Recent Topics

1 Jan 29, 2005 01:13    

I finally got around to writing up how to do it. It wasnt nearly as hard as I expected, and in fact, I was able to simplify it some.

The permalink to the tut is @ http://www.village-idiot.org/archives/2005/01/28/b2evo-captcha-explained/

inside authimage.php you will find


$background_color = imageColorAllocate($im, 209, 252, 214);
$text_color = imageColorAllocate($im, 0x00, 0x00, 0x00);

you can change the background color and font color there.

2 Jan 29, 2005 01:30

nice one :D

but your solution has the same problem as many, many captcha-modules. if somewrites a real, real long comment and makes a mistake with the captch-code (for example thinks a I is a l ), well, i guess you understand what i mean ;)

3 Jan 29, 2005 06:30

yes, and thats precisely why I recommended the onsubmit javascript -- I use it right now, and it reminds people to doublecheck it

this code is specific to my wordpress but anyone familiar with b2evo could figure this out for b2evo

script:


<script type="text/javascript" language="javascript">
	function verify(){
    	msg = "Have you entered the security code?";
    	//all we have to do is return the return value of the confirm() method
    	return confirm(msg);
    	}
	</script>

on the submission:

 
<form action="<?php echo get_settings('siteurl'); ?>/vi-comment.php" method="post" id="commentform" onsubmit="return verify();">

---

as for confusing I for 1, what I did was remove the alphabet entirely, except for A from the array that calls it-- commenters are left with numerics, and an A ... The idea wasnt to make it unduly difficult for humans, just to throw off spammers.
1.2.3.4.5.6.7.8.9.0 hard to mistake them for each other :) If the php file I put in the zip isnt already set up like that, I can paste the simple change, if anyone is interested.

i have had the chance to see this installed on someone else's site -- the authimage.php inside the zip is the one like I described above -- so there is no I vs. i problem B)

4 Feb 02, 2005 04:36

Hi Whoo

Great hack!! Works a treat.

As far as the verify script and placement of the trigger is concerned, I am a doofus (?) when it comes to the things, can anyone help with the right code for B2E?

Thanks again Whoo.

gacjezv

5 Feb 02, 2005 06:35

your welcome gacjezv !!

If someone doesnt hook you up this evening with what you need to do the the onsubmit, Ill post it tommorow for ya :)

6 Feb 04, 2005 16:24

This may be a lame question, but if it is, so be it.

I'm not quite hip enough to fully grasp the concept of trackbacks, which is what spammers have been getting me with lately. Would this script help prevent trackback spam?

BTW, I'm aware of the rel="nofollow", I'll probably try to implement that over the weekend.

Just trying to do everything I can to protect my site.

Thx,
Chris

7 Feb 04, 2005 17:38

short answer: no it will not.

8 Feb 05, 2005 02:33

lenwood wrote:

BTW, I'm aware of the rel="nofollow", I'll probably try to implement that over the weekend.

Just trying to do everything I can to protect my site.

rel="nofollow" will not protect any site from being spammed, believe me.

10 Feb 08, 2005 01:02

well, it does require GD be installed..

make a file call it something that ends in .php :P and put this in it:


<?php
phpinfo();
?>

open that page and make sure you have the GD libs installed.. you should see a large Header with GD and all the stuff under it.

http://www.village-idiot.org/gd.png

If not, thats your problem.

If you do have it enabled than something got missed when you followed the instructions.. this is not skin dependent, and I know the code works, as many people have it working already :)

11 Feb 08, 2005 05:32

Thanks for a quick reply. Dang, that's my problem. Can you tell me, is this something that I should be able to install, or do I need to ask my webhost about it? I'm not very familiar with PHP.

Thanks,
Chris

12 Feb 08, 2005 18:30

Your host will have to deal with this one. Why on earth would a host disable GD. It's in most linux / unix's default install...

13 Feb 11, 2005 06:09

Nice hack, Thanks whoo.
But I have a question, how to avoid the warning code?

Warning: session_start(): Cannot send session cookie - headers already sent by (output started at /var/www/pub/htsrv/comment_post.php:1) in /var/www/pub/authimage.php on line 23

Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /var/www/pub/htsrv/comment_post.php:1) in /var/www/pub/authimage.php on line 23

14 Feb 11, 2005 09:58

Delete any whitespace at the end of comment_post.php.

The output headers error on any file generally means that there is whitespace (blank lines) at the end of a file.

15 Feb 11, 2005 13:05

Thanks, Graham. I've check the file comment_post.php, no white space or blank line befor tag <?php and after tag ?>.
The warning message disappear when I remove the plug-in captcha .

In captcha, there is a function createAIcode

1 function createAICode($type)
2 {
3  $code = randomString('alpha');
4 
5  session_start();
6  $_SESSION['aicode'] = $code;
7  $_SESSION['aicheck'] = 0;
8 ...


When I remove line 5 session_start(), warning message disappeared, but the code wouldn't work.

16 Feb 11, 2005 13:22

graham's suggestion would have been the one i would have given, jimmy. other than that..

17 Feb 12, 2005 04:37

Thanks whoo~ I 've double check what you say, but still have warning message. Maybe I'll modify some code, and report here.
thanks again. :)

18 Feb 12, 2005 07:41

jimmy: did you save the files with utf-8 encoding?

If so, re-save all the files with iso-8859-1 encoding.

I've been fighting encoding issues all day. Here's the nutshell: utf-8 with BOM adds two invisible characters to the beginning of files, so header() doesn't work.

Hope this helps!

19 Feb 12, 2005 07:55

Yes you are right, danielmorrison!
I re-save comment_post.php with iso-8859-1, it works! :lol:

thousands of thanks!

20 Feb 13, 2005 05:03

hello,
I found some insteresting fonts on http://www.1001freefonts.com/ , and zipped file are [url=http://www.j2.idv.tw/media/fonts.zip]here[/url].
Then I changed some code to select random font to prevent spammer. You can [url=http://www.j2.idv.tw/media/authimage.php.txt]download the authimage.php I changed[/url] or check it below:

In function createAICode(), I add it before $font= fontpath

switch($ranfont){
	case 0:
		$fontpath="3dlet.ttf";
		break;
	case 1:
		$fontpath="zurklezs.ttf";
		break;
	case 2:
		$fontpath="zitcream.ttf";
		break;
}
if ($type != "text") {
    $font = "./font/".$fontpath;

....


You can see the result [url=http://www.j2.idv.tw/authimage.php?type=image]here[/url], then reload, reload and reload...

I also change somthing in function checkAICode(), but it isn't important, you can avoid it.

21 Feb 13, 2005 06:23

hmm, interesting idea though i find those to be excessively hard to read..

Ill be honest, I havent had a single piece of spam get through it as it is now, and Ive had my share of spam attempts.

thats primarily why i changed the code to remove letters that might be easily confused with numbers, etc.. a simple spam solution doesnt need to be hard on humans to work

22 Feb 13, 2005 11:10

Why i changed the code is because after I install the plug-in, still has several spam comments through it. Maybe I changed the font-size and it is too small.
Otherwise, your suggestion is right, use simple solution and doesn't confuse people who really want to leave comment. So I remove a hard readable font, hope it won't confuse people.

whoo, thanks for your code and suggestion, hope you nice.

23 Feb 13, 2005 11:27

you might check your logs --though rumor has it that some bots are getting past captchas.. I know for a fact, not rumor, that many bots bypass archive (pages with comment forms on them) pages completely, and simply make the post to the page directly.*

Ive already mentioned atleast once on these forums the suggestion of renaming the default pages ..

my personal strategy:

1. captcha
2. renamed files, for both comments AND trackbacks

i get NO spam doing this.

--

on an aside, I think I also mentioned handling my niece's advanced guestbook spam in a similar fashion-- i renamed the page that posts were made to, the result was a completie cessation of spam.

The other night i put the guestbook back the way it was by default -- consequently the http_post page went back to the expected name. The result was spam within 5 minutes of the switch.

