctha which create beautiful captcha  (as seen on my site)
    • new: better localization of installation 
    • new: A system class detector which detect GD library and help users 
    • new: add 3 more fonts 
    • bug: reverse logic for displaying reload, sound button 
    • new start sound support, not active in this release. 
    • new better admin panel with screenshots of possible captcha and securityimage virtual box
    • Refactoring:
      - OO improvments: 8 new classes, DAO, move common setting to general tabs
      - move fonts to root of components/com_securityimages so they can be share among plugins
  • Just in case I take too much time to deliver a ready to use download, duration 5 minutes, but you need to understand basic php coding

    1. Create a temporary directory c:\patch
    2. Copy an existing patch distribution, under a new name
      For example, lets download Joomla_1.5.13-Stable-Full_PackageForSecurityImages5.1.x_v01.01.00.zip into c:\patch\ and copy it to c:\patch\Joomla_1.5.14-Stable-Full_PackageForSecurityImages5.1.x_v01.01.00.zip
    3. Download the latest full zip package of Joomla that target the patch (here 1.5.14), so I download Joomla_1.5.14-Stable-Full_Package.zipand save it in the same directory c:\patch\
      patches.for.securityimages.howto
    4. Now download a free trial copy of Beyond compare from www.scootersoftware.com and install this great application
    5. Select the 2 zip files, and right click “compare”
      patches.for.securityimages.howto.1
    6. Now it is like a game, on the left side, you have you patch that need to be updated with the latest Joomla! core changes, just edit every file present on the left and update line that are new or changed till you are finished. Luckily there is only 14 files to merge
      patches.for.securityimages.howto.2
    7. Test the result in a Joomla test instance.

    I do this for you at each release of Joomla!

  • rockettheme

    Note: I'll do this for you, but you'll have to send me the template per mail first. Since most of the RocketTheme  templates are commercial. I will send it back to you patched.

    Example patching ja_purity_template.zip

    1. Download beyond compare and install (trial 30 days)
    2. Download an existing patches for joomla! for example Joomla_1.5.20-Stable-Full_PackageForSecurityImages5.1.x_v01.02.00

    Select both files

    • Joomla_1.5.18-Stable-Full_PackageForSecurityImages5.1.x_v01.02.00
    • ja_purity_template.zip

    Right click and select compare

    Move to ja_purity_template.zip\template\ja_purity\html in the left windows and right click, select "Set a base folder", do the same in the right windows and select "components" and right click, select "Set a base folder"

    rocketThemeForSecurityImages001  

    Now move to each file, you'll see that Rocketthemes is overriding internal file of Joomla! (this is allowed), select on rigth side a file default_form.php and right click "compare to" (or click F7), select on the other side the same file name at an equivalent position in file system

    rocketThemeForSecurityImages002

    You see now the differences, the objective is to copy some part of the left side into the right side, select code on the right side and click the arrow to copy a block of code,

    rocketThemeForSecurityImages003

    If you succeed, carefully copying the code, you ll have a Rocket Theme (or any other Joomla! templates) patched for SecurityImages.

    If you can’t do this, remember ill do it for you! Templates that I already patched are

    • jA_purity
    • JA Opal

    This post is cross-posted from my WIKI

  • Only for SecurityImages 5.1.x and Joomla! 1.5.14

    Allow login views, login modules, register, lost password, lost user account and contact section to be
    protected by SecurityImages

    • Are for Joomla! 1.5.14 only and SecurityImages 5.1.x or later
    • 14 files has been altered, mostly views, and com_contact/com_user controller, click on picture below
      for more details
    • Download file Joomla_1.5.14-Stable-Full_PackageForSecurityImages5.1.x_v01.01.00.zip (33kB) and
      overwrite file on your server
    • Go to Joomla! control panel and HIT at least SAVE configuration once, this will add a new boolean value
      (true or false) in Joomla! configuration for using SecurityImages.
  • Only for SecurityImages 5.1.x and Joomla! 1.5.15

    Allow login views, login modules, register, lost password, lost user account and contact section to be
    protected by SecurityImages&160;

    • Are for Joomla! 1.5.15 only and SecurityImages 5.1.x or later
    • 14 files has been altered, mostly views, and com_contact/com_user controller, click on picture below
      for more details
    • Download file Joomla_1.5.15-Stable-Full_PackageForSecurityImages5.1.x_v01.02.00.zip (33kB) and
      overwrite file on your server
    • Go to Joomla! control panel and HIT at least SAVE configuration once, this will add a new boolean value
      (true or false) in Joomla! configuration for using SecurityImages.
  •  

