CAPTCHA by own strength: Backend login form
Allow me to begin a series of articles devoted to embedding of CAPTCHA in Joomla. I know only one project, allowing such embedding, it is Security Images. But this component has some disadvantage, e.g. its size is 1.5Mb in zip-archive. I’ll tell how to embed such a protection by own strength.
For the present I plan following articles:
- CAPTCHA by own strength: Backend login form
- CAPTCHA by own strength: Contact form
- CAPTCHA by own strength: Registration form and Lost password form
- CAPTCHA by own strength: Frontend login form
As CAPTCHA protection I’ll use a “kcaptcha” script (http://www.captcha.ru/en/kcaptcha/) which creates images resists to decoding by OCR programs (the letters are very difficult to separate from each other):
Especially, this CAPTCHA is very easy to embed. We download archive [164Kb] from http://www.captcha.ru/en/kcaptcha/ (or a lite version [48Kb] with 7 fonts only) and unpack it to a server in a folder /kcaptcha/ (check up that CAPTCHA is displayed by URL http://yoursite.com/kcaptcha/). It is possible to change options of the script in a file /kcaptcha/kcaptcha_config.php.
So, let’s start embedding of CAPTCHA in the Backend login form. First we’ll edit the login form which is stored in a file /administrator/templates/joomla_admin/login.php (if you use non-standard template for the Backend, you’ll need to edit a file /administrator/templates/[your-template-name]/login.php). We increase height of the form (a line 47):
include_once( $mosConfig_absolute_path .'/administrator/modules/mod_mosmsg.php' ); ?> <!-- BEGIN PATCH --> <div class="login" style="height: 300px"> <!-- END PATCH --> <div class="login-form"> <img src="templates/joomla_admin/images/login.gif" alt="Login" />
We insert CAPTCHA image and a field for input of the text (insert after a line 55):
<div class="inputlabel">Password</div> <div><input name="pass" type="password" class="inputbox" size="15" /></div> <!-- BEGIN PATCH --> <div><?php session_start(); ?> <img src="/kcaptcha/index.php?<?php echo session_name()?>=<?php echo session_id()?>" alt="Turn on pictures showing" /></div> <div class="inputlabel">Enter the code shown:</div> <div><input name="captcha" type="text" class="inputbox" size="15" /></div> <!-- END PATCH --> <div align="left"><input type="submit" name="submit" class="button" value="Login" /></div> </div>
Check up—now CAPTCHA will be displayed on the Backend login form. And now we’ll add processing of the entered CAPTCHA text in a file /administrator/index.php (insert after a line 57):
$pass = md5( $pass ); } // BEGIN PATCH session_start(); $captcha=$_POST['captcha']; if(!isset($_SESSION['captcha_keystring'])||$_SESSION['captcha_keystring']!==$captcha) { $mosmsg='You need to enter the code shown.'; echo "<script>alert('$mosmsg'); document.location.href='index.php?mosmsg=$mosmsg'</script>\n"; unset($_SESSION['captcha_keystring']); exit; } session_unset(); session_write_close(); // END PATCH $query = "SELECT COUNT(*)" . "\n FROM #__users"
Here you can download patch files for Joomla! 1.0.12 (simply unpack them over of existing ones).
This entry was posted
on Wednesday, July 4th, 2007 at 1:07 pm and is filed under Security, Hacks, Joomla!. You can follow any responses to this entry through the 
RSS 2.0 feed.
You can leave a response, or trackback from your own site.
July 12th, 2007 at 1:38 pm
Thanks! I found your information very helpful.
I recently modified the Virtuemart Registration process to use the captcha similar to your work here.
You can see it here:
http://virtuemart.net/index.php?option=com_smf&Itemid=71&topic=29928.0
September 9th, 2007 at 1:50 pm
Hello,
You write cool things by simple language!
great thanks!
January 28th, 2008 at 1:44 am
Just installed your captcha for the backend login. AWESOME and great instructions. I am new to PHP and Joomla, so your step-by-step and line-by-line instructions are GREAT.
I want to implement it on the front end login as well, but noticed you have not posted the explicit steps for this one "CAPTCHA by own strength: Frontend login form"
I looked over the registration one and it looks like it may be similar, but not sure.
Do you have the instructions for the frontend login form available?
Many thanks!
James
January 31st, 2008 at 3:56 am
I once made such. So, really, it will be necessary to publish such an instructions.
February 8th, 2008 at 6:07 pm
will this script work with joomla 1.1.13? Particularly for the contact form. thank you!
June 13th, 2008 at 3:11 am
it would be very helpful if you can help to rewrite the tutorial for joomla 1.0.15.
specially the /administrator/index.php (insert after a line 57): part is totally different and causes me headache over a few days already.
Thank you very much
otherwise i find this tutorial very very useful - please keep up the great work.
June 13th, 2008 at 10:26 am
Yes, there was some small changes in index.php, so updated code reads:
November 6th, 2008 at 10:11 am
Thanks you… it is nice and work @ 1.0.15