---

* http_post requests can be done via any form, if created properly, and can call a page directly, without going through a middleman page such is the case with both b2evo and wp.

24 Feb 13, 2005 14:09

Oh, i see! After your reminding, I understand I got wrong way to solve the spam comment problem. You are right, people can make the same form easily and without pass through *my comment_post.php*. There's an article written by a chinese hacker I saw recently, he write the tachnical method and I almost forgot this.
Thanks for your reminding, I'll find the correct way to do this.

25 Feb 13, 2005 19:37

yes, finally someone who understands :)
_forged_ http_posts are, among other things, responsible for spam users on various phpBB installations, online flash game score cheating (making a form post a score without actually going through the game), spam on various guestbooks, and I can show, *some*, but not all comment and trackback spam on blogs

what I thought would be nice is an adminitstrator option or even just a quick page that could be called that would do the file renaming and necessary edits of the pages that referenced the renamed page.. nice eh?

26 Mar 03, 2005 19:41

I have this installed but all I get is "Please enter this code: AUTHIMAGE" and no image, I have tested and I DO have GD installed. I followed the instructions and triple checked the edits, how do I make this image show up? No one can comment yet because they can't see the image.

http://blog.jamesmeister.com/

27 Mar 03, 2005 20:13

well, hmm, for starters.

when I look for the authimage.php on your site, taking the URI from the page that is responsible for displaying the comment form, I should find it at http://blog.jamesmeister.com/skins/custom/authimage.php .. thats NOT where I say it should be, thats where you say it is on this page:
http://blog.jamesmeister.com/index.php?title=republic_not_a_democracy&more=1&c=1&tb=1&pb=1#comments

On my own site..bringing up the URI where my authimage.php is results in http://www.village-idiot.org/wp-content/plugins/authimage.php

you can see you either do not have authimage.php where youre saying it is, OR youre saying its in the wrong place. Remember its as normal as a .gif or a .jpg, so if i authimage.php isnt where its sposed to be, you will get a broken image, essentially what you are seeing now.

hope that helps

28 Mar 03, 2005 20:36

there was a fault in the code, it was .../../authblahblah all I did was delete one of the first .'s and it fixed it :D

Thanks!

29 Mar 03, 2005 21:11

youre welcome, I thought that I had fixed that.. is it in a file, or in the directions?

31 Mar 10, 2005 09:31

yeah i had the same problem and it threw me for a loop too.

one little . can make such a big difference eh?

:>

but at least it works now :)

cheers!

33 Mar 10, 2005 09:35

hmm, ill make sure i fix that by tommorow.

I started helping graham today approve blogs for the recently updated page -- what a marvelous way to see how creative you all are :) I feel like I have mosh pit seats at the concert of blogs. :)

I didnt even start the java onsubmit thing, thanks for reminding me, ill take a look at that tommorow as well.

34 Mar 10, 2005 09:57

thanks whoo

another question is - did anyone finish that javascript 'onsubmit' hack ?

that would be a good thing to incorporate into the downloadable i think.

regards

35 Mar 12, 2005 09:07

sorry, i havent gotten even close to looking at that yet, Im praying for time this weekend, ill letcha know :)

37 Mar 23, 2005 23:37

Gotcha covered, whoo - thanks for the great spam control info!

in _feedback.php, locate the comment form code:

		<!-- form to add a comment -->
		<form action="<?php echo $htsrv_url ?>/comment_post.php" method="post" class="bComment">

Replace with the following:

<script language="javascript">
function checkCode(form) {

if (form.code.value == "") {
alert("Please enter the verification code."); 
form.code.select();
return false}

else {
return true;
}
}
</script>
		<!-- form to add a comment -->
		<form action="<?php echo $htsrv_url ?>/comment_post.php" method="post" class="bComment" onSubmit="javascript: return checkCode(this);">

The script simply checks for an empty string in the code field and displays an alert box, then takes you directly to the code field.

You can see this in action at http://www.masteringlifesgame.com/weblogs/chris.php?title=relax_people_it_s_just_a_game&more=1&c=1&tb=1&pb=1#comments

Cheers,

Chris

38 Mar 24, 2005 03:12

Excellent!! works a treat!

39 Mar 24, 2005 03:41

ah sweet, thanks, glad someone picked up for my laziness :)

40 Mar 24, 2005 07:20

Anyone not find this code in the _feedback.php as specified on http://www.village-idiot.org/archives/2005/01/28/b2evo-captcha-explained/

# <label for="comment">< ?php echo T_('Your Comment'); ?></></label>
# <br />textarea name="comment" id="comment" cols="70" rows="4" tabindex="4">

I can't find this in any of the _feedback.php files in the skins directories. Am I missing somthing? I'm running the latest and greatest version. So I'm not sure where to add the next piece.

41 Mar 24, 2005 13:28

boarder_in_co wrote:

I can't find this in any of the _feedback.php files in the skins directories. Am I missing somthing? I'm running the latest and greatest version. So I'm not sure where to add the next piece.

Look in /skins/_feedback.php on line 153, assuming you've made no other changes to the file.

Cheers,

Chris

42 Mar 24, 2005 13:45

latest and greatest version is what number? the code i posted should have been from 0.9.0.11

43 Mar 26, 2005 13:03

whoo wrote:

yes, and thats precisely why I recommended the onsubmit javascript -- I use it right now, and it reminds people to doublecheck it

this code is specific to my wordpress but anyone familiar with b2evo could figure this out for b2evo

script:


<script type="text/javascript" language="javascript">
	function verify(){
    	msg = "Have you entered the security code?";
    	//all we have to do is return the return value of the confirm() method
    	return confirm(msg);
    	}
	</script>

on the submission:

 
<form action="<?php echo get_settings('siteurl'); ?>/vi-comment.php" method="post" id="commentform" onsubmit="return verify();">

I use the hack and it works GREAT! However, I would like to incorporate this javascript trigger into my blog but do not know where to put it EXACTLY (file name and place in the file). Can someone help me!?

Thanks!

W. Hill

44 Mar 26, 2005 22:25

clang2 answered your question.. and provided details 6 or so posts or so above yours, re4med

45 Mar 27, 2005 00:07

whoo wrote:

clang2 answered your question.. and provided details 6 or so posts or so above yours, re4med

Actually -- all that does is check to see if a CODE is actually there...I am looking for script that tells people to verify that they entered the correct code BEFORE submitting the comment...

Maybe I am missing something?

W. Hill

46 Mar 27, 2005 00:29

nope, youre missing something.. his code pops up a javascript alert box if you havent entered the code.. i just doublechecked on the demo page he provided :)

thats basically what my script does, click submit it asks.. in fact his is better, it doesnt do anything if youve done it properly

47 Mar 31, 2005 06:16

re4med wrote:

Actually -- all that does is check to see if a CODE is actually there...I am looking for script that tells people to verify that they entered the correct code BEFORE submitting the comment...

I'd thought about some code that would check the captcha code before submitting. However, the captcha module uses sessions to store the code instead of less secure cookies. I prefer whoo's method to storing the code in a regular cookie. However, javascript can't read the session variables through normal cookie-reading routines (that I know of).

If you're hell bent on checking the captcha before form submission, you'd first have to change authimage.php and replace all the $_SESSION references to $_COOKIE. You could also get rid of all the session_start() statements as well.

Next, change the javascript code in my previous post to the following:

<script language="javascript">
//Get cookie routine by Shelley Powers 
function get_cookie(Name) {
  var search = Name + "="
  var returnvalue = "";
  if (document.cookie.length > 0) {
    offset = document.cookie.indexOf(search)
    // if cookie exists
    if (offset != -1) { 
      offset += search.length
      // set index of beginning of value
      end = document.cookie.indexOf(";", offset);
      // set index of end of cookie value
      if (end == -1) end = document.cookie.length;
      returnvalue=unescape(document.cookie.substring(offset, end))
      }
   }
  return returnvalue;
}

function checkCode(form) {
var result=get_cookie("AI-code");

if (form.code.value == "") {
alert("Please enter the verification code."); 
form.code.select();
return false}

else if (form.code.value != result) {
alert("The verification code you entered is not valid."); 
form.code.select();
return false}

else {
return true;
}
}
</script>

I haven't made all the changes to authimage so I can't verify that this one works. I do know the javascript compiles with no errors, but without modifying authimage.php the script doesn't work - it always fails the code check.

