Jump to content


Photo
- - - - -

Re-Captcha on signup

audio hd audio hd video

  • Please log in to reply
19 replies to this topic

#1 dargre

dargre

    Senior Member

  • Members
  • PipPipPipPipPip
  • 991 posts

Posted 17 February 2011 - 04:15 PM

None captcha system is safe, however Re-Captcha still is one of most solid in this matter. Surely it can protect you more against fake signups.
Here's a tutorial how to set re-captcha on AVS signup page.

1. signup for re-captcha first: http://www.google.co...ha/whyrecaptcha

2. download "recaptchalib.php" and upload to "include" directory

3. edit file "signup.php" and find line:
$signup     = array('username' => '', 'email' => '', 'age' => '', 'terms' => '', 'gender' => '');
Above it paste:
require_once('include/recaptchalib.php');
$publickey = "your public key";
$privatekey = "your private key";

if ($_POST["recaptcha_response_field"]) {
        $resp = recaptcha_check_answer ($privatekey,$_SERVER["REMOTE_ADDR"],$_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]);
}
$eCAPTCHA=recaptcha_get_html($publickey, $error); 
Enter your public and private keys from re-captcha site.

Find lines:
if ( $config['captcha'] == '1' ) {
        if ( $_SESSION['captcha_code'] != strtoupper($vcode) ) {
            $errors[]               = $lang['signup.captcha'];
        }
 }
Replace it with:
if ( !$resp->is_valid )
{
	$errors[] = $lang['signup.captcha']; 
}   
Find line:
$smarty->assign('errors',$errors);
Above it in new line enter:
$smarty->assign('eCAPTCHA',$eCAPTCHA); 
Save "signup.php".
Edit file "templates/frontend/your_template/signup.tpl"
                    {if $captcha == '1'}
                    <br />
                    <div class="separator">
                        <label for="signup_verification">{t c='global.verification'}:</label>
                        <input name="verification" type="text" value="" id="signup_verification" />
						<span class="font-9">{t c='global.verif_expl'}!</span><br />
                        <img src="{$relative}/captcha" id="captcha_image" alt="Are you human?" />
                        <span class="reload"><a href="#reload_captcha" id="captcha_reload">{t c='global.verif_reload'}</a></span>
                    </div>
                    {/if}
Replace it all with:
                    {if $captcha == '1'}
                    <br />
                    <div class="separator">
                        <label for="signup_verification">{t c='global.verification'}:</label>
                        {$eCAPTCHA}
                    </div>
                    {/if}

This is working solution on test default AVS 2.1 script (should be also fine for previous versions), also tested on several similiar scripts, also for other forms (contact, etc).
Please don't ask if you cannot install, as I won't be able to answer what someone can have wrong without seeing files and having chance to test it.
My free help is limited to what I post on forums. Do not PM on AVS forum as I check it very rarely.

Possibly re-captcha could be also used on uploads page (some asked about it), but it's far more complicated for jquery, unfortunately I have no interest in doing it for AVS upload page, time to digg it and write turotial.

Good luck.

Edited by dargre, 17 February 2011 - 05:39 PM.

VIDEO.JS - best HTML5 player in the world for AVS script

NUEVOPLAYER 8 - best flash+html5 player for video scripts
Mods, custom code by NuevoLab (Search Suggest, Multiple image upload, Seo mods,and much more)


#2 GILBERTO

GILBERTO

    Senior Member

  • Members
  • PipPipPipPip
  • 264 posts

Posted 18 February 2011 - 03:51 AM

wow very helpful thank u ~

#3 inpulsum

inpulsum

    Member

  • Members
  • PipPip
  • 71 posts

Posted 18 February 2011 - 04:04 AM

Thanks for the tutorial. Hopefully it will stop the fake sign ups.

