securityimages5

  •  

    SecurityImages BETA will be available in no more than 2 days...

    Note that SecurityImages is still WAY to intrusive toward Joomla! as core file has to be changed in order to use Captcha.

    Lets take the contact section of Joomla! as  an example.

    • Download the patch HERE (soon available as a ready to use patch) and overwrite file on your server OR
    • Do it on your own, this is more for3rd party developer, or people wanting to understand the internal of Joomla! or SecurityImages
    Click Read MORE!


    It is always recommended to use a switch in all your component to activate deactivate SecurityImages per components  through the administrator control panel.

    This is done by adding to administrator/components/com_contact/contact_items.xmlthe following code:

    <param name="useSecurityImages" type="radio" default="1" label="Use SecurityImage Captcha" description="Enable Captcha verification">
    <option value="0">No</option>
    <option value="1">Yes</option>
    </param>

    Joomla will read this xml file on the fly  and build the graphical user interface for the contact settings.

    contact.settings.securityimages.5.0

    Since Joomla! 1.5 now use a Model View Controller paradigm, we have to alter the controller, and add a new Task displaySecurityImagesCaptcha()in  components/com_contact/controller.php:

      functiondisplaySecurityImagesCaptcha() { 
            global
    $mainframe
           
            //Per contact you can define if the user has to resolve the capctha 
           
    $contactId=JRequest::getVar('contact_id',0,'','int'); 
           
    // load the contact details 
           
    $model   = &$this->getModel('contact'); 
           
    $qOptions['id'] =$contactId
           
    $contact       =$model->getContact($qOptions); 
           
    $params= newJParameter($contact->params); 
             
            if (
    $params->get('useSecurityImages')) {     
               
    $check=null
               
    $mainframe->triggerEvent('
    onSecurityImagesDisplay', array($check)); 
                if (!
    $
    check) { 
                    echo
    "<br/>Erreur affichage du Captcha<br/>"
                } 
            } 
                 
        } 
    As you can see, the event "onSecurityImagesDisplay" is triggered on a per contact name basis. That mean that some contact can have a Captcha while other have not. 

    The next step is to add the task checkSecurityImagesCaptcha() checking the captcha in the components/com_contact/controller.php
    functioncheckSecurityImagesCaptcha() { 
            global
    $mainframe
      
           
    $contactId=JRequest::getVar('id',0,'','int'); 
           
    // load the contact details 
           
    $model   = &$this->getModel('contact'); 
           
    $qOptions['id'] =$contactId
           
    $contact       =$model->getContact($qOptions); 
           
    $params= newJParameter($contact->params); 
           
            //check if that user has a capctha 
           
    if (!$params->get('
    useSecurityImages')) {  
                return
    true
            } 
           
    $return=false
           
    $securityImagesJoomlaContactUserTry=JRequest::getVar('securityImagesJoomlaContactUserTry',false,'','CMD'); 
           
    $mainframe->triggerEvent('
    onSecurityImagesCheck', array($securityImagesJoomlaContactUserTry &$return));
            return
    $return;
        } 
    One more step is to alter the original submit() method of the controller in components/com_contact/controller.php
            global$mainframe  

           
    if (!$this->
    checkSecurityImagesCaptcha()) {
               
    JError::raiseWarning("999","Invalid Captcha Code");
               
    $this->display();
                return
    false;
            } 
    And finally altering the view /com_contact/views/contact/tmpl/default_form.php
    to display the Captcha field

    <?phpif ($this->params->get('useSecurityImages')) {?>             
    <img src="/index.php?option=com_contact&task=
    displaySecurityImagesCaptcha&contact_id=<?phpecho$this->contact->id;?>"> 
    <br /> 
    <input type="text" name="securityImagesJoomlaContactUserTry" /> 
    <br /> 
     <?php}?>
    As you see a lot of thing have been done, and I am still testing and improving the code.
  • 3028_logo-jext 
    JArtForms seems to have issue with SecurityImages, as seen in my forum here, so here are the patched
    versions working with SecurityImages 5.0.

    ArtForms2.1b7.1-for-J1.5-RC1-Update-Only.zip is clearly developed for SecurityImages 4.X.X (Joomla 1.0.X)
    and not for SecurityImages 5.X.X (Joomla 1.5.X)


    The JArtForms component is a package for an easy From Generator for Joomla 1.0.xx.
    It allows you to generate as much Forms as you like, you can define all fields
    that you need and also make file upload and attachment possible.
    The idea of the JArtForms is to give a tool that is enabling you to create a
    dynamic forms in minutes within your Joomla! CMS.
    The key features are:

    • Possibility for create an unlimited amount of forms with unlimited fields and contents.
    • Possibility to edit component's CSS, language, settings and update easy from old versions.
    • Optional you can save all received forms in database.
    • Custom Lay-out for every field.
    • View received forms in Front End.
    • Joomla's SEF support and added sh404sef support.
    • Joomfish support.
    • Newsletter Bridge (only Letterman for now).
    • Database Backups and easy updates from previous versions.
    • Captcha support with optional systems for every form (Alikon Mod, CaptchaForm,
      CaptchaTalk, reCaptcha, Alikon Mambot, SecurityImages and EasyCaptcha).
    • Language and Captcha audio support for spanish, english, german, hungarian,
      dutch, turkish, brazilian portuguese, french, italian and polish (polish without audio files).
    • And much more!

