Latest posts for the topic "[Mod] Human Verification test for Advanced GuestBook 2.3.4"

[Mod] Human Verification test for Advanced GuestBook 2.3.4

Wappendorf — GMT

Hi, here is another mod to Advanced Guest Book 2.3.4 english or french.
This has only been tested on a private site.
This is beta software. Use at your own risk.
Comments and bug rapports are welcome.

[code]#################################################################
## MOD Title: Human Verification Test
## MOD Author: Wappendorf
## MOD Description:
## This mod is a human verification test for Advanced Guest Book 2.3.4
## It is based on Gitme Anti Flood code from Mert (c)2005 xkare.com
## Any other portion of this code is (c)2005 wappendorf@hotmail.com.
## All rights reserved.
##
## MOD Version: 1.0.2
##
## Installation Level: Easy
## Installation Time: 15 Minutes
## Files To Edit (8):
## lang/english.php
## lang/frensh.php
## add_entry.php
## lib/add.class.php
## templates/form.php
## comment.php
## lib/comment.class.php
## templates/comment.php
##
## New File (1): image.php
##############################################################
## For Security Purposes, Please Check: http://proxy2.de/forum/viewtopic.php?t=5057 for the
## latest version of this MOD. Downloading this MOD from other sites
## could cause malicious code to enter into your guestbook.
##############################################################
## Author Notes:
##
## MOD Features:
## - Generated gif image with control code needed to post an entry or comment.
##
## /***************************************************************************
## *
## * This program is free software; you can redistribute it and/or modify
## * it under the terms of the GNU General Public License as published by
## * the Free Software Foundation; either version 2 of the License, or
## * (at your option) any later version.
## *
## ***************************************************************************/
##
##############################################################
##
## Before Adding This MOD To Your Advanced Guestbook, You Should Back Up All Files Related To This MOD
##
##############################################################

#
#-----[ NEW FILE image.php ]------------------------------------------
#

/***************************************************************************
*
* Filename : image.php
* Began : 2005/04/04
* Modified : by Wappendorf 2005/10/01
* Copyright : (c) 2005 xkare.com
* Version : 1.0.1
* Written by : Mert ÷–‹T in istanbul / TURKEY
*
* You are encouraged to redistribute and / or modify this program under the terms of
* the GNU General Public License as published by the Free Software Foundation
* (www.fsf.org); any version as from version 2 of the License.
*
***************************************************************************/
session_start();
function strrand($length)
{
$str = "";

while(strlen($str)<$length){
$random=rand(48,122);
if( ($random>47 && $random<58) ){
$str.=chr($random);
}

}

return $str;
}

$text = $_SESSION['ctrlstring']=strrand(5);
$img_number = imagecreate(47,17);
$backcolor = imagecolorallocate($img_number,244,244,244);
$textcolor = imagecolorallocate($img_number,0,0,0);

imagefill($img_number,0,0,$backcolor);

Imagestring($img_number,50,1,1,$text,$textcolor);

header("Cache-Control: no-cache, must-revalidate");
header("Content-type: image/png");
imagejpeg($img_number);
?>

#
#-----[ OPEN ]------------------------------------------
#

lang/english.php

#
#-----[ FIND ]------------------------------------------
#

# Navigation Bar
$LANG["NavTotal"] = "Total Records:";

#
#-----[ BEFORE, ADD ]------------------------------------------
#

$LANG["FormCtrlCode"] = "Please copy the controle code.";

#
#-----[ FIND ]------------------------------------------
#

$LANG["PassMess1"] = "Please enter a valid username and password:";

#
#-----[ BEFORE, ADD ]------------------------------------------
#

$LANG["ErrorPost99"] = "You didn't fill correctly the controle code field. Please correct it and re-submit.";

