SecurityImages5.0.X

From Walter Cedric Wiki
Jump to: navigation, search


Contents

Presentation

Security images (captcha) are dynamically generated images containing hard to read text, it is using a combination of font colors, font size, fuzzy background, font angle in order to disallow computer to automate reading (and so limit spamming).
The user (a human) has to reproduce all character correctly before being allowed to post.

Attention

  • Securityimages 4.x was developed for Joomla 1.0.X and WONT work in Joomla! 1.5.X
  • Securityimages 5.x was developed for Joomla 1.5.X and WONT work in Joomla! 1.0.X


Compatibility matrix
Joomla! 1.0.X
Joomla! 1.5.X
Securityimages 4.x
YES
NO
Securityimages 5.x
NO
YES


See it in action

Up and running on my DEMO2 (Joomla! 1.5) server (refresh every 30 minutes!)

Image:Demo2_waltercedric_com.jpg

Use the main menu entry "Contact" or look at the login/register/lost password function of Joomla!

Get more info

I am assuming the development and all articles tagged with SecurityImages5 can be found at

http://www.waltercedric.com/component/tag/securityimage5.html

Installation

Checking prerequisites

See SecurityImages server requirements

Download

Using the right version

Architecture

SecurityImages is a component which has no frontend, it is really a framework that is able to create different kind of captcha and hide the complexity for 3rd party component/plugin that may use it.

SecurityImages use a System Plugin which can return images. Unlike in SecurityImages 4 the coupling has been reduce and use event system of Joomla! 1.5. This mean that it is not any more required to have a direct access to php file (ImageGenerator.php for example) for creating a picture. All requests are now going through the main controller of Joomla! and this is also better form a security point of view. The previous architecture (securityimages 4) was more a hack than anything else.

Installation

Starting with SecurityImages 5.1.0, the system plugin is now part of the component, it is installed and published automatically when you install my component. It is also remove automatically when you remove the component.

So SecurityImages 5.0 require you to install

  • The component com_securityimages5.0.0RC1.zip
  • The system plugin plugin_system_securityimages5.0.0RC1.zip
  • (OPTIONNAL)Joomla patches for example: Joomla_1.5.7-Stable-Full_PackageForSecurityImages5.0.0_v01.00.00.zip, see chapter Using SecurityImages in Joomla section

While SecurityImages 5.1.x require you to install

  • The component securityimages-5.1.0.zip
  • (OPTIONNAL)Joomla patches for example: Joomla_1.5.6-Stable-Full_PackageForSecurityImages5.1.0_v01.00.00.zip, see chapter Using SecurityImages in Joomla section

Validating install

Security Images is able to check some common installation errors, and report/check some of its fuinctionnalities. Use the menu entry "Check Your System"

CheckYourSystemSecurityImages5.png


Using SecurityImages in JOOMLA! sections

Foreword

In order to Allow login views, login modules, register, lost password, lost user account and contact section to be protected by SecurityImages, you have to dowload a patch. This is because Joomla! do not provide a way to plug 3rd party functionalities in forms (like an event system, where SecurityImage could be called). So You'll have to overwrite some core File of Joomla! and trust these patches are they are not coming from Joomla!

So

www.joomla.org

www.waltercedric.com

Joomla standard install
Overwrite files on your server with
Securityimages Patches
= Protection against spammers

Note: Joomla 1.6 will have an event oriented system to allow captcha in any forms, so when it will come out, securityimages wont require this kind of hack to work properly!

What contains the patch?

Compare to Joomla! original version, I only altered 14 files, mostly

  • Joomla! views: where the captcha is displayed
  • Joomla! controller com_contact/com_user controller  where the Captcha challenge is checked

click on picture below for more details

Patches.altered.files.gif

Attention

Use the right version of the patches!

  • Example for Joomla 1.5.2 use Joomla_1.5.2-Stable-Full_PackageForSecurityImages5.0.0_vxx_yy_zz.zip
  • Example for Joomla 1.5.3 use Joomla_1.5.3-Stable-Full_PackageForSecurityImages5.0.0_vxx_yy_zz.zip

Starting with SecurityImages 5.1.X, these patches have change as you have now the possibility to switch ON/Off captcha in some section while in other not.