HTH,

Chris

48 Mar 31, 2005 18:01

Rereading my last post, I mistakenly said to replace $_SESSION with $_COOKIE. You actually would have to use setcookie() to do that, something like

setcookie("AI-code", $code, time()+120, "/");

to actually set the cookie value.

Sorry for the mixup.

Either way, I still don't recommend going through this, since using the session variables is still more secure than normal cookies. Granted, someone would have to REALLY want to spam you to go through the trouble of building a hack, but I would just tell people to click the Back button or something instead.

Cheers,

Chris

49 May 04, 2005 00:30

Hi!

I do not get the page to validate after I used the "onsubmit hack" of Clang2:

Code:

<form action="<?php echo $htsrv_url ?>/comment_post.php" method="post" class="bComment" onSubmit="javascript: return checkCode(this);">

I already included "type="text/javascript"" at the beginnin go fthe javascript code as this was an error too, but with no success. I still get the following error message:

Line 117, column 119: there is no attribute "onSubmit"

...hod="post" class="bComment" onSubmit="javascript: return checkCode(this);"><i

Any hint how to change the code to get a validated page?

Thanks,
Michael

P.S. You can check it with that page e.g.:

http://www.urspringer.de/index.php/2005/05/04/losung_fur_mein_ie_anzeige_problem

50 May 04, 2005 00:35

onsubmit, all lower case, thats where I would start, seems to me I had a similar issue with some javascript. xhtml is all lower case, anthing uppercase throws it off

51 May 04, 2005 00:39

Wow, that was faster than I can write the problem.... thanks a lot... it really worked. The page now validates!

Thanks!
Michael

53 May 16, 2005 16:04

whoo wrote:

I finally got around to writing up how to do it. It wasnt nearly as hard as I expected, and in fact, I was able to simplify it some.

The permalink to the tut is @ http://www.village-idiot.org/archives/2005/01/28/b2evo-captcha-explained/

inside authimage.php you will find


$background_color = imageColorAllocate($im, 209, 252, 214);
$text_color = imageColorAllocate($im, 0x00, 0x00, 0x00);

you can change the background color and font color there.

I can't connect to the instructions. Is that a temporary problem?

55 Jun 04, 2005 18:38

Daethian2,

not sure what you were experiencing. my site is pretty stable and its up.

ioo, yeap, i saw, i replied there :)

56 Jul 18, 2005 22:13

Hey there whoo, thanks for this, but I think I screwed something up.

I followed your tutorial step by step, but I end up with some really weird looking stuff...

http://bnaro.com/crack/index.php?blog=1&c=1&page=1&more=1&title=stencil_revolution&tb=1&pb=1&disp=single

And when I attempt to enter in a comment, this error comes up:

"Parse error: parse error, unexpected T_VARIABLE in /home/bnarnar7/public_html/crack/crackalackin/comment_post.php on line 87"

Which probably has something to do with...

if( empty($comment) )
{ // comment should not be empty!
errors_add( T_('Please do not send empty comment') );
}

$code = trim(strip_tags($_POST['code']));
if (strlen($code) < 6)
$code = '';
if ( !checkAICode($code) )
errors_add( T_('Error: You have not entered the correct authorization code.') );

Can someone please help? I'm lost, but I really want to put an end to this spam (all of a sudden I'm getting atleast 6 comments/trackbacks of spam a day).

57 Jul 23, 2005 06:21

whoo wrote:

Daethian2,

not sure what you were experiencing. my site is pretty stable and its up.

ioo, yeap, i saw, i replied there :)

I can't connect...still can't. Says it can't find the server.

Is there someplace else to get the directions on this??

58 Jul 24, 2005 18:25

Okay I'm able to connect with IE but not Opera.

I have the same issue... I can't find the code in feedback.php

I'm using 9.0.11

Lines 140 thru 169

if( $disp_comment_form ) 
	{	// We want to display the comments form: 
		if( $Item->can_comment() )
		{ // User can leave a comment
		?>
		<h4><?php echo T_('Leave a comment') ?>:</h4>
		
		<?php
			$comment_author = isset($_COOKIE[$cookie_name]) ? trim($_COOKIE[$cookie_name]) : '';
			$comment_author_email = isset($_COOKIE[$cookie_email]) ? trim($_COOKIE[$cookie_email]) : '';
			$comment_author_url = isset($_COOKIE[$cookie_url]) ? trim($_COOKIE[$cookie_url]) : '';
		?>
		
		<!-- form to add a comment -->
		<form action="<?php echo $htsrv_url ?>/comment_post.php" method="post" class="bComment">
		
			<input type="hidden" name="comment_post_ID" value="<?php $Item->ID() ?>" />
			<input type="hidden" name="redirect_to" value="<?php echo regenerate_url() ?>" />

			<?php 
			if( is_logged_in() ) 
			{ // User is logged in: 
				?>
				<fieldset>
					<div class="label"><?php echo T_('User') ?>:</div>
					<div class="info">
						<strong><?php $current_User->prefered_name()?></strong>
						<?php user_profile_link( ' [', ']', T_('Edit profile') ) ?>
						</div>
				</fieldset>

http://www.foreverpurple.com/blog/authimage.php
nothing shows up
I have two blogs if that matters.

59 Jul 26, 2005 01:58

I think you can put whoo's code anywhere between the opening and closing form tags.

60 Jul 26, 2005 02:07

I tried placing it where I thought it might work and I got errors.

61 Jul 26, 2005 03:04

We need more information to help you. Can you cut and paste the error text or give a url to show the error? And where did you put the code?

62 Jul 26, 2005 04:10

I'll have to do that tonight when I'm at home.

I tried it in a couple places, trying to make it show up near the right fields.

The error was an unexpected "/" or "=" ... I had two files give me parse errors last night and I can't remember right now which was which.

63 Jul 26, 2005 06:58

Okay I guess there is no error. Here is my page with the code added:

<?php 
	/**
	 * This is the template that displays the feedback for a post
	 * (comments, trackbak, pingback...)
	 *
	 * This file is not meant to be called directly.
	 * It is meant to be called by an include in the _main.php template.
	 * To display a feedback, you should call a stub AND pass the right parameters
	 * For example: /blogs/index.php?p=1&more=1&c=1&tb=1&pb=1
	 * Note: don't code this URL by hand, use the template functions to generate it!
	 *
	 * b2evolution - {@link http://b2evolution.net/}
	 * Released under GNU GPL License - {@link http://b2evolution.net/about/license.html}
	 * @copyright (c)2003-2004 by Francois PLANQUE - {@link http://fplanque.net/}
	 *
	 * @package evoskins
	 */
	if( !defined('DB_USER') ) die( 'Please, do not access this page directly.' );

	// --- //

	if( ! $c ) 
	{	// Comments not requested
		$disp_comments = 0;					// DO NOT Display the comments if not requested
		$disp_comment_form = 0;			// DO NOT Display the comments form if not requested
	}
	
	if( (!$tb) || (!$Blog->get( 'allowtrackbacks' )) ) 
	{	// Trackback not requested or not allowed
		$disp_trackbacks = 0;				// DO NOT Display the trackbacks if not requested
		$disp_trackback_url = 0;		// DO NOT Display the trackback URL if not requested
	}
	
	if( (!$pb) || (!$Blog->get( 'allowpingbacks' )) ) 
	{	// Pingback not requested or not allowed
		$disp_pingbacks = 0;				// DO NOT Display the pingbacks if not requested
	}
	
	if( ! ($disp_comments || $disp_comment_form || $disp_trackbacks || $disp_trackback_url || $disp_pingbacks ) )
	{	// Nothing more to do....
		return false;
	}
	
