CAPTCHA by own strength: Contact form
As it is known, the contact form in Joomla! can be used easily for automatic delivery of a spam (that is, instead of a e-mails database, it is quite enough to have a database of the sites created using Joomla!). To be protected from this, we’ll add CAPTCHA on contact form. As well as in previous article (CAPTCHA by own strength: Backend login form), we’ll use “kcaptcha” script, though it is possible to embed any other captcha-script in the same way.
1. In /components/com_contact/contact.html.php in function _writeEmailForm we add an output of a security image and a field for input of a code (after line 694):
<?php echo(_EMAIL_A_COPY); ?> </label> <?php } ?> <!--BEGIN PATCH --> <?php session_start(); ?><br /> <img src="/kcaptcha/index.php?<?php echo session_name()?>=<?php echo session_id()?>" alt="Turn on pictures showing" /> <br /> <label for="contact_captcha"> Enter the code shown: </label> <br /> <input type="text" name="captcha" id="contact_captcha" value="" size="30" maxlength="10" /> <!--END PATCH --> <br /> <br />
2. We add in/components/com_contact/contact.php in function sendmail check of correctness of the entered code (line 382):
$bannedText = $mparams->get( 'bannedText', '' ); $sessionCheck = $mparams->get( 'sessionCheck', 1 ); // BEGIN PATCH session_start(); if(!isset($_SESSION['captcha_keystring']) || $_SESSION['captcha_keystring']!==$_POST['captcha']){ unset($_SESSION['captcha_keystring']); mosErrorAlert('You need to enter the code shown.'); } unset($_SESSION['captcha_keystring']); // END PATCH // check for session cookie if ( $sessionCheck ) {
Here it is possible to download patch files for the Joomla! 1.0.12 (archive without kcaptcha script!).
This entry was posted
on Friday, July 6th, 2007 at 11:31 am and is filed under Security, Joomla!. You can follow any responses to this entry through the 
RSS 2.0 feed.
You can leave a response, or trackback from your own site.
February 28th, 2008 at 2:44 pm
this is perfect, no need for those 3rd party modules/components that annoyingly require a bunch of extra ones as a base, plus now i know where i need to edit the code to adjust positions/sizes/titles/etc
June 16th, 2008 at 5:41 am
How i may this with loginform?
July 1st, 2008 at 11:04 pm
Thanks very much - this resolved an issue with a spammer I had on one site. Worked great in the contact form on a joomla 1.0.15 installation.
Cheers and thanks again
September 2nd, 2008 at 5:52 am
Can we get an updated set of instructions for joomla 1.5?
I tried but failed miserably.
November 15th, 2008 at 10:36 pm
Thank You Very Much!
I added Captcha to a commercial site that was being pounder by a spammer…
Worked perfectly first time… the step by step instructions are great. Is there somewhere I can make a donation for your time?
Truly greatful,Rick
April 4th, 2010 at 11:58 pm
Hey can you please tell me the steps and files to be modified .. I tried above contact.php and contact.html.php but it did not work in my joomla 10.0.15 . what am I suppose to do with Patch you have provided and kcaptcha script. where to place this kcatpcha folder.
Please let me know.
September 6th, 2010 at 8:47 am
can we remove the website name(www.captcha.ru) in the captcha image?
September 6th, 2010 at 3:50 pm
Sagar, there is special parameter in kcaptcha configuration file.
September 8th, 2010 at 9:00 am
thanks physicist. Do we have an option of reloading the captcha, if the user feels it difficult to read?