 |
Baru: HOWTO : MODIFYING PHPNUKE CAPTCHA |
 |
Dikirim pada Wednesday 10-01-2007 10:56 oleh Administrator |
 zulkiply menulis "It was a known fact that PHPNUKE is using a simple form of CAPTCHA (called security code), which will try to resist against automated actions - login bruteforce, account creation DoS, ect. PHNUKE with the standard 6-digit CAPTCHA can be easily attacked not only by human, but also by any malicious script exploiting the design weakness.
This is a guide for you to change your captcha from 6 digits to 8. Be sure to make backup of your original copies of the files. Something might gone wrong at anytime, so you can revert to your original files.
It is a good move to use not-a-standard-phpnuke-captcha. However for a newbie, it is not an easy task. Changing a few line of codings in a few file might drowned him several couple of hours in front of his computer.
This guide will show you in a very simple way how to change the PHPNUKE captcha from 6 to 8 digits.
1) Make sure that your $gfx_chk in the config.php is set to other than 0, normally it is 7 .if you want to use captcha everywhere on all login options.
2) Fire up your mainfile.php in your text editor such as notepad.
Make a search with your text editor to find function loginbox() - it is around line 950 (it might differs from one to another depending on the version of your phpnuke and whether this file has been modified before or not).
Look at the original codings:
function loginbox() {
global $user, $sitekey, $gfx_chk;
mt_srand ((double)microtime()*1000000);
$maxran = 1000000;
$random_num = mt_rand(0, $maxran);
$datekey = date("F j");
$rcode = hexdec(md5($_SERVER[''''HTTP_USER_AGENT''''] . $sitekey . $random_num . $datekey));
$code = substr($rcode, 2, 6);
Carefully, change the last line to
$code = substr($rcode, 2, 8);
Then scroll nearly to the bottom of the file
switch($gfx) {
case "gfx":
$datekey = date("F j");
$rcode = hexdec(md5($_SERVER[HTTP_USER_AGENT] . $sitekey . $random_num . $datekey));
$code = substr($rcode, 2, 6);
Yes change the last line too, so that it will become
$code = substr($rcode, 2, 8);
We have to give an extra 2 spaces in the box for users to write the Security Code.
NOW go to function loginbox() line just now and find
$boxstuff .= ""._TYPESECCODE."
<input NAME="gfx_check" SIZE="7" MAXLENGTH="6">n";
change it to
$boxstuff .= ""._TYPESECCODE."
<input NAME="gfx_check" SIZE="9" MAXLENGTH="8">n";
Done for this file.
Save this mainfile.php.
3) Now go to module/Your_Account and open the index.php found in the module in your Text editor. There are quite a number of lines to be changed here, however it is not a so difficult task.
All what you have to do is to change
$code = substr($rcode, 2, 6);
to
$code = substr($rcode, 2, 8);
There are 2 places need to be changed in this file (unless you are using a customized or a different set of Your Acount module) namely at
a) function confirmNewUser($username, $user_email, $user_password, $user_password2, $random_num, $gfx_check)
b) function finishNewUser($username, $user_email, $user_password, $random_num, $gfx_check)
Don''''t touch any line yet except changing
$code = substr($rcode, 2, 6);
to
$code = substr($rcode, 2, 8);
NOW, we have to give an extra 2 spaces in the box for users to write the Security Code.
They are located at 2 places
function main($user) and
function new_user()
find at both locations:
<input NAME="gfx_check" SIZE="7" MAXLENGTH="6">
change them to
<input NAME="gfx_check" SIZE="9" MAXLENGTH="8">
Save this index.php file.
4) If you are using a userinfo block or login block where a login is enabled from the block then open your block-Userinfo.php (or whatever the file name which you used for user login) in nuke/blocks.
<input NAME="gfx_check" SIZE="7" MAXLENGTH="6">
the same should be done as recent changes that is giving an extra spaces for the login box, so change it now to:
<input NAME="gfx_check" SIZE="9" MAXLENGTH="8">
Save your block-Userinfo.php
Almost done, but wait there is another file that is admin.php
5) Fire up your admin.php file in your text editor.
Do the same as the above that is changing
<input NAME="gfx_check" SIZE="7" MAXLENGTH="6">
to
<input NAME="gfx_check" SIZE="9" MAXLENGTH="8">
Save your admin.php
Thats all folks. While under no circu mtances that I guarantee this changes will resist against any automated actions 100%, however it can minimize them as you are now using a non-standard PHPNUKE captcha which is is using 6 digits. Yours is 8!
LATEST
If the captcha is difficult to read i.e. the number does not appear correctly at the center of the image that resulted in an unreadable last figure, then open up your mainfile.php,
at case "gfx" find for this line:
ImageString ($image, 5, 12, 2, $code, $text_color);
alter it to
ImageString ($image, 5, 2, 2, $code, $text_color);
Thanks to altairwold for highlighting this.
"
|
|
|
|
|
| |
|
Related Link |
|
|
|
Please take a second and vote for this article: |
|
Average Score: 4.75
Undi: 4
|
|
|
|
|
|
Options |
|
|
|
| "HOWTO : MODIFYING PHPNUKE CAPTCHA" | Login/Daftar | 2 komen | Cari diskusi |
|
| | Isi komentar adalah tanggung jawab pengirimnya. |
|
|
|
|
|
|
Anda tidak dibolehkan mengirim komentar, silakan daftar di sini |
|
|
|
|
Re: HOWTO : MODIFYING PHPNUKE CAPTCHA (Nilai: 1)
oleh Ibonic pada Saturday 06-06-2009 02:45
(Info Anggota | Kirim Pesan) | Excellent guide, I was able to install this on my ownsite, on the bottom of the guide there is part missing which i was able to figure out, but others may not, the Alter to part is missing
Cheers
LATEST
If the captcha is difficult to read i.e. the number does not appear correctly at the center of the image that resulted in an unreadable last figure, then open up your mainfile.php, at case "gfx" find for this line:
ImageString ($image, 5, 12, 2, $code, $text_color);
alter it to |
|
|
|
|
|
|
Interaktif - Interactive
![[Valid RSS]](images/valid-rss.png "Validate RSS feed")
![[Valid Atom 1.0]](images/valid-atom.png "Validate my Atom 1.0 feed")
LPZH kini boleh diakses dari Telefon WAP di alamat 
![[Valid RSS]](images/valid-forum092.gif "RSS forum feed"){kind=small}
![[Valid RSS]](images/valid-rss20.gif "RSS feed"){kind=small}
![[sitemap]](images/sitemap.gif "sitemap"){kind=small}
![[mcafee]](images/mcafee1.gif "mcafee"){kind=small}