>> Peta Laman >> News
HOWTO : MODIFYING PHPNUKE CAPTCHA
#63 - 1--Administrator--HOWTO : MODIFYING PHPNUKE CAPTCHA--2007-01-09 20:56:58
It was a known fact that PHPNUKE is using a simple form of CAPTCHA (called security code), which will try to resist against automated actions - login bruteforce, account creation DoS, ect. PHNUKE with the standard 6-digit CAPTCHA can be easily attacked not only by human, but also by any malicious script exploiting the design weakness.This is a guide for you to change your captcha from 6 digits to 8. Be sure to make backup of your original copies of the files. Something might gone wrong at anytime, so you can revert to your original files. - It is a good move to use not-a-standard-phpnuke-captcha. However for a newbie, it is not an easy task. Changing a few line of codings in a few file might drowned him several couple of hours in front of his computer.
This guide will show you in a very simple way how to change the PHPNUKE captcha from 6 to 8 digits.
1) Make sure that your $gfx_chk in the config.php is set to other than 0, normally it is 7 .if you want to use captcha everywhere on all login options.
2) Fire up your mainfile.php in your text editor such as notepad.
Make a search with your text editor to find function loginbox() - it is around line 950 (it might differs from one to another depending on the version of your phpnuke and whether this file has been modified before or not).
Look at the original codings:
function loginbox() {
global $user, $sitekey, $gfx_chk;
mt_srand ((double)microtime()*1000000);
$maxran = 1000000;
$random_num = mt_rand(0, $maxran);
$datekey = date("F j");
$rcode = hexdec(md5($_SERVER['HTTP_USER_AGENT'] . $sitekey . $random_num . $datekey));
$code = substr($rcode, 2, 6);
Carefully, change the last line to
$code = substr($rcode, 2, 8);
Then scroll nearly to the bottom of the file
switch($gfx) {
case "gfx":
$datekey = date("F j");
$rcode = hexdec(md5($_SERVER[HTTP_USER_AGENT] . $sitekey . $random_num . $datekey));
$code = substr($rcode, 2, 6);
Yes change the last line too, so that it will become
$code = substr($rcode, 2, 8);
We have to give an extra 2 spaces in the box for users to write the Security Code.
NOW go to function loginbox() line just now and find
$boxstuff .= ""._TYPESECCODE."
<input type="text" NAME="gfx_check" SIZE="7" MAXLENGTH="6">n";
change it to
$boxstuff .= ""._TYPESECCODE."
<input type="text" NAME="gfx_check" SIZE="9" MAXLENGTH="8">n";
Done for this file.
Save this mainfile.php.
3) Now go to module/Your_Account and open the index.php found in the module in your Text editor. There are quite a number of lines to be changed here, however it is not a so difficult task.
All what you have to do is to change
$code = substr($rcode, 2, 6);
to
$code = substr($rcode, 2, 8);
There are 2 places need to be changed in this file (unless you are using a customized or a different set of Your Acount module) namely at
a) function confirmNewUser($username, $user_email, $user_password, $user_password2, $random_num, $gfx_check)
b) function finishNewUser($username, $user_email, $user_password, $random_num, $gfx_check)
Don't touch any line yet except changing
$code = substr($rcode, 2, 6);
to
$code = substr($rcode, 2, 8);
NOW, we have to give an extra 2 spaces in the box for users to write the Security Code.
They are located at 2 places
function main($user) and
function new_user()
find at both locations:
<input type="text" NAME="gfx_check" SIZE="7" MAXLENGTH="6">
change them to
<input type="text" NAME="gfx_check" SIZE="9" MAXLENGTH="8">
Save this index.php file.
4) If you are using a userinfo block or login block where a login is enabled from the block then open your block-Userinfo.php (or whatever the file name which you used for user login) in nuke/blocks.
<input type="text" NAME="gfx_check" SIZE="7" MAXLENGTH="6">
the same should be done as recent changes that is giving an extra spaces for the login box, so change it now to:
<input type="text" NAME="gfx_check" SIZE="9" MAXLENGTH="8">
Save your block-Userinfo.php
Almost done, but wait there is another file that is admin.php
5) Fire up your admin.php file in your text editor.
Do the same as the above that is changing
<input type="text" NAME="gfx_check" SIZE="7" MAXLENGTH="6">
to
<input type="text" NAME="gfx_check" SIZE="9" MAXLENGTH="8">
Save your admin.php
Thats all folks. While under no circu mtances that I guarantee this changes will resist against any automated actions 100%, however it can minimize them as you are now using a non-standard PHPNUKE captcha which is is using 6 digits. Yours is 8!
LATEST
If the captcha is difficult to read i.e. the number does not appear correctly at the center of the image that resulted in an unreadable last figure, then open up your mainfile.php,
at case "gfx" find for this line:
ImageString ($image, 5, 12, 2, $code, $text_color);
alter it to
Thanks to altairwold for highlighting this.
--comments-->16--8479--16
