84 Responses to “Captcha for b2evolution, explained”

1 On January 29th, 2005 mikel typed :

works great!! thanks a lot. I will use it in my other blogs too…
I had only to correct the path to root here, img src="authimage.php

greetz
mikel

2 On January 29th, 2005 whoo answered:

mikel,

yeah i saw that, ive fixed it in the directions, thanks

3 On February 10th, 2005 jimmy typed :

It's work fine! Thanks.
But the path of font.ttf may wrong
Maybe should change like this:
$font = "./atomicclockradio.ttf";

4 On February 14th, 2005 Dale typed :

thanks so much I've been looking for a way to do this.

5 On February 15th, 2005 whoo answered:

youre welcome

6 On March 13th, 2005 isecore typed :

it doesn't work!

All I get is "Warning: imagettftext.
Help!

7 On March 13th, 2005 isecore typed :

Never mind, I solved it. Just needed to drop the font in the right directory so my webserver could find it

8 On April 6th, 2005 Mike typed :

I keep getting the following error even though I typed the correct code in:

Cannot post comment, please correct these errors:

Error: You have not entered the correct authorization code.

9 On April 6th, 2005 whoo answered:

Mike,

You've missed something in the directions then.

10 On May 2nd, 2005 Mike (S!) typed :

I rechecked everything and it appears to be correct. Any other suggestions?

11 On May 2nd, 2005 whoo answered:

sure, make your comment_post.php available for me took at.. maybe copy it save it as text file, and upload it somewhere? I'll take a look at it.

12 On May 2nd, 2005 Mike (S!) typed :

Ok, the path to the file is here

13 On May 2nd, 2005 whoo answered:

Mike,

what version of b2evo are you using? According to your header its ..b2evolution 0.9.0.11. However, the file you have there doesnt even have the "standard" b2evo includes at the top…and also doesnt have the "require_once( dirname(__FILE__) . '/../authimage.php' );" in it either.
That must be called for the check to take place.

14 On May 2nd, 2005 Mike (S!) typed :

I'm running b2evo v 0.9.0.11

15 On May 2nd, 2005 whoo answered:

Please read my entire response to the file you made available to me — either you pasted from the original into another file, and ommitted lines, OR that file is incomplete

16 On May 6th, 2005 Juanjillo typed :

Hi.

Y read this and go to try. But i get this error.

[Fri May 6 09:10:28 2005] [error] PHP Fatal error: Call to undefined function: imagettftext()

can you help me?

17 On May 6th, 2005 whoo answered:

Juanjillo,

sounds like your host doesnt have true-type font support installed…ask them if they have that AND GD installed.

18 On August 30th, 2005 Jan typed :

Hi,

I really appreciated this posting. I works fine !

I had to change following things additionally, … making the .php file executible.

Cheers, Jan

19 On August 30th, 2005 whoo answered:

Jan,

Great! Im happy to hear it worked out for you

20 On September 2nd, 2005 Rossputin typed :

Hi there,
Thanks for the GREAT and easy way to add this to my blog.

FYI, it didn't work at first, but I made this change:

You said to add this line:

I removed one period before the first slash, so that it now reads:

And it works!!

Thanks again,
Ross

21 On September 19th, 2005 Arturo typed :

Hi, I tryed to implement this plugin into my blog but something is not working properly.

When I try to leave a new comment I'm able to see the box to enter the code but there aren't any letters beside.

If I go directly to authimage.php I cannot see anything.

Any suggestion?

Thanx

22 On September 19th, 2005 Arturo typed :

It was a path problem

Thanks, anyway

23 On September 19th, 2005 whoo answered:

You're welcome, glad you got it working

24 On December 5th, 2005 Judith G. (S!) typed :

I've installed the hack and it seems to work but there are two problems:
1)There is a button or image that doesn't show up, but rather one of those question marks in a blue box. What is that supposed to be? How can I fix it?

2)I've pulled up the comment section twice on my blog, and both times the verification system asked for the same word. It's not supposed to do that, is it?

Any help would be appreciated!

25 On December 10th, 2005 rebuscador typed :

it's working without problems, and with no headache at all. tenkiu so much.

26 On December 22nd, 2005 Chris Thomas typed :

Hi,

I just read this and implemented it, I got a few errors and suggestions actually.

