Main Menu
Our Sponsors
Chi Kien Uong
Geranienstraße 30
71034 Böblingen
Deutschland / Germany
If you are not registered or logged in, you may still use these forums but with limited features. Show recent topics
  [Search] Search   [Hottest Topics] Hottest Topics   [Members]  Member Listing   [FAQ]  FAQ 
[Register] Register /  [Login] Login 
[Mod] Human Verification test for Advanced GuestBook 2.3.4  XML
Forum Index » Advanced Guestbook Forum
Author Message
[Post New]01/10/2005 18:41:27
    Subject: [Mod] Human Verification test for Advanced GuestBook 2.3.4
[Up]
Wappendorf
Beginner

Joined: 01/10/2005 18:13:29
Messages: 6
Offline
Hi, here is another mod to Advanced Guest Book 2.3.4 english or french.
This has only been tested on a private site.
This is beta software. Use at your own risk.
Comments and bug rapports are welcome.

view plaincopy to clipboardprint?
  1. #################################################################   
  2. ## MOD Title: Human Verification Test  
  3. ## MOD Author: Wappendorf <wappendorf@hotmail.com>  
  4. ## MOD Description:   
  5. ##      This mod is a human verification test for Advanced Guest Book 2.3.4  
  6. ##      It is based on Gitme Anti Flood code from Mert (c)2005 xkare.com  
  7. ##      Any other portion of this code is (c)2005 wappendorf@hotmail.com.  
  8. ##      All rights reserved.  
  9. ##  
  10. ## MOD Version: 1.0.2  
  11. ##  
  12. ## Installation Level:  Easy  
  13. ## Installation Time:   15 Minutes  
  14. ## Files To Edit (8):  
  15. ##          lang/english.php  
  16. ##          lang/frensh.php  
  17. ##          add_entry.php  
  18. ##          lib/add.class.php  
  19. ##          templates/form.php  
  20. ##          comment.php  
  21. ##          lib/comment.class.php  
  22. ##          templates/comment.php  
  23. ##            
  24. ## New File (1):    image.php  
  25. ##############################################################   
  26. ## For Security Purposes, Please Check: http://proxy2.de/forum/viewtopic.php?t=5057 for the   
  27. ## latest version of this MOD. Downloading this MOD from other sites   
  28. ## could cause malicious code to enter into your guestbook.  
  29. ##############################################################   
  30. ## Author Notes:   
  31. ##  
  32. ## MOD Features:  
  33. ##      - Generated gif image with control code needed to post an entry or comment.  
  34. ##  
  35. ##  /*************************************************************************** 
  36. ##  * 
  37. ##  *   This program is free software; you can redistribute it and/or modify 
  38. ##  *   it under the terms of the GNU General Public License as published by 
  39. ##  *   the Free Software Foundation; either version 2 of the License, or 
  40. ##  *   (at your option) any later version. 
  41. ##  * 
  42. ##  ***************************************************************************/  
  43. ##  
  44. ##############################################################   
  45. ##  
  46. ## Before Adding This MOD To Your Advanced Guestbook, You Should Back Up All Files Related To This MOD   
  47. ##  
  48. ##############################################################   
  49.   
  50. #   
  51. #-----[ NEW FILE image.php ]------------------------------------------   
  52. #   
  53.   
  54. <?php  
  55. /*************************************************************************** 
  56. * 
  57. *   Filename             : image.php 
  58. *   Began            : 2005/04/04 
  59. *   Modified             : by Wappendorf 2005/10/01 
  60. *   Copyright            : (c) 2005 xkare.com 
  61. *   Version              : 1.0.1 
  62. *   Written by           : Mert ÷–‹T in istanbul / TURKEY 
  63. *  
  64. *   You are encouraged to redistribute and / or modify this program under the terms of   
  65. *   the GNU General Public License as published by the Free Software Foundation 
  66. *    (www.fsf.org); any version as from version 2 of the License. 
  67. * 
  68. ***************************************************************************/  
  69. session_start();  
  70. function strrand($length)  
  71. {  
  72.     $str = "";  
  73.       
  74.     while(strlen($str)<$length){  
  75.     $random=rand(48,122);  
  76.     if( ($random>47 && $random<58)  ){  
  77.     $str.=chr($random);  
  78.     }   
  79.       
  80.     }  
  81.           
  82.     return $str;  
  83. }  
  84.   
  85. $text = $_SESSION['ctrlstring']=strrand(5);  
  86. $img_number = imagecreate(47,17);  
  87. $backcolor = imagecolorallocate($img_number,244,244,244);  
  88. $textcolor = imagecolorallocate($img_number,0,0,0);  
  89.   
  90. imagefill($img_number,0,0,$backcolor);  