#
#-----[ OPEN ]------------------------------------------
#

lang/frensh.php

#
#-----[ FIND ]------------------------------------------
#

# Navigation Bar
$LANG["NavTotal"] = "Nombre d'enregistrements:";

#
#-----[ BEFORE, ADD ]------------------------------------------
#

$LANG["FormCtrlCode"] = "Veuillez recopier le code de contrôle. ";

#
#-----[ FIND ]------------------------------------------
#

$LANG["PassMess1"] = "Merci de saisir un pseudo et un mot de passe valides:";

#
#-----[ BEFORE, ADD ]------------------------------------------
#

$LANG["ErrorPost99"] = "Vous n'avez pas recopié correctement le code de contrôle. Merci de corriger.";

#
#-----[ OPEN ]------------------------------------------
#

addentry.php

#
#-----[ FIND ]------------------------------------------
#

$include_path = dirname(__FILE__);
include_once $include_path."/admin/config.inc.php";
include_once $include_path."/lib/$DB_CLASS";

#
#-----[ BEFORE, ADD ]------------------------------------------
#

session_start();

#
#-----[ FIND ]------------------------------------------
#

$gb_post = new addentry($include_path);

if (isset($_POST["gb_action"])) {

#
#-----[ AFTER, ADD ]------------------------------------------
#

if($_POST['gb_ctrlcode'] != $_SESSION['ctrlstring'] OR !isset($_SESSION['ctrlstring']))
{
echo $_POST['gb_ctrlcode']."-".$_SESSION['ctrlstring']." -> SECURITY CODE ERROR...
Click on the backback button of your browser";
}else{
/* SECURITY SUCCESSFULL */
$gb_post->ctrlcode = (isset($_POST["gb_ctrlcode"])) ? $_POST["gb_ctrlcode"] : '';

#
#-----[ FIND ]------------------------------------------
#

} else {
echo $gb_post->process();
}

#
#-----[ BEFORE, ADD ]------------------------------------------
#

}

#
#-----[ OPEN ]------------------------------------------
#

lib/add.class.php

#
#-----[ FIND ]------------------------------------------
#

class addentry {

#
#-----[ AFTER, ADD ]------------------------------------------
#

var $ctrlcode;

#
#-----[ FIND ]------------------------------------------
#

$HIDDEN = "\n";

#
#-----[ AFTER, ADD ]------------------------------------------
#

$HIDDEN .= "ctrlcode."\">\n";

#
#-----[ OPEN ]------------------------------------------
#

/templates/form.php

#
#-----[ FIND ]------------------------------------------
#

if(document.book.gb_comment.value == "") {
alert("$LANG[ErrorPost2]");
document.book.gb_comment.focus();
return false;
}

#
#-----[ AFTER, ADD ]------------------------------------------
#

if(document.book.gb_ctrlcode.value == "") {
alert("$LANG[ErrorPost99]");
document.book.gb_ctrlcode.focus();
return false;
}

#
#-----[ FIND ]------------------------------------------
#

$LANG[FormPriv]

#
#-----[ AFTER, ADD ]------------------------------------------
#

$LANG[FormCtrlCode]:*

#
#-----[ OPEN ]------------------------------------------
#

comment.php

#
#-----[ FIND ]------------------------------------------
#

$include_path = dirname(__FILE__);
include_once $include_path."/admin/config.inc.php";
include_once $include_path."/lib/$DB_CLASS";

#
#-----[ BEFORE, ADD ]------------------------------------------
#

session_start();

#
#-----[ FIND ]------------------------------------------
#

$gb_com = new gb_comment($include_path);

#
#-----[ AFTER, ADD ]------------------------------------------
#

if (isset($_POST["comment"])) {
if($_POST['gb_ctrlcode'] != $_SESSION['ctrlstring'] OR !isset($_SESSION['ctrlstring']))
{
echo $_POST['gb_ctrlcode']."-".$_SESSION['ctrlstring']." -> SECURITY CODE ERROR...
Please press the back button of your browser";
}else{
/* SECURITY SUCCESSFULL */
$gb_com->ctrlcode_ok = true;
}
}