First the error I have is that if you load the authimage.php file directly, it complains about missing index "type" in the $_GET array, this might be genuinely missing, so I wrapped it like this

if(isset($_GET["type"]){
if($_GET["type" == "text"){
createAICode("text");
etc etc etc
}

that got rid of that error. For me, it only occurs when the page is redirecting from page to page whilst the comment is being posted, but it still comes up as an error for a few seconds and could be disconcerting. I can't find a reason why this would cause a problem, so therefore hiding it removes an ugly and doesnt cause mischeif. W1nn0r!!

suggestion i have is that you could build the enter code using the same method as building the rest of the "form"

in _feedback.php, instead of that "custom" block of code you wrote, inside the you could just do this instead

$img = '';
form_text('code','',40,T_('Enter this code'),$img,100,'captcha image');

doing that, replaces the custom block with just another field, it works too, as I use this myself.

the only ugly I have with it is the layout, the form element doesnt sit right compared with the rest of the form.

but I guess thats a problem for another day.

hope you like it and update your tutorial.

BTW, the image url is "../../authimage.php" NOT "…/../authimage.php" as you have it, please update the tutorial.

27 On December 22nd, 2005 Chris Thomas typed :

oops, in the previous post by me, I state that

if(isset($_GET["type"]){
etc etc

should be

if(isset($_GET["type"])){
etc etc

just testing you!!

28 On January 16th, 2006 Tekime typed :

I found that the authimage.php file contained an extra space after the closing PHP tag. This messed up the header refresh on a successful comment. Deleting the space fixed the problem.

29 On January 17th, 2006 The Ranger typed :

Thanks, m8, this is a fantastic h4ck and exquisitely explained. Would that others could follow your example in the documentation side of things! I am very pleased with it, lets hope it works on those pesky spammers.

It wasn't all plain sailing though. After a bit of struggling I noticed what Rossputin said above about the extra . This tiny thing stopped the whole thing from working until I fixed it. So thanks to Rossputin too.

30 On January 18th, 2006 PittCaleb typed :

Thanks for the hack. The instructions were mostly clear, but I had some tweaking to do in order to get it to work properly and look good. Thanks again.

One user has told me it doesn't look/work right for him, but I can't duplicate the results. This will go a long way in stopping the spamers the block list doesn't catch immediately.

31 On February 15th, 2006 Uli typed :

Tolle Sache! Vielen Dank für die Anleitung, mit den Hinweisen aus den anderen Kommentaren klappt jetzt alles und nun hoffe ich zukünftig von Spam befreit zu sein.

32 On February 15th, 2006 whoo answered:

you're welcome? :?

33 On February 27th, 2006 Mike typed :

It was a bit of a struggle, but I got it to work.

I had to change your

"…/../authimage.php?type=image"

to

"../../authimage.php?type=image"

to get the image to load.

Just one dot made all the difference.

34 On March 4th, 2006 dosdawg typed :

ok i have a serious problem in trying to apply your hack. as with your direction; [The next change displays the captcha and the box for entering the code. Inside all of your skins directories should be a file named _feedback.php. Locate it, open it up, and look for something similar to this:]
this is not true in each of the skins directories, i have the file named _feedback.php, however, it only contains these lines:
" if( !defined('DB_USER') ) die( 'Please, do not access this page directly.' );

/**
* We now call the default feedback handler…
* However you can replace this file with the full handler (in /blogs) and customize it!
*/
require get_path('skins').'/_feedback.php';
?>"

i then looked in the directory "skins" itself, and it doesnt have that line that you want me to search for/ any help on this would be greatly appreciated.

regards,
dosdawg

35 On March 7th, 2006 John (S!) typed :

dosdawg (and others) - things have changed a bit from the excellent tutorial above since the release of b2evo version 0.9.1. Most of it is correct except for the final instruction to change _feedback.php.

In version 0.9.1 you must locate /blog/_feedback.php and NOT the ones under your skins directory.

When editing _feedback.php, look for these lines in that file:

{ // User is not logged in:
?>
<?php echo T_('Remember me') ?> <?php echo T_('(Set cookies for name, email & url)') ?>
<?php
} ?>

After that final line, I inserted the following (just before the /div tag:

" size="28" tabindex="4" />
<?php echo T_("In the box above, enter this code: "); ?>

Please enter the verification code from the image above into the entry area before clicking on Send comment.
Note: if your comment IS rejected you MUST REFRESH the page before trying to submit again!

IMPORTANT: As others have said in previous comments, there's a change in the code where you use ../../authimage.php (two dots in both places) instead of the three dots that was in the original tutorial (since the directory of where _feedback.php changed).