  91.   
  92. Imagestring($img_number,50,1,1,$text,$textcolor);  
  93.   
  94. header("Cache-Control: no-cache, must-revalidate");   
  95. header("Content-type: image/png");  
  96. imagejpeg($img_number);  
  97. ?>  
  98.   
  99. #   
  100. #-----[ OPEN ]------------------------------------------   
  101. #  
  102.   
  103. lang/english.php  
  104.   
  105. #   
  106. #-----[ FIND ]------------------------------------------   
  107. #   
  108.   
  109. # Navigation Bar  
  110. $LANG["NavTotal"]   = "Total Records:";  
  111.   
  112. #   
  113. #-----[ BEFORE, ADD ]------------------------------------------   
  114. #  
  115.   
  116. $LANG["FormCtrlCode"] = "Please copy the controle code.";  
  117.   
  118. #   
  119. #-----[ FIND ]------------------------------------------   
  120. #   
  121.   
  122. $LANG["PassMess1"] = "Please enter a valid username and password:";  
  123.   
  124. #   
  125. #-----[ BEFORE, ADD ]------------------------------------------   
  126. #  
  127.   
  128. $LANG["ErrorPost99"] = "You didn't fill correctly the controle code field. Please correct it and re-submit.";  
  129.   
  130. #   
  131. #-----[ OPEN ]------------------------------------------   
  132. #  
  133.   
  134. lang/frensh.php  
  135.   
  136. #   
  137. #-----[ FIND ]------------------------------------------   
  138. #   
  139.   
  140. # Navigation Bar  
  141. $LANG["NavTotal"]   = "Nombre d'enregistrements:";  
  142.   
  143. #   
  144. #-----[ BEFORE, ADD ]------------------------------------------   
  145. #  
  146.   
  147. $LANG["FormCtrlCode"] = "Veuillez recopier le code de contr&ocirc;le. ";  
  148.   
  149. #   
  150. #-----[ FIND ]------------------------------------------   
  151. #   
  152.   
  153. $LANG["PassMess1"] = "Merci de saisir un pseudo et un mot de passe valides:";  
  154.   
  155. #   
  156. #-----[ BEFORE, ADD ]------------------------------------------   
  157. #  
  158.   
  159. $LANG["ErrorPost99"] = "Vous n'avez pas recopié correctement le code de contrôle. Merci de corriger.";  
  160.   
  161. #   
  162. #-----[ OPEN ]------------------------------------------   
  163. #  
  164.   
  165. addentry.php  
  166.   
  167. #   
  168. #-----[ FIND ]------------------------------------------   
  169. #   
  170.   
  171. $include_path = dirname(__FILE__);  
  172. include_once $include_path."/admin/config.inc.php";  
  173. include_once $include_path."/lib/$DB_CLASS";  
  174.   
  175. #   
  176. #-----[ BEFORE, ADD ]------------------------------------------   
  177. #  
  178.   
  179. session_start();  
  180.   
  181. #   
  182. #-----[ FIND ]------------------------------------------   
  183. #   
  184.   
  185. $gb_post = new addentry($include_path);  
  186.   
  187. if (isset($_POST["gb_action"])) {  
  188.   
  189. #   
  190. #-----[ AFTER, ADD ]------------------------------------------   
  191. #  
  192.   
  193.         if($_POST['gb_ctrlcode'] != $_SESSION['ctrlstring'] OR !isset($_SESSION['ctrlstring']))  
  194.     {  
  195.         echo $_POST['gb_ctrlcode']."-".$_SESSION['ctrlstring']." -> SECURITY CODE ERROR... <br />Click on the backback button of your browser";  
  196.     }else{  
  197.         /*  SECURITY SUCCESSFULL  */  
  198.         $gb_post->ctrlcode = (isset($_POST["gb_ctrlcode"])) ? $_POST["gb_ctrlcode"] : '';  
  199.   
  200. #   
  201. #-----[ FIND ]------------------------------------------   
  202. #   
  203.   
  204. } else {  
  205.     echo $gb_post->process();  
  206. }  
  207.   
  208. #   
  209. #-----[ BEFORE, ADD ]------------------------------------------   
  210. #  
  211.   
  212.     }  
  213.   
  214. #   
  215. #-----[ OPEN ]------------------------------------------   
  216. #  
  217.   
  218. lib/add.class.php  
  219.   
  220. #   
  221. #-----[ FIND ]------------------------------------------   
  222. #   
  223.   
  224. class addentry {  
  225.   
  226. #   
  227. #-----[ AFTER, ADD ]------------------------------------------   
  228. #  
  229.   
  230.     var $ctrlcode;  
  231.   
  232. #   
  233. #-----[ FIND ]------------------------------------------   
  234. #   
  235.   
  236.         $HIDDEN = "<input type=\"hidden\" name=\"gb_preview\" value=\"1\">\n";  
  237.   
  238. #   
  239. #-----[ AFTER, ADD ]------------------------------------------   
  240. #  
  241.   
  242.     $HIDDEN .= "<input type=\"hidden\" name=\"gb_ctrlcode\" value=\"".$this->ctrlcode."\">\n";  
  243.   
  244. #   
  245. #-----[ OPEN ]------------------------------------------   
  246. #  
  247.   
  248. /templates/form.php  
