PHP-Fusion U.S.A Official NSS
AU_CENTER
View Thread
Who is here? 1 guest(s)
\n\\\";
   echo \\\"\n\\\";
   echo \\\"\n\n\\\";

   if ($required) { $this->setRequiredJavaScript(\\\"user_google_recaptcha\\\", $locale['uf_google_recaptcha_error']); }
}
?>




user_grecaptcha_include_var.php

Made changes in API to force requirement on registration in case of possible bypass?

Download source  Code
/*-------------------------------------------------------+
| PHP-Fusion Content Management System
| Copyright (C) 2002 - 2014 Nick Jones
| http://www.php-fusion.co.uk/
+--------------------------------------------------------+
| Filename: user_grecaptcha_include_var.php
| Author: KasteR
| Web: http://www.php-fusion.us
+--------------------------------------------------------+
| This program is released as free software under the
| Affero GPL license. You can redistribute it and/or
| modify it under the terms of this license which you
| can read by viewing the included agpl.txt or online
| at http://www.gnu.org/licenses/agpl.html. Removal of this
| copyright header is strictly prohibited without
| written permission from the original author(s).
+--------------------------------------------------------*/
if (!defined(\\\"IN_FUSION\\\")) { die(\\\"Access Denied\\\"); }
$user_field_api_version = \\\"1.01.00\\\";
$user_field_name       = $locale['uf_grecaptcha'];
$user_field_desc       = $locale['uf_grecaptcha_desc'];
$user_field_dbname       = \\\"user_grecaptcha\\\";
$user_field_group       = 1;
$user_field_dbinfo       = \\\"VARCHAR(100) NOT NULL DEFAULT ''\\\";
?>




Hope that helps KasteR.
Need help? Having trouble?
» View our Documentation for guides, functions and more - including the [url=https://php-fusion.co.uk/articles.php?cat_
\n\\\";
   echo \\\"\n\\\";
   echo \\\"\n\n\\\";
}
?>




Merged on December 17, 2014 9:42 AM:
Also, I removed this line due to what I mentioned above:
Download source  Code
 $('div.recaptcha-checkbox-checkmark').attr('id','recaptcha-checkbox-checkmark');



Edited by KasteR on 12-17-2014 15:42
 Print Thread
Google reCAPTCHA v2 API
KasteR
Have you guys seen this already? It's a new reCAPTCHA system that Google has developed. I was thinking about making a panel that will override the site's default version.

I customized a script in PHP-Fusion. On correct validation, the submit button becomes enabled. By default it's disabled.

Source: https://www.googl...index.html
Demo: http://www.kaster...
Edited by skpacman on 01-13-2015 15:20
 
NetriX
I think we should try it. I would go ahead and package it, but I'll give you the honors if you want Kaster?

My idea is to make it into a user_field addon and have it set to required.
Need help? Having trouble?
» View our Documentation for guides, functions and more - including the [url=https://php-fusion.co.uk/articles.php?cat_
 
KasteR
Good idea. That's better than what I was thinking of. Which was appending above the submit button. I'll see what I can put together Evil Plot

Merged on December 17, 2014 4:44 AM:
Does anybody want to test this out before I post it here?

This will add the Google reCAPTCHA to the register.php. When register.php is loaded with this user field enabled, the submit button becomes disabled until the user response is verified from the Google reCAPTCHA.

Let me know, I also have an example on my site.

http://www.kaster.us/register.php
KasteR attached the following file:
You are not allowed to see attachments in this thread.

Edited by KasteR on 12-17-2014 10:44
 
NetriX
Testing now, immediately noticed something potential?

"Required: This user field does not support being required"

And, the field should not be present when on edit_profile.php.

Other than that, my initial test worked and my registration was halted until the captcha was completed.

Good job! Good One
Need help? Having trouble?
» View our Documentation for guides, functions and more - including the [url=https://php-fusion.co.uk/articles.php?cat_
 
KasteR
Awesome. I've fixed it to only display on register.php. I'm still trying to figure out the required field options. Obviously I'll remove my site keys as well.
 
NetriX
I did the following modifications:

user_grecaptcha_include.php

Ensured it doesn't show on edit_profile.php

Download source  Code
/*-------------------------------------------------------+
| PHP-Fusion Content Management System
| Copyright (C) 2002 - 2014    Nick Jones
| http://www.php-fusion.co.uk/
+--------------------------------------------------------+
| Filename: user_grecaptcha_include.php
| Author: KasteR
| Web: http://www.php-fusion.us
+--------------------------------------------------------+
| This program is released as free software under the
| Affero GPL license. You can redistribute it and/or
| modify it under the terms of this license which you
| can read by viewing the included agpl.txt or online
| at http://www.gnu.org/licenses/agpl.html. Removal of this
| copyright header is strictly prohibited without
| written permission from the original author(s).
+--------------------------------------------------------*/
if (!defined(\\\"IN_FUSION\\\")) { die(\\\"Access Denied\\\"); }

