CAPTCHA by own strength: Contact form
As it is known, the contact form in Joomla! can be used easily for automatic delivery of a spam (that is, instead of a e-mails database, it is quite enough to have a database of the sites created using Joomla!). To be protected from this, we’ll add CAPTCHA on contact form. As well as in previous article (CAPTCHA by own strength: Backend login form), we’ll use “kcaptcha” script, though it is possible to embed any other captcha-script in the same way.
1. In /components/com_contact/contact.html.php in function _writeEmailForm we add an output of a security image and a field for input of a code (after line 694):
<?php echo(_EMAIL_A_COPY); ?> </label> <?php } ?> <!--BEGIN PATCH --> <?php session_start(); ?><br /> <img src="/kcaptcha/index.php?<?php echo session_name()?>=<?php echo session_id()?>" alt="Turn on pictures showing" /> <br /> <label for="contact_captcha"> Enter the code shown: </label> <br /> <input type="text" name="captcha" id="contact_captcha" value="" size="30" maxlength="10" /> <!--END PATCH --> <br /> <br />
2. We add in/components/com_contact/contact.php in function sendmail check of correctness of the entered code (line 382):
$bannedText = $mparams->get( 'bannedText', '' ); $sessionCheck = $mparams->get( 'sessionCheck', 1 ); // BEGIN PATCH session_start(); if(!isset($_SESSION['captcha_keystring']) || $_SESSION['captcha_keystring']!==$_POST['captcha']){ unset($_SESSION['captcha_keystring']); mosErrorAlert('You need to enter the code shown.'); } unset($_SESSION['captcha_keystring']); // END PATCH // check for session cookie if ( $sessionCheck ) {
Here it is possible to download patch files for the Joomla! 1.0.12 (archive without kcaptcha script!).
This entry was posted
on Friday, July 6th, 2007 at 11:31 am and is filed under Security, Joomla!. You can follow any responses to this entry through the 
RSS 2.0 feed.
You can leave a response, or trackback from your own site.
July 14th, 2007 at 5:04 pm
Hi,
is there a chance to get this coding running in Joomla 1.5 beta, too? I did not try it myself nor did a look at the coding (I’m no PHP expert).
Thx,
Michael
July 16th, 2007 at 2:28 pm
It is a tiny bit difficult to make this in Joomla1.5 (because of clearing $_SESSION on Joomla start).
But I hope I solve this problem.
July 18th, 2007 at 7:06 am
Try captcha-contact-form patch for Joomla! 1.5. Write me about any problem, please.
October 21st, 2007 at 9:06 am
I just installed on my website at:
http://luyenkim.net/home9/index.php?option=com_contact&Itemid=88889198
It works well, but there is a small bug is: when you entered a wrong code then you re-entered a right code it sitill noticed a wrong code. I must refresh the browser then enter right code It will work.
How we can continue incase you entered wrong code the right code will be OK.
My Joomla system: J 1.0.13 & PHP 5.xx on WIndows server.
Thanks for useful patch.
Viet
October 22nd, 2007 at 10:59 am
Viet4777:
Probably it happens because your browser caches the old image and shows it instead of new (after entering a wrong code the image should exchange!).
November 20th, 2007 at 6:33 am
Please note that the 1.5 patch for joomla is not working (even with legacy ON)Fatal error: Class jsite: Cannot inherit from undefined class japplication in /home/public_html/includes/application.php on line 27Tested on J1.5 (RC3 and on Nightly build dated 10th Nov 2006.)Thanks
November 20th, 2007 at 3:09 pm
Well, since July 18th it has passed a lot of time. I think when stable version 1.5 will be released, I can describe work with CAPTCHA in it.
December 4th, 2007 at 10:20 am
I was hoping that a solution to adding Captcha to the contact form for 1.5 was found. Any luck?
Thanks!
February 8th, 2008 at 12:55 am
Sorry for asking because I am a beginner but how do you embed the kcapthca script into Joomla? and I notice that your customization is for 1.0.12., will it work for 1.0.13?
February 8th, 2008 at 3:45 pm
Yes. It must work (there are not so many changes in Joomla!1.0.13).