This is an excellent spam-buster. My many thanks to the original authors, I used this script in my older version of b2evo and the difference in spam is amazing.

36 On March 7th, 2006 John (S!) typed :

Sorry guys, hope you are still reading… the stuff I did paste into _feedback.php didn't work in the comments of this blog.

Therefore you can see the code I pasted into _feedback.php by following this link

37 On March 8th, 2006 whoo answered:

Well done John!! Thanks for helping folks out with this!!

38 On March 8th, 2006 Pastor Tim typed :

Thank you, thank you, thank you for this! Finally an end to my spambot problem.

i have one correction to your code above - in the last step

Should be:

(changed the three dots to two dots ".." at the beginning of file path.)

Tim

39 On March 11th, 2006 Steve typed :

Thanx, works good except for path modification on _feedback.php to image file ../.. NOT …/..

Can I change the color and size? Edit the authimage.php?

40 On March 11th, 2006 steve typed :

Thanx!

How do you change size and color?

41 On March 12th, 2006 huseyin typed :

Thanks for this great hack.

Now, i finally get rid of spams foreever.

i am using 1.6-Alpha

i changed the error comment line to

$Messages->add( T_('Supplied URL is invalid: ').$error, 'error' );

42 On March 14th, 2006 medic215 typed :

Thanks! Works great!

43 On March 16th, 2006 iGotNoTime typed :

Thanks for the great work! For future reference to those who have trouble. The extra dot that causes the problem is in the _feedback.php file the last set of code to paste shown in the article.

Also www.name.com/authimage.php will not show anything. To test you must use www.name.com/authimage.php?type=image for the image code to display while testing.

Outside of those two things excellent and foolproof! Thanks for the work.

44 On March 18th, 2006 Sarah typed :

Thank you so much! It took some playing to get the filepaths right, but it works perfectly!

45 On March 19th, 2006 doll (S!) typed :

Thanks! It works great for me, but I do have a question. Is the code that people have to type in going to change? I tested it two times and the code is the same, 'authimage'. Did I miss something here? I am new to all this!

46 On March 19th, 2006 doll (S!) typed :

all my code is when I tested it is "authimage". I receive no numbers and the code does not change. I do not get it. I followed the instructions above and re-did it three times. Can anyone help me? Please?

47 On March 20th, 2006 Darcy typed :

Thank you x10. Easy to follow directions AND it works a treat. These spammers have been getting me down. I'v moved over to WP elsewhere but desperately needed this fix for older blog thanks again.

48 On March 20th, 2006 doll (S!) typed :

Does not work-still getting spammers and I do not appreciate the lack of response to my above question. Thanks. Guess I can assume I should go elsewhere.

Thanks!

49 On March 20th, 2006 whoo answered:

doll,

For starters, your first comment was only submitted this morning.

Second, if you managed to look beyond this post you would know that I have a family member in the hospital. I also work. Consequently, assisting demanding people with their spam problems doesnt top my list of "things I really need to do".

Even if I were to try to help you, you havent provided enough info for me to to do so.

For future reference, if you happen to need assistance with something that is offered free of charge, without warranty, etc..

1. Patience is nice. You are NOT the only person on the planet.

2. Try providing specifics such as text files of the php files that show the edits you have made. The version number of the software you are using is also a help, as would be the output of phpinfo.

3. Patience is nice. You are NOT the only person on the planet. Did I just say that? Guess that means I'm saying it again, huh??

As for other places, feel free. There is a very long thread for this captcha hack on the b2evolution support forums. If that doesnt suit you, fine.

It's no skin off my back.

Have a nice day, and thanks for your patience. Not.

50 On March 20th, 2006 doll (S!) typed :

Sorry about your family member in the hospital. I do hope they get better.

As for patience, sorry, I am short on that when I am deleting up to 1000 spams in my anti-spam when all I wanted to was blog. Is that why you went to wordpress.

Ans btw, if you do not have the time to devote to this, then u should not be in the business of doing it. And that is not skin off my back.

51 On March 21st, 2006 Dominic typed :

Well, I just installed it & it works fine in both IE and Firefox so far. Thanks for creating it, I've been getting spammed to death.

Oh, and Doll? Your attitude stinks. Consider your spam issue as due to karma: you clearly deserve it.

