Select Page

Migration SecurityImages 4.X to SecurityImages 5.X how to

Migration SecurityImages 4.X to SecurityImages 5.X how to

SecurityImages 5.X is only running with #Joomla! 1.5 and the redesign of API has introduced some incompatibilities.
Developers/Hackers/Individuals who want to use the latest version of SecurityImages may want to read the
following. Basic PHP knowledge  is recommended.



SecurityImages 4.0.X

  • Only work with #Joomla! 1.0.X
  • Provide 2 files that 3rd party code must include:
  • client.php in order to quickly create a captcha and the input box
  • server.php in order to validate user entries and check correctness
  • Everything is packed in one component.
  • Patches for common 3rd party tool are included in code so it ca be referenced by external extensions :
    akobook, akocomment, joomla to name a few.
  • You have to overwrite #Joomla! files to add protection of form for login, register, lost password, contact

SecurityImages 5.0.X

  • Only work with #Joomla! 1.5.X
  • Use the event handling mechanism of #Joomla! 1.5 to  create captcha and check correctness
  • You’ll have to install a system content plugin and a component,
  • it do not contains any patches anymore
  • You have to overwrite #Joomla! files to add protection of form for login, register, lost password, contact

Main differences in securityImages 5.X

  1. There is no client.php and server.php file anymore
  2. API are a lot simpler, and dependency are reduced (no PHP code to include) as it use events.
  3. More object oriented
  4. Image creation is done inside the #Joomla! framework while in 4.0.X it was done without any #Joomla!
    framework support.


with SecurityImages 4.0.X

In your PHP code displaying the form, can be a Pat template or a html code

1. Include my library in page scope

if (file_exist($mosConfig_absolute_path.'/administrator/components/com_securityimages/client.php')) {
<?php include ($mosConfig_absolute_path.'/administrator/components/com_securityimages/client.php'); ?>
$packageName = 'securityChooseUniqueKeyName';
2. At the position where You want the Captcha image to be inserted 
<?php echo insertSecurityImage($packageName); ?>

3. This insert the help text and the input box where the user will have to enter his text

<?php echo getSecurityImageText($packageName); ?>

Line at point 3. can be, in some case, depending how much space You have in the presentation HTML layer, replace with

 //will be replace at runtime, depending on user locale 
//with "Please Enter what You see:" 
<?php echo getSecurityImageTextHeader(); ?> 
//will be replace at run time, depending on user locale with 
//"If You do not see ...Hit reload" 
<?php echo getSecurityImageTextHelp(); ?>  
//will be replace at run time with the input box
<?php echo getSecurityImageField($packageName); ?>  

The code above insert the image, and the text, You page normally submit information to the server for processing. Most of the time, the last 2 lines are inserted in a <form> </form> HTML tags

In the server code where you process the data…
Few lines are required…

if (file_exist($mosConfig_absolute_path.'/administrator/components/com_securityimages/server.php')) {
include ($mosConfig_absolute_path.'/administrator/components/com_securityimages/server.php');
$packageName = 'securityChooseUniqueKeyName';
$security_refid  = mosGetParam( $_POST, $packageName.'_refid', '' );
$security_try      = mosGetParam( $_POST, $packageName.'_try', '' );
$security_reload = mosGetParam( $_POST, $packageName.'_reload', '' );
$checkSecurity = checkSecurityImage($security_refid, $security_try);

If the has entered the right text then $checkSecurity = true


with SecurityImages 5.0.X   joomla_1.5

Due to the Joomla! 1.5 object model, you have basically 2 options:

  1. If your component has been made for running natively and follow Joomla! 1.5 best practices and’ did probably use a real MVC paradigm in the front end part (N views,
    M models and one controller), go to point A
  2. If your component has been made for running natively or in legacy mode and do not use a MVC pattern
    (HTML code embedded in PHP code, or you use pat templates), go to point B

Point A, MVC approach joomla_1.5

Lets take the contact section of Joomla! 1.5 as  an example.

It is always recommended to use a switch in all your component to activate deactivate SecurityImages per
components  through the administrator control panel.

This is done by adding to administrator/components/com_contact/contact_items.xml the following code:

   name="useSecurityImages" type="radio" default="1" 
   label="Use SecurityImage Captcha"
   description="Enable Captcha verification">   
         <option value="0">No</option>
          <option value="1">Yes</option>

Joomla will read this xml file on the fly  and build the graphical user interface for the contact settings.

