Hi,
I was asked to write a little modification that will show a CAPTCHA image on the login page. Here is my solution
1) In the template user_include_login.html, you need to add:
<td align="right" class="body">Security Image:</td>
<td class="body">
<input type="text" id="signupCode" name="signup_code" size="20" maxlength="20" value="<%if signup_code%><%signup_code%><%endif%>" />
<input type="hidden" name="signup_key" value="<%signup_key%>" />
</td>
</tr>
<tr>
<td align="center" class="body" colspan="2">
<img src="<%path_cgi_url%>?do=user_signup_keyimage;signup_key=<%escape_url signup_key%>" style="border:solid 1px black; padding:2px 2px 2px 2px;" alt="Security Image" /><br />
</td>
</tr>
2) In /private_data/lib/Community/Web/User.pm, find:
if ($IN->cookie($CFG->{session_cookie_name_session})) {
my $user = comm_auth(
session => $IN->cookie($CFG->{session_cookie_name_session}),
ip => $ENV{REMOTE_ADDR}
);
if ($user) {
# If the user has a valid session for another account, let's log that other session out
# to make sure the apps don't authenticate the user as the wrong account.
if (lc $user ne $username) {
require Community::User;
push @$cookies, Community::User::cuser_logout($user);
}
else {
$user->{action} = 'login';
return ('user_home.html', $user);
}
}
}
..and add this below:
# lets check if the CAPTCHA passed in is correct
my $key = $IN->param('signup_key');
my $signup_tbl = $DB->table('comm_signup');
my $count = $signup_tbl->count( { signup_key => $key, signup_code => uc($IN->param('signup_code')) });
if ($count < 1) {
return ('user_login.html', { error => qq|The security text you entered didn't match.| });
}
# END login CAPTCHA thing
###################################################
..and also find:
return ('user_login.html');
}
..and change to:
################################
# ANDY CAPTCHA CHAGE
# Generate a signup_key if the user hasn't already got one.
if ($CFG->{signup_random_image}) {
my $signup_key = $IN->param('signup_key');
my $signup_tbl = $DB->table('comm_signup');
unless ($signup_key and $signup_tbl->count( { signup_key => $signup_key })) {
my $signup_code = '';
require GT::MD5;
$signup_key = GT::MD5::md5_hex(rand(16000) . (time() ^ ($$ + ($$ << 15))) . $$);
# generate a new signup code if required.
# 0 was removed as it could be confused with "O".
# 6 was removed as it could be confused with "G".
# 9 was removed as it could be confused with "g".
# 4 was removed as it could be confused with "A".
my $charset = "ABCDEFGHIJKLMNPQRSTUVWXYZ123578";
for ( 1.. ( 3 ) ) {
my $char = int(length($charset) * rand);
$signup_code .= substr $charset, $char, 1;
}
$signup_tbl->add({
signup_key => $signup_key,
signup_code => $signup_code,
signup_created => time
});
# Use this opportunity to delete any signup creation sessions
# that may have expired.
require GT::SQL::Condition;
my $signup_expire_condition = GT::SQL::Condition->new(
signup_created => '<' => ( time - $CFG->{signup_session_length} )
);
$signup_tbl->delete( $signup_expire_condition );
$IN->param( 'signup_key' => $signup_key );
}
}
################################
# ANDY CAPTCHA CHAGE
###############################
return ('user_login.html');
}
I'm using this modification on another site now (won't post it though - as the site is not live :)), and its working perfectly :)
Cheers
Andy (mod)
andy@ultranerds.co.uk
Want to give me something back for my help? Please see my Amazon Wish List
GLinks ULTRA Package | GLinks ULTRA Package PRO
Links SQL Plugins | Website Design and SEO | UltraNerds | ULTRAGLobals Plugin | Pre-Made Template Sets | FREE GLinks Plugins!