  • Example for Joomla 1.5.3 use Joomla_1.5.3-Stable-Full_PackageForSecurityImages5.1.0_vxx_yy_zz.zip


Download Joomla! patches

  1. Joomla! 1.5 patches have now their own category in my version manager, You may also want to register the RSS of that category, Download patches HERE
  2. Joomla! 1.0 patches have now their own category in my version manager, You may also want to register the RSS of that category, Download patches HERE

Installation procedure

  1. Unpack the zip file locally, it is NOT containing any Joomla installer facility
  2. Transfer these files by overwriting files on your server with FTP or SCP, I recommend WinSCP
  3. Go to Joomla! Site - Global Configuration -  under the tab System

SecurityImages5ActivateJoomlaPatches.png

  1. Even if it is already on Yes, HIT at least SAVE configuration once, this will add a new boolean value (true or false) in Joomla! configuration
    for using SecurityImages.

For the Contact section,

You can activate SecurityImages on a per contact basis: some contact may have a capctha to eneter to get in touch while for other not. You'll have to edit these contact and set "use securityimages" to yes in the right panel, see below:

SecurityImages5PerContactActivation.png


Switch SecurityImages ON/OFF per section

Starting with SecurityImages >= 5.1.0 Joomla! Patches are now fully configurable

You can decide to activate captcha on some area or not, but it require you  to install new patches Joomla_1.5.x-Stable-Full_PackageForSecurityImages5.1.0_v01.00.00.zip

Note the version PackageForSecurityImages5.1.0''''

InSecurityImages control panel under the tab "General Settings",

Securityimages5.1.0.joomla.patches.png


3rd Party integration

Virtuemart 1.1.3 + Joomla 1.5.9 + SecurityImages 5.1.1

Go to yoursite/administrator/index.php?pshop_mode=admin&page=admin.user_field_list&option=com_virtuemart

Virtuemart.securityimages.png


Add a new field! (Add / Edit User Fields)

Virtuemart.securityimages.2.png


Result

Virtuemart.securityimages.3.png

Some Words on regression testing

This features is made for developer that quickly want to test any code changes against a set of test, to avoid regression. A normal user should not try the following.

Regression testing with Selenium ([1]).


Selenium IDE

Selenium IDE is an integrated development environment for Selenium tests. It is implemented as a Firefox extension, and allows you to record, edit, and debug tests. Selenium IDE includes the entire Selenium Core, allowing you to easily and quickly record and play back tests in the actual environment that they will run.

Selenium IDE is not only recording tool: it is a complete IDE. You can choose to use its recording capability, or you may edit your scripts by hand. With autocomplete support and the ability to move commands around quickly, Selenium IDE is the ideal environment for creating Selenium tests no matter what style of tests you prefer.

Features:

  • Easy record and playback
  • Intelligent field selection will use IDs, names, or XPath as needed
  • Autocomplete for all common Selenium commands
  • Walk through tests
  • Debug and set breakpoints
  • Save tests as HTML, Ruby scripts, or any other format
  • Support for Selenium user-extensions.js file
  • Option to automatically assert the title of every page

Preparing SecurityImages

This is now possible thanks to a new switch in administrator panel.
This put SecurityImages in such a state that it will accept all user submissions if they enter 'test123'.
This mode is only useful for regression testing using automated tools. This mode is required because
there is otherwise no way to recognize the captcha without huge CPU cost.

Image:securityimages5.0.0RC1_thumb.png

DONT USE FOR PRODUCTION SITE. This is only useful for developer or person wanting to judge the
quality of the version. Selenium tests are located in a zip file name securityimages_selenium.zip located in
administrator\components\com_securityimages\selenium\securityimages_selenium.zip

To start Selenium Test cases, there is currently many ways (PHP, Java, HTML). The most easiest for End-user
or amateur is to use Selenium IDE (a Firefox plugins),

Prerequisites:

  • All tests are trying to log to admin panel if needed using the login/password admin, will avoid that in a future version
  • All tests are made for testing hncaptcha, but still try to create images using all other plugins



How To start testcases

  1. Install the plugin for Firefox download now
  2. Un compress all testcases from zip securityimages_selenium.zip
  3. Start the plugin by going to Firefox menu Tools - Selenium IDE
  4. A floating windows open, go to Menu File - Open Testsuite
  5. Open the file securityimages.testsuite
  6. Adapt the Base URL to point to the root of your Joomla installation
  7. Run all tests or only a bunch


Developer Corner

Integrate securityImages into your 3rd party component

  • Want to integrate securityImages into your 3rd party component?
  • Want to understand how it was done?
  • Have issue with an old component and you are forced to hack the code to make it work?