52 On March 21st, 2006 whoo answered:

It is somehow ironic that someone that would surely castigate me in real life would come here demanding that I help them, isn't it?? And that any apology from them after the fact would still be laced with the suggestion that I have somehow done something wrong…

Gotta love those rude Republicans.

As for my switching to wp, I switched because I wanted to. No blog package is immune to spam, it's merely how you deal with it. And for me, that wouldn't vary from package to package.

The changes I've made to my own site are well documented — on this site, on the b2evo forums, and on the wp forums. I use ONE wp plugin to help, and its available for b2evo as well. The rest is all my doing.

53 On March 21st, 2006 whoo answered:

Correction, I use two wp plugins, though one is less known than the other.

Btw, doll, you want a hardened blog that wont get any spam? I take paypal. Though I hear Ann Coulter is looking for a gig too, you can always hit her up.

54 On March 22nd, 2006 Christopher typed :

Thanks! IT worked great, but I also had to change the IMG tag. I couldn't figure out how many '/../' to put so I just changed the src to be src="MyDomain/authimage.php

instead. Thanks for the help!

55 On March 23rd, 2006 Trent (S!) typed :

Whoo,

Thanks for the heroic hack … I read something you said (somewhere) that you use this and "renamed files, for both comments AND trackbacks" to stop spammers that bipass the captcha.

My question is … what do you mean by that? How does one go about changing the file names of comments and trackbacks?

Thanks,
Trent

56 On March 23rd, 2006 whoo answered:

Hi Trent,

Check out this thread on the b2evo forums for info on that ..

57 On March 28th, 2006 Guillermo (S!) typed :

Great hack!

Someone mentioned something about making it fit properly into the layout of the comments form.

Putting together all of the suggestions above (including path fixes) this is how I got it to display just right:

In /skins/ur_skin/skin.css

.authimage { margin: 5px 10px 0 0; }

In /skins/ur_skin/_feedback.php

$img = 'Please enter this verification code before posting comment.
Note: If your comment IS rejected you MUST REFRESH the page before trying to submit again!';

form_text( 'code', '', 20, T_('Type this code'), $img, 6, 'bComment' );

Notes:
1. Firefox doesn't like the 'alt' attribute so we throw in a 'title' attribute just in case

2. While the 'bComment' style makes the imput field huge, it helps align the authimage beautifully.

3. The .authimage class gives it some nice spacing with respect to the input field.

4. The max length '6' limits input to 6 chars. Dunno if having '100' there before served some purpose.

Anyway, I hope these few suggestions help out those crunching to make this fit just right with their comment forms; or at least point them in the right direction.

58 On April 10th, 2006 pisto (S!) typed :

Hi,

thank you (all the contributors to this plugin) for your work.

I am running 0.9.1 and managed to insert the code in the right places (even if I had to improvise a bit).

However, in 0.9.1 a comment can also be added from the backoffice (for example when the Original Poster receives an email with the notice of a new comment and clicks in the direct link to editing).

So when adding a comment from the backoffice is no longer possible because no capcha code is shown and an error arises when sending.

Perhaps some additional editing should be performed in one of the files under the /admin directory.

I would appreciate any insight

59 On April 16th, 2006 Prashant P. typed :

Path of font.ttf may be wrong

Use this as someone suggested above

$font = “./atomicclockradio.ttf”;

60 On April 16th, 2006 Prashant typed :

It’s work fine! Thanks.
But the path of font.ttf may wrong
Maybe should change like this:
$font = “./atomicclockradio.ttf”;

61 On April 18th, 2006 doll (S!) typed :

Sorry for my previous rudeness. No excuses. I am sure no one would care anyways even if I had a good reason for being miserable. lol! And I don't blame anyone.

I wanted you to know that I could never get it to work. So I took out the trackback.php and altered the template to remove the comments section.

I then inserted the Haloscan script that is used for Wordpress and it has worked great for me. I did not even have to alter the the script for b2evolution.

So if anyone wants to do this, it works and illimates the spam. But I still keep my anti-spam up to date. However, no more comments or bizarre trackbacks.

Thank you and again, I do apologize.

Doll

62 On April 18th, 2006 whoo answered:

No worrys Doll. You are successfully thwarting spam, and thats all that matters.

63 On April 30th, 2006 Scott typed :

Well, I doubt I'll post this right, but I made a few changes to make it work better on my blog and thought I'd pass the tweaks along.

In the second change to the comment_post.php I removed this:
if (strlen($code) < 6)
$code = '';

It caused an error, and seems to be redundant.

