[Mod] Dodging SPAM with recaptcha

[ednet]

Folks,
I have been a silent spectator for a while. I wanted to post few but the some of my ideas are already posted. Needless to say how much i gained from this forum and people. Following is my humble contribution for stopping robots registration and to fight spammers.

Have fun playing with the spammers.

Todo:

1. Goto reCAPTCHA: Stop Spam, Read Books and register for an account.
2. Add a doman and get the Private and Public Key.
3. Download and Save the attched recaptchalib.php into your pligg directory.
4. Modify register_step_2.tpl as shown
5. Modify register.php do_register2() as shown.(Best way is to replace the function with this.

register_step_2.tpl

Code:

{config_load file="/libs/lang.conf"}

<h2>{#PLIGG_Visual_Breadcrumb_RegisterStep2#}</h2>

{if $register_error eq true}
	<p class="error">{$register_error_text}</p>
{else}

	<form action="{$URL_register}" method="post" id="thisform">
	
		<fieldset><legend>{#PLIGG_Visual_Register_Validation#}</legend>
		<?php		
			require_once('recaptchalib.php');
			$publickey = "YOUR PUBLIC KEY"; // you got this from the signup page
			echo recaptcha_get_html($publickey);
		?>
			{#PLIGG_Visual_Register_Enter_Number#}<br />				
			<input type="hidden" name="ts_random" value="{$ts_random}" /><br />		
			<input type="submit" name="submit" value="{#PLIGG_Visual_Register_Continue#}" class="submit" /></p>
			<input type="hidden" name="process" value="2" />
			<input type="hidden" name="email" value="{$templatelite.post.email}" />
			<input type="hidden" name="username" value="{$templatelite.post.username}" />
			<input type="hidden" name="password" value="{$templatelite.post.password}" />
			<input type="hidden" name="reghash" value="{$reghash}" />
		</fieldset>
	</form>
{/if}

register.php

Code:

function do_register2() {
	global $db, $current_user, $main_smarty, $the_template;


		if(enable_captcha == 'true') {
			
		require_once('recaptchalib.php');		
		// Get a key from http://recaptcha.net/api/getkey
		$publickey = "YOUR PUBLIC KEY HERE";
		$privatekey = "YOUR PRIVATE KEY HERE";
		
		# the response from reCAPTCHA
		$resp = null;
		# the error code from reCAPTCHA, if any
		$error = null;
		
		# was there a reCAPTCHA response?
		if ($_POST["recaptcha_response_field"]) {
		        $resp = recaptcha_check_answer ($privatekey,
		                                        $_SERVER["REMOTE_ADDR"],
		                                        $_POST["recaptcha_challenge_field"],
		                                        $_POST["recaptcha_response_field"]);
				
		        if ($resp->is_valid) {
		                echo "Succesfully verified that you are human.";
		        } else {
		                # set the error code so that we can display it
		                $error = $resp->error;

		        }
		}	
			
		if (!$resp->is_valid) { // if incorrect captcha code was entered
			$main_smarty->assign('register_error_text', "badcode");
			$main_smarty->display($the_template . '/register_error.tpl');
			return;
		}
	
		$reghash = $_POST["reghash"];
		$mycombo = $_POST["username"].$_POST["email"].$_POST["password"];
		if(generateHash($mycombo, substr($reghash, 0, SALT_LENGTH)) != $reghash){
			loghack('Register Step 2', 'username: ' . $_POST["username"].'|email: '.$_POST["email"]);
		}
	}

	$error = false;
	$error = verify_reg($_POST["username"], $_POST["email"], $_POST["password"], $_POST["password"]); 
	if ($error) return;

	$username=$db->escape(trim($_POST['username']));
	$password=$db->escape(trim($_POST['password']));
	$userip=$_SERVER['REMOTE_ADDR'];
	$saltedpass=generateHash($password);
	$email=$db->escape(trim($_POST['email']));
	if (!user_exists($username)) {
		if ($db->query("INSERT INTO " . table_users . " (user_login, user_email, user_pass, user_date, user_ip) VALUES ('$username', '$email', '$saltedpass', now(), '$userip')")) {
			if($current_user->Authenticate($username, $password, false) == false) {
				$main_smarty->assign('register_error_text', "errorinserting");
				$main_smarty->display($the_template . '/register_error.tpl');
			} else {
				
				define('registerdetails', $username . ';' . $password . ';' . $email . ';' . $return);
				check_actions('register_success_pre_redirect');
				
				header('Location: ' . getmyurl('user', $username));
			}
		} else {
			$main_smarty->assign('register_error_text', "errorinserting");
			$main_smarty->display($the_template . '/register_error.tpl');
		}
	} else {
		$main_smarty->assign('register_error_text', "usernameexists");
		$main_smarty->display($the_template . '/register_error.tpl');
	}
}

Let me know if something is wrong.
eddy.

[tbones]

If this software actually supports the Internet Archive - Wikipedia, the free encyclopedia with its digitalizing effort it´s a fantanstic approach.

[ednet]

Screen shot. Recaptcha in action.

[Adaman]

Look's nice i will definitely give this a try out when i get a moment

Thanks ednet

[tbones]

Quote:

Originally Posted by ednet

Screen shot. Recaptcha in action.

Just to get it right: The wave-like letter order and the line along the letters is added to the original digitalized word, right?

[ednet]

Quote:

Originally Posted by tbones

Just to get it right: The wave-like letter order and the line along the letters is added to the original digitalized word, right?

Recaptcha does that automatically.

[The Humanaught]

Hey, thanks so much for this mod, I'm getting slaughtered by spam, and I'm hoping this will help cut it down a bit.

Unfortunately, I seem to have a problem installing it on Pligg 9.8.2. I followed your instructions verbatim, but when I click on the final step to register I get the following error:

Succesfully verified that you are human.Hacking attempt on Register Step 2

Anyone got any ideas?

[gen3ric]

Wow this has drastically cut down on the amount of SPAM I was receiving to almost none!

[The Humanaught]

Gen3ric: It's working as advertised for you and you're using the newest version of Pligg? What am I doing wrong... bah!

[The Humanaught]

Hey, just a follow up to my last two posts, I think the reason it wasn't working with my site (v9.8.2), was this code in the modification:

HTML Code:

<input type="hidden" name="email" value="{$templatelite.post.email}" />
<input type="hidden" name="username" value="{$templatelite.post.username}" />
<input type="hidden" name="password" value="{$templatelite.post.password}" /> 

As in my install it is:

HTML Code:

<input type="hidden" name="email" value="{$email}" />
<input type="hidden" name="regfrom" value="sidebar"/>
<input type="hidden" name="username" value="{$username}" />
<input type="hidden" name="password" value="{$password}" /> 

Specifically note the "regfrom" field - something that was missing in the original code for this. Anyway, by not replacing all the text in register_step_2.tpl, and just adding the following PHP (Smartified), it works like a charm:

PHP Code:

{php}        
    require_once('recaptchalib.php');
    $publickey = "YOUR PUBLIC KEY"; // you got this from the signup page
    echo recaptcha_get_html($publickey);
{/php} 


Thanks again ednet for contributing this, I hope this works better than the "better_captha_fonts" solution, which still allowed massive amounts of spam through - if this doesn't work, I guess I just need to face the fact that people are actually registering and posting spam links by hand...