addon: captcha 0.1 beta for pp1.5beta

[sentinel]

this is an updated version of connies captcha addon which was designed for 1.4
(another anti_spam-thingy these days but for 1.5beta|1.5 rc1)

delivery
-------------------------------------------------------------------------
readme.txt
index.php
includes/captcha.php
includes/anti_comment_spam.php
language/lang-german.php (in 0.4 and above only)
language/lang-english.php (in 0.4 and above only)
patch04.diff


quick-installation
-------------------------------------------------------------------------
please always replace existing files on you server
captcha.php -> includes folder
anti_comment_spam.php -> includes folder
lang-german.php -> language folder
lang-english.php -> language folder
replace index.php or use .diff file
(patch -p0 < patch01.diff)
keep org index.php in case it doesn't work for you

<CAPTCHA> - tag -> below the email-field (inserts captcha and form-field)

use $captcha_bgcolor $captcha_linecolor $captcha_fontcolor to change look of captcha

tested with
-----------------------------------------------------------------------
pp 1.5 final


notes
-----------------------------------------------------------------------
use at your own risk .
!-> read readme.txt <- !

im no php god so.. feedback is really very welcome


#06-04-11 update to beta 0.2
this is now more a hack than a addon but otherwise bots are able
to POST directly to x=save_comments

#06-04-22 update to beta 0.3
no changes on addon itself just merged with new index.php of
version pp 1.5 rc1

#06-08-05 update to v0.4 for pp 1.5 final
adding language support (files for german and englisch included)
adding "changeable-colors feature" to the captcha via additional lines
in pixelpost.php. so it fits better into your template
(first two not availabel on server anymore)
captcha 0.2 beta for 1.5 beta
captcha 0.3 beta for 1.5 RC1

captcha 0.4 for 1.5 final (notice: on _some_ installations there occur _unfixed_ problems, have a look at the ongoing discussion)



captcha 0.5 for 1.6 final by QmQ thx for updating (thread includes updated anti_comment_spam.php)

captcha for 1.7(RC1 ++): development of this hack stopped with pp 1.6 as Dennis implemented a real addon vor 1.7RC1++ (thx2Dennis)
get it in the extend-section

\sentinel

[blinking8s+]

i havent tested it, but great to see an update!

[Tannhaeuser]

I installed it just now. In a few days I'll give you answer about working.

[sentinel]

nice. lets see if it works abroad too

[Tannhaeuser]

Hi,
damned! I've got 8 Spam since I installed the addon. The spammers found another way to post.
What do they know?
Now I change the post for comments and I give them free after controlling.

[sentinel]

as with geos anti spam addon, the question is how the spam got into the db. the addon doesn't (and actually can't ) disable the integrated comments function of pp itself.
imho the addon isn't perfect, but as far is i can currently say its reasonable that the bot used the build-in comments-function to spam.. the only way to find out would be the server logs.

[Glovebox]

Hmm... I got three new spam messages after I installed the addon too. I certainly can't post comments without typing in the captcha numbers but my spam-robot-nemesis can. Unless it's a spam nerd with too much free time manually posting this crap.

I'm not massively concerned at the moment, at least none of the spam appears on the site since I upgraded to 1.5beta and switched on moderation. But there's surely a security issue that needs to be addressed that goes deeper than the comments form, unfortunately I have a paper-thin grasp of even basic php.

Incidentally, how can I modify the legend beneath the captcha input so that it says something like "Enter the number below in this field" rather than the current "Captcha". I've looked at both php files but can't see where I should edit for this change.

Thanks,
Simon

Doodleblog
"You're never more than two metres from a doodle..."

[sentinel]

i see. i'm going to integrate the captcha directly into the index.php the next few days and provide it then again (even it's more a hack than a addon then ). afterwards we'll see if there's a general problem in the addon-on or anywhere else (read bot directly uses index.php?x=save_comment link). (lines of the log-files would help a lot here :/ )

concerning the label of the form field:
in line 78 of the anti_comment_spam.php
replace

Quote:

<label for=\"userinput\">Captcha</label>

with whatever you want.

thx for the input

ps.: yes i know akisment plugin (provided by se.nsuo.us here) (sorry "could be" sounds odd) _is_ more convenient. but actually the main reason for me to create this addon is, that my webserver isn't allowed to initiate any connections to the outside by itself.
\sentinel

[Glovebox]

Quote:

concerning the label of the form field:
in line 78 of the anti_comment_spam.php
replace
Quote:
<label for=\"userinput\">Captcha</label>
with whatever you want.

Thanks sentinel, I don't know how I missed this. Thanks also for your work on this addon, if I can work out how to access my server logs I'll send more information...

Cheers,
Simon

[sentinel]

update to beta 0.2 posted (fixed link in org posting to keep consistant..)
please also read new install instructions and remove files of old versions (even if there're currently not changes in captcha.php)

grown from a addon to a hack.. changes to index.php are available in the patch01.diff file.
hopefully this works better than the last try (and you're still able to receive real comments, works sofar here btw

PS: updated package again got a typo in one file (thx 2 tannhaeuser for the hint)