Select Page

New securityimages 4.1.0

New securityimages 4.1.0

Why updating?

  • If You want to use more than one Captcha in a page.
  • If  You want Captcha in the administrator page.
  • If Your old version 3.0.8 or 4.0.1 do not work as expected
  • If you use any version < 3.0.4 which has a serious vulnerability injection.

NEW:  Captcha can  now be used in the administrator login page
NEW: more settings for switching On/Off securityimages into #Joomla! core
BUG: I was starting another php session with session_start()

click read more for screenshots and details…
NEW Captcha can  now be used in the administrator login page

Note:
  • I’ve changed the file /administrator/templates/joomla_admin/login.php (insertion of captcha line 57 ) , meaning if You use another administrator template than joomla_admin, You’ll have to make the same changes in Your templates
  • I’ve changed the file /administrator/templates/index.php (checking the captcha challenge), this file is administrator templates independent
  • This mod do not increase the security of the administrator login page, it is more smart to read:
    Todo list for securing your site: http://www.waltercedric.com/content/view/806/102/ and also
    Protecting You Mambo admin panel using htaccess: http://www.waltercedric.com/content/view/706/102/



NEW: more settings for switching On/Off securityimages into Joomla! core
This let You deactivate securityimages in core part of Joomla! more easily.

Note:
  • Switching these flag to true is not ENOUGH, You need to also install a set of files (an exact copy of Joomla! file let’s say in a version 1.0.11) that I have modified to support securityimages. Right now Joomla! do not allow me to do it differently.


BUG: I was starting another php session with session_start(),
this has cause a lot of trouble in the admin login page, and has revealed that I must better use:

session_name( md5( $mosConfig_live_site ) );
session_start();
This has the potential of solving issue in Virtuemart (I have not tested it, but problem look similar)


About Joomla core patches I provide to the community
I do not like hacking Joomla! core file, either Joomla! Team provide a way to extends their core code on the fly   (plugins) or I may run in trouble mainly because I have to provide and maintain a patch version of some core files, it is also risky to do that (code is untrusted source even if I am a honest person)…

In order to not overwrite any existing changes You’ve made in the past, all users of Joomla! should really try to use Beyond Compare, from www.scootersoftware.com. It allow to select 2 directories/zip/files, and by right clicking in windows explorer like interface compare file and merge them  in a 2 way editor (you can copy from left and to the right side of panel part of the code).With this tool, You can even make a compare with a local directory and a remote one (FTP) this let you apply release (official joomla patch 1.0.11 for example)  very easily.

Joomla! core patches are all located in administrator\components\com_securityimages\patches\*.php so the influence on core is minimal. Read them if you want to know how to use securityimages in Your own code.

About release management of my patches:

  • Securityimages 4.0.1 has a new  API and work only with >= JoomlaPatches1.0.11-v1.0.2
  • Securityimages 3.0.8 has the old API  and work only with <= JoomlaPatches1.0.11-v1.0.1
  • Securityimages 4.1.0 has a new  API and work only with >= JoomlaPatches1.0.11-for securityimages 4.1.0 only

My mistake is that I did not document that at all, this is why so much users run in troubles in the past few weeks….


  

About The Author

I worked with various Insurances companies across Switzerland on online applications handling billion premium volumes. I love to continuously spark my creativity in many different and challenging open-source projects fueled by my great passion for innovation and blockchain technology.In my technical role as a senior software engineer and Blockchain consultant, I help to define and implement innovative solutions in the scope of both blockchain and traditional products, solutions, and services. I can support the full spectrum of software development activities, starting from analyzing ideas and business cases and up to the production deployment of the solutions.I'm the Founder and CEO of Disruptr GmbH.

Categories