    I wont maintain nor make any new versions of JArtForms. Please contact the authors and ask them to
    patch their code, or with the next version my code will suddenly break...

    For Joomla 1.5, either download

    For hacker, all you have to do is use the version  ArtForms2.1b7.1-for-J1.5-RC1-Update-Only.zip and follow
    the tutorial below

     

    in file administrator/components/com_artforms/lib/af.lib.afforms.php line 672 replace code producing captcha with

    case '6':  //securityimages captcha component
    if (file_exists(JPATH_SITE.DS."administrator".DS."components".DS."com_securityimages".DS."config.securityimages.php")) {
    $html = '<div align="center">';
    $html .= "<script type=\"text/javascript\" src=\"".JURI :: root()."components/com_securityimages/js/securityImages.js\"></script>";
    $html .= "<img id='_artFormCaptcha' name='_artFormCaptcha' align='middle' src='".JURI :: root()."/index.php?option=com_securityimages&task=displayCaptcha'>";
    $html .= "<a href=\"javascript:askNewSecurityImages('_artFormCaptcha');\">";
    $html .= "<img src=\"".JURI :: root()."/components/com_securityimages/buttons/reload.gif\" id='_artFormCaptchaReload' name='_artFormCaptchaReload' border='0'>";
    $html .= "</a>";
    $html .= '</div>';
    $html .= '<div>'.JText::_('ARTF_CAPTCHA_TITLE').'<input type="text" name="_artFormCaptchaUserTry" id="_artFormCaptchaUserTry" /></div>';
    $html .= '</div>';
    return $html;
    } else {
    return;
    }
    break;
    .csharpcode, .csharpcode pre { font-size: small; color: black; font-family: consolas, "Courier New", courier, monospace; background-color: ffffff; /*white-space: pre;*/ } .csharpcode pre { margin: 0em; } .csharpcode .rem { color: 008000; } .csharpcode .kwrd { color: 0000ff; } .csharpcode .str { color: 006080; } .csharpcode .op { color: 0000c0; } .csharpcode .preproc { color: cc6633; } .csharpcode .asp { background-color: ffff00; } .csharpcode .html { color: 800000; } .csharpcode .attr { color: ff0000; } .csharpcode .alt { background-color: f4f4f4; width: 100%; margin: 0em; } .csharpcode .lnum { color: 606060; }

     

    Line 164 for the code checking the captcha

    if (file_exists(JPATH_SITE.DS."administrator".DS."components".DS."com_securityimages".DS."config.securityimages.php")) {
    $checkSecurity = false;
    $_artFormCaptchaUserTry = JArrayHelper::getValue( $_POST, '_artFormCaptchaUserTry', '' );
    $mainframe->triggerEvent('onSecurityImagesCheck', array($_artFormCaptchaUserTry, &$checkSecurity));
    if ( !$checkSecurity ) {
    $msg = JText::_( 'ARTF_CAPTCHA_FAIL' ).'&afimg=0';
    $mainframe->redirect( JRoute::_( $alink.'&formid='.$formid.'&Itemid='.$Itemid.'&afmsg='.$msg ) );
    }
    .csharpcode, .csharpcode pre { font-size: small; color: black; font-family: consolas, "Courier New", courier, monospace; background-color: ffffff; /*white-space: pre;*/ } .csharpcode pre { margin: 0em; } .csharpcode .rem { color: 008000; } .csharpcode .kwrd { color: 0000ff; } .csharpcode .str { color: 006080; } .csharpcode .op { color: 0000c0; } .csharpcode .preproc { color: cc6633; } .csharpcode .asp { background-color: ffff00; } .csharpcode .html { color: 800000; } .csharpcode .attr { color: ff0000; } .csharpcode .alt { background-color: f4f4f4; width: 100%; margin: 0em; } .csharpcode .lnum { color: 606060; }

     

     

     

    .csharpcode, .csharpcode pre { font-size: small; color: black; font-family: consolas, "Courier New", courier, monospace; background-color: ffffff; /*white-space: pre;*/ } .csharpcode pre { margin: 0em; } .csharpcode .rem { color: 008000; } .csharpcode .kwrd { color: 0000ff; } .csharpcode .str { color: 006080; } .csharpcode .op { color: 0000c0; } .csharpcode .preproc { color: cc6633; } .csharpcode .asp { background-color: ffff00; } .csharpcode .html { color: 800000; } .csharpcode .attr { color: ff0000; } .csharpcode .alt { background-color: f4f4f4; width: 100%; margin: 0em; } .csharpcode .lnum { color: 606060; }
  • joomla_cms

    logo_virtuemart

    As some users have encounter issues with VirtueMart 1.1.3 as no captcha is displayed as default, here is a small how to. The features is a bit hidden, but it works as expected.


