[Mod] Dodging SPAM with recaptcha

Pligg CMS Forum > Questions and Comments
Register an Account

Login

User Name:

Password:

Remember Me?
Closed Thread
Page 1 of 3 1 23
 
Thread Tools Display Modes
  #1 (permalink)  
Old 08-06-2007, 11:53 AM
New Pligger
  
Join Date: Jul 2007
Posts: 3
Folks,
I have been a silent spectator for a while. I wanted to post few but the some of my ideas are already posted. Needless to say how much i gained from this forum and people. Following is my humble contribution for stopping robots registration and to fight spammers.

Have fun playing with the spammers.

Todo:

1. Goto reCAPTCHA: Stop Spam, Read Books and register for an account.
2. Add a doman and get the Private and Public Key.
3. Download and Save the attched recaptchalib.php into your pligg directory.
4. Modify register_step_2.tpl as shown
5. Modify register.php do_register2() as shown.(Best way is to replace the function with this.

register_step_2.tpl
Code:
{config_load file="/libs/lang.conf"}

<h2>{#PLIGG_Visual_Breadcrumb_RegisterStep2#}</h2>

{if $register_error eq true}
	<p class="error">{$register_error_text}</p>
{else}

	<form action="{$URL_register}" method="post" id="thisform">
	
		<fieldset><legend>{#PLIGG_Visual_Register_Validation#}</legend>
		<?php		
			require_once('recaptchalib.php');
			$publickey = "YOUR PUBLIC KEY"; // you got this from the signup page
			echo recaptcha_get_html($publickey);
		?>
			{#PLIGG_Visual_Register_Enter_Number#}<br />				
			<input type="hidden" name="ts_random" value="{$ts_random}" /><br />		
			<input type="submit" name="submit" value="{#PLIGG_Visual_Register_Continue#}" class="submit" /></p>
			<input type="hidden" name="process" value="2" />
			<input type="hidden" name="email" value="{$templatelite.post.email}" />
			<input type="hidden" name="username" value="{$templatelite.post.username}" />
			<input type="hidden" name="password" value="{$templatelite.post.password}" />
			<input type="hidden" name="reghash" value="{$reghash}" />
		</fieldset>
	</form>
{/if}
register.php
Code:
function do_register2() {
	global $db, $current_user, $main_smarty, $the_template;


		if(enable_captcha == 'true') {
			
		require_once('recaptchalib.php');		
		// Get a key from http://recaptcha.net/api/getkey
		$publickey = "YOUR PUBLIC KEY HERE";
		$privatekey = "YOUR PRIVATE KEY HERE";
		
		# the response from reCAPTCHA
		$resp = null;
		# the error code from reCAPTCHA, if any
		$error = null;
		
		# was there a reCAPTCHA response?
		if ($_POST["recaptcha_response_field"]) {
		        $resp = recaptcha_check_answer ($privatekey,
		                                        $_SERVER["REMOTE_ADDR"],
		                                        $_POST["recaptcha_challenge_field"],
		                                        $_POST["recaptcha_response_field"]);
				
		        if ($resp->is_valid) {
		                echo "Succesfully verified that you are human.";
		        } else {
		                # set the error code so that we can display it
		                $error = $resp->error;

		        }
		}	
			
		if (!$resp->is_valid) { // if incorrect captcha code was entered
			$main_smarty->assign('register_error_text', "badcode");
			$main_smarty->display($the_template . '/register_error.tpl');
			return;
		}
	
		$reghash = $_POST["reghash"];
		$mycombo = $_POST["username"].$_POST["email"].$_POST["password"];
		if(generateHash($mycombo, substr($reghash, 0, SALT_LENGTH)) != $reghash){
			loghack('Register Step 2', 'username: ' . $_POST["username"].'|email: '.$_POST["email"]);
		}
	}

	$error = false;
	$error = verify_reg($_POST["username"], $_POST["email"], $_POST["password"], $_POST["password"]); 
	if ($error) return;

	$username=$db->escape(trim($_POST['username']));
	$password=$db->escape(trim($_POST['password']));
	$userip=$_SERVER['REMOTE_ADDR'];
	$saltedpass=generateHash($password);
	$email=$db->escape(trim($_POST['email']));
	if (!user_exists($username)) {
		if ($db->query("INSERT INTO " . table_users . " (user_login, user_email, user_pass, user_date, user_ip) VALUES ('$username', '$email', '$saltedpass', now(), '$userip')")) {
			if($current_user->Authenticate($username, $password, false) == false) {
				$main_smarty->assign('register_error_text', "errorinserting");
				$main_smarty->display($the_template . '/register_error.tpl');
			} else {
				
				define('registerdetails', $username . ';' . $password . ';' . $email . ';' . $return);
				check_actions('register_success_pre_redirect');
				
				header('Location: ' . getmyurl('user', $username));
			}
		} else {
			$main_smarty->assign('register_error_text', "errorinserting");
			$main_smarty->display($the_template . '/register_error.tpl');
		}
	} else {
		$main_smarty->assign('register_error_text', "usernameexists");
		$main_smarty->display($the_template . '/register_error.tpl');
	}
}

