Select Page

Security Images 2.2 – whats new…

Security Images 2.2 – whats new…

I will also release a new version of akocomment, and resolve the logged in user bugs that many people have reported me.

release 2.2.0 to be released soon

  • All  Security patches: add missing index.html and PHP missing header: defined( ‘_VALID_MOS’ ) or die( ‘Direct Access to this location is not allowed.’ );
  • Plugin core is now able to output image to PNG, JPG or GIF selection in admin core settings
  • Plugin core is now able to limit the reload tentative of the users, retry counter is stored in user session. If user reload picture more than Retry in tab Text
  • Plugin core has a new switch: Use extended charset in image: ex: +*%&/()[email protected]#…true or false
  • Plugin core is now able to output align text in image using 4 strategies:
    System font with random character position
    TTFonts with random character position
    The best for me, OCR is more difficult
    TTFonts with linear character position
    (Default setting)
    RandomAbove 3 in a random order.
  • AllPatches for Login/registration #Joomla framework as file in /patches/ You have either:
    • To modify joomla files manually y following steps below OR
    • Copy already patched file (Joomla 1.0.3) to the server at the right place
  • All – Bug in function getSecurityImageField($textid) the javascript was not boostraped, no influence but bug was revealed when doing login integration
  • All – General Settings: It is now possible to display selectively the reload or sound button.
  • com_contact, if user failed to enter the right captcha, he lost his data. This is not a bug but more a functionnalities not existing in #Joomla -> the form with history back is always initialize with empty fileds in Mozilla Firefox, while in IE it is working
  • Plugin All – Bug if logs are activated, php code logger.php was not included into the delegate plugins/xx/yy/checker.php
  • All – New Tab in "General settings" called "Joomla-Patches" this let You swicth on or off the use of security images in login, registration.
  • Plugin core – Bug correct the contrast of 2 images bg-L-5.png and bg-L-18.png : there were too dark!
  • AllA new menu entry "Check if latest version" has been add, I only have to finish the server code.-> it is not working right now but soon.

 

AkoComment

Administrator mail UTF8 support patch by Karel Neugebauer jr. – http://itx.cz

 

 

Install security images form code in existing Joomla code…

point AOpen components\com_registration\registration.html.php line 54 in function registerForm($option, $useractivation)
 <tr>
<td>
<?php echo _PROMPT_EMAIL; ?>
</td>
<td>
<input type="text" name="confirmEmail" class="inputbox" size="40" />
</td>
</tr>

<?php
//security image by www.waltercedric.com
global $mosConfig_absolute_path;
if (file_exists($mosConfig_absolute_path.’/administrator/components/com_securityimages/patches/registration.lostPassForm.php’)) {
require_once($mosConfig_absolute_path.’/administrator/components/com_securityimages/patches/registration.lostPassForm.php’);
}
//end security image by www.waltercedric.com
?>


<tr>
<td colspan="2">
<input type="hidden" name="option" value="<?php echo $option;?>" />
<input type="hidden" name="task" value="sendNewPass" /> <input type="submit" class="button" value="<?php echo _BUTTON_SEND_PASS; ?>" />
</td>
</tr>

point BOpen components\com_registration\registration.html.at line 164 in function registerForm($option, $useractivation)
 <tr>
<td>
<?php echo _REGISTER_VPASS; ?> *
</td>
<td>
<input class="inputbox" type="password" name="password2" size="40" value="" />
</td>
</tr>

<?php
//security image by www.waltercedric.com
global $mosConfig_absolute_path;
if (file_exists($mosConfig_absolute_path.’/administrator/components/com_securityimages/patches/registration.html.registerForm.php’)) {
require_once($mosConfig_absolute_path.’/administrator/components/com_securityimages/patches/registration.html.registerForm.php’);
}
//end security image by www.waltercedric.com
?>

<tr>
<td colspan="2">
</td>
</tr>
point C 

 

Install security images checking code in existing Joomla code…

Point 1Open \components\com_registration\registration.php after line 61 add what is in bold below
 $checkusername = mosGetParam( $_POST, ‘checkusername’, ” );
$checkusername = $database->getEscaped( $checkusername );
$confirmEmail = mosGetParam( $_POST, ‘confirmEmail’, ”);
$confirmEmail = $database->getEscaped( $confirmEmail );

//securityimages by www.waltercedric.com
global $mosConfig_absolute_path;
if (file_exists($mosConfig_absolute_path.’/administrator/components/com_securityimages/patches/registration.SendNewPass.php’)) {
include_once($mosConfig_absolute_path.’/administrator/components/com_securityimages/patches/registration.SendNewPass.php’);
}
//end security images by www.waltercedric.com


$query = "SELECT id"
Point 2Open \components\com_registration\registration.php after line 123 (123 is after added the point 1)
 function saveRegistration( $option ) {
global $database, $acl;
global $mosConfig_sitename, $mosConfig_live_site, $mosConfig_useractivation, $mosConfig_allowUserRegistration;
global $mosConfig_mailfrom, $mosConfig_fromname, $mosConfig_mailfrom, $mosConfig_fromname;

if ($mosConfig_allowUserRegistration==’0′) {
mosNotAuth();
return;
}

//securityimages by www.waltercedric.com
global $mosConfig_absolute_path;
if (file_exists($mosConfig_absolute_path.’/administrator/components/com_securityimages/patches/registration.SaveRegistration.php’)) {
include_once($mosConfig_absolute_path.’/administrator/components/com_securityimages/patches/registration.SaveRegistration.php’);
}
//end security images by www.waltercedric.com

$row = new mosUser( $database );

if (!$row->bind( $_POST, ‘usertype’ )) {
echo "<script> alert(‘".$row->getError()."’); window.history.go(-1); </script>\n";
exit();
}

Point 3Open includes\joomla.php after line 610
 $passwd = md5( $passwd );
$bypost = 1;
}
$remember = mosGetParam( $_POST, ‘remember’, ” );

//securityimages by www.waltercedric.com
global $mosConfig_absolute_path;
if (file_exists($mosConfig_absolute_path.’/administrator/components/com_securityimages/patches/joomla.login.php’)) {
include_once($mosConfig_absolute_path.’/administrator/components/com_securityimages/patches/joomla.login.php’);
}
//end security images by www.waltercedric.com


if (!$username || !$passwd) {
echo "<script> alert(\""._LOGIN_INCOMPLETE."\"); window.history.go(-1); </script>\n";
exit();
} else {

  

 

About The Author

I worked with various Insurances companies across Switzerland on online applications handling billion premium volumes. I love to continuously spark my creativity in many different and challenging open-source projects fueled by my great passion for innovation and blockchain technology.In my technical role as a senior software engineer and Blockchain consultant, I help to define and implement innovative solutions in the scope of both blockchain and traditional products, solutions, and services. I can support the full spectrum of software development activities, starting from analyzing ideas and business cases and up to the production deployment of the solutions.I'm the Founder and CEO of Disruptr GmbH.

Categories