    Go to yoursite/administrator/index.php?pshop_mode=admin&page=admin.user_field_list&option=com_virtuemart

     

     virtuemart.securityimages

    Add a new field! (Add / Edit User Fields)

     virtuemart.securityimages.2
    Result, layout can be optimized a bit I agree

     virtuemart.securityimages.3

    Read more in the Official Documentation of SecurityImages

  • joomla_download_banner joomla_donate_banner

    The Joomla! community is pleased to announce the immediate availability of Joomla! 1.5.10

    Since Joomla 1.5.10 is released...Here are the new patches for SecurityImages 5.1.1

    • Allow login views, login modules, register, lost password, lost user account and contact section to be
      protected by SecurityImages
    • Are for Joomla! 1.5.10 only and SecurityImages 5.1.0 or later
    • 14 files has been altered, mostly views, and com_contact/com_user controller, click on picture below
      for more details
    • Download file Joomla_1.5.10-Stable-Full_PackageForSecurityImages5.1.0_v01.01.00.zip (33kB) and
      overwrite file on your server
    • Go to Joomla! control panel and HIT at least SAVE configuration once, this will add a new boolean value
      (true or false) in Joomla! configuration for using SecurityImages

    DOWNLOAD HERE and stay up to date with the Joomla! 1.5 patches RSS feed&160;Feed Icon

  • joomla_download_banner joomla_donate_banner

    The Joomla! community is pleased to announce the immediate availability of Joomla! 1.5.11

    securityimages box Since Joomla 1.5.11 is released...Here are the new patches for SecurityImages 5.1.1 AND Joomla! 1.5.11

    • Allow login views, login modules, register, lost password, lost user account and contact section to be protected by SecurityImages
    • Are for Joomla! 1.5.11 only and SecurityImages 5.1.0 or later
    • 14 files has been altered, mostly views, and com_contact/com_user controller, click on picture below
      for more details
    • Download file Joomla_1.5.11-Stable-Full_PackageForSecurityImages5.1.0_v01.01.00.zip (33kB) and
      overwrite file on your server
    • Go to Joomla! control panel and HIT at least SAVE configuration once, this will add a new Boolean value
      (true or false) in Joomla! configuration for using SecurityImages. (do nothing if you were previously using patches)

    DOWNLOAD HERE and stay up to date with the Joomla! 1.5 patches RSS feedFeed Icon

  • smallbox_securityimages

    Only for SecurityImages 5.1.x and Joomla! 1.5.12

    Allow login views, login modules, register, lost password, lost user account and contact section to be
    protected by SecurityImages

    • Are for Joomla! 1.5.12 only and SecurityImages 5.1.x or later
    • 14 files has been altered, mostly views, and com_contact/com_user controller, click on picture below
      for more details
    • Download file Joomla_1.5.12-Stable-Full_PackageForSecurityImages5.1.x_v01.01.00.zip (33kB) and
      overwrite file on your server
    • Go to Joomla! control panel and HIT at least SAVE config once, this will add a new boolean value
      (true or false) in Joomla! configuration for using SecurityImages.

    &160;

    Download/ Details / Keep up to date with the Joomla! 1.5 patches RSS Feed Icon

  • smallbox_securityimages

    Only for SecurityImages 5.1.x and Joomla! 1.5.13

    Allow login views, login modules, register, lost password, lost user account and contact section to be
    protected by SecurityImages

    • Are for Joomla! 1.5.13 only and SecurityImages 5.1.x or later
    • 14 files has been altered, mostly views, and com_contact/com_user controller, click on picture below
      for more details
    • Download file Joomla_1.5.13-Stable-Full_PackageForSecurityImages5.1.x_v01.01.00.zip (33kB) and
      overwrite file on your server
    • Go to Joomla! control panel and HIT at least SAVE configuration once, this will add a new boolean value
      (true or false) in Joomla! configuration for using SecurityImages.

    &160;

  • Only for SecurityImages 5.1.x and Joomla! 1.5.14

    Allow login views, login modules, register, lost password, lost user account and contact section to be
    protected by SecurityImages

    • Are for Joomla! 1.5.14 only and SecurityImages 5.1.x or later
    • 14 files has been altered, mostly views, and com_contact/com_user controller, click on picture below
      for more details
    • Download file Joomla_1.5.14-Stable-Full_PackageForSecurityImages5.1.x_v01.01.00.zip (33kB) and
      overwrite file on your server
    • Go to Joomla! control panel and HIT at least SAVE configuration once, this will add a new boolean value
      (true or false) in Joomla! configuration for using SecurityImages.
  • Only for SecurityImages 5.1.x and Joomla! 1.5.15

    Allow login views, login modules, register, lost password, lost user account and contact section to be
    protected by SecurityImages&160;