// Register API keys at https://www.google.com/recaptcha/admin
$siteKey = \\\"6LfuYf8SAAAAAJ1K84DYaXh_igb6ddNltM8E5bzE\\\";
$secret = \\\"6LfuYf8SAAAAANiqA0HX_CjrTmPSo0VBjP9fiQFv\\\";

// reCAPTCHA supported 40+ languages listed here: https://developers.google.com/recaptcha/docs/language
$lang = \\\"en\\\";
if ($profile_method == \\\"input\\\" && !preg_match('/edit_profile.php/i',FUSION_SELF)) {
   $user_google_recaptcha = isset($user_data['user_google_recaptcha']) ? $user_data['user_google_recaptcha'] : \\\"\\\";
   if ($this->isError()) { $user_google_recaptcha = isset($_POST['user_google_recaptcha']) ? stripinput($_POST['user_google_recaptcha']) : $user_google_recaptcha; }

add_to_footer(\\\"
     
    
          
\\\");

   echo \\\"
getErrorClass(\\\"user_google_recaptcha\\\").\\\"'>getErrorClass(\\\"user_google_recaptcha\\\").\\\"'>\\\";
   echo \\\"
\\\";
   echo \\\"
 
KasteR
Alright, I've looked into this a bit further.

Considering the function, and objective of what this does, choosing to make this required or not should not be optional. If there's going to be an option, then it's enabled or disabled.

I was trying to find out how the setRequiredJavaScript() function works. Called from UserFields.class.php, you provide $field and $message. The field is based on an #id value, rather than a .class value. The field that would be targeted, does not contain an #id value. In fact it's fetched from Google. I've tried altering the attribute to include a specified #id value, with no prevail. But logically it doesn't even make sense to have a non-required and required option.

Regarding line #28 to limit where this is displayed, I came up with a similar method. The difference would be that for 1, stripos() is called when checking the URL value. For 2, rather than specifying which page to avoid, this will specify which page to display.

Download source  Code
if ($profile_method == \\\"input\\\" && stripos($_SERVER['REQUEST_URI'],'register.php') !== false) {




And actually I cleaned up a lot of useless lines:
Download source  Code
/*-------------------------------------------------------+
| PHP-Fusion Content Management System
| Copyright (C) 2002 - 2014    Nick Jones
| http://www.php-fusion.co.uk/
+--------------------------------------------------------+
| Filename: user_grecaptcha_include.php
| Author: KasteR
| Web: http://www.php-fusion.us
+--------------------------------------------------------+
| This program is released as free software under the
| Affero GPL license. You can redistribute it and/or
| modify it under the terms of this license which you
| can read by viewing the included agpl.txt or online
| at http://www.gnu.org/licenses/agpl.html. Removal of this
| copyright header is strictly prohibited without
| written permission from the original author(s).
+--------------------------------------------------------*/
if (!defined(\\\"IN_FUSION\\\")) { die(\\\"Access Denied\\\"); }

// Register API keys at https://www.google.com/recaptcha/admin
$siteKey   = \\\"6Le3zv4SAAAAALTzICvtyWcM6pxGzN63y8WO3pdh\\\";
$secret      = \\\"6Le3zv4SAAAAAKi3jVKQ3BTHGMC8wNUZQejcxtqB\\\";

// reCAPTCHA supported 40+ languages listed here: https://developers.google.com/recaptcha/docs/language
$lang      = \\\"en\\\";

if ($profile_method == \\\"input\\\" && stripos($_SERVER['REQUEST_URI'],'register.php') !== false) {

add_to_footer(\\\"
     
    
\\\");

   echo \\\"
getErrorClass(\\\"user_grecaptcha\\\").\\\"'>getErrorClass(\\\"user_grecaptcha\\\").\\\"'>\\\";
   echo \\\"
\\\";
   echo \\\"
 
NetriX
Great progress!

Remember to update the following missing information:

user_fields/user_grecaptcha_include.php
Undefined index: uf_google_recaptcha_error Line: 61

user_fields/user_grecaptcha_include.php
Undefined index: uf_google_recaptcha Line: 56

user_fields/user_grecaptcha_include.php
Undefined index: uf_google_recaptcha_error Line: 62

user_fields/user_grecaptcha_include.php
Undefined index: uf_google_recaptcha Line: 57

Need help? Having trouble?
» View our Documentation for guides, functions and more - including the [url=https://php-fusion.co.uk/articles.php?cat_
 
KasteR
Will do. I had to rename the files, figured I'd rename the variables to match. There's a function that checks the filename, and 2 underscores before "include" was causing a miss target in the admin panel.