In the _feedback.php My code ended up looking like this:

$comment_img_note = 'Enter this verification code in the field above to comment: NOTE: If your comment is rejected you must refresh the page to generate a new code before resubmitting!';
form_text( 'code', '', 40, T_('Type this code'), $comment_img_note, 6, 'bComment' );

I put this in the "User is not logged in" section. That way I never have to do it, and it avoids any backend changes.

64 On May 1st, 2006 Walt typed :

Hi, I've tried to set this up as described, including changing the three dots to two in the path, but its not working.
What else do I need…? Thanks!

65 On May 1st, 2006 Walt typed :

(nevermind, can delete previous comment(s) — upgraded the gd package on my RHL server and it works now.)

66 On May 2nd, 2006 Scott typed :

I just had a chance to look @ my posting above … I was right, it didn't show up right.

I put the image link between "comment:" & "NOTE:" in the _feedback.php. I used a float left to put it where I wanted it.

67 On May 3rd, 2006 Scott typed :

Another update…

I surrounded the second chunk of code added to the comment_post.php with a:
if( !is_logged_in() ){}

That fixes the problem of it continuing to prompt if you're logged in.

68 On May 3rd, 2006 Guillermo (S!) typed :

I took a different approach and used:

if ( (!checkAICode($code)) && (! is_logged_in()))
errors_add( T_('Error: You have not entered the correct authorization code.') );

This works fine for me.

69 On May 5th, 2006 Scott typed :

Yes, that would work too. The only difference is that yours tries to verify the code no matter what, whereas mine only does it if the poster isn't logged in. While it seems a small difference, on a high volume site or busy server it could make a difference because of additional processor overhead.

70 On May 13th, 2006 Jeff typed :

It works great. Thanks for taking the time to publish this.

71 On May 23rd, 2006 GA (S!) typed :

I'm trying really hard to make this spam hack work. (Whoo - I appreciate your work…big time) However I've read and re-read all of the suggestions and additions and still have some probs.
Using version 0.0.9.12 - I've got the authimage .PHP code box appearing OK after altering the /skins/feedback.php

In the comment_post.php the second code alteration seemed to be causing an error - so like Scott I tried removing the line;

if (strlen($code) < 6)
$code = '';

this seemed to work and after typing the correct random code from the box - a comment can be made. However if the code is incorrect the following error appears

Fatal error: Call to undefined function: ��������errors_add() in nospam/comment_post.php on line 88

Shouldn't the error message read;

Error: You have not entered the correct authorization code ??

## comment edited by whoo ##

72 On May 23rd, 2006 GA (S!) typed :

Re my last enquiry
the error msge

Fatal error: Call to undefined function: ��������errors_add() in /blog/nospam/comment_post.php on line 88

'nospam' is the htsrv folder

## comment edited by whoo ##

73 On May 23rd, 2006 whoo answered:

GA,

I edited your posts above since your paths were breaking my comments..

Unfortunately im on my way out the door to work, so I cant begin to troubleshoot what you have done. I will take a closer look tommorow.

Hope that helps some.

74 On June 9th, 2006 Lena typed :

w00t! Just what I was looking for…..thanx!!

75 On June 15th, 2006 Michael typed :

After a bit of tweaking, I got the CAPTCHA code working and it's already cutting down on the comment spam I was getting. Thanks for the good work.

76 On June 19th, 2006 m³ typed :

very nice code, easy to setup & working good
thank you!!!

77 On June 28th, 2006 Mike Blamires typed :

Excellent work, slotted into v 0.9.0.12 very nicely. Keep it up

78 On July 4th, 2006 GigoIt (S!) typed :

Thought you guys might like this.

GigoIt's HumanAuth is based off the ideas presented by KittenAuth.com. HumanAuth supports ADA and Section 508 requirements, increased security and includes watermarked images with random positioning. HumanAuth ensures that an actual human is using your site without forcing them to read distorted CAPTCHA text.

http://www.gigoit.org/humanauth/

79 On July 4th, 2006 whoo answered:

Ive seen that before, its VERY cool, actually since it appears you just put this together it must have been kittenauth, still very cool.

Lockbuch

Publizistik in Berlin

the stavros messinis weblog » Blog Archive » NewsAgent - I Killed the Spambots

Live & Direct from Nowhere in Particular... - SPAM-be-gone!

Weblog von Christian Ege - Captcha Support aktiviert