    • Are for Joomla! 1.5.15 only and SecurityImages 5.1.x or later
    • 14 files has been altered, mostly views, and com_contact/com_user controller, click on picture below
      for more details
    • Download file Joomla_1.5.15-Stable-Full_PackageForSecurityImages5.1.x_v01.02.00.zip (33kB) and
      overwrite file on your server
    • Go to Joomla! control panel and HIT at least SAVE configuration once, this will add a new boolean value
      (true or false) in Joomla! configuration for using SecurityImages.
  •  

    Only for SecurityImages 5.1.x and Joomla! 1.5.16


    Allow login views, login modules, register, lost password, lost user account and contact section to be
    protected by SecurityImages
    • Are for Joomla! 1.5.16 only and SecurityImages 5.1.x or later
    • 14 files has been altered, mostly views, and com_contact/com_user controller, click on picture below
      for more details
    • Download file Joomla_1.5.16-Stable-Full_PackageForSecurityImages5.1.x_v01.02.00.zip (33kB) and
      overwrite file on your server
    • Go to Joomla! control panel and HIT at least SAVE configuration once, this will add a new boolean value
      (true or false) in Joomla! configuration for using SecurityImages.
  •  

    Only for SecurityImages 5.1.x and Joomla! 1.5.17


    Allow login views, login modules, register, lost password, lost user account and contact section to be
    protected by SecurityImages
    • Are for Joomla! 1.5.17 only and SecurityImages 5.1.x or later
    • 14 files has been altered, mostly views, and com_contact/com_user controller, click on picture below
      for more details
    • Download file Joomla_1.5.17-Stable-Full_PackageForSecurityImages5.1.x_v01.02.00.zip (33kB) and
      overwrite file on your server
    • Go to Joomla! control panel and HIT at least SAVE configuration once, this will add a new boolean value
      (true or false) in Joomla! configuration for using SecurityImages.

    Keep up to date with the Joomla! 1.5 patches RSS Feed Icon

    Download

    How to install documentation

  •  

    User of Joomla! 1.5.17 with patch “Joomla_1.5.17-Stable-Full_PackageForSecurityImages5.1.x_v01.02.00.zip” you can skip this update: no need to install since patches are identical

    • Joomla_1.5.17-Stable-Full_PackageForSecurityImages5.1.x_v01.02.00.zip = Joomla_1.5.18-Stable-Full_PackageForSecurityImages5.1.x_v01.02.00.zip

     

    Only for SecurityImages 5.1.x and Joomla! 1.5.18


    Allow login views, login modules, register, lost password, lost user account and contact section to be
    protected by SecurityImages

    • Are for Joomla! 1.5.18 only and SecurityImages 5.1.x or later
    • 14 files has been altered, mostly views, and com_contact/com_user controller, click on picture below
      for more details
    • Download file Joomla_1.5.18-Stable-Full_PackageForSecurityImages5.1.x_v01.02.00.zip (33kB) and
      overwrite file on your server
    • Go to Joomla! control panel and HIT at least SAVE configuration once, this will add a new boolean value
      (true or false) in Joomla! configuration for using SecurityImages.

    Keep up to date with the Joomla! 1.5 patches RSS Feed Icon

    Download

    How to install documentation

  • 152release

    Since Joomla 1.5.2 is released...Here are the new patches for SecurityImages 5.0.0

    • Allow login views, login modules, register, lost password, lost user account and contact section to be protected by SecurityImages
    • Are for Joomla! 1.5.1 only and SecurityImages 5.0.0Beta2
    • 14 files has been altered, mostly views, and com_contact/com_user controller, click on picture below for more details
    • Download file Joomla_1.5.2-Stable-Full_PackageForSecurityImages5.0.0.zip (33kB) and overwrite file on your server
    Download them here
  • Only for SecurityImages 5.1.x and Joomla! 1.5.22
    Allow login views, login modules, register, lost password, lost user account and contact section to be
    protected by SecurityImages

    • Are for Joomla! 1.5.22 only and SecurityImages 5.1.x or later
    • 14 files has been altered, mostly views, and com_contact/com_user controller, click on picture below
      for more details
    • Download file Joomla_1.5.22-Stable-Full_PackageForSecurityImages5.1.x_v01.02.00.zip (33kB) and
      overwrite file on your server with the zip package usign FTP/SCP
    • Go to Joomla! control panel and HIT at least SAVE configuration once, this will add a new boolean value
      (true or false) in Joomla! configuration for using SecurityImages.

    How to install documentation

    Download Joomla_1.5.22-Stable-Full_PackageForSecurityImages5.1.x_v01.02.00.zip

  • Only for SecurityImages 5.1.x and Joomla! 1.5.23
    Allow login views, login modules, register, lost password, lost user account and contact section to be
    protected by SecurityImages

    • Are for Joomla! 1.5.23 only and SecurityImages 5.1.x or later
    • 14 files has been altered, mostly views, and com_contact/com_user controller, click on picture below
      for more details
    • Download file Joomla_1.5.23-Stable-Full_PackageForSecurityImages5.1.x_v01.02.00.zip (33kB) and
      overwrite file on your server with the zip package usign FTP/SCP
    • Go to Joomla! control panel and HIT at least SAVE configuration once, this will add a new boolean value
      (true or false) in Joomla! configuration for using SecurityImages.