	?>
	<a name="feedbacks"></a>
	<?php

	$type_list = array();
	$disp_title = array();
	if( $disp_comments ) 
	{	// We requested to display comments
		if( $Item->can_see_comments() )
		{ // User can see a comments
			$type_list[] = "'comment'";
			$disp_title[] = T_("Comments"); 
		}
		else
		{ // Use cannot see comments
			$disp_comments = false;
		}		
		?>
		<a name="comments"></a>
	<?php } 
	if( $disp_trackbacks ) { 
		$type_list[] = "'trackback'";
		$disp_title[] = T_("Trackbacks"); ?>
		<a name="trackbacks"></a>
	<?php }
	if( $disp_pingbacks ) { 
		$type_list[] = "'pingback'";
		$disp_title[] = T_("Pingbacks"); ?>
		<a name="pingbacks"></a>
	<?php } ?>
	
	<?php if( $disp_trackback_url ) 
	{	// We want to display the trackback URL: ?>
	<h4><?php echo T_('Trackback address for this post:') ?></h4>
	<code><?php $Item->trackback_url() ?></code>
	<?php } ?>
	
	<?php
	if( $disp_comments || $disp_trackbacks || $disp_pingbacks  )
	{
	?>
	
	<!-- Title for comments, tbs, pbs... -->
	<h4><?php echo implode( ", ", $disp_title) ?>:</h4>
	
	<?php
	$CommentList = & new CommentList( 0, implode(',', $type_list), array(), $id, '', 'ASC' );
	
	$CommentList->display_if_empty( 
								'<div class="bComment"><p>' . 
								sprintf( /* TRANS: NO comments/trackabcks/pingbacks/ FOR THIS POST... */ 
													T_('No %s for this post yet...'), implode( "/", $disp_title) ) . 
								'</p></div>' );

	while( $Comment = $CommentList->get_next() )
	{	// Loop through comments:	
		?>
		<!-- ========== START of a COMMENT/TB/PB ========== -->
		<?php $Comment->anchor() ?>
		<div class="bComment">
			<div class="bCommentTitle">
			<?php
				switch( $Comment->get( 'type' ) )
				{
					case 'comment': // Display a comment: 
						echo T_('Comment from:') ?> 
						<?php $Comment->author() ?> 
						<?php $Comment->author_url( '', ' &middot; ', '' ) ?>
						<?php break;

					case 'trackback': // Display a trackback:
						echo T_('Trackback from:') ?> 
						<?php $Comment->author( '', '#', '', '#', 'htmlbody', true ) ?>
						<?php break;

					case 'pingback': // Display a pingback:
						echo T_('Pingback from:') ?> 
						<?php $Comment->author( '', '#', '', '#', 'htmlbody', true ) ?>
						<?php break;
				} 

				$Comment->edit_link( ' &middot; ' ) // Link to backoffice for editing
			?>
			</div>
			<div class="bCommentText">
				<?php $Comment->content() ?>
			</div>
			<div class="bCommentSmallPrint">
				<a href="<?php $Comment->permalink() ?>" title="<?php echo T_('Permanent link to this comment') ?>" class="permalink_right"><img src="<?php imgbase() ?>chain_link.gif" alt="<?php echo T_('Permalink') ?>" width="14" height="14" border="0" class="middle" /></a>
				<?php $Comment->date() ?> @ <?php $Comment->time( 'H:i' ) ?>
			</div>
		</div>
		<!-- ========== END of a COMMENT/TB/PB ========== -->
		<?php
	} 
	
	if( $disp_comment_form ) 
	{	// We want to display the comments form: 
		if( $Item->can_comment() )
		{ // User can leave a comment
		?>
		<h4><?php echo T_('Leave a comment') ?>:</h4>
		
		<?php
			$comment_author = isset($_COOKIE[$cookie_name]) ? trim($_COOKIE[$cookie_name]) : '';
			$comment_author_email = isset($_COOKIE[$cookie_email]) ? trim($_COOKIE[$cookie_email]) : '';
			$comment_author_url = isset($_COOKIE[$cookie_url]) ? trim($_COOKIE[$cookie_url]) : '';
		?>
		
		<!-- form to add a comment -->
		<form action="<?php echo $htsrv_url ?>/comment_post.php" method="post" class="bComment">
		
			<input type="hidden" name="comment_post_ID" value="<?php $Item->ID() ?>" />
			<input type="hidden" name="redirect_to" value="<?php echo regenerate_url() ?>" />

			<?php 
			if( is_logged_in() ) 
			{ // User is logged in: 
				?>
				<fieldset>
					<div class="label"><?php echo T_('User') ?>:</div>
					<div class="info">
						<strong><?php $current_User->prefered_name()?></strong>
						<?php user_profile_link( ' [', ']', T_('Edit profile') ) ?>
						</div>
				</fieldset>
				<?php 
			} 
			else
			{ // User is not loggued in: 
				form_text( 'author', $comment_author, 40, T_('Name'), '', 100, 'bComment' );

				form_text( 'email', $comment_author_email, 40, T_('Email'), T_('Your email address will <strong>not</strong> be displayed on this site.'), 100, 'bComment' );

				form_text( 'url', $comment_author_url, 40, T_('Site/Url'), T_('Your URL will be displayed.'), 100, 'bComment' );
			} 

			form_textarea( 'comment', '', 12, T_('Comment text'), T_('Allowed XHTML tags').': '.htmlspecialchars(str_replace( '><',', ', $comment_allowed_tags)).'<br />'.T_('URLs, email, AIM and ICQs will be converted automatically.'), 40, 'bComment' );
						?>
				
					
			<fieldset>
				<div class="label"><?php echo T_('Options') ?>:
				<?php if( (substr($comments_use_autobr,0,4) == 'opt-') && (! is_logged_in()) )
				{ // Ladies and gentlemen, check out the biggest piece of anti IE-layout-bugs 
					// crap you've ever seen: 
					echo '<br />&nbsp;'; // make the float a little higher
				} ?>
				</div>
				<div class="input">
				<?php if( substr($comments_use_autobr,0,4) == 'opt-') { ?>
				<input type="checkbox" class="checkbox" name="comment_autobr" value="1" <?php if($comments_use_autobr == 'opt-out') echo ' checked="checked"' ?> tabindex="6" id="comment_autobr" /> <label for="comment_autobr"><?php echo T_('Auto-BR') ?></label> <span class="notes">(<?php echo T_('Line breaks become &lt;br /&gt;') ?>)</span><br />
				<?php } 
				if( ! is_logged_in() ) 
				{ // User is not logged in: 
					?>
					<input type="checkbox" class="checkbox" name="comment_cookies" value="1" checked="checked" tabindex="7" id="comment_cookies" /> <label for="comment_cookies"><?php echo T_('Remember me') ?></label> <span class="notes"><?php echo T_('(Set cookies for name, email &amp; url)') ?></span>

					<p>
<input type="text" name="code" id="code" value="<?php echo ""; ?>" size="28" tabindex="4" />
          <label for="code"><?php echo T_("Enter this code: "); ?></label>
          <img src=".../../authimage.php?type=image" width="155" height="50" alt="authimage" class="authimage" />
</p>
					<?php 
				} ?>
				</div>
			</fieldset>
		
			<fieldset>
				<div class="input">
					<input type="submit" name="submit" class="submit" value="<?php echo T_('Send comment') ?>" tabindex="8" />
				</div>
			</fieldset>
		
			<div class="clear"></div>
		
		</form>
		<?php 
		} 
	}
	?>

<?php } // if you delete this the sky will fall on your head ?>

As of right now, no one can comment because its checking for the image match and there is no image or place to enter it.

65 Jul 26, 2005 18:46

I'm sorry about that...

The code is still in there, I didn't remove it and I just checked my file again.

