« “Popular of late” 1.1.1
CAPTCHA by own strength: Contact form »

CAPTCHA by own strength: Backend login form

Tags: ,

Allow me to begin a series of articles devoted to embedding of CAPTCHA in Joomla. I know only one project, allowing such embedding, it is Security Images. But this component has some disadvantage, e.g. its size is 1.5Mb in zip-archive. I’ll tell how to embed such a protection by own strength.

For the present I plan following articles:

As CAPTCHA protection I’ll use a “kcaptcha” script (http://www.captcha.ru/en/kcaptcha/) which creates images resists to decoding by OCR programs (the letters are very difficult to separate from each other):

CAPTCHA

Especially, this CAPTCHA is very easy to embed. We download archive [164Kb] from http://www.captcha.ru/en/kcaptcha/ (or a lite version [48Kb] with 7 fonts only) and unpack it to a server in a folder /kcaptcha/ (check up that CAPTCHA is displayed by URL http://yoursite.com/kcaptcha/). It is possible to change options of the script in a file /kcaptcha/kcaptcha_config.php.

So, let’s start embedding of CAPTCHA in the Backend login form. First we’ll edit the login form which is stored in a file /administrator/templates/joomla_admin/login.php (if you use non-standard template for the Backend, you’ll need to edit a file /administrator/templates/[your-template-name]/login.php). We increase height of the form (a line 47):

include_once( $mosConfig_absolute_path .'/administrator/modules/mod_mosmsg.php' );
?>
<!-- BEGIN PATCH -->
<div class="login" style="height: 300px">
<!-- END PATCH -->
	<div class="login-form">
		<img src="templates/joomla_admin/images/login.gif" alt="Login" />

We insert CAPTCHA image and a field for input of the text (insert after a line 55):

<div class="inputlabel">Password</div>
<div><input name="pass" type="password" class="inputbox" size="15" /></div>
<!-- BEGIN PATCH -->
<div><?php session_start(); ?>
<img src="/kcaptcha/index.php?<?php echo session_name()?>=<?php echo session_id()?>"
 alt="Turn on pictures showing" /></div>
<div class="inputlabel">Enter the code shown:</div>
<div><input name="captcha" type="text" class="inputbox" size="15" /></div>
<!-- END PATCH -->
<div align="left"><input type="submit" name="submit" class="button" value="Login" /></div>
</div>

Check up—now CAPTCHA will be displayed on the Backend login form. And now we’ll add processing of the entered CAPTCHA text in a file /administrator/index.php (insert after a line 57):

	$pass = md5( $pass );
}
// BEGIN PATCH
session_start();
$captcha=$_POST['captcha'];
if(!isset($_SESSION['captcha_keystring'])||$_SESSION['captcha_keystring']!==$captcha)
{
	$mosmsg='You need to enter the code shown.';
	echo "<script>alert('$mosmsg');
	 document.location.href='index.php?mosmsg=$mosmsg'</script>\n";
	unset($_SESSION['captcha_keystring']);
	exit;
}
session_unset();
session_write_close();
// END PATCH
$query = "SELECT COUNT(*)"
. "\n FROM #__users"

Here you can download patch files for Joomla! 1.0.12 (simply unpack them over of existing ones).

This entry was posted on Wednesday, July 4th, 2007 at 1:07 pm and is filed under Security, Hacks, Joomla!. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Related Posts

11 Responses to “CAPTCHA by own strength: Backend login form”

Pages: « 1 [2] Show All

  1. 11
    Physicist Says:
    October 31st, 2011 at 9:20 am

    No, to 1.0 only

Pages: « 1 [2] Show All

You can follow any responses to this entry through the RSS 2.0 feed.

Leave a Reply


Warning: Unknown: write failed: Disk quota exceeded (122) in Unknown on line 0

Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0