    How to install documentation

    Download Joomla_1.5.23-Stable-Full_PackageForSecurityImages5.1.x_v01.02.00.zip

  • Only for SecurityImages 5.1.x and Joomla 1.5.26, download HERE

    • Allow login views, login modules, register, lost password, lost user account and contact section to be
      protected by SecurityImages
    • Are for Joomla! 1.5.26 only and SecurityImages 5.1.x or later
    • 14 files has been altered, mostly views, and com_contact/com_user controller, click on picture below
      for more details
    • Download file Joomla_1.5.26-Stable-Full_PackageForSecurityImages5.1.x_v01.03.00.zip (33kB) and
      overwrite file on your server

    Go to Joomla! control panel and HIT at least SAVE configuration once, this will add a new boolean value
    (true or false) in Joomla! configuration for using SecurityImages.

    Note that there are two versions of Joomla! available, Joomla 1.5 is end of life! consider updating your Joomla 1.5 to

    • Joomla 2.5 is the current, long term release intended for most websites.
    • Joomla 3.0 is the newest version recommended for developers and early adopters.

    Joomla 2.5 is the best choice if you’d like to incorporate extensions and templates that already exist in the Joomla community. More extensions and templates will be available for 3.0 over time. Read the entire FAQ section below to learn more about which version of Joomla may be right for you.

  • 153release_thumb

    The Joomla! community is pleased to announce the immediate availability of Joomla! 1.5.3 [Vahi].
    This release is earlier than scheduled in order to correct a database name validation error introduced
    in 1.5.2. It has been a month since Joomla! 1.5.2 was released on March 23, 2008.
    The goal is to provide regular, frequent updates to the Joomla! end user community containing the
    latest bug fixes and minor enhancements.

    Since Joomla 1.5.3 is released...Here are the new patches for SecurityImages 5.0.0

    • Allow login views, login modules, register, lost password, lost user account and contact section to be protected by SecurityImages
    • Are for Joomla! 1.5.3 only and SecurityImages 5.0.0Beta3 or later
    • 14 files has been altered, mostly views, and com_contact/com_user controller, click on picture below for more details
    • Download file Joomla_1.5.3-Stable-Full_PackageForSecurityImages5.0.0_v01.00.00.zip (33kB) and overwrite file on your server
    • Go to Joomla! control panel and HIT at least SAVE configuration once, this will add a new boolean value (true or false) in Joomla! configuration
      for using SecurityImages
    Download them here

     

  • joomla_download_1015_154

    The Joomla! community is pleased to announce the immediate availability of Joomla! 1.5.4 [Naiki].
    This is a normal maintenance release which includes a few low to moderate security issues, many
    bug fixes, and several very nice improvements. It has been a little over ten weeks since
    Joomla! 1.5.3 was released on April 24, 2008. TheDevelopment Working Group's goal is to continue
    to provide regular, frequent updates to the Joomla! community containing the latest bug fixes and
    minor enhancements.

    Since Joomla 1.5.4 is released...Here are the new patches for SecurityImages 5.0.0

    • Allow login views, login modules, register, lost password, lost user account and contact section to be protected by SecurityImages
    • Are for Joomla! 1.5.4 only and SecurityImages 5.0.0Beta3 or later
    • 14 files has been altered, mostly views, and com_contact/com_user controller, click on picture below for more details
    • Download file Joomla_1.5.4-Stable-Full_PackageForSecurityImages5.0.0_v01.00.00.zip (33kB) and overwrite file on your server
    • Go to Joomla! control panel and HIT at least SAVE config once, this will add a new boolean value (true or false) in Joomla! configuration
      for using SecurityImages
  • joomla_download_1015_154

    The Joomla! community is pleased to announce the immediate availability of Joomla! 1.5.5 [Mamni]. This
    is a quick turnaround release to address the Duplicate Title error from 1.5.4 . This release also contains
    important SEF URL improvements and fixes for com_content in addition to a number of bug fixes and
    improvements. It has been nearly three weeks since Joomla! 1.5.4 was released on July 8, 2008.
    The Development Working Group 's goal is to continue to provide regular, frequent updates to the Joomla! community.

    Since Joomla 1.5.5 is released...Here are the new patches for SecurityImages 5.0.0

    • Allow login views, login modules, register, lost password, lost user account and contact section to be protected by SecurityImages
    • Are for Joomla! 1.5.5 only and SecurityImages 5.0.0Beta3 or later
    • 14 files has been altered, mostly views, and com_contact/com_user controller, click on picture below for more details
    • Download file Joomla_1.5.5-Stable-Full_PackageForSecurityImages5.0.0_v01.00.00.zip (33kB) and overwrite file on your server
    • Go to Joomla! control panel and HIT at least SAVE config once, this will add a new boolean value (true or false) in Joomla! configuration
      for using SecurityImages
  • joomla_download_banner joomla_donate_banner

    The Joomla! community is pleased to announce the immediate availability of Joomla! 1.5.6 [Vusani].
    This is a quick turnaround security release to address a high level security issue and it is
    recommended all users upgrade immediately.