66 Jul 26, 2005 20:48

Ok, I think I might know what's happening. There are two _feedback.php files. There's a file in the main skins foder: /blogs/skins/_feedback.php. It's the full file that generates the form for posting comments, among other things. Then each skin folder has a _feedback.php file. Most skins just have a small file that lets you change some minor settings, then it calls the main one in the skins/ folder. But, you can take a copy of the skins/_feedback.php and move it to skins/yourskin/_feedback.php so that you can customize it further. If you've done this with your skin (and I think you have) and you only changed the code in the skins/_feedback.php file, then your skin won't have any of the changes because it's not calling that file. You need to add the code to skins/yourskin/_feedback.php (where 'yourskin' is the name of the skin you're using).

67 Jul 26, 2005 22:20

I'm pretty sure I added it to both because I wasn't sure if it needed to be on each individual skin. I'll check and come back.

68 Jul 26, 2005 22:31

Okay I didn't have it in the skins/myskin/_feedback.php but I added it now.

I had to log out to see a difference. Now I've got a red X where the code should be. I have a feeling I know what that is though.

69 Jul 26, 2005 22:35

IT WORKS!!!!!!!

Thank you so much!!!!! Thank you!Thank you!Thank you!Thank you!Thank you!Thank you!Thank you!Thank you!Thank you!Thank you!

70 Jul 26, 2005 22:44

You're welcome.

I gave it a try and I could see the image and the input window, but my comment was still rejected:

Cannot post comment, please correct these errors:

* Error: You have not entered the correct authorization code.

71 Jul 27, 2005 06:45

It didn't work for you??? I did a test comment and it worked for me. I'll get someone else to test it for me on both blogs.

On my second blog I had to edit the code a little bit to make it show up.

72 Jul 27, 2005 06:51

Christ what a mess. You are right, I can't post a comment either.

Ideas?

73 Jul 27, 2005 14:36

I looked for your other blog, but couldn't find it. Can you give a link to the one that's working and a link to the one that's not? We'll compare the code.

75 Jul 27, 2005 22:22

I was able to post a comment on the crab blog. It did require me to type 'authimage'.

76 Jul 28, 2005 02:09

So because it thinks I'm a spammer its not recognizing the code??? Is that what's going on??

77 Aug 07, 2005 10:00

I read the postings and still cannot make this work.

The steps I did.

    downloaded the files Uploaded all (even the ttf file in binary and ascii) Played with the location / path (from ../../file to http://etc/file) c/p the _feedpback.php to the skins folder of the template I am using [/list:u] During the experiments I had the 'authimage' instead of the working captcha. By changing little I had the background square in green or blue but no digits at all. GD and True font type enabled Who can help me to make this work? I am struggling a couple of days now. The website is: http://www.reisinformatiewebsite.com

78 Aug 08, 2005 06:15

Heidelberg.

assuming youre the same person who left 2 recent comments on my own blog --

please give me a link to your phpinfo -- ALSO please check your server logs for ANY error logs.

At first glance, I would say youre missing True type font support --

please try the NON TTF version of this, and see if it works.

PS: Im back.

79 Aug 08, 2005 07:31

whoo wrote:

Im back.

Indeed! :D

80 Aug 08, 2005 08:50

whoo:

At first glance, I would say youre missing True type font support -

My first guess as well. Only not the right one ... see: http://www.reisinformatieweblog.com/phptestinfo.php.

Also the file itself is here: site/...ttf

please try the NON TTF version of this, and see if it works.

Searched for the non ttf version and added it to the code. This is working now. However ... the ttf version is still the question and when all is there, why not working?

81 Aug 08, 2005 11:30

hmm.. ok.

to make sure the most obvious base is covered -- you did upload the font you want to use, right? And it's where it's sposed to be? and its the correct filename, etc..?

also, error logs? i ask again, only because some hosts are nice enough to make php produce an error log that magically pops up in the directory when a particular page/script causes an error -- handy indeed.

last - If the non-ttf version works, BUT the other is not i suggest diffing the 2 files youve been using and looking for anything that appears suspect (filenames, paths, etc..)

82 Aug 08, 2005 12:14

whoo wrote:

to make sure the most obvious base is covered -- you did upload the font you want to use, right? And it's where it's sposed to be? and its the correct filename, etc..?

Yes I followed all steps by the letter. Even downloaded the img file in different ways. Filename is correct as well.

Both files in the root and available.

whoo wrote:

also, error logs? i ask again, only because some hosts are nice enough to make php produce an error log that magically pops up in the directory when a particular page/script causes an error -- handy indeed.

In the error logs I not see any error at all (except the favico one I know of) This was strange.

whoo wrote:

last - If the non-ttf version works, BUT the other is not i suggest diffing the 2 files youve been using and looking for anything that appears suspect (filenames, paths, etc..)

I will do, but a first look is not alarming.

83 Sep 01, 2005 04:32

Daethian2 wrote:

Okay I didn't have it in the skins/myskin/_feedback.php but I added it now.

I had to log out to see a difference. Now I've got a red X where the code should be. I have a feeling I know what that is though.

I have the red x again.... too bad I didn't leave the instructions on how I got rid of it last time! Gah!

84 Sep 01, 2005 06:07

Okay I had to add the img src tag.

But I'm back to my same problem. I enter the right code and it says its wrong.

85 Sep 14, 2005 20:20

Is it possible to run a skin-specific authimage on a single blog? For example, if I have one skin (i.e. SKIN1) which has a red background, and I want the background of the authimage to be red so as to blend properly... Then, let's say I also have a second skin (SKIN2) which has a green background, and I want authimage to show a green background behind the text for that skin...

The reason I ask is because authimage.php is called from htsrv/comment_post.php, so I'm not sure if it's possible to define the path to the current skin for a unique authimage.php file in each skin's folder...

jj.

86 Sep 14, 2005 20:27

Maybe the images could use a transparent background.

87 Sep 14, 2005 20:45

Since the authimage creates a JPG file, I didn't know it was possible to generate a transparent background... Is there a way to control the alpha of the background?

jj.

88 Sep 15, 2005 09:03

jibberjab wrote:

The reason I ask is because authimage.php is called from htsrv/comment_post.php, so I'm not sure if it's possible to define the path to the current skin for a unique authimage.php file in each skin's folder...

yes, and actually its easier than that -- you just check the cookie that has been set when they chose the skin, and call a specific authimage.php based one the skin. You could even check the cookie inside authimage.php and use else/if statements to set the colors inside one file -- BUT I think that would clutter the file for most folks.

ill give you an idea ..gimme a cpl mins

OK. Assuming that all b2evo blogs use the same cookiename for the skin choice, this is how EYE I would do it.

Inside htsrv/comment_post.php, near the top:



if($HTTP_COOKIE_VARS["cookieb2evoskinsstate"] == "someskin-1")
	{
	$useauth = "blue-auth.php";
	}
else if($HTTP_COOKIE_VARS["cookieb2evoskinsstate"] == "someskin-2")
	{
	$useauth = "red-auth.php";
	}
else if($HTTP_COOKIE_VARS["cookieb2evoskinsstate"] == "someskin-3")
	{
	$useauth = "green-auth.php";
	}
else 
{
$useauth = "default-auth.php";
}

That should work. A couple things to remember -- some of the skin names inside the cookies contain capital letter -- I dont know if that makes a difference when getting the cookie. Maybe someone else does.

If you want to do something like that, I reccomend setting up the skins, and using firefox *which allows you to look at cookies easily from within the options panel) and making sure that you get the names correct. You will aslo need to make sure that the cookie name is correct. I used the cookie name off http://skins.b2evolution.net in my example above.

Once the above is done correctly then you would just switch to calling your authimage.php using the variable, $useauth

This little "trick" by the way, allows you to do lots of things -- I used this to change the colors in header graphic at one time :)

89 Sep 15, 2005 09:29

jibberjab wrote:

Since the authimage creates a JPG file, I didn't know it was possible to generate a transparent background... Is there a way to control the alpha of the background?

jj.