    Only for SecurityImages 5.1.x and Joomla! 1.5.16


    Allow login views, login modules, register, lost password, lost user account and contact section to be
    protected by SecurityImages
    • Are for Joomla! 1.5.16 only and SecurityImages 5.1.x or later
    • 14 files has been altered, mostly views, and com_contact/com_user controller, click on picture below
      for more details
    • Download file Joomla_1.5.16-Stable-Full_PackageForSecurityImages5.1.x_v01.02.00.zip (33kB) and
      overwrite file on your server
    • Go to Joomla! control panel and HIT at least SAVE configuration once, this will add a new boolean value
      (true or false) in Joomla! configuration for using SecurityImages.
  •  

    Only for SecurityImages 5.1.x and Joomla! 1.5.17


    Allow login views, login modules, register, lost password, lost user account and contact section to be
    protected by SecurityImages
    • Are for Joomla! 1.5.17 only and SecurityImages 5.1.x or later
    • 14 files has been altered, mostly views, and com_contact/com_user controller, click on picture below
      for more details
    • Download file Joomla_1.5.17-Stable-Full_PackageForSecurityImages5.1.x_v01.02.00.zip (33kB) and
      overwrite file on your server
    • Go to Joomla! control panel and HIT at least SAVE configuration once, this will add a new boolean value
      (true or false) in Joomla! configuration for using SecurityImages.

    Keep up to date with the Joomla! 1.5 patches RSS Feed Icon

    Download

    How to install documentation

  •  

    User of Joomla! 1.5.17 with patch “Joomla_1.5.17-Stable-Full_PackageForSecurityImages5.1.x_v01.02.00.zip” you can skip this update: no need to install since patches are identical

    • Joomla_1.5.17-Stable-Full_PackageForSecurityImages5.1.x_v01.02.00.zip = Joomla_1.5.18-Stable-Full_PackageForSecurityImages5.1.x_v01.02.00.zip

     

    Only for SecurityImages 5.1.x and Joomla! 1.5.18


    Allow login views, login modules, register, lost password, lost user account and contact section to be
    protected by SecurityImages

    • Are for Joomla! 1.5.18 only and SecurityImages 5.1.x or later
    • 14 files has been altered, mostly views, and com_contact/com_user controller, click on picture below
      for more details
    • Download file Joomla_1.5.18-Stable-Full_PackageForSecurityImages5.1.x_v01.02.00.zip (33kB) and
      overwrite file on your server
    • Go to Joomla! control panel and HIT at least SAVE configuration once, this will add a new boolean value
      (true or false) in Joomla! configuration for using SecurityImages.

    Keep up to date with the Joomla! 1.5 patches RSS Feed Icon

    Download

    How to install documentation

  •  

    Only for SecurityImages 5.1.x and Joomla! 1.5.21

    Allow login views, login modules, register, lost password, lost user account and contact section to be
    protected by SecurityImages

    • Are for Joomla! 1.5.21 only and SecurityImages 5.1.x or later
    • 14 files has been altered, mostly views, and com_contact/com_user controller, click on picture below
      for more details
    • Download file Joomla_1.5.21-Stable-Full_PackageForSecurityImages5.1.x_v01.02.00.zip (33kB) and
      overwrite file on your server
    • Go to Joomla! control panel and HIT at least SAVE configuration once, this will add a new boolean value
      (true or false) in Joomla! configuration for using SecurityImages.

    User of Joomla! 1.5.20 with patch “Joomla_1.5.20-Stable-Full_PackageForSecurityImages5.1.x_v01.02.00.zip”

    you can skip this update: no need to install since Joomla 1.5.21 did not change any of the files that are required for securityimages

    • Joomla_1.5.20-Stable-Full_PackageForSecurityImages5.1.x_v01.02.00.zip
    • EQUAL
    • Joomla_1.5.21-Stable-Full_PackageForSecurityImages5.1.x_v01.02.00.zip

     

    Keep up to date with the Joomla! 1.5 patches RSS Feed Icon

    Download

    How to install documentation

  • Joomla_Logo

    The Joomla Project announces the immediate availability of Joomla 1.5.18 [Wojmamni ama wojnaiki]. This is a security release and also corrects one priority issue in version 1.5.17.

    The Development Working Group's goal is to continue to provide regular, frequent updates to the Joomla community.