    For more information about this exploit, click here to visit the Joomla Security Blog.

    Since Joomla 1.5.6 is released...Here are the new patches for SecurityImages 5.0.0

    • Allow login views, login modules, register, lost password, lost user account and contact section to be
      protected by SecurityImages
    • Are for Joomla! 1.5.6 only and SecurityImages 5.0.0Beta3 or later
    • 14 files has been altered, mostly views, and com_contact/com_user controller, click on picture below
      for more details
    • Download file Joomla_1.5.6-Stable-Full_PackageForSecurityImages5.0.0_v01.00.00.zip (33kB) and
      overwrite file on your server
    • Go to Joomla! control panel and HIT at least SAVE config once, this will add a new boolean value
      (true or false) in Joomla! configuration for using SecurityImages

    Note there is no differences between the SecurityImages patches

    • Joomla_1.5.6-Stable-Full_PackageForSecurityImages5.0.0.zip and
    • Joomla_1.5.5-Stable-Full_PackageForSecurityImages5.0.0.zip

    Joomla! team did not change the same files as my patches

  • joomla_download_banner joomla_donate_banner

    The Joomla Project is pleased to announce the immediate availability of Joomla 1.5.7 [Wovusani].
    This is a security release and contains a number of bug fixes, improvements as well as security fixes.
    It is strongly recommended that users immediately upgrade. It has been nearly four weeks since
    Joomla 1.5.6 was released on August 12, 2008. The Development Working Group's goal is to continue
    to provide regular, frequent updates to the Joomla community.

    Since Joomla 1.5.7 is released...Here are the new patches for SecurityImages 5.0.0

  • Download
  • Details
  •  

    • Allow login views, login modules, register, lost password, lost user account and contact section to be
      protected by SecurityImages
    • Are for Joomla! 1.5.7 only and SecurityImages 5.0.0Beta3 or later
    • 14 files has been altered, mostly views, and com_contact/com_user controller, click on picture below
      for more details
    • Download file Joomla_1.5.7-Stable-Full_PackageForSecurityImages5.0.0_v01.00.00.zip (33kB) and
      overwrite file on your server
    • Go to Joomla! control panel and HIT at least SAVE config once, this will add a new boolean value
      (true or false) in Joomla! configuration for using SecurityImages.

    The version manager page has been updated as well, enjoy ;-)

  •  

    joomla_download_banner joomla_donate_banner

     

    The Joomla! community is pleased to announce the immediate availability of Joomla! 1.5.8

    Since Joomla 1.5.8 is released...Here are the new patches for SecurityImages 5.1.0

    • Allow login views, login modules, register, lost password, lost user account and contact section to be
      protected by SecurityImages
    • Are for Joomla! 1.5.8 only and SecurityImages 5.1.0 or later
    • 14 files has been altered, mostly views, and com_contact/com_user controller, click on picture below
      for more details
    • Download file Joomla_1.5.8-Stable-Full_PackageForSecurityImages5.1.0_v01.00.00.zip (33kB) and
      overwrite file on your server
    • Go to Joomla! control panel and HIT at least SAVE config once, this will add a new boolean value
      (true or false) in Joomla! configuration for using SecurityImages

    DOWNLOAD HERE

  • joomla_download_banner joomla_donate_banner

    The Joomla! community is pleased to announce the immediate availability of Joomla! 1.5.9

    Since Joomla 1.5.9 is released...Here are the new patches for SecurityImages 5.1.0

    • Allow login views, login modules, register, lost password, lost user account and contact section to be
      protected by SecurityImages
    • Are for Joomla! 1.5.9 only and SecurityImages 5.1.0 or later
    • 14 files has been altered, mostly views, and com_contact/com_user controller, click on picture below
      for more details
    • Download file Joomla_1.5.9-Stable-Full_PackageForSecurityImages5.1.0_v01.00.00.zip (33kB) and
      overwrite file on your server
    • Go to Joomla! control panel and HIT at least SAVE config once, this will add a new boolean value
      (true or false) in Joomla! configuration for using SecurityImages
  • I always dislike doing this (changing core file of Joomla!) but here they ARE...

    If any core developer of Joomla! read this, can't we look together to have more event hook (in views, more in controller) in Joomla! core?