Truth be told -- I havent messed with that, at all. Primarily, because this is already a very weak captcha (AS THEY GO) and if i did anything I wanted to work on making it more difficult.

90 Oct 07, 2005 23:39

Daethian2 wrote:

Okay I had to add the img src tag.

But I'm back to my same problem. I enter the right code and it says its wrong.

I have the same problem. The captch works great BUT when I enter the CORRECT code it says NOPE! Sorry, that is incorrect (not those exact words but you get the idea...) :D

Thoughts?

91 Oct 08, 2005 00:41

Here are my revisions to the 2 files as indicated in the instructions:
Please note that the code does show up with the required text box for input but when the correct code is entered it states that it is incorrect. The required changes as indicated by the instructions are in BOLD face.

_feedback.php:

<?php
/**
* This is the template that displays the feedback for a post
* (comments, trackbak, pingback...)
*
* This file is not meant to be called directly.
* It is meant to be called by an include in the _main.php template.
* To display a feedback, you should call a stub AND pass the right parameters
* For example: /blogs/index.php?p=1&more=1&c=1&tb=1&pb=1
* Note: don't code this URL by hand, use the template functions to generate it!
*
* b2evolution - {@link http://b2evolution.net/}
* Released under GNU GPL License - {@link http://b2evolution.net/about/license.html}
* @copyright (c)2003-2004 by Francois PLANQUE - {@link http://fplanque.net/}
*
* @package evoskins
*/
if( !defined('DB_USER') ) die( 'Please, do not access this page directly.' );

// --- //

if( ! $c )
{ // Comments not requested
$disp_comments = 0; // DO NOT Display the comments if not requested
$disp_comment_form = 0; // DO NOT Display the comments form if not requested
}

if( (!$tb) || (!$Blog->get( 'allowtrackbacks' )) )
{ // Trackback not requested or not allowed
$disp_trackbacks = 0; // DO NOT Display the trackbacks if not requested
$disp_trackback_url = 0; // DO NOT Display the trackback URL if not requested
}

if( (!$pb) || (!$Blog->get( 'allowpingbacks' )) )
{ // Pingback not requested or not allowed
$disp_pingbacks = 0; // DO NOT Display the pingbacks if not requested
}

if( ! ($disp_comments || $disp_comment_form || $disp_trackbacks || $disp_trackback_url || $disp_pingbacks ) )
{ // Nothing more to do....
return false;
}

?>
<a name="feedbacks"></a>
<?php

$type_list = array();
$disp_title = array();
if( $disp_comments )
{ // We requested to display comments
if( $Item->can_see_comments() )
{ // User can see a comments
$type_list[] = "'comment'";
$disp_title[] = T_("Comments");
}
else
{ // Use cannot see comments
$disp_comments = false;
}
?>
<a name="comments"></a>
<?php }
if( $disp_trackbacks ) {
$type_list[] = "'trackback'";
$disp_title[] = T_("Trackbacks"); ?>
<a name="trackbacks"></a>
<?php }
if( $disp_pingbacks ) {
$type_list[] = "'pingback'";
$disp_title[] = T_("Pingbacks"); ?>
<a name="pingbacks"></a>
<?php } ?>

<?php if( $disp_trackback_url )
{ // We want to display the trackback URL: ?>
<h4><?php echo T_('Trackback address for this post:') ?></h4>
<code><?php $Item->trackback_url() ?></code>
<?php } ?>

<?php
if( $disp_comments || $disp_trackbacks || $disp_pingbacks )
{
?>

<!-- Title for comments, tbs, pbs... -->
<h4><?php echo implode( ", ", $disp_title) ?>:</h4>

<?php
$CommentList = & new CommentList( 0, implode(',', $type_list), array(), $id, '', 'ASC' );

$CommentList->display_if_empty(
'<div class="bComment"><p>' .
sprintf( /* TRANS: NO comments/trackabcks/pingbacks/ FOR THIS POST... */
T_('No %s for this post yet...'), implode( "/", $disp_title) ) .
'</p></div>' );

while( $Comment = $CommentList->get_next() )
{ // Loop through comments:
?>
<!-- ========== START of a COMMENT/TB/PB ========== -->
<?php $Comment->anchor() ?>
<div class="bComment">
<div class="bCommentTitle">
<?php
switch( $Comment->get( 'type' ) )
{
case 'comment': // Display a comment:
echo T_('Comment from:') ?>
<?php $Comment->author() ?>
<?php $Comment->author_url( '', ' &middot; ', '' ) ?>
<?php break;

case 'trackback': // Display a trackback:
echo T_('Trackback from:') ?>
<?php $Comment->author( '', '#', '', '#', 'htmlbody', true ) ?>
<?php break;

case 'pingback': // Display a pingback:
echo T_('Pingback from:') ?>
<?php $Comment->author( '', '#', '', '#', 'htmlbody', true ) ?>
<?php break;
}

$Comment->edit_link( ' &middot; ' ) // Link to backoffice for editing
?>
</div>
<div class="bCommentText">
<?php $Comment->content() ?>
</div>
<div class="bCommentSmallPrint">
<a href="<?php $Comment->permalink() ?>" title="<?php echo T_('Permanent link to this comment') ?>" class="permalink_right"><img src="<?php imgbase() ?>chain_link.gif" alt="<?php echo T_('Permalink') ?>" width="14" height="14" border="0" class="middle" /></a>
<?php $Comment->date() ?> @ <?php $Comment->time( 'H:i' ) ?>
</div>
</div>
<!-- ========== END of a COMMENT/TB/PB ========== -->
<?php
}

if( $disp_comment_form )
{ // We want to display the comments form:
if( $Item->can_comment() )
{ // User can leave a comment
?>
<h4><?php echo T_('Leave a comment') ?>:</h4>

<?php
$comment_author = isset($_COOKIE[$cookie_name]) ? trim($_COOKIE[$cookie_name]) : '';
$comment_author_email = isset($_COOKIE[$cookie_email]) ? trim($_COOKIE[$cookie_email]) : '';
$comment_author_url = isset($_COOKIE[$cookie_url]) ? trim($_COOKIE[$cookie_url]) : '';
?>

<!-- form to add a comment -->
<form action="<?php echo $htsrv_url ?>/comment_post.php" method="post" class="bComment">

<input type="hidden" name="comment_post_ID" value="<?php $Item->ID() ?>" />
<input type="hidden" name="redirect_to" value="<?php echo regenerate_url() ?>" />

<?php
if( is_logged_in() )
{ // User is logged in:
?>
<fieldset>
<div class="label"><?php echo T_('User') ?>:</div>
<div class="info">
<strong><?php $current_User->prefered_name()?></strong>
<?php user_profile_link( ' [', ']', T_('Edit profile') ) ?>
</div>
</fieldset>
<?php
}
else
{ // User is not loggued in:
form_text( 'author', $comment_author, 40, T_('Name'), '', 100, 'bComment' );

form_text( 'email', $comment_author_email, 40, T_('Email'), T_('Your email address will <strong>not</strong> be displayed on this site.'), 100, 'bComment' );

form_text( 'url', $comment_author_url, 40, T_('Site/Url'), T_('Your URL will be displayed.'), 100, 'bComment' );
}

form_textarea( 'comment', '', 12, T_('Comment text'), T_('Allowed XHTML tags').': '.htmlspecialchars(str_replace( '><',', ', $comment_allowed_tags)).'<br />'.T_('URLs, email, AIM and ICQs will be converted automatically.'), 40, 'bComment' );
?>
<p>
<input type="text" name="code" id="code" value="<?php echo ""; ?>" size="28" tabindex="4" />
<label for="code"><?php echo T_("Enter this code: "); ?></label>
<img src="http://www.theparchment.org/authimage.php?type=image" width="155" height="50" alt="authimage" class="authimage" />
</p>