Look not further, see Migration SecurityImages 4.X to SecurityImages 5.X how to


Develop you own securityimages for Joomla! patches

I often release patches a few days after every Joomla! release. With Joomla1.6 they may be an event system in place that will avoid to hack Joomla! core (Hopefully). If you want to know how these patches are produced, or make your own, just read this small howto. Just in case I take too much time to deliver a ready to use download, duration 5 minutes, but you need to understand basic php coding


Create a temporary directory c:\patch


Copy an existing patch distribution, under a new name.
For example, lets download Joomla_1.5.13-Stable-Full_PackageForSecurityImages5.1.x_v01.01.00.zip and copy it under c:\patch\Joomla_1.5.14-Stable-Full_PackageForSecurityImages5.1.x_v01.01.00.zip

 

Download the latest full zip package of Joomla that target the patch (here 1.5.14), so I download Joomla_1.5.14-Stable-Full_Package.zip and save it in the same directory c:\patch\

 

Now download a free trial copy of Beyond compare from www.scootersoftware.com and install this great application

 

Select the 2 zip files, and right click “compare”

 

Now it is like a game, on the left side, you have you patch that need to be updated with the latest Joomla! core changes, just edit every file present on the left and update line that are new or changed till you are finished. Luckily there is only 14 files to merge

 

Test the result in a Joomla test instance.


I do this for you at each release of Joomla!


If you ever find any errors, bugs or want new features...

Use the forum

Image:Forums_waltercedric_com.jpg

How TO

How to create patches yourself for RocketTheme templates

Note: i'll do this for you, but you'll have to send me the template per mail first. Since most of the RocketTheme  templates are commercial, and I will send it back to you patched.

Example patching ja_purity_template.zip

  1. Download beyond compare and install (trial 30 days) from http://www.scootersoftware.com/
  2. Download an existing patches for joomla! Joomla_1.5.20-Stable-Full_PackageForSecurityImages5.1.x_v01.02.00 from http://www.waltercedric.com/joomla-releases-mainmenu-269.html?QUERY_STRING=#Joomla!%201.5%20patches

Select both files

  • Joomla_1.5.18-Stable-Full_PackageForSecurityImages5.1.x_v01.02.00
  • ja_purity_template.zip

Right click and select compare

move to ja_purity_template.zip\template\ja_purity\html in the left windows and right click, select "Set a base folder", do the same in the right windows and select "components" and right click, select "Set a base folder"

RocketThemeForSecurityImages001.PNG


Now move to each file, you'll see that Rocketthemes is overriding internal file of Joomla! (this is allowed), select on rigth side a file default_form.php and right click "compare to" (or click F7), select on the other side the same file name at an equivalent position in file system

RocketThemeForSecurityImages002.PNG

You see now the differences, the objective is to copy some part of the left side into the right side, select code on the right side and click the arrow to copy a block of code,

RocketThemeForSecurityImages003.PNG

If you succeed, carefully copying the code, you ll have a RocketThemes (or any other templates) patched for securityimages

If you cant do this, remember ill do it for you!

FAQ

Captcha Image Size (width and height)

The image size of generated Captcha can be changed:

If you play with HNCaptcha plugin parameters, you ll see the following 2 parameters

  • min integer: minimal size of chars
  • max integer: maximal size of chars

Instead of min: 20 and max: 20 try 8 and 8 the resulting images will be 40px X 19px

How to remove the text SECURITYIMAGES LABEL

I deliver for this software the english version, so if you use german or any other languages, you'll to edit and add manually this key in you languages pack. So for example for the english version of Joomla! I did change these 3 files

  • languages/en-GB/en-GB.mod_login.ini
  • languages/en-GB/en-GB.com_user.ini
  • languages/en-GB/en-GB.com_contact.ini

Add the following 2 keys ad change the text after the equal (=) to what fit best for your site/languages/space

SECURITYIMAGES LABEL = Anti-spamming protection:
SECURITYIMAGES REJECT USER ENTRY = Invalid Captcha word, Please enter the correct value you see in picture

I follow each and every step listed in the Wiki to install the software and patches but can't get the captcha showing in my front page registration

Check first that you did upload my Joomla! patches correctly...

Open the file

  • components\com_user\views\login\tmpl\default_login.php   OR
  • components\com_user\views\register\tmpl\default.php

and search for
<!-- add by www.waltercedric.com to protect the form -->
if you find this string, then patches are correctly deployed, use the forum. If not you did not deploy patches at the right place. Reupload and try to find where the previous upload was done :-)

No captcha on login and registration. with the template rhuk_milkyway it work but not with the template Beez

Some templates now override some if not all views of login, register, contact and this to provide an uniform output and theming. My patches are for joomla! views and can not patch all templates out there without a proper hook in Joomla! (may come in Joomla 1.6)

Beez

You can solve this problem with the override function of the template beez. Copy the patch files "index.html" and "default.php" from the components folder com_user/register in (Joomla! 1.5 patches 1.5.14)to the following location: /templates/beez/html/com_user/register. You ll see captcha now in registration form with template Beez

All other templates(JoomlArt, RocketTheme, ...)

you ll have to manually sync the patches for Joomla! into the templates views, see http://waltercedric.com/joomla-mainmenu-247/339-joomla-15/1798-how-to-patches-rocket-themejoomlaart-templates-for-securityimages.html


How can I change the size of the image on the startsite? Is there an option?

