The devs were expected to have made it into an extension by now.
]]>Janusz
]]>Now that the failed login delay feature has been introduced in v2.3.12, the above code needs to modified carefully in the light of changes to login.php and other files listed above.
]]>Since the captcha is only on initial login (not for timeouts) and is configurable in the config.php would it's integration into the base code prove troublesome? The download size would become huge due tot he audio scripts - maybe another config variable for controlling audio enablement on captcha would be desirable. Yes the CAPTCHA proved very tiresome during repetitive testing....
Can it be encapsulated as an optional plugin (bundled with securimage code) ?
]]>Details at:
Feature Posted At Bugs (#1783) Site
Download in debian with:
cd /var/www
wget -O securimage.tar.gz https://github.com/dapphp/securimage/tarball/master
mkdir -p /var/www/frontac/securimage
tar -xzf securimage.tar.gz -C /var/www/frontac/securimage --strip-components=1FA Securimage Integration notes:
FA uses it's own session name computed using the domain / uri string it was installed at.
FA's JavaScripts for Ajax and other HttpRequests use the default PHPSESSID session name.
The Securimage SQLite DB is not being used by default andonly SESSION variables are used.
The Audio files account for over 95% of the securimage download size.
CAPTCHA Session variables used:
$_SESSION = Array (
......
[securimage_code_disp] => Array ( [default] => bnGp24 )
[securimage_code_value] => Array ( [default] => bngp24 )
[securimage_code_ctime] => Array ( [default] => 1347630909)
) The files:
Place the securimage library in the securimage folder at the webroot.
Copy the securimage/securimage_show.php to securimage/securimage_show_n.php
File: securimage/securimage_show_n.php
Insert at the very top after the opening PHP tag:
$sn = (isset($_GET['sn']) ? trim($_GET['sn']) : 'PHPSESSID');
$oldsess = session_name($sn);Append at the very last:
session_name($oldsess);File: config.default.php
Append before last closing PHP tag:
/* Should FA use CAPTCHA for login form?
false for no true for yes
Get the securimage code at https://github.com/dapphp/securimage/zipball/master
Extract the contents into the securimage folder under the webroot.
*/
$use_captcha_for_login = false;The above variable must be set to true for CAPTCHA use.
It defaults to false for backwards compatibility.
File: access/login.php
Insert at Line 102:
// Use CAPTCHA only for fresh login and not for timeouts
if ($use_captcha_for_login && !($login_timeout))
{
start_row();
?>
<td colspan="2">
<img id="siimage"
style="border: 1px solid #000; margin-right: 15px"
src="securimage/securimage_show_n.php?sn=<?php echo session_name(); ?>&sid=<?php echo md5(uniqid()) ?>"
alt="CAPTCHA Image" align="left">
<object type="application/x-shockwave-flash"
data="securimage/securimage_play.swf?bgcol=#ffffff&icon_file=securimage/images/audio_icon.png&audio_file=securimage/securimage_play.php"
height="32" width="32">
<param name="movie"
value="securimage/securimage_play.swf?bgcol=#ffffff&icon_file=securimage/images/audio_icon.png&audio_file=securimage/securimage_play.php" />
</object>
<a tabindex="-1" style="border-style: none;" href="#" title="Refresh Image"
onclick="document.getElementById('siimage').src = 'securimage/securimage_show_n.php?sn=<?php echo session_name(); ?>&sid=' + Math.random(); this.blur(); return false">
<img src="securimage/images/refresh.png" alt="Reload Image"
height="32" width="32"
onclick="this.blur()" align="bottom" border="0"></a>
<br />
<strong>Enter Code*:</strong><br />
<input type="text" name="ct_captcha" size="12" maxlength="8" />
</td>
<?php
end_row();
}File: includes/current_user.inc
Insert at Line 78:
if (!($this->timeout)) captchacheck();Append following function before last closing PHP tag:
function captchacheck() {
global $use_captcha_for_login;
if ($use_captcha_for_login) {
// make sure that login_timeout is not affected
if (isset($_POST['ct_captcha'])) $_SESSION['ct_captcha'] = $_POST['ct_captcha'];
// Check CAPTCHA
require_once 'securimage/securimage.php';
$securimage = new Securimage();
$usrcaptcha = $_SESSION['ct_captcha'];
if ($securimage->check($usrcaptcha) == false) {
// CAPTCHA Failed
echo "The security code entered was incorrect.<br /><br />";
echo "Please go <a href='javascript:history.go(-1)'>back</a> and try again.";
// captcha session variables used - unset still cannot prevent cached image
// unset($_SESSION['securimage_code_disp']);
// unset($_SESSION['securimage_code_value']);
// unset($_SESSION['securimage_code_ctime']);
exit;
// return false;
} else {
// CAPTCHA OK
return true;
}
} else return true;
}