I was asked to write a little modification that will show a CAPTCHA image on the login page. Here is my solution
1) In the template user_include_login.html, you need to add:
Code:
<tr align="left"> <td align="right" class="body">Security Image:</td>
<td class="body">
<input type="text" id="signupCode" name="signup_code" size="20" maxlength="20" value="<%if signup_code%><%signup_code%><%endif%>" />
<input type="hidden" name="signup_key" value="<%signup_key%>" />
</td>
</tr>
<tr>
<td align="center" class="body" colspan="2">
<img src="<%path_cgi_url%>?do=user_signup_keyimage;signup_key=<%escape_url signup_key%>" style="border:solid 1px black; padding:2px 2px 2px 2px;" alt="Security Image" /><br />
</td>
</tr>
2) In /private_data/lib/Community/Web/User.pm, find:
Code:
# Check if the user already has a valid session. if ($IN->cookie($CFG->{session_cookie_name_session})) {
my $user = comm_auth(
session => $IN->cookie($CFG->{session_cookie_name_session}),
ip => $ENV{REMOTE_ADDR}
);
if ($user) {
# If the user has a valid session for another account, let's log that other session out
# to make sure the apps don't authenticate the user as the wrong account.
if (lc $user ne $username) {
require Community::User;
push @$cookies, Community::User::cuser_logout($user);
}
else {
$user->{action} = 'login';
return ('user_home.html', $user);
}
}
}
..and add this below:
Code:
################################################## # lets check if the CAPTCHA passed in is correct
my $key = $IN->param('signup_key');
my $signup_tbl = $DB->table('comm_signup');
my $count = $signup_tbl->count( { signup_key => $key, signup_code => uc($IN->param('signup_code')) });
if ($count < 1) {
return ('user_login.html', { error => qq|The security text you entered didn't match.| });
}
# END login CAPTCHA thing
###################################################
..and also find:
Code:
if (!$username) { return ('user_login.html');
}
..and change to:
Code:
if (!$username) { ################################
# ANDY CAPTCHA CHAGE
# Generate a signup_key if the user hasn't already got one.
if ($CFG->{signup_random_image}) {
my $signup_key = $IN->param('signup_key');
my $signup_tbl = $DB->table('comm_signup');
unless ($signup_key and $signup_tbl->count( { signup_key => $signup_key })) {
my $signup_code = '';
require GT::MD5;
$signup_key = GT::MD5::md5_hex(rand(16000) . (time() ^ ($$ + ($$ << 15))) . $$);
# generate a new signup code if required.
# 0 was removed as it could be confused with "O".
# 6 was removed as it could be confused with "G".
# 9 was removed as it could be confused with "g".
# 4 was removed as it could be confused with "A".
my $charset = "ABCDEFGHIJKLMNPQRSTUVWXYZ123578";
for ( 1.. ( 3 ) ) {
my $char = int(length($charset) * rand);
$signup_code .= substr $charset, $char, 1;
}
$signup_tbl->add({
signup_key => $signup_key,
signup_code => $signup_code,
signup_created => time
});
# Use this opportunity to delete any signup creation sessions
# that may have expired.
require GT::SQL::Condition;
my $signup_expire_condition = GT::SQL::Condition->new(
signup_created => '<' => ( time - $CFG->{signup_session_length} )
);
$signup_tbl->delete( $signup_expire_condition );
$IN->param( 'signup_key' => $signup_key );
}
}
################################
# ANDY CAPTCHA CHAGE
###############################
return ('user_login.html');
}
I'm using this modification on another site now (won't post it though - as the site is not live :)), and its working perfectly :)
Cheers
Andy (mod)
andy@ultranerds.co.uk
Want to give me something back for my help? Please see my Amazon Wish List
GLinks ULTRA Package | GLinks ULTRA Package PRO
Links SQL Plugins | Website Design and SEO | UltraNerds | ULTRAGLobals Plugin | Pre-Made Template Sets | FREE GLinks Plugins!