    Patches:

    • Allow login views, login modules, register, lost password, lost user account and contact section to be protected by SecurityImages
    • Are for Joomla! 1.5.1 only and SecurityImages 5.0.0Beta2
    • 14 files has been altered, mostly views, and com_contact/com_user controller, click on picture below for more details
      patches.altered.files
    • Download file Joomla_1.5.1-Stable-Full_PackageForSecurityImages5.0.0.zip (33kB) and overwrite file on your server

    Report all bugs in the forums in the new section

    Below are some screen shots of the BETA2 in Joomla! 1.5 in action

     

    User operations

    confirm.your.account

    forgot.your.password

     

    forgot.your.username

    To switch these patches ON/Off, go to the Global Configuration page as seen in the screen shot below

     

    global,configuration

     

    You want to customize the error message? then edit the file language\en-GB\en-GB.com_user.ini and change the key

    SECURITYIMAGES REJECT USER ENTRY=Invalid Captcha word, Please enter the correct value you see in picture

    SECURITYIMAGES LABEL=Anti-spamming protection:

    Contact section

    On a per user/contact basis, a new switch is available:

    contact.settings.securityimages.5.0

    Result:

    contact.sections

     

    Login area

     

    Customize labels, keys are in language\en-GB\en-GB.mod_login.ini

     

    login.joomla

    and in module

    mod.login

    Administrator area

    Patches for administrator area are missing because the plugin SecurityImages in front end start a session that is different from the backend. I will for sure find a way to get around it. In between I recommend You to use htaccess login to enhance admin login protection and reduce brute force attacks.

  • SecurityImages 5.X is only running with Joomla! 1.5 and the redesign of API has introduced some incompatibilities.
    Developers/Hackers/Individuals who want to use the latest version of SecurityImages may want to read the
    following. Basic PHP knowledge  is recommended.

    joomla_1.5

    Architecture

    SecurityImages 4.0.X

    • Only work with Joomla! 1.0.X
    • Provide 2 files that 3rd party code must include:
    • client.php in order to quickly create a captcha and the input box
    • server.php in order to validate user entries and check correctness
    • Everything is packed in one component.
    • Patches for common 3rd party tool are included in code so it ca be referenced by external extensions :
      akobook, akocomment, joomla to name a few.
    • You have to overwrite Joomla! files to add protection of form for login, register, lost password, contact

    SecurityImages 5.0.X

    • Only work with Joomla! 1.5.X
    • Use the event handling mechanism of Joomla! 1.5 to  create captcha and check correctness
    • You'll have to install a system content plugin and a component,
    • it do not contains any patches anymore
    • You have to overwrite Joomla! files to add protection of form for login, register, lost password, contact

    Main differences in securityImages 5.X

    1. There is no client.php and server.php file anymore
    2. API are a lot simpler, and dependency are reduced (no PHP code to include) as it use events.
    3. More object oriented
    4. Image creation is done inside the Joomla! framework while in 4.0.X it was done without any Joomla!
      framework support.

     

    with SecurityImages 4.0.X


    In your PHP code displaying the form, can be a Pat template or a html code

    1. Include my library in page scope

    if (file_exist($mosConfig_absolute_path.'/administrator/components/com_securityimages/client.php')) {
    <?php include ($mosConfig_absolute_path.'/administrator/components/com_securityimages/client.php'); ?>
    }
    $packageName = 'securityChooseUniqueKeyName';
     
    2. At the position where You want the Captcha image to be inserted
     
    <?php echo insertSecurityImage($packageName); ?>

    3. This insert the help text and the input box where the user will have to enter his text
    <?php echo getSecurityImageText($packageName); ?>

    Line at point 3. can be, in some case, depending how much space You have in the presentation HTML layer, replace with
     //will be replace at runtime, depending on user locale
    //with "Please Enter what You see:"
    <?php echo getSecurityImageTextHeader(); ?>
     
    //will be replace at run time, depending on user locale with
    //"If You do not see...Hit reload"
    <?php echo getSecurityImageTextHelp(); ?> 
     
    //will be replace at run time with the input box
    <?php echo getSecurityImageField($packageName); ?> 

    The code above insert the image, and the text, You page normally submit information to the server for processing. Most of the time, the last 2 lines are inserted in a <form> </form> HTML tags

    In the server code where you process the data...
    Few lines are required...

    if (file_exist($mosConfig_absolute_path.'/administrator/components/com_securityimages/server.php')) {
    include ($mosConfig_absolute_path.'/administrator/components/com_securityimages/server.php');
    }
    $packageName = 'securityChooseUniqueKeyName';
    $security_refid  = mosGetParam( $_POST, $packageName.'_refid', '' );
    $security_try      = mosGetParam( $_POST, $packageName.'_try', '' );
    $security_reload = mosGetParam( $_POST, $packageName.'_reload', '' );
    $checkSecurity = checkSecurityImage($security_refid, $security_try);


    If the has entered the right text then $checkSecurity = true

     


    with SecurityImages 5.0.X   joomla_1.5

    Due to the Joomla! 1.5 object model, you have basically 2 options:

    1. If your component has been made for running natively and follow Joomla! 1.5 best practices and
      recommendations..you' did probably use a real MVC paradigm in the front end part (N views,
      M models and one controller), go to point A
    2. If your component has been made for running natively or in legacy mode and do not use a MVC pattern
      (HTML code embedded in PHP code, or you use pat templates), go to point B

    Point A, MVC approach joomla_1.5

    Lets take the contact section of Joomla! 1.5 as  an example.