#
#-----[ OPEN ]------------------------------------------
#

lib/comment.class.php

#
#-----[ FIND ]------------------------------------------
#

class gb_comment {

#
#-----[ AFTER, ADD ]------------------------------------------
#

var $ctrlcode_ok;

#
#-----[ FIND ]------------------------------------------
#

if ($status == 1) {
$this->insert_comment();
header("Location: $GB_PG[index]");
} else {

#
#-----[ REPLACE WITH ]------------------------------------------
#

if ($status == 1 and $this->ctrlcode_ok) {
$this->insert_comment();
header("Location: $GB_PG[index]");
} else {

#
#-----[ OPEN ]------------------------------------------
#

templates/comment.php

#
#-----[ FIND ]------------------------------------------
#

$COMMENT_PASS

#
#-----[ AFTER, ADD ]------------------------------------------
#

$LANG[FormCtrlCode]:*

#
#-----[ SAVE/CLOSE ALL FILES ]------------------------------------------
#
# EoM
[/code]

Carbonize — GMT

Looks almost identical to the image verification code I released over a year ago.

Wappendorf — GMT

[quote="Carbonize"]Looks almost identical to the image verification code I released over a year ago.[/quote]
I definitely didn't look well enough on this forum but as any image verification code is a must have...

BTW : An error in the code I first posted prevent it from beeing usefull.
Here is the mod to the mod if you had it already installed.

[code]
#
#-----[ OPEN ]------------------------------------------
#
addentry.php

#
#-----[ FIND ]------------------------------------------
#
if($_POST['gb_ctrlcode'] != $_SESSION['ctrlstring']){

#
#-----[ REPLACE WITH ]------------------------------------------
#

if($_POST['gb_ctrlcode'] != $_SESSION['ctrlstring'] OR !isset($_SESSION['ctrlstring']))
{[/code]
Edit : same problem with comments :
[code]
#
#-----[ OPEN ]------------------------------------------
#
comment.php

#
#-----[ FIND ]------------------------------------------
#
if($_POST['gb_ctrlcode']!=$_SESSION['ctrlstring']){

#
#-----[ REPLACE WITH ]------------------------------------------
#

if($_POST['gb_ctrlcode'] != $_SESSION['ctrlstring'] OR !isset($_SESSION['ctrlstring']))
{

[/code]

Carbonize — GMT

[quote]Image Verification script, by Carbonize (Help reduce Guestbook spam):
http://proxy2.de/forum/viewtopic.php?p=9976
http://www.carbonize.co.uk/verification.zip is the official download for the image verification mod [/quote]

Thats in the READ THIS FIRST thread

JTD — GMT

Well you know what they say carb. Imitation is the best flattery. To bad he is a dollar short and over a year late. I bet he even thought he had something special.

Wappendorf — GMT

[quote="JTD"]Well you know what they say carb. Imitation is the best flattery. To bad he is a dollar short and over a year late. I bet he even thought he had something special. [/quote]

Well, I should say, that I only had a quick look at Carbonize code just now. At first sight, it seems that it lacks the code to protect the comments to be spammed and doesn't seem to be "almost identical" at all as "my" code is mainly the code of Mert ÷–‹T that I found googling for an anti flood solution while Carbonize code seems to be original.
And the only "little" work I've done is to integrate the "[url=http://www.gitme.net/php/]Gitme Anti Flood[/url]" code into this mod.

Anyway, It works for me, I'm happy with this and I just wanted to share my work. And I won't feel sorry if some people aren't interested.

I'm just sorry to not having read the "READ THIS BEFORE POSTING ANY QUESTIONS!" thread. Btw, now that I've read some more of these forums, I think too, as someone else said, that the image verification should be included in the original Advanced Guest Book code and not as a mod.
And as I had no questions to ask, I didn't felt I had to read the "READ THIS BEFORE POSTING ANY QUESTIONS!" thread, and as the sticky post is a (too) simple (for me) human verification test and not the image verification test, this is why I felt I had to write this.

