securityimages2

  • I am currently finishing the release of security images...
    • New backgrounds (more than 24 now), You can help me by submitting random background (size 200 * 35 pixels).
    • Possibility to edit language file directly from the backend
    • The reload function all of You are waiting for
    • A better architecture in code that will allow to add new captcha engine with ease (in less than 2 hours)
    • Working with PHP5

    3 testers have receive a beta version for tests, and I am waiting on their feedbacks...



    The wiki has been updated with some screenshots

    I also may include a veriword plugin  and even a plugin randomizer function soon


  • Com security image with be shipped soon with a patch for Joomla 1.03 which also modify the login and registration process, see screenshots below....

    in module login:

    in component registration

    in component registration, lost password

    The more background, the more fonts, the difficult for a robot to do an OCR on pictures....I was thinking of doing automating search on Google images and randomize the background but Google forbid such kind of misuse of thiers services (I understand that)

  • I will also release a new version of akocomment, and resolve the logged in user bugs that many people have reported me.

    release 2.2.0 to be released soon

    • All- Security patches: add missing index.html and PHP missing header: defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not allowed.' );
    • Plugin core is now able to output image to PNG, JPG or GIF selection in admin core settings
    • Plugin core is now able to limit the reload tentative of the users, retry counter is stored in user session. If user reload picture more than Retry in tab Text
    • Plugin core has a new switch: Use extended charset in image: ex: +*%&/()=?!$?@#...true or false
    • Plugin core is now able to output align text in image using 4 strategies:
      System font with random character position
      TTFonts with random character position
      The best for me, OCR is more difficult
      TTFonts with linear character position
      (Default setting)
      Random Above 3 in a random order.
    • All -Patches for Login/registration Joomla framework as file in /patches/ You have either:
      • To modify joomla files manually y following steps below OR
      • Copy already patched file (Joomla 1.0.3) to the server at the right place
    • All - Bug in function getSecurityImageField($textid) the javascript was not boostraped, no influence but bug was revealed when doing login integration
    • All - General Settings: It is now possible to display selectively the reload or sound button.
    • com_contact, if user failed to enter the right captcha, he lost his data. This is not a bug but more a functionnalities not existing in Joomla -> the form with history back is always initialize with empty fileds in Mozilla Firefox, while in IE it is working
    • Plugin All - Bug if logs are activated, php code logger.php was not included into the delegate plugins/xx/yy/checker.php
    • All - New Tab in "General settings" called "Joomla-Patches" this let You swicth on or off the use of security images in login, registration.
    • Plugin core - Bug correct the contrast of 2 images bg-L-5.png and bg-L-18.png : there were too dark!
    • All -A new menu entry "Check if latest version" has been add, I only have to finish the server code.-> it is not working right now but soon.

     

    AkoComment

    Administrator mail UTF8 support patch by Karel Neugebauer jr. - http://itx.cz

     

     

    Install security images form code in existing Joomla code...

    point A Open components\com_registration\registration.html.php line 54 in function registerForm($option, $useractivation)
      <tr>
    <td>
    <?php echo _PROMPT_EMAIL; ?>
    </td>
    <td>
    <input type="text" name="confirmEmail" class="inputbox" size="40" />
    </td>
    </tr>


    <?php
    //security image by www.waltercedric.com
    global $mosConfig_absolute_path;
    if (file_exists($mosConfig_absolute_path.'/administrator/components/com_securityimages/patches/registration.lostPassForm.php')) {
    require_once($mosConfig_absolute_path.'/administrator/components/com_securityimages/patches/registration.lostPassForm.php');
    }
    //end security image by www.waltercedric.com
    ?>


    <tr>
    <td colspan="2">
    <input type="hidden" name="option" value="<?php echo $option;?>" />
    <input type="hidden" name="task" value="sendNewPass" /> <input type="submit" class="button" value="<?php echo _BUTTON_SEND_PASS; ?>" />
    </td>
    </tr>
    point B Open components\com_registration\registration.html.at line 164 in function registerForm($option, $useractivation)
      <tr>
    <td>
    <?php echo _REGISTER_VPASS; ?> *
    </td>
    <td>
    <input class="inputbox" type="password" name="password2" size="40" value="" />
    </td>
    </tr>