    It is always recommended to use a switch in all your component to activate deactivate SecurityImages per
    components  through the administrator control panel.

    This is done by adding to administrator/components/com_contact/contact_items.xml the following code:

    <param
       name="useSecurityImages" type="radio" default="1"
       label="Use SecurityImage Captcha"
       description="Enable Captcha verification">  
             <option value="0">No</option>
              <option value="1">Yes</option>
    </param>

    Joomla will read this xml file on the fly  and build the graphical user interface for the contact settings.

    Since Joomla! 1.5 now use a Model View Controller paradigm, we have to alter the controller, and add a new Task displaySecurityImagesCaptcha()in  components/com_contact/controller.php:

    function displaySecurityImagesCaptcha() { 
            global $mainframe; 
            //Per contact you can define if the user has to resolve the capctha 
    $contactId = JRequest::getVar('contact_id', 0, '', 'int'); 
    // load the contact details 
    $model    = &$this->getModel('contact'); 
    $qOptions['id'] = $contactId; 
    $contact        = $model->getContact( $qOptions ); 
    $params = new JParameter( $contact->params ); 
            if ($params->get('useSecurityImages')) {     
                $check = null; 
                $mainframe->triggerEvent('onSecurityImagesDisplay', array($check)); 
                if (!$check) { 
                    echo "<br/>Erreur affichage du Captcha<br/>"; 
                } 
            } 
        }

    As you can see, the event "onSecurityImagesDisplay" is triggered on a per contact name basis.
    That mean that some contact can have a Captcha while other have not.  You are free to define
    your own activation rules in the controller method.
    The next step is to add the task checkSecurityImagesCaptcha() checking the captcha in the
    components/com_contact/controller.php

    function checkSecurityImagesCaptcha() { 
            global $mainframe; 
    $contactId = JRequest::getVar('id', 0, '', 'int'); 
    // load the contact details 
    $model    = &$this->getModel('contact'); 
    $qOptions['id'] = $contactId; 
    $contact        = $model->getContact( $qOptions ); 
    $params = new JParameter( $contact->params ); 
            //check if that user has a capctha 
    if (!$params->get('useSecurityImages')) {  
                return true; 
            } 
    $return = false; 
    $securityImagesJoomlaContactUserTry = JRequest::getVar('securityImagesJoomlaContactUserTry', false, '', 'CMD'); 
    $mainframe->triggerEvent('onSecurityImagesCheck', array($securityImagesJoomlaContactUserTry &$return));
            return $return;
        } 

    One more step is to alter the original submit() method of the controller in components/com_contact/controller.php

    global $mainframe; 
    if (!$this->checkSecurityImagesCaptcha()) {
    JError::raiseWarning("999","Invalid Captcha Code");
    $this->display();
                return false;
     } 

    And finally altering the view /com_contact/views/contact/tmpl/default_form.php
    to display the Captcha field

    <?php if ($this->params->get('useSecurityImages')) { ?>
    <img src="/index.php?option=com_contact&task=displaySecurityImagesCaptcha&contact_id=<?php echo $this->contact->id; ?>"> 
    <br /> 
    <input type="text" name="securityImagesJoomlaContactUserTry" /> 
    <br /> 
    <?php } ?>

    Point B, Legacy approachjoomla_1.5


    In your PHP code displaying the form, can be a Pat template or a html code

    if you want to display the captcha define in administrator panel

    <img src="/index.php?option=com_securityimages&task=displaySecurityImagesCaptcha?>"> 
    <br /> 
    <input type="text" name="securityImagesmy3rdpartyExtensions" /> 

    If you want to use a particular implementation different than the one define in administrator panel, useful where you know that you want to use a smaller/bigger captcha than usual

    <img src="/index.php?option=com_securityimages&task=displayCaptchaByPlugin&plugin=hncaptcha&version=1.0?>"> 
    <br /> 
    <input type="text" name="securityImagesmy3rdpartyExtensions" /> 
     
    To check user entry with the captcha define in administrator panel
    $check = null;$userEntry = JRequest::getVar('userEntry', false, '', 'CMD');
    $mainframe->triggerEvent('onSecurityImagesCheck', array($userEntry, $check));
     
    if $check ==  true then user has solved the captcha
     
    To check user entry with the captcha against a particular plugin implementation
     
    $check = null;$check = null;
    $userEntry = JRequest::getVar('userEntry', false, '', 'CMD');
    $mainframe->triggerEvent('onSecurityImagesCheckByPlugin', array('hncaptcha', '1.0', $userEntry, $check));

     

     

     Post your questions in the forums or enhance the WIKI with your finding. I will start to maintain more and more the WIKI and put
    good documentation there.