Select Page

SecurityImages 5.0 BETA for Joomla! 1.5

SecurityImages 5.0 BETA for Joomla! 1.5

index.php


Beta to be released before end of week!
 

NEW: No HTML warning, XHTML compliant
NEW:  GPL v3 The FSF Compliance Lab has published A Quick Guide to GPLv3, a developer-friendly article explaining the new features and benefits of GPLv3. Be sure to check it out.
NEW: full translation now possible of static pages about.html, developer.html and troubles.html
NEW: migration to #Joomla! 1.5 API, security, database factory, logging, installer -> reduction of code
NEW: unique language files following #Joomla! 1.5 convention (ini files)
NEW: utf8 support
NEW: no PHP warning in logs

Architectural changes
NEW: a system plugin (to install separately) for generating captcha in any 3rd party component using events trigger

NEW: MVC model for the public component part. Now all request creating images are going through the component controller for:

  • improved security
  • having access to #Joomla! framework (no more session or database issues)

Developer can now request to use a particular captcha plugin:

This request give you the captcha defined in the administrator panel configuration of SecurityImages

http://localhost/prod2/index.php?option=com_securityimages&task=displaycaptcha

While this request, let you specify the plugin and version

http://localhost/prod2/index.php?option=com_securityimages&task=displayCaptchaByPlugin&plugin=hncaptcha&version=1.0

To check what the user has entered:

$return = false;  
$securityImagesJoomlaContactUserTry = JRequest::getVar(‘securityImagesJoomlaContactUserTry’, false, , ‘CMD’);  
$mainframe->triggerEvent(
onSecurityImagesCheck, array($securityImagesJoomlaContactUserTry &$return));

If return is true, then the user / bots has solved the captcha correctly.

Attention: SecurityImages is still WAY to intrusive toward #Joomla! as core file has to be changed in order to use captcha.

Moreover #Joomla! 1.5 use now a kind of hashcash protection to avoid request forgeries (a crypto encrypted time/server dependent magic value in form)

Insert in any HTML form with JHTML::_( ‘form.token’ )
check in your controller with JRequest::checkToken() or die( ‘Invalid Token’ );

About The Author

Cédric Walter

I worked with various Insurances companies across Switzerland on online applications handling billion premium volumes. I love to continuously spark my creativity in many different and challenging open-source projects fueled by my great passion for innovation and blockchain technology.In my technical role as a senior software engineer and Blockchain consultant, I help to define and implement innovative solutions in the scope of both blockchain and traditional products, solutions, and services. I can support the full spectrum of software development activities, starting from analyzing ideas and business cases and up to the production deployment of the solutions.I'm the Founder and CEO of Disruptr GmbH.

Categories