So you know.

JTD — GMT

It is included in the Lazarus Guestbook. Made by Carb. Along with alot of other antispam featurs not found in AGB.

Carbonize — GMT

[quote="JTD"]It is included in the Lazarus Guestbook. Made by Carb. Along with alot of other antispam featurs not found in AGB.[/quote]

No the image verification is not included with Lazarus.

Auron — GMT

[quote="Carbonize"][quote="JTD"]It is included in the Lazarus Guestbook. Made by Carb. Along with alot of other antispam featurs not found in AGB.[/quote]

No the image verification is not included with Lazarus.[/quote]

Maybe it should? Or is it already in the next version?

Carbonize — GMT

It is being contemplated.

2.3.4 problem with image verification

xtrem — GMT

Hello,

I installed Advance guestbokk 2.3.4--> works fine but lot of spam.

I try to install the image verification from carbonize and now I can no more sign the guestbook. I follow the solution for 2.3.2 and I'm not sure that is the same for 2.3.4

the code is ever wrong....

Could you help me?

my web site is http://lucy.artespace.ch and after you will find "livre d'or"

Thank you very much

Carbonize — GMT

Download 2.3.4 and replace ALL your current guestbook files EXCEPT admin/config.inc.php then follow the instructions for Human Verification which is in the first thread.

Version 2.3.5 with human verification coming soon?

gbguruted — GMT

Hi,

I'm on 2.3.2 and it seems like some spammers are able to post messages that have an IP address that is already on my keep-out list. They also seem to be able to post messages that have words that are in my banned list, but with no substitution being made. So, somehow they are able to add entries that bypass the watchdog routines. Does 2.3.4 help with these?

Also, the keep-out list seems to ignore the wild card IP address entries, (e.g., I put in "203.125.", yet along comes 203.125.1.234 afterward). So somehow someone is able to bypass the watchdog for that, too.

Also, for 2.3.5, my wish is that the keep-out list could include both IP addresses, wild card addresses all the way down to just the first number, and also allow us to enter in names, like "localhost" or any name used by the spammers.

Wishing out loud. Keep up the great work. As the Beatles use to sing, "It's getting better all the time."

Carbonize — GMT

they should not be able to bypass neither the IP ban nor bad word filtering. Whats the link to your address along with a list of your bad words.

xtrem — GMT

I follow the instruction but it is not working...

Is it a way to send me the modified file to my e-mail address....

no_spam_xtrem@freesurf.ch

thank you for your help,

Carbonize — GMT

if you followed the instructions how come you managed to miss the bit that says I have already made some pre modded files available for people to download?

bredy73 — GMT

I installed this mod, but i Have this problem.

Warning: session_start(): Cannot send session cache limiter - headers already sent

wich is the problem?
Thank you.

Carbonize — GMT

To my knowledge there is not even a call to session_start in the script. Whats the full error message?

Wappendorf — GMT

[quote="bredy73"]I installed this mod, but i Have this problem.

Warning: session_start(): Cannot send session cache limiter - headers already sent

wich is the problem?
Thank you.[/quote]

session_start() should always come first in a php script, right after the '
Also make sure the first line of all your php scripts is " Anything else will be interpreted by php as html to be outputed directly and headers will be sent to the client browser at that time. The same problem can come from the end of included files, make sure there is nothing right after the ending line : "?>". In some cases a simple CARRIAGE RETURN (ascii-13) or LINE FEED (ascii-10) could be the problem and... a nightmare to find !

[quote="Carbonize"]To my knowledge there is not even a call to session_start in the script. Whats the full error message?[/quote]
Sessions are used in this mod to save the verification number generated in image.php for addentry.php and comment.php that will check it.

Hope this helps.

Carbonize — GMT

Yeah sorry I got confused between this and my human verification test. Thats what happens when you get up in the morning and have about 20 forums posts to answer.