    Statistics for the 1.5.18 release period:

    • Joomla 1.5.18 contains:
      • 1 issues fixed in SVN
      • 3 commits
    • Tracker activity resulted in a net increase of 21 active issues:
      • 29 new reports
      • 7 closed
      • 1 fixed in SVN
    • At the time the 1.5.18 release was packaged, the tracker had 337 active issues:
      • 195 open
      • 105 confirmed
      • 37 pending
    Click here to download Joomla 1.5.18 (Full package) »
    Click here to download Joomla 1.5.18 (Upgrade packages) »
  • smallbox_securityimages Some people have reported issue in the forum

    I've found the error in my code in some views but not all: 
        img src="/<?php echo JURI :: root() ?>/index.php?
    as a result, there is in image URL a double / which cause issues on some web host (no image displayed)

    I now provide a new patches versions for Joomla! 1.5.8 and 1.5.9 that can be downloaded:

    • Joomla! 1.5 patches 1.5.9 (stable / 2009-01-19)  Download
    • Joomla! 1.5 patches 1.5.8 (stable / 2009-01-19) Download

    These patches are ONLY for SecurityImages 5.1.0 or later, note the version of zip

    Joomla_1.5.8-Stable-Full_PackageForSecurityImages5.1.0_v01.01.00.zip
    Joomla_1.5.9-Stable-Full_PackageForSecurityImages5.1.0_v01.01.00.zip

    instead of v01.00.00

  • My favorite Linux distribution is ready to be delivered in no less than 2 days...

    I will share it with bittorrent 2 weeks long and will provide some first feedback on how it react on my 2 computer.

    Sneak Peeks at openSUSE 11.1: Improved Installation, Easier Administration

    Vista/Mac OSX has raised the bar in the area of good looking desktop, but openSUSE is now also able to fight back, just look at the screen  shots below for getting an insight in the new openSUSE 11.1:

    Upon logging into your openSUSE desktop, you’ll be asked to send some hardware information to the Smolt Project. I like the idea of submitting real hardware profiles to developer so they can really concentrate on real hardware support requirement. In the same area, I would like to see a post mortem process crash agent like in XP/Vista so real statistics can be made and bugs corrected faster...

  • I know that Secure, Safe, Fast Linux Hosting sound silly as nothing can be fast and secure at the same time, but I've compiled a list of things that are worth doing if you are maintaining your own server. This list is clearly targeted for people running an open source stack made of Apache, MySQL, PHP and Linux.

    This list is an ongoing work, thta is why it has also a version number in it (v1.0). As soon as I will learn new tricks, the list will be updated.

    By clicking read more, You'll be able to go through the checklist, or maybe you'll prefer the mindmap version HERE

     

  •  oups it seems (!) that protecting form with security images may be a not so good idea (it may stop a lot of spammer but not all)... As there is already some open source or closed programs to defeat them...I am convince that not all spammer will be able or want to attack site protected with images, especially user homepage. But if the site is well known (ex: Yahoo)...read below: frightening!

    PWNtcha stands for "Pretend We’re Not a Turing Computer but a Human Antagonist", as well as PWN capTCHAs. This project’s goal is to demonstrate the inefficiency of many captcha implementations.

    Anyway this page is giving me enough idea at how to tune my code to avoid/disallow/make it more difficult automatic recognition of characters...

    Among others, from this page:

    • render the characters with different colors -> I will do it, easy
    • make some characters darker than the background, and some lighter
    • use gradient colors for the backgrounds and the characters
    • dont align all the characters vertically -> Possible in current implementation
    • dont make the answers words, so that a dictionary could be used -> already random
    • use more characters and symbols -> done
    • use uppercase and lowercase characters -> already done
    • use a different number of characters each time ->done
    • rotate some of the characters more drastically (i.e. upside down) -> will try
    • do more overlapping of characters
    • Add a grid ->done
    • make some pixels of a single character not touching
    • have grid lines that cross over the characters with their same color
    • consider asking natural language questions

    Breaking a Visual CAPTCHA homepage of the Shape Contexts based approach to break Gimpy, the CAPTCHA test used at Yahoo! to screen out bots. Our method can successfully pass that test 92% of the time

  • I am currently finishing the release of security images...
    • New backgrounds (more than 24 now), You can help me by submitting random background (size 200 * 35 pixels).
    • Possibility to edit language file directly from the backend
    • The reload function all of You are waiting for
    • A better architecture in code that will allow to add new captcha engine with ease (in less than 2 hours)
    • Working with PHP5

    3 testers have receive a beta version for tests, and I am waiting on their feedbacks...