#4 dargre

dargre

    Senior Member

  • Members
  • PipPipPipPipPip
  • 991 posts

Posted 18 February 2011 - 01:31 PM

Same integration is for feedback page.
Edit file feedback.php
Find line:
require 'classes/filter.class.php';
Below enter:
require_once('include/recaptchalib.php');
$publickey = "your public key";
$privatekey = "your private key";

if ($_POST["recaptcha_response_field"]) {
        $resp = recaptcha_check_answer ($privatekey,$_SERVER["REMOTE_ADDR"],$_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]);
}
$eCAPTCHA=recaptcha_get_html($publickey, $error);
Find code:
    if ( $_SESSION['captcha_code'] != strtoupper($code) ) {
        $errors[]               = $lang['global.verif_invalid'];
    }
Replace it with:
if ( !$resp->is_valid )
{
	$errors[] = $lang['global.verif_invalid'];
}
Find line:
$smarty->assign('errors',$errors);
Above insert:
$smarty->assign('eCAPTCHA',$eCAPTCHA);

Edit file "templates/frontend/yourtemplate/feedback.tpl"
Find code:
                    <div class="separator">
                        <label for="feedback_verification">{t c='global.verification'}:</label>
                        <input name="verification" type="text" value="" id="feedback_verification" />
                        <span class="font-9">{t c='global.verif_expl'}</span><br />
                        <img src="{$relative}/captcha" id="captcha_image" alt="Are you human?" /><br />
                        <span class="reload_contact"><a href="#reload_captcha" id="captcha_reload">{t c='global.verif_reload'}</a></span>
                    </div>
Replace it with:
                    <div class="separator">
                        <label for="feedback_verification">{t c='global.verification'}:</label>
                        {$eCAPTCHA}
                    </div>

VIDEO.JS - best HTML5 player in the world for AVS script

NUEVOPLAYER 8 - best flash+html5 player for video scripts
Mods, custom code by NuevoLab (Search Suggest, Multiple image upload, Seo mods,and much more)


#5 dargre

dargre

    Senior Member

  • Members
  • PipPipPipPipPip
  • 991 posts

Posted 18 February 2011 - 03:49 PM

Well, after some trials and errors I was also able to setup re-captcha on video upload page and keep jquery submit/upload method....
But it's quite different than on standard submit pages, had to write some new files and update code more.
If someone really suffers of fake uploads can contact me through Nuevolab website.

Edited by dargre, 20 February 2011 - 12:54 AM.

VIDEO.JS - best HTML5 player in the world for AVS script

NUEVOPLAYER 8 - best flash+html5 player for video scripts
Mods, custom code by NuevoLab (Search Suggest, Multiple image upload, Seo mods,and much more)


#6 GILBERTO

GILBERTO

    Senior Member

  • Members
  • PipPipPipPip
  • 264 posts

Posted 18 February 2011 - 10:37 PM

That will be nice

#7 jepapel

jepapel

    Member

  • Members
  • PipPip
  • 32 posts

Posted 11 May 2011 - 06:39 AM

Great and useful tutorial dargre! Thanks

#8 sextube

sextube

    Senior Member

  • Members
  • PipPipPipPip
  • 230 posts

Posted 27 July 2011 - 11:24 PM

thanks works great...
it's the same for invite.php as feedback :)
anyone know how to add it to login and upload? would be great...
Also would be great if keys could be added to a file in /include folder so they won't need to be added in each file :)

#9 GILBERTO

GILBERTO

    Senior Member

  • Members
  • PipPipPipPip
  • 264 posts

Posted 13 December 2011 - 03:19 AM

can u integrate this when someone send a private message and write in the wall ?

#10 dargre

dargre

    Senior Member

  • Members
  • PipPipPipPipPip
  • 991 posts

Posted 13 December 2011 - 11:04 PM

I'm busy man with many own projects and products I have to support daily.
Also I provide custom paid programming services from long years, so my FREE help must be limited to what I post on forums sometimes.

VIDEO.JS - best HTML5 player in the world for AVS script

NUEVOPLAYER 8 - best flash+html5 player for video scripts
Mods, custom code by NuevoLab (Search Suggest, Multiple image upload, Seo mods,and much more)


#11 twisted

twisted

    Junior Member

  • Members
  • Pip
  • 12 posts

Posted 06 July 2013 - 10:58 PM

I have made these changes (feedback and signup) to AVS 2.2 and while using MoneyMaker and they work. I have tested it a few times and I have not had any problems.