Let me know if something is wrong.
eddy.
Attached Files
File Type: php recaptchalib.php (8.6 KB, 312 views)
Last edited by ednet; 08-06-2007 at 05:25 PM.
  #2 (permalink)  
Old 08-06-2007, 12:03 PM
Constant Pligger
  
Join Date: Apr 2007
Posts: 1,042
If this software actually supports the Internet Archive - Wikipedia, the free encyclopedia with its digitalizing effort it´s a fantanstic approach.
  #3 (permalink)  
Old 08-06-2007, 05:28 PM
New Pligger
  
Join Date: Jul 2007
Posts: 3
Screen shot. Recaptcha in action.
Attached Thumbnails
[Mod] Dodging SPAM with recaptcha-submit-step2.jpg  
  #4 (permalink)  
Old 08-06-2007, 05:50 PM
Adaman's Avatar
Constant Pligger/Designer
Pligg Version: v9.8.2
Pligg Template: Custom
  
Join Date: Jan 2007
Location: Scotland
Posts: 101
Look's nice i will definitely give this a try out when i get a moment

Thanks ednet
  #5 (permalink)  
Old 08-06-2007, 06:30 PM
Constant Pligger
  
Join Date: Apr 2007
Posts: 1,042
Quote:
Originally Posted by ednet View Post
Screen shot. Recaptcha in action.
Just to get it right: The wave-like letter order and the line along the letters is added to the original digitalized word, right?
  #6 (permalink)  
Old 08-06-2007, 07:03 PM
New Pligger
  
Join Date: Jul 2007
Posts: 3
Quote:
Originally Posted by tbones View Post
Just to get it right: The wave-like letter order and the line along the letters is added to the original digitalized word, right?
Recaptcha does that automatically.
  #7 (permalink)  
Old 10-24-2007, 10:05 PM
Casual Pligger
  
Join Date: Jun 2006
Posts: 79
Hey, thanks so much for this mod, I'm getting slaughtered by spam, and I'm hoping this will help cut it down a bit.

Unfortunately, I seem to have a problem installing it on Pligg 9.8.2. I followed your instructions verbatim, but when I click on the final step to register I get the following error:

Succesfully verified that you are human.Hacking attempt on Register Step 2

Anyone got any ideas?
  #8 (permalink)  
Old 10-24-2007, 10:47 PM
gen3ric's Avatar
Casual Pligger
Pligg Version: 9.X
Pligg Template: Custom
  
Join Date: Jul 2007
Location: Atlanta, GA
Posts: 91
Wow this has drastically cut down on the amount of SPAM I was receiving to almost none!
  #9 (permalink)  
Old 10-24-2007, 10:54 PM
Casual Pligger
  
Join Date: Jun 2006
Posts: 79
Gen3ric: It's working as advertised for you and you're using the newest version of Pligg? What am I doing wrong... bah!
  #10 (permalink)  
Old 10-26-2007, 01:06 AM
Casual Pligger
  
Join Date: Jun 2006
Posts: 79
Hey, just a follow up to my last two posts, I think the reason it wasn't working with my site (v9.8.2), was this code in the modification:

HTML Code:
<input type="hidden" name="email" value="{$templatelite.post.email}" />
<input type="hidden" name="username" value="{$templatelite.post.username}" />
<input type="hidden" name="password" value="{$templatelite.post.password}" />
As in my install it is:
HTML Code:
<input type="hidden" name="email" value="{$email}" />
<input type="hidden" name="regfrom" value="sidebar"/>
<input type="hidden" name="username" value="{$username}" />
<input type="hidden" name="password" value="{$password}" />
Specifically note the "regfrom" field - something that was missing in the original code for this. Anyway, by not replacing all the text in register_step_2.tpl, and just adding the following PHP (Smartified), it works like a charm:

PHP Code:
{php}        
    require_once('recaptchalib.php');
    $publickey "YOUR PUBLIC KEY"// you got this from the signup page
    echo recaptcha_get_html($publickey);
{/php
Thanks again ednet for contributing this, I hope this works better than the "better_captha_fonts" solution, which still allowed massive amounts of spam through - if this doesn't work, I guess I just need to face the fact that people are actually registering and posting spam links by hand...
Last edited by The Humanaught; 10-26-2007 at 01:20 AM. Reason: oops... had my recaptcha key in there...
Closed Thread
Page 1 of 3 1 23

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode


Similar Threads
Thread Thread Starter Forum Replies Last Post
Spam!!! kaoru5thchild Questions and Comments 12 07-12-2010 05:18 PM
RECAPTCHA for submit fhelik Questions and Comments 47 11-14-2008 10:31 PM
add ads pjeremy90 Questions and Comments 0 11-03-2008 05:49 PM
Spam Report Button w/ Inaccurate Story Label eH9116 Questions and Comments 24 03-09-2008 02:29 PM
Why release 9.9.0 with out spam protection, or e-mail comfirmation? bbrian017 Questions and Comments 14 01-09-2008 12:54 PM


Pligg Modules and Pligg Templates from Pligg Pro Find support on the Pligg CMS Forum - 24 hours a day! Make a donation to support Pligg CMS development