I'll submit tomorrow. Thanks for the feedback/help Thumb Up
 
NetriX
I'll give it the benefit of the doubt because I was just testing the example script and perhaps its' not properly configured.

But, spam has penetrated my registration 10 fold.

Either its' inefficient or improperly implemented.

------------------------------------------------------------------------------------------------------------------------------------------------------------------

Update: The readme file needs some work. Installation is not covered properly. Users will be coming here to ask how to install.

INSTALLATION:

Copy files from "files" directory in the root directory of PHP Fusion on your server.

Go to:

Admin panel > User Admin > User Fields > In the Disabled User Fields table, locate Google reCAPTCHA and select Enable.


------------------------------------------------------------------------------------------------------------------------------------------------------------------

Update 2: In Admin Panel > Settings > Security you can select recaptcha from the Captcha dropdown box and it'll reveal input for the keys and color scheme.

A good idea would be to use this to your advantage and avoid direct editing. Wink Christmas
Edited by NetriX on 12-18-2014 15:17
Need help? Having trouble?
» View our Documentation for guides, functions and more - including the [url=https://php-fusion.co.uk/articles.php?cat_
 
KasteR
Ok, I will have to update this tomorrow.

The reCAPTCHA validation is for sure working. Weather the logic is solid or not, I guess we're finding out.

However the design could be improved as well. So what causes this to be less than secure? Well, it is just JavaScript that is securing the page (submit button). A client language, of which the client can talk to.

For example, if you were to go to http://www.kaster...gister.php and if you're using FireFox or Chrome, you can push this jQuery line of code :

Download source  Code
$('input[type=\\\"submit\\\"]').removeAttr('disabled');




Spam is always a step behind. They develop scripts based on known knowledge and methodology. I'll keep this in mind, and find a better method. Might have to use PHP w/preg_replace or something, just to keep things secured. Also having a generic name like just makes it an easy target.. Need to have a token system or something.
 
NetriX
Maybe this will help, as-is its' not blocking bots effectively.

We need to find a way to implement and test.

This is Google authored code that provides plugins for third-party integration with ReCAPTCHA.
NetriX attached the following file:
You are not allowed to see attachments in this thread.

Need help? Having trouble?
» View our Documentation for guides, functions and more - including the [url=https://php-fusion.co.uk/articles.php?cat_
 
KasteR
That is exactly what this needs. Usually Google products are pretty solid. I would imagine it's me and not them that needs fixing Cool. We'll get this squared away, one way or another.
 
TFMvdBroek
Would be great if you guys got it working Smile Wanna try the new version Grin
 
KasteR
We will for sure have this fixed.

Just to note, I've had this panel running on my development site (kaster.us) as-is since released. I personally have not experienced any leaked bots through, but everyone's site may get hit with different bots. Out of the thousands of Russian bots my site suffers from, it's been holding them back.

Thanks for liking the idea, check back for the update Thumb Up

But it can be improved. I'll try to make some time to address a few things we've mentioned in this thread.
 
skpacman
or, oR, Or, OR!....... you could make a new folder under /includes/captchas and implement it the way it was meant to be implemented!!!!

I'll add this to my list of stuff to work on unless someone else wants to take a whack at that integration...

There are 10 kinds of people in this world.
Those who understand binary,
and those who don't...
 
KasteR
Awesome, the mad scientist is back! Yeah you're right, it should be that way. It does need improvements. I recently got some bots that leaked through finally.
 
skpacman
Sorry it took a while to get started on this but,..... i've started on this. Looks promising. The API is similar but much more streamlined. I should have something soon by the way of infusion in the coming weeks. Testing and all that....

There are 10 kinds of people in this world.
Those who understand binary,
and those who don't...
 
skpacman
I got it to render properly. Now I just need to get validation and failure codes done.

Edit: Validation is working now. Gotta test some stuff and try to break it before I package it up.

The only thing I don't have working is error handling. If you enter a field wrong and the page reloads to show it, the captcha disappears. No animation or anything. Gotta solve that and it's good to go. In solving the validation problem, I found a way to solve a similar, but unrelated, problem with the "select usergroup at register" addon I'm working on.
Edited by skpacman on 01-14-2015 11:24

There are 10 kinds of people in this world.
Those who understand binary,
and those who don't...
 
KasteR
Very good. I'll be sure to test it out right away once you're done Evil Plot
 
Jump to Forum:
Similar Threads
Thread Forum Replies Last Post
reCAPTCHA v3 [7.02.XX] Other / Integrations / Images 1 12-23-2018 19:40
[GUIDE] Speedup Google Chrome General Chat 1 06-08-2015 22:29
Google Adsense help General Chat 3 04-12-2015 20:08
PHP-Fusion Google Chrome Theme Graphics Talk 5 03-22-2013 06:59
Google+ Sign-In General Chat 6 02-26-2013 13:14
BL_CENTER