  249.   
  250. #   
  251. #-----[ FIND ]------------------------------------------   
  252. #   
  253.   
  254. if(document.book.gb_comment.value == "") {  
  255.    alert("$LANG[ErrorPost2]");  
  256.    document.book.gb_comment.focus();  
  257.    return false;  
  258. }  
  259.   
  260. #   
  261. #-----[ AFTER, ADD ]------------------------------------------   
  262. #  
  263.   
  264. if(document.book.gb_ctrlcode.value == "") {  
  265.    alert("$LANG[ErrorPost99]");  
  266.    document.book.gb_ctrlcode.focus();  
  267.    return false;  
  268. }  
  269.   
  270. #   
  271. #-----[ FIND ]------------------------------------------   
  272. #   
  273.   
  274.     <td bgcolor="$VARS[tb_color_1]" valign="top"><textarea name="gb_comment" cols="41" rows="11" wrap="VIRTUAL"></textarea><br>  
  275.      <input type="checkbox" name="gb_private" value="1"> <font size="1" face="$VARS[font_face]">$LANG[FormPriv]</font>  
  276.     </td>  
  277.   </tr>  
  278.   
  279. #   
  280. #-----[ AFTER, ADD ]------------------------------------------   
  281. #  
  282.   
  283.   <tr bgcolor="$VARS[tb_color_1]">  
  284.       <td class="font1">$LANG[FormCtrlCode]:*</td>  
  285.       <td ><img src="image.php">  
  286.           <input name="gb_ctrlcode" type="text" id="gb_ctrlcode"></td>  
  287.   </tr>  
  288.   
  289. #   
  290. #-----[ OPEN ]------------------------------------------   
  291. #  
  292.   
  293. comment.php  
  294.   
  295. #   
  296. #-----[ FIND ]------------------------------------------   
  297. #   
  298.   
  299. $include_path = dirname(__FILE__);  
  300. include_once $include_path."/admin/config.inc.php";  
  301. include_once $include_path."/lib/$DB_CLASS";  
  302.   
  303. #   
  304. #-----[ BEFORE, ADD ]------------------------------------------   
  305. #  
  306.   
  307. session_start();  
  308.   
  309. #   
  310. #-----[ FIND ]------------------------------------------   
  311. #   
  312.   
  313. $gb_com = new gb_comment($include_path);  
  314.   
  315. #   
  316. #-----[ AFTER, ADD ]------------------------------------------   
  317. #  
  318.   
  319. if (isset($_POST["comment"])) {  
  320.     if($_POST['gb_ctrlcode'] != $_SESSION['ctrlstring'] OR !isset($_SESSION['ctrlstring']))  
  321.     {  
  322.         echo $_POST['gb_ctrlcode']."-".$_SESSION['ctrlstring']." -> SECURITY CODE ERROR... <br /> Please press the back button of your browser";  
  323.     }else{  
  324.         /* SECURITY SUCCESSFULL */  
  325.         $gb_com->ctrlcode_ok = true;  
  326.     }  
  327. }  
  328.   
  329. #   
  330. #-----[ OPEN ]------------------------------------------   
  331. #  
  332.   
  333. lib/comment.class.php  
  334.   
  335. #   
  336. #-----[ FIND ]------------------------------------------   
  337. #   
  338.   
  339. class gb_comment {  
  340.   
  341. #   
  342. #-----[ AFTER, ADD ]------------------------------------------   
  343. #  
  344.   
  345.     var $ctrlcode_ok;  
  346.   
  347. #   
  348. #-----[ FIND ]------------------------------------------   
  349. #   
  350.   
  351.             if ($status == 1) {  
  352.                 $this->insert_comment();  
  353.                 header("Location: $GB_PG[index]");  
  354.             } else {  
  355.   
  356. #   
  357. #-----[ REPLACE WITH ]------------------------------------------   
  358. #   
  359.   
  360.             if ($status == 1 and $this->ctrlcode_ok) {  
  361.                 $this->insert_comment();  
  362.                 header("Location: $GB_PG[index]");  
  363.             } else {  
  364.   
  365. #   
  366. #-----[ OPEN ]------------------------------------------   
  367. #  
  368.   
  369. templates/comment.php  
  370.   
  371. #   
  372. #-----[ FIND ]------------------------------------------   
  373. #   
  374.   
  375. $COMMENT_PASS  
  376.   
  377. #   
  378. #-----[ AFTER, ADD ]------------------------------------------   
  379. #  
  380.   
  381. <tr bgcolor="$VARS[tb_color_1]">  
  382.     <td class="font1">$LANG[FormCtrlCode]:*</td>  
  383.     <td ><img src="image.php">  
  384.             <input name="gb_ctrlcode" type="text" id="gb_ctrlcode"></td>  
  385. </tr>  
  386.   
  387. #   
  388. #-----[ SAVE/CLOSE ALL FILES ]------------------------------------------   
  389. #   
  390. # EoM  
[Post New]01/10/2005 20:55:13
    Subject:
[Up]
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline
Looks almost identical to the image verification code I released over a year ago.
Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
[Post New]02/10/2005 05:37:48
    Subject:
[Up]
Wappendorf
Beginner