It first depend where

  • login module
  • register page
  • contact

and which plugin you use.

  • core,
  • hncaptcha
  • freecap

You have to understand that every plugin generate an image that is different in size and related to how the plugin choose fonts, orientation.

There is always a way to copy a plugin in the backend (files are all located in /administrator/components/com_securityimages/pluginsA/xxxx/y.z/*.php) and make a code fork. that mean opening the PHP code and hardcoding the size of pictures to a certain size...

I see 2 options, either

  • I create a plugin with a very small plugin tuned for login,
  • I let user for each plugin decide of the pictures output size,

In both case it would be good to also let the user decide which plugin he prefer to use by section...

  • for module login: calculator
  • for register page: hncaptcha
  • etc...

I will prepare this for the version 5.1.1 of securityimages. In between use calculator plugin which is small enough to be use in the module login.

I uninstalled SecurityImages, and yet there are still references to it in some of my Joomla 1.5 files. Is this due to the patch? How can I get back to where I started?

Securityimages can not be removed so easily as It require you to overwrite some core files of Joomla. Normally you should not get any error, as the joomla core was patched in such a way that if securityimages is not present the code dont get triggered.

So the code was made in such a way that you can deinstall securityimages without breaking Joomla. If you still want to get rid of the patched core file, just reapply from a fresh joomla install (the right version of your Joomla! install) and overwrite (FTP or SCP) ONLY these 14 files

Patches.altered.files.gif


How to avoid the text: do NOT enter the text this site is not waltercedric

Look in admin panel these are settings per captcha plugins...you can change the text there. Using your site URL is recommended

Inorder tp avoid the free porn attack (a man in the middle attack):

Another example of a non-cryptographic man-in-the-middle attack is the "Turing porn farm." Brian Warner says this is a "conceivable attack" that spammers could use to defeat CAPTCHAs.[2] The spammer sets up a pornographic web site where access requires that the user solves the CAPTCHAs in question. However, Jeff Atwood points out that this attack is merely theoretical — there is no evidence that any spammer has ever built a Turing porn farm".[3] However, as reported in an October, 2007 news story while perhaps not being a farm as such, spammers have indeed built a Windows game in which users type in CAPTCHAs acquired from the Yahoo webmail service, and are rewarded with pornographic pictures.[4] This allows the spammers to create temporary free email accounts with which to send out spam.
from http://en.wikipedia.org/wiki/Man-in-the-middle_attack

I am getting a message Reload Limit Exceeded / How to increase the maximum number or reload captcha

The setings is for all Captcha plugin (core, freecap, hncaptcha, calculator, ...) You will find a setting "reload captcha count" in the joomla system plugin"securityimages"

Default is 10 meaning a user with a Joomla session can only ask 10 images, you can increase this value


How change the text: Enter what you see, tips ..., error messages

Q:Where(file name) should I change the text?
These are the text I want to change:
1:Enter what you see:
2:tips: hit Reload page before writing a text if you have difficulty reading characters in image
3:Login has been refused by anti spamming system (securityimages)

A: Depend where you are using captcha...

  • Contact translations are in \language\en-GB\en-GB.com_contact.ini at the end of file
  • Login module translations are in \language\en-GB\en-GB.mod_login.ini at the end of file
  • Register, lost password, confirm registration translations are in \language\en-GB\en-GB.com_user.ini at the end of file

Note: that by applying a Joomla! patches, your changes may be overwritten, I will try in next version 5.1.1 to be less intrusive toward Joomla! and avoid ALL manual patches...




I use securityimages in my administrator login page, but now I can log anymore

either I do not see any capctha (server host settings), nor can read it (you did not set up a captcha that can be read), or there is a bug in my code

Workaround: edit with any FTP the file

administrator/components/com_securityimages/config.securityimages.php

and toggle the right switch from "1" to "0", see below for some of them, but there is a lot more

$securityImagesUseInAdminLogin = "1";
$securityImagesUseInContact = "1";
$securityImagesUseInAkobook = "0";
$securityImagesUseInAkocomment = "0";
$securityImagesDisplayAuthorBacklink = "1";

Plugin is missing! please install additionnal file: plugin_system_securityimagesX.Y.Z.zip

Before version 5.1.1 (for Joomla! 1.5)  the plugin was mandatory to be installed with the component. So for proper operations, both files:

  • securityimages-x.y.z.zip
  • plugin_system_securityimagesx.y.zip

has to be installed.