    The wiki has been updated with some screenshots

    I also may include a veriword plugin  and even a plugin randomizer function soon


  • Com security image with be shipped soon with a patch for Joomla 1.03 which also modify the login and registration process, see screenshots below....

    in module login:

    in component registration

    in component registration, lost password

    The more background, the more fonts, the difficult for a robot to do an OCR on pictures....I was thinking of doing automating search on Google images and randomize the background but Google forbid such kind of misuse of thiers services (I understand that)

  • I will also release a new version of akocomment, and resolve the logged in user bugs that many people have reported me.

    release 2.2.0 to be released soon

    • All- Security patches: add missing index.html and PHP missing header: defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not allowed.' );
    • Plugin core is now able to output image to PNG, JPG or GIF selection in admin core settings
    • Plugin core is now able to limit the reload tentative of the users, retry counter is stored in user session. If user reload picture more than Retry in tab Text
    • Plugin core has a new switch: Use extended charset in image: ex: +*%&/()=?!$?@#...true or false
    • Plugin core is now able to output align text in image using 4 strategies:
      System font with random character position
      TTFonts with random character position
      The best for me, OCR is more difficult
      TTFonts with linear character position
      (Default setting)
      Random Above 3 in a random order.
    • All -Patches for Login/registration Joomla framework as file in /patches/ You have either:
      • To modify joomla files manually y following steps below OR
      • Copy already patched file (Joomla 1.0.3) to the server at the right place
    • All - Bug in function getSecurityImageField($textid) the javascript was not boostraped, no influence but bug was revealed when doing login integration
    • All - General Settings: It is now possible to display selectively the reload or sound button.
    • com_contact, if user failed to enter the right captcha, he lost his data. This is not a bug but more a functionnalities not existing in Joomla -> the form with history back is always initialize with empty fileds in Mozilla Firefox, while in IE it is working
    • Plugin All - Bug if logs are activated, php code logger.php was not included into the delegate plugins/xx/yy/checker.php
    • All - New Tab in "General settings" called "Joomla-Patches" this let You swicth on or off the use of security images in login, registration.
    • Plugin core - Bug correct the contrast of 2 images bg-L-5.png and bg-L-18.png : there were too dark!
    • All -A new menu entry "Check if latest version" has been add, I only have to finish the server code.-> it is not working right now but soon.

     

    AkoComment

    Administrator mail UTF8 support patch by Karel Neugebauer jr. - http://itx.cz

     

     

    Install security images form code in existing Joomla code...

    point A Open components\com_registration\registration.html.php line 54 in function registerForm($option, $useractivation)
      <tr>
    <td>
    <?php echo _PROMPT_EMAIL; ?>
    </td>
    <td>
    <input type="text" name="confirmEmail" class="inputbox" size="40" />
    </td>
    </tr>


    <?php
    //security image by www.waltercedric.com
    global $mosConfig_absolute_path;
    if (file_exists($mosConfig_absolute_path.'/administrator/components/com_securityimages/patches/registration.lostPassForm.php')) {
    require_once($mosConfig_absolute_path.'/administrator/components/com_securityimages/patches/registration.lostPassForm.php');
    }
    //end security image by www.waltercedric.com
    ?>


    <tr>
    <td colspan="2">
    <input type="hidden" name="option" value="<?php echo $option;?>" />
    <input type="hidden" name="task" value="sendNewPass" /> <input type="submit" class="button" value="<?php echo _BUTTON_SEND_PASS; ?>" />
    </td>
    </tr>
    point B Open components\com_registration\registration.html.at line 164 in function registerForm($option, $useractivation)
      <tr>
    <td>
    <?php echo _REGISTER_VPASS; ?> *
    </td>
    <td>
    <input class="inputbox" type="password" name="password2" size="40" value="" />
    </td>
    </tr>

    <?php
    //security image by www.waltercedric.com
    global $mosConfig_absolute_path;
    if (file_exists($mosConfig_absolute_path.'/administrator/components/com_securityimages/patches/registration.html.registerForm.php')) {
    require_once($mosConfig_absolute_path.'/administrator/components/com_securityimages/patches/registration.html.registerForm.php');
    }
    //end security image by www.waltercedric.com
    ?>

    <tr>
    <td colspan="2">
    </td>
    </tr>
    point C  

     

    Install security images checking code in existing Joomla code...