<fieldset>
<div class="label"><?php echo T_('Options') ?>:
<?php if( (substr($comments_use_autobr,0,4) == 'opt-') && (! is_logged_in()) )
{ // Ladies and gentlemen, check out the biggest piece of anti IE-layout-bugs
// crap you've ever seen:
echo '<br />&nbsp;'; // make the float a little higher
} ?>
</div>
<div class="input">
<?php if( substr($comments_use_autobr,0,4) == 'opt-') { ?>
<input type="checkbox" class="checkbox" name="comment_autobr" value="1" <?php if($comments_use_autobr == 'opt-out') echo ' checked="checked"' ?> tabindex="6" id="comment_autobr" /> <label for="comment_autobr"><?php echo T_('Auto-BR') ?></label> <span class="notes">(<?php echo T_('Line breaks become &lt;br /&gt;') ?>)</span><br />
<?php }
if( ! is_logged_in() )
{ // User is not logged in:
?>
<input type="checkbox" class="checkbox" name="comment_cookies" value="1" checked="checked" tabindex="7" id="comment_cookies" /> <label for="comment_cookies"><?php echo T_('Remember me') ?></label> <span class="notes"><?php echo T_('(Set cookies for name, email &amp; url)') ?></span>
<?php
} ?>
</div>
</fieldset>

<fieldset>
<div class="input">
<input type="submit" name="submit" class="submit" value="<?php echo T_('Send comment') ?>" tabindex="8" />
</div>
</fieldset>

<div class="clear"></div>

</form>
<?php
}
}
?>

<?php } // if you delete this the sky will fall on your head ?>

comment_post.php:

<?php
/**
* This file posts a comment!
*
* b2evolution - {@link http://b2evolution.net/}
* Released under GNU GPL License - {@link http://b2evolution.net/about/license.html}
* @copyright (c)2003-2004 by Francois PLANQUE - {@link http://fplanque.net/}
*
* @package htsrv
*/

/**
* Initialize everything:
*/
require_once( dirname(__FILE__) . '/../b2evocore/_main.php' );
require_once( dirname(__FILE__) . '/../authimage.php' );

// statuses allowed for acting on:
$show_statuses = array( 'published', 'protected', 'private' );

// Getting GET or POST parameters:
param( 'comment_post_ID', 'integer', true ); // required

$commented_Item = Item_get_by_ID( $comment_post_ID );

if( ! $commented_Item->can_comment( '', '', '', '' ) )
{
errors_add( T_('You cannot leave comments on this post!') );
}

param( 'author', 'string' );
param( 'email', 'string' );
param( 'url', 'string' );
param( 'comment' , 'html' );
param( 'comment_autobr', 'integer', ($comments_use_autobr == 'always') ? 1 : 0 );
param( 'comment_cookies', 'integer', 0 );

if( is_logged_in() )
{ // User is loggued in, we'll use his ID
$author_ID = $current_User->ID;
$author = NULL;
$email = NULL;
$url = NULL;
}
else
{ // User is not logged in, we need some id info from him:
$author_ID = NULL;

if ($require_name_email)
{ // Blog wants Name and EMail with comments
if( empty($author) ) errors_add( T_('Please fill in the name field') );
if( empty($email) ) errors_add( T_('Please fill in the email field') );
}

if( (!empty($email)) && (!is_email($email)) )
{
errors_add( T_('Supplied email address is invalid') );
}

// add 'http://' if no protocol defined for URL
$url = ((!stristr($url, '://')) && ($url != '')) ? 'http://' . $url : $url;
if( strlen($url) < 7 ){
$url = '';
}
if( $error = validate_url( $url, $comments_allowed_uri_scheme ) )
{
errors_add( T_('Supplied URL is invalid: ') . $error );
}
}

$user_ip = $_SERVER['REMOTE_ADDR'];
$now = date("Y-m-d H:i:s", $localtimenow );

// CHECK and FORMAT content
//echo 'allowed tags:',htmlspecialchars($comment_allowed_tags);
$original_comment = strip_tags($comment, $comment_allowed_tags);
$comment = format_to_post($original_comment, $comment_autobr, 1);

if( empty($comment) )
{ // comment should not be empty!
errors_add( T_('Please do not send empty comment') );
}
$code = trim(strip_tags($_POST['code']));
if (strlen($code) < 6)
$code = '';
if ( !checkAICode($code) )
errors_add( T_('Error: You have not entered the correct authorization code.') );

/* flood-protection */
$query = "SELECT max(comment_date)
FROM $tablecomments
WHERE comment_author_IP = '$user_ip'";
$ok = 1;
if( $then = $DB->get_var( $query ) )
{
$time_lastcomment = mysql2date("U",$then);
$time_newcomment = mysql2date("U",$now);
if( ($time_newcomment - $time_lastcomment) < 30)
$ok = 0;
}
if( !$ok )
{
errors_add( T_('You can only post a new comment every 30 seconds.') );
}
/* end flood-protection */

if( errors_display( T_('Cannot post comment, please correct these errors:'),
'[<a href="javascript:history.go(-1)">'. T_('Back to comment editing') . '</a>]' ) )
{
exit();
}

$query = "INSERT INTO $tablecomments( comment_post_ID, comment_type, comment_author_ID, comment_author,
comment_author_email, comment_author_url, comment_author_IP,
comment_date, comment_content)
VALUES( $comment_post_ID, 'comment', ".$DB->null($author_ID).",
".$DB->quote($author).", ".$DB->quote($email).",
".$DB->quote($url).",'".$DB->escape($user_ip)."','$now',
'".$DB->escape($comment)."' )";
$DB->query( $query );

/*
* New comment notification:
*/
$item_author_User = & $commented_Item->Author;

if( $item_author_User->notify
&& (!empty( $item_author_User->email ))
&& $author_ID != $item_author_User->ID ) // don't send if original author comments (is logged in)
{ // Author wants to be notified and does not comment himself:
locale_temp_switch($item_author_User->locale);
$recipient = $item_author_User->email;
$subject = sprintf( T_('New comment on your post #%d "%s"'), $comment_post_ID, $commented_Item->get('title') );
$Blog = Blog_get_by_ID( $commented_Item->blog_ID );

$notify_message = sprintf( T_('New comment on your post #%d "%s"'), $comment_post_ID, $commented_Item->get('title') )."\n";
$notify_message .= str_replace('&amp;', '&', $commented_Item->gen_permalink( 'pid' ))."\n\n"; // We use pid to get a short URL and avoid it to wrap on a new line in the mail which may prevent people from clicking
if( is_logged_in() )
{
$notify_message .= T_('Author').': '.$current_User->get('preferedname').
' ('.$current_User->get('login').")\n";
}
else
{
$user_domain = gethostbyaddr($user_ip);
$notify_message .= T_('Author').": $author (IP: $user_ip, $user_domain)\n";
$notify_message .= T_('Email').": $email\n";
$notify_message .= T_('Url').": $url\n";
}
$notify_message .= T_('Comment').": \n".$original_comment."\n\n";
$notify_message .= T_('Edit/Delete').': '.$admin_url.'/b2browse.php?blog='.$commented_Item->blog_ID.'&p='.$comment_post_ID."&c=1\n";


// echo "Sending notification to $recipient :<pre>$notify_message</pre>";

if( is_logged_in() )
$mail_from = $current_User->get('email');
elseif( empty( $email ) )
$mail_from = $notify_from;
else
$mail_from = "\"$author\" <$email>";

send_mail( $recipient, $subject, $notify_message, $mail_from );
locale_restore_previous();
}

/*
* Handle cookies
*/
if( $comment_cookies )
{ // Set cookies:
if ($email == '')
$email = ' '; // this to make sure a cookie is set for 'no email'
if ($url == '')
$url = ' '; // this to make sure a cookie is set for 'no url'