Starting with version  5.1.1 of securityimages, th plugin get installed in the backgroung AND is published automatically during the component install.

How to check if you have this error

When I check in administration section my system I can see one error in red: Verifying that you have installed the system plugin to create CAPTCHA
Plugin is missing! please install additionnal file: plugin_system_securityimagesX.Y.Z.zip

That the system plugin "SecurityImages.php" is installed and published at /administrator/index.php?option=com_plugins

How to correct this issue

  1. Check that all path are writable by joomla prior to install by going to page   "Help" - "System Info" or pasting to the url the following  /administrator/index.php?option=com_admin&task=sysinfo
    Joomla.directory.permissions.png

  2. deinstall securityimages
  3. reinstall securityimages and check that plugin is this time properly installed at /administrator/index.php?option=com_plugins




500 - An error has occurred.
View not found [name, type, prefix]: securityimagesadmin,html,securityimagesadminView

The system plugin SecurityImages is not published or was installed automatically ad correctly during install of the main component.

If I want to uninstall Security images how can I also remove the Joomla patch I applied?

Reapply the latest full version of Joomla! on your site, It will also remove all hack or change you have done to the core Joomla! files. It is always bad to alter core file, and securityimages should not do that. At the moment there is not any better solution. If you want to minize any losses of your changes in some core file, you can just override these files manually

When I update Joomla to a newer version should a new patch be installed?

Yes and no depending if the latest Joomla! override the same files I did change for integrating SecurityImages...It is always better to aplly the new patches for the correct version of JOomla!, download is here:

  1. Joomla! 1.5 patches have now their own category in my version manager, You may also want to register the RSS of that category, Download patches HERE
  2. Joomla! 1.0 patches have now their own category in my version manager, You may also want to register the RSS of that category, Download patches HERE


Change SecurityImages text

You can change the default text by editing the following files at /language/en-GB

  • en-GB.com_contact.ini
  • en-GB.com_user.ini
  • en-GB.mod_login.ini

Version History


SecurityImages 5.1.0 to be released

put your features request here

BUG: images don't showup on NO-SCRIPT websites (mootools removed from template)Feature request:Disable javascript on the frontend

SecurityImages 5.0.0RC1

See HERE www.waltercedric.com/joomla-mainmenu-247/304-securityimages/1317-securityimages-500rc1.html

Securityimages 5.0.0Beta3

<a href="http://www.waltercedric.com/joomla-mainmenu-247/304-securityimages/1305-securityimages-50-beta3-available.html">See HERE</a>

BUG: In Edit General Settings - General, the very first option does not have any label.
BUG: The contact page (in the case of false entry) was showing errors
NEW: More check in Check System page at administrator
NEW: you can now give the size of the captcha for the core plugin. This feature was present in SecurityImages 4.0.X but was lost in translation to SecurityImages 5.0.X
BUG: the reload button was not working properly, in fact only once, this is due to the cache of Joomla! 1.5, solved by adding a timestamp to images URL.

Securityimages 5.0.0Beta2

From a design point of view, SecurityImages do not come anymore with patches in his code, every 3rd party developer will have to develop and learn how to use SecurityImages 5.0. But coupling is greatly reduce because it use Joomla! events triggering system.
Joomla! patches are different, I have to maintain them because the core is not meant to be extended in every forms.

ISSUE: Check for latest version causes a 500 internal server error. Wont be solved, that is simply the version manager of soeren (Virtuemart) which is not running with Joomla! 1.5 and not installed on www.waltercedric.com
I will have to wait for Soeren new version or translate his component on myself
ISSUE: reload button is not working, also not always ;-), I am investigating this issue!


NEW: Core don\\\\\\\'t use the database anymore to store captcha but session.
NEW: simplified API for checking captcha
NEW: add reload button in Check Your System menu
BUG: solving logging inclusion (logUtils.php). It was incorrect as soon as you use SecurityImages embedded in another component or module.
NEW: development of Joomla! 1.5 patches and tests with Beta2, see next post

Securityimages 5.0.0Beta


see HERE <a href="http://www.waltercedric.com/joomla-mainmenu-247/304-securityimages/1287-securityimages-50-beta-for-joomla-15.html">www.waltercedric.com/joomla-mainmenu-247/304-securityimages/1287-securityimages-50-beta-for-joomla-15.htm</a>