Joined: 01/10/2005 18:13:29
Messages: 6
Offline
Carbonize wrote:Looks almost identical to the image verification code I released over a year ago.

I definitely didn't look well enough on this forum but as any image verification code is a must have...

BTW : An error in the code I first posted prevent it from beeing usefull.
Here is the mod to the mod if you had it already installed.

view plaincopy to clipboardprint?
  1. #  
  2. #-----[ OPEN ]------------------------------------------  
  3. #   
  4. addentry.php   
  5.   
  6. #  
  7. #-----[ FIND ]------------------------------------------  
  8. #   
  9.     if($_POST['gb_ctrlcode'] != $_SESSION['ctrlstring']){  
  10.   
  11. #  
  12. #-----[ REPLACE WITH ]------------------------------------------  
  13. #  
  14.   
  15.     if($_POST['gb_ctrlcode'] != $_SESSION['ctrlstring'] OR !isset($_SESSION['ctrlstring']))  
  16.     {  

Edit : same problem with comments :
view plaincopy to clipboardprint?
  1. #  
  2. #-----[ OPEN ]------------------------------------------  
  3. #   
  4. comment.php   
  5.   
  6. #  
  7. #-----[ FIND ]------------------------------------------  
  8. #   
  9.     if($_POST['gb_ctrlcode']!=$_SESSION['ctrlstring']){  
  10.   
  11. #  
  12. #-----[ REPLACE WITH ]------------------------------------------  
  13. #  
  14.   
  15.     if($_POST['gb_ctrlcode'] != $_SESSION['ctrlstring'] OR !isset($_SESSION['ctrlstring']))  
  16.     {  
[Post New]02/10/2005 11:26:17
    Subject:
[Up]
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline
Image Verification script, by Carbonize (Help reduce Guestbook spam):
http://proxy2.de/forum/viewtopic.php?p=9976
http://www.carbonize.co.uk/verification.zip is the official download for the image verification mod


Thats in the READ THIS FIRST thread
Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
[Post New]02/10/2005 15:14:37
    Subject:
[Up]
JTD
Graduate

Joined: 08/05/2004 21:52:50
Messages: 529
Location: Arkansas
Offline
Well you know what they say carb. Imitation is the best flattery. To bad he is a dollar short and over a year late. I bet he even thought he had something special.
LINK-> Use Lazarus Guestbook
[WWW] [Yahoo!] aim icon [MSN]
[Post New]02/10/2005 21:30:06
    Subject:
[Up]
Wappendorf
Beginner

Joined: 01/10/2005 18:13:29
Messages: 6
Offline
JTD wrote:Well you know what they say carb. Imitation is the best flattery. To bad he is a dollar short and over a year late. I bet he even thought he had something special.


Well, I should say, that I only had a quick look at Carbonize code just now. At first sight, it seems that it lacks the code to protect the comments to be spammed and doesn't seem to be "almost identical" at all as "my" code is mainly the code of Mert ÷–‹T that I found googling for an anti flood solution while Carbonize code seems to be original.
And the only "little" work I've done is to integrate the "Gitme Anti Flood" code into this mod.