Thank you very much dargre!

#12 Double D

Double D

    Member

  • Members
  • PipPip
  • 30 posts
  • LocationThe Netherlands

Posted 19 November 2013 - 08:52 PM

Thanks Dargre :)  works perfect here.

Have a nice day

greetz

Jaco



#13 kalasnjikov

kalasnjikov

    Junior Member

  • Members
  • Pip
  • 13 posts

Posted 26 November 2013 - 09:26 PM

Great work dargre!



#14 vakuum

vakuum

    Junior Member

  • Members
  • Pip
  • 14 posts

Posted 02 March 2014 - 08:08 PM

where do i find: recaptchalib.php



#15 pansel

pansel

    Newbie

  • Members
  • Pip
  • 6 posts

Posted 31 March 2014 - 07:30 PM

Download  recaptchalib.php  it from here

 

http://code.google.c...l:phplib-Latest



#16 Admin99

Admin99

    Administrator

  • Administrators
  • 20 posts

Posted 10 April 2014 - 09:18 PM

Re-Captcha is still letting some spammers (bots) pass. We've tried it on some of our demos, from 500 bot signups a day, there were still about 20 a day after implementing Re-Captcha. We have implemented KeyCaptcha, and we haven't got any bot so far, after almost one week. So we are integrating both Re-Captcha in Key-Captcha in AVS, having the option to choose which one you want to use. This will be released in a few days, as spam registrations are a major problem lately.



#17 Admin

Admin

    Administrator

  • Administrators
  • 1,189 posts

Posted 17 April 2014 - 11:59 PM

We've also intergated AreYouHuman. No bot signups lately.


Danny B.
Founder
ClipShare | MediaShare | AVS | CamChat


#18 Damien

Damien

    Junior Member

  • Members
  • PipPipPip
  • 78 posts

Posted 05 July 2014 - 03:53 PM

Another helpful defence; What about adding honeypot field, you know spambot can read "2 + 2 = ?" and they read source code not rendered text so why not make hidden field if it is filled in right, it's invalid registration.

Human spammer will win but this is for bots.

 

example;

 if ( $spam == "4" || $spam == "four") {
        $errors[]               = $lang['signup.captcha_invalid'];
 }
<div class="hide">
<label for="spam">2 + 2 = ?</label>
<input name="spam" type="text" id="spam">
</div>
.hide {
display: none !important;
}

Edited by Damien, 05 July 2014 - 04:00 PM.


#19 Damien

Damien

    Junior Member

  • Members
  • PipPipPip
  • 78 posts

Posted 05 July 2014 - 04:56 PM

Here is another idea; if these are bots signing up to the website, they don't mess around they register in a couple seconds. What about deny anyone register faster than 7 seconds.

   $loadtime = $_POST['loadtime'];
   $totaltime = time() - $loadtime;
   if($totaltime < 7)
   {
   $errors[] = $lang['signup.captcha_invalid'];
  }

Hide this in signup.tpl

<input type="hidden" name="loadtime" id="loadtime" value="{$smarty.now}" />


#20 dargre

dargre

    Senior Member

  • Members
  • PipPipPipPipPip
  • 991 posts

Posted 05 July 2014 - 06:00 PM

 

Here is another idea; if these are bots signing up to the website, they don't mess around they register in a couple seconds. What about deny anyone register faster than 7 seconds.

 

Good idea. I have also other solution that displays some 8 sec. countdown before registration form appears. It also keeps bots away from signin up.


  • Damien likes this

VIDEO.JS - best HTML5 player in the world for AVS script

NUEVOPLAYER 8 - best flash+html5 player for video scripts
Mods, custom code by NuevoLab (Search Suggest, Multiple image upload, Seo mods,and much more)






Also tagged with one or more of these keywords: audio, hd audio, hd video