    Point 1 Open \components\com_registration\registration.php after line 61 add what is in bold below
      $checkusername = mosGetParam( $_POST, 'checkusername', '' );
    $checkusername = $database->getEscaped( $checkusername );
    $confirmEmail = mosGetParam( $_POST, 'confirmEmail', '');
    $confirmEmail = $database->getEscaped( $confirmEmail );

    //securityimages by www.waltercedric.com
    global $mosConfig_absolute_path;
    if (file_exists($mosConfig_absolute_path.'/administrator/components/com_securityimages/patches/registration.SendNewPass.php')) {
    include_once($mosConfig_absolute_path.'/administrator/components/com_securityimages/patches/registration.SendNewPass.php');
    }
    //end security images by www.waltercedric.com


    $query = "SELECT id"
    Point 2 Open \components\com_registration\registration.php after line 123 (123 is after added the point 1)
      function saveRegistration( $option ) {
    global $database, $acl;
    global $mosConfig_sitename, $mosConfig_live_site, $mosConfig_useractivation, $mosConfig_allowUserRegistration;
    global $mosConfig_mailfrom, $mosConfig_fromname, $mosConfig_mailfrom, $mosConfig_fromname;

    if ($mosConfig_allowUserRegistration=='0') {
    mosNotAuth();
    return;
    }

    //securityimages by www.waltercedric.com
    global $mosConfig_absolute_path;
    if (file_exists($mosConfig_absolute_path.'/administrator/components/com_securityimages/patches/registration.SaveRegistration.php')) {
    include_once($mosConfig_absolute_path.'/administrator/components/com_securityimages/patches/registration.SaveRegistration.php');
    }
    //end security images by www.waltercedric.com

    $row = new mosUser( $database );

    if (!$row->bind( $_POST, 'usertype' )) {
    echo "<script> alert('".$row->getError()."'); window.history.go(-1); </script>\n";
    exit();
    }
    Point 3 Open includes\joomla.php after line 610
      $passwd = md5( $passwd );
    $bypost = 1;
    }
    $remember = mosGetParam( $_POST, 'remember', '' );


    //securityimages by www.waltercedric.com
    global $mosConfig_absolute_path;
    if (file_exists($mosConfig_absolute_path.'/administrator/components/com_securityimages/patches/joomla.login.php')) {
    include_once($mosConfig_absolute_path.'/administrator/components/com_securityimages/patches/joomla.login.php');
    }
    //end security images by www.waltercedric.com


    if (!$username || !$passwd) {
    echo "<script> alert(\""._LOGIN_INCOMPLETE."\"); window.history.go(-1); </script>\n";
    exit();
    } else {

       

     

  • In order to avoid spamming at any cost, I include security images in Mambo. The component (a part of hashcash) wont be released before end of the week even if it is functionnal mainly because:

    • I want to integrate this technology in the guestbook (Akobook) ->Not done yet
    • I want to integrate this technology in the administrator login page, this for avoiding brute force attack ->Not done yet
    • I want to have a beautiful backend panel, because this functionnality is highly configurable: ->Not done yet
      Ex of variables in code (not all):
      $textLength = 8;
      $useRandomSize = true;
      $textFontSizeDefualt = 14;
      $textFontSizeMin = 12;
      $textFontSizeMax = 18;
      $textFontName = "garamond.ttf";
      $useRandomTextAngle = true;
      $textAngleMin = -5;
      $textAngleMax = 5;
      $cleanupTable = "10 minutes";
    • So what is done? the commenting system of Mambo (the excellent akocomment component) is migrated.... see picture
    • A GNU/GPL release of course ;-) (for my code only, there is strong copyright on akocomment and akobook)

  • release soon

    • Depending on settings in admin panel, the logic was reversed for "Display or not the reload button" and "Display or not the sound button (function not implemented)"
    • Remove "image content-type" settings it is not needed -> provide a select boy with gif, jpg, png output possibility instead
    • Logs are now database based. with a query engine to search a specific spam attempt.
    • Logs can be export to CSV, HTML, XML
    • Better localization in admin panel, more keys in english.php
    • Add /manuals directory with a manual on how to install securityimages in login, registration
    • A file selector (can be reused GPL) for selecting background pictures to be used
    • More background
    • New language file brazilian_portuguese.php courtesy of Fernando B. (http://developer.joomla.org/sf/global/do/viewUser/ferjoom )
  • Has been released at Joomla Forge, see details here

    • New: A new About page
    • New: A new developer page for people wanting to use this framework
    • New: a new troubleshooting page