Anyway, It works for me, I'm happy with this and I just wanted to share my work. And I won't feel sorry if some people aren't interested.

I'm just sorry to not having read the "READ THIS BEFORE POSTING ANY QUESTIONS!" thread. Btw, now that I've read some more of these forums, I think too, as someone else said, that the image verification should be included in the original Advanced Guest Book code and not as a mod.
And as I had no questions to ask, I didn't felt I had to read the "READ THIS BEFORE POSTING ANY QUESTIONS!" thread, and as the sticky post is a (too) simple (for me) human verification test and not the image verification test, this is why I felt I had to write this.

So you know.
[Post New]02/10/2005 22:35:28
    Subject:
[Up]
JTD
Graduate

Joined: 08/05/2004 21:52:50
Messages: 529
Location: Arkansas
Offline
It is included in the Lazarus Guestbook. Made by Carb. Along with alot of other antispam featurs not found in AGB.
LINK-> Use Lazarus Guestbook
[WWW] [Yahoo!] aim icon [MSN]
[Post New]02/10/2005 22:48:05
    Subject:
[Up]
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline
JTD wrote:It is included in the Lazarus Guestbook. Made by Carb. Along with alot of other antispam featurs not found in AGB.


No the image verification is not included with Lazarus.
Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
[Post New]03/10/2005 18:00:26
    Subject:
[Up]
Auron
Expert
[Avatar]

Joined: 23/06/2003 22:02:17
Messages: 1053
Offline
Carbonize wrote:
JTD wrote:It is included in the Lazarus Guestbook. Made by Carb. Along with alot of other antispam featurs not found in AGB.


No the image verification is not included with Lazarus.


Maybe it should? Or is it already in the next version?
Visit my site @ www.ragnaru.com
Adv. Poll Install Guide NOW BACK ONLINE! (And also rather out of date I would of thought)
[Email] [WWW]
[Post New]03/10/2005 18:42:41
    Subject:
[Up]
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline
It is being contemplated.
Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
[Post New]13/10/2005 16:15:42
    Subject: 2.3.4 problem with image verification
[Up]
xtrem
Newbie

Joined: 08/10/2005 16:53:42
Messages: 4
Offline
Hello,

I installed Advance guestbokk 2.3.4--> works fine but lot of spam.

I try to install the image verification from carbonize and now I can no more sign the guestbook. I follow the solution for 2.3.2 and I'm not sure that is the same for 2.3.4

the code is ever wrong....

Could you help me?

my web site is http://lucy.artespace.ch and after you will find "livre d'or"

Thank you very much
[Post New]13/10/2005 16:30:42
    Subject:
[Up]
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline
Download 2.3.4 and replace ALL your current guestbook files EXCEPT admin/config.inc.php then follow the instructions for Human Verification which is in the first thread.
Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
[Post New]13/10/2005 22:57:12
    Subject: Version 2.3.5 with human verification coming soon?
[Up]
gbguruted
Newbie

Joined: 13/10/2005 22:08:19
Messages: 1
Offline
Hi,

I'm on 2.3.2 and it seems like some spammers are able to post messages that have an IP address that is already on my keep-out list. They also seem to be able to post messages that have words that are in my banned list, but with no substitution being made. So, somehow they are able to add entries that bypass the watchdog routines. Does 2.3.4 help with these?

Also, the keep-out list seems to ignore the wild card IP address entries, (e.g., I put in "203.125.", yet along comes 203.125.1.234 afterward). So somehow someone is able to bypass the watchdog for that, too.

Also, for 2.3.5, my wish is that the keep-out list could include both IP addresses, wild card addresses all the way down to just the first number, and also allow us to enter in names, like "localhost" or any name used by the spammers.

Wishing out loud. Keep up the great work. As the Beatles use to sing, "It's getting better all the time."
[Post New]13/10/2005 23:02:10
    Subject:
[Up]
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline
they should not be able to bypass neither the IP ban nor bad word filtering. Whats the link to your address along with a list of your bad words.
Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
[Post New]14/10/2005 10:08:12
    Subject:
[Up]
xtrem
Newbie

Joined: 08/10/2005 16:53:42
Messages: 4
Offline
I follow the instruction but it is not working...

Is it a way to send me the modified file to my e-mail address....

no_spam_xtrem@freesurf.ch

thank you for your help,
 
Forum Index » Advanced Guestbook Forum
Go to:   
Based on the open source JForum