Since Joomla! 1.5 now use a Model View Controller paradigm, we have to alter the controller, and add a new Task displaySecurityImagesCaptcha()in  components/com_contact/controller.php:

function displaySecurityImagesCaptcha() {  
        global $mainframe;  
        //Per contact you can define if the user has to resolve the capctha  
$contactId = JRequest::getVar('contact_id', 0, '', 'int');  
// load the contact details  
$model    = &$this->getModel('contact');  
$qOptions['id'] = $contactId;  
$contact        = $model->getContact( $qOptions );  
$params = new JParameter( $contact->params );  
        if ($params->get('useSecurityImages')) {      
            $check = null;  
            $mainframe->triggerEvent('onSecurityImagesDisplay', array($check));  
            if (!$check) {  
                echo "<br/>Erreur affichage du Captcha<br/>";  

As you can see, the event “onSecurityImagesDisplay” is triggered on a per contact name basis.
That mean that some contact can have a Captcha while other have not.  You are free to define
your own activation rules in the controller method.
The next step is to add the task checkSecurityImagesCaptcha() checking the captcha in the

function checkSecurityImagesCaptcha() {  
        global $mainframe;  
$contactId = JRequest::getVar('id', 0, '', 'int');  
// load the contact details  
$model    = &$this->getModel('contact');  
$qOptions['id'] = $contactId;  
$contact        = $model->getContact( $qOptions );  
$params = new JParameter( $contact->params );  
        //check if that user has a capctha  
if (!$params->get('useSecurityImages')) {   
            return true;  
$return = false;  
$securityImagesJoomlaContactUserTry = JRequest::getVar('securityImagesJoomlaContactUserTry', false, '', 'CMD');  
$mainframe->triggerEvent('onSecurityImagesCheck', array($securityImagesJoomlaContactUserTry &$return)); 
        return $return;

One more step is to alter the original submit() method of the controller in components/com_contact/controller.php

global $mainframe;  
if (!$this->checkSecurityImagesCaptcha()) { 
JError::raiseWarning("999","Invalid Captcha Code"); 
            return false; 

And finally altering the view /com_contact/views/contact/tmpl/default_form.php
to display the Captcha field

<?php if ($this->params->get('useSecurityImages')) { ?>
<img src="/index.php?option=com_contact&task=displaySecurityImagesCaptcha&contact_id=<?php echo $this->contact->id; ?>">  
<br />  
<input type="text" name="securityImagesJoomlaContactUserTry" />  
<br />  
<?php } ?> 

Point B, Legacy approachjoomla_1.5

In your PHP code displaying the form, can be a Pat template or a html code

if you want to display the captcha define in administrator panel

<img src="/index.php?option=com_securityimages&task=displaySecurityImagesCaptcha?>">  
<br />  
<input type="text" name="securityImagesmy3rdpartyExtensions" />  

If you want to use a particular implementation different than the one define in administrator panel, useful where you know that you want to use a smaller/bigger captcha than usual

<img src="/index.php?option=com_securityimages&task=displayCaptchaByPlugin&plugin=hncaptcha&version=1.0?>">  
<br />  
<input type="text" name="securityImagesmy3rdpartyExtensions" />  
To check user entry with the captcha define in administrator panel
$check = null;$userEntry = JRequest::getVar('userEntry', false, '', 'CMD'); 
$mainframe->triggerEvent('onSecurityImagesCheck', array($userEntry, $check));
if $check ==  true then user has solved the captcha
To check user entry with the captcha against a particular plugin implementation
$check = null;$check = null;
$userEntry = JRequest::getVar('userEntry', false, '', 'CMD'); 
$mainframe->triggerEvent('onSecurityImagesCheckByPlugin', array('hncaptcha', '1.0', $userEntry, $check)); 



 Post your questions in the forums or enhance the WIKI with your finding. I will start to maintain more and more the WIKI and put
good documentation there.

About The Author

Cédric Walter

I worked with various Insurances companies across Switzerland on online applications handling billion premium volumes. I love to continuously spark my creativity in many different and challenging open-source projects fueled by my great passion for innovation and blockchain technology.In my technical role as a senior software engineer and Blockchain consultant, I help to define and implement innovative solutions in the scope of both blockchain and traditional products, solutions, and services. I can support the full spectrum of software development activities, starting from analyzing ideas and business cases and up to the production deployment of the solutions.I'm the Founder and CEO of Disruptr GmbH.