    <?php
    //security image by www.waltercedric.com
    global $mosConfig_absolute_path;
    if (file_exists($mosConfig_absolute_path.'/administrator/components/com_securityimages/patches/registration.html.registerForm.php')) {
    require_once($mosConfig_absolute_path.'/administrator/components/com_securityimages/patches/registration.html.registerForm.php');
    }
    //end security image by www.waltercedric.com
    ?>

    <tr>
    <td colspan="2">
    </td>
    </tr>
    point C  

     

    Install security images checking code in existing Joomla code...

    Point 1 Open \components\com_registration\registration.php after line 61 add what is in bold below
      $checkusername = mosGetParam( $_POST, 'checkusername', '' );
    $checkusername = $database->getEscaped( $checkusername );
    $confirmEmail = mosGetParam( $_POST, 'confirmEmail', '');
    $confirmEmail = $database->getEscaped( $confirmEmail );

    //securityimages by www.waltercedric.com
    global $mosConfig_absolute_path;
    if (file_exists($mosConfig_absolute_path.'/administrator/components/com_securityimages/patches/registration.SendNewPass.php')) {
    include_once($mosConfig_absolute_path.'/administrator/components/com_securityimages/patches/registration.SendNewPass.php');
    }
    //end security images by www.waltercedric.com


    $query = "SELECT id"
    Point 2 Open \components\com_registration\registration.php after line 123 (123 is after added the point 1)
      function saveRegistration( $option ) {
    global $database, $acl;
    global $mosConfig_sitename, $mosConfig_live_site, $mosConfig_useractivation, $mosConfig_allowUserRegistration;
    global $mosConfig_mailfrom, $mosConfig_fromname, $mosConfig_mailfrom, $mosConfig_fromname;

    if ($mosConfig_allowUserRegistration=='0') {
    mosNotAuth();
    return;
    }

    //securityimages by www.waltercedric.com
    global $mosConfig_absolute_path;
    if (file_exists($mosConfig_absolute_path.'/administrator/components/com_securityimages/patches/registration.SaveRegistration.php')) {
    include_once($mosConfig_absolute_path.'/administrator/components/com_securityimages/patches/registration.SaveRegistration.php');
    }
    //end security images by www.waltercedric.com

    $row = new mosUser( $database );

    if (!$row->bind( $_POST, 'usertype' )) {
    echo "<script> alert('".$row->getError()."'); window.history.go(-1); </script>\n";
    exit();
    }
    Point 3 Open includes\joomla.php after line 610
      $passwd = md5( $passwd );
    $bypost = 1;
    }
    $remember = mosGetParam( $_POST, 'remember', '' );


    //securityimages by www.waltercedric.com
    global $mosConfig_absolute_path;
    if (file_exists($mosConfig_absolute_path.'/administrator/components/com_securityimages/patches/joomla.login.php')) {
    include_once($mosConfig_absolute_path.'/administrator/components/com_securityimages/patches/joomla.login.php');
    }
    //end security images by www.waltercedric.com


    if (!$username || !$passwd) {
    echo "<script> alert(\""._LOGIN_INCOMPLETE."\"); window.history.go(-1); </script>\n";
    exit();
    } else {

       

     

  • release soon

    • Depending on settings in admin panel, the logic was reversed for "Display or not the reload button" and "Display or not the sound button (function not implemented)"
    • Remove "image content-type" settings it is not needed -> provide a select boy with gif, jpg, png output possibility instead
    • Logs are now database based. with a query engine to search a specific spam attempt.
    • Logs can be export to CSV, HTML, XML
    • Better localization in admin panel, more keys in english.php
    • Add /manuals directory with a manual on how to install securityimages in login, registration
    • A file selector (can be reused GPL) for selecting background pictures to be used
    • More background
    • New language file brazilian_portuguese.php courtesy of Fernando B. (http://developer.joomla.org/sf/global/do/viewUser/ferjoom )