// fplanque: made cookies available for whole site
setcookie( $cookie_name, $author, $cookie_expires, $cookie_path, $cookie_domain);
setcookie( $cookie_email, $email, $cookie_expires, $cookie_path, $cookie_domain);
setcookie( $cookie_url, $url, $cookie_expires, $cookie_path, $cookie_domain);
}
else
{ // Erase cookies:
if( !empty($_COOKIE[$cookie_name]) )
{
// echo "del1<br />";
setcookie('comment_author', '', $cookie_expired, '/');
setcookie('comment_author', '', $cookie_expired, $cookie_path, $cookie_domain);
setcookie( $cookie_name, '', $cookie_expired, $cookie_path, $cookie_domain);
}
if( !empty($_COOKIE['comment_author_email']) )
{
// echo "del2<br />";
setcookie('comment_author_email', '', $cookie_expired, '/');
setcookie('comment_author_email', '', $cookie_expired, $cookie_path, $cookie_domain);
setcookie( $cookie_email, '', $cookie_expired, $cookie_path, $cookie_domain);
}
if( !empty($_COOKIE['comment_author_url']) )
{
// echo "del3<br />";
setcookie('comment_author_url', '', $cookie_expired, '/');
setcookie('comment_author_url', '', $cookie_expired, $cookie_path, $cookie_domain);
setcookie( $cookie_url, '', $cookie_expired, $cookie_path, $cookie_domain);
}
}

header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');
header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
header('Cache-Control: no-cache, must-revalidate');
header('Pragma: no-cache');

param( 'redirect_to', 'string' );
$location = (!empty($redirect_to)) ? $redirect_to : $_SERVER['HTTP_REFERER'];
header( 'Refresh:0;url='.str_replace('&amp;', '&', $location) );

?>

92 Nov 02, 2005 18:15

Thanks.
Was looking for something like this.
However i copy pasted the things u said but the hack didnt work untill i put the font and authimage.php in my skins/crystalglass folder

93 Nov 19, 2005 23:58

I had this working before the upgrade, I want to add it again..

but, WHERE so I find, Authimage.php.

I have looked all over this post as well as your site...

I see the changes that you need to make for the files, where is the rest of the install, where do I place the tffs and where is the authimage.php...

Thanks!

95 Dec 07, 2005 22:44

General question, since I'm still somewhat a novice with php... Can this captcha script be used with a generic contact form, as long as the server has php installed, or is this captcha specific to b2evolution?

jj.

96 Dec 08, 2005 01:54

it could, it would need a few modifications, but sure ..

97 Dec 17, 2005 20:20

is there somewhere where i can see captcha in action?

99 Dec 17, 2005 22:17

Can the background color be transparent? so a gif or png image with a transparent bg, coz that would be superb!

100 Dec 17, 2005 22:27

yeah, I dunno, i hadnt putzed around with that, even though it was requested earlier in the thread, mainly because I lack time, and because pwncaptcha had already proven it was weak (i already knew that) by the time it was requested.

101 Dec 18, 2005 02:29

hmm so ur saying dont use captcha anymore, use a different thing.
If so, do you know a similiar image thingo?
if not, i would really like to see transparent images, i have no experience in the gd framework (im guessing thats wot ur using), but im sure its worth learning ;)
But if someone skilled wants to do it, thats even better ;)

102 Dec 18, 2005 03:26

ill look into whether or not it can be done this evening, and nope I moved away from it. I allowed myself one plugin that fights spam (im opposed to simplifying things beyond the threshold at where I stop learning), so I use bad behaviour.

besides thats the least i can do since ioerror actually commented on my blog :)

103 Dec 27, 2005 18:21

I am trying to implement this, and I've followed whoo's instructions as closely as possible.

I uploaded everything in ASCII mode, but I am getting a broken image link. There is a error in my webserver log file -

Premature end of script headers: /var/www/adain/all.ofthe.info/authimage.php

My website is here: http://all.ofthe.info
PHP settings can be found here: http://all.ofthe.info/test.php

104 Dec 27, 2005 23:53

bd80599 wrote:

I am trying to implement this, and I've followed whoo's instructions as closely as possible.

I uploaded everything in ASCII mode, but I am getting a broken image link. There is a error in my webserver log file -

Premature end of script headers: /var/www/adain/all.ofthe.info/authimage.php

My website is here: http://all.ofthe.info
PHP settings can be found here: http://all.ofthe.info/test.php

Never mind...just had to have a little fun with permissions. CHMODing everything involved to 755 did the trick.

105 Dec 28, 2005 07:42

Hi Whoo

tried to post a coment on the captcha post on your web site but it "blue screened"?? go figure.. something about vi_comment.php not being found.

Anyway, the comment was to ask if you thought the captcha hack was a goer for Phoenix?

Thanks in advance gacjezv

106 Dec 28, 2005 17:39

Hey gacjezv,

you must not be sending referers if you got that blue screen (thats my 404 page). You need to send referers to comment on my blog, as vi-comment.php checks that you are actually coming from my domain, and not using a script :)

Regarding your question, someone already mentioned making a few minor adjustments and using it in 1.6, ill have to hunt for where I saw that.

107 Jan 22, 2006 13:11

Help me, mighty ones!

I have most successfully installed this awesome hack onto [url=http://www.naturenet.net/blogs]my own blog [/url] and now I'm trying to put it onto another one I'm making.

All works except authimage is a neat green box, no text visible. No error messages either. I've already removed the rogue period. I've trawled the wise advice but don't really know where to look next.

You can see it [url=http://www.wildonwight.co.uk/blog/index.php?title=three&more=1&c=1&tb=1&pb=1#comments]here[/url] in the dummy blog I'm working on.

<EDIT: the dummy blog is now changed, so you won't see anything useful there.>

[url=http://www.wildonwight.co.uk/blog/test1.php]My phpinfo[/url] for this site

If it's not something obvious I'm happy to provide more info

and remain, your humble servant

109 Jan 22, 2006 13:45

Don't you ever rest? Thanks for the very prompt answer. Your offer of help is very much appreciated. Ok, there's plenty of it, so here goes with authimage.php which is located in the /blogs folder, as is the font:

<?php
/*
Plugin Name: AuthImage
Plugin URI: http://www.gudlyf.com/index.php?p=376
Description: Creates an authentication image (or phonetic text) to help combat spam in comments.
Version: 2.0.1
Author: Keith McDuffee
Author URI: http://www.gudlyf.com/
*/


if ($_GET['type'] == "text") {
  createAICode("text");
  exit;
} elseif ($_GET['type'] == "image") {
  createAICode("image");
  exit;
}


function checkAICode($code)
{
  session_start();
  $return = ($code == $_SESSION['AI-code']) ? 1 : 0;
  if(!isset($_SESSION['AI-code']))
    $return = 0;

  // set new random code.
  $_SESSION['AI-code'] = randomString('alpha');

  return $return;
}

function createAICode($type)
{
  $code = randomString('alpha');
  session_start();
  $_SESSION['AI-code'] = $code;
	
  if ($type != "text") {
    $font = "atomicclockradio.ttf";

    $im = @imageCreate(155, 50) or die("Cannot Initialize new GD image stream");

    $background_color = imageColorAllocate($im, 209, 252, 214);
    $text_color = imageColorAllocate($im, 0x00, 0x00, 0x00);

    ImageTTFText($im, 20, 5, 18, 38, $text_color, $font, $code);

    // Date in the past
    header("Expires: Thu, 28 Aug 1997 05:00:00 GMT");

    // always modified
    $timestamp = gmdate("D, d M Y H:i:s");
    header("Last-Modified: " . $timestamp . " GMT");
 
    // HTTP/1.1
    header("Cache-Control: no-store, no-cache, must-revalidate");
    header("Cache-Control: post-check=0, pre-check=0", false);

    // HTTP/1.0
    header("Pragma: no-cache");

    // dump out the image
    header("Content-type: image/jpeg");
    ImageJPEG($im);

  } else {
    // Show phonetic text instead
    settype($code, "string");
    echo createAIAltText($code);
  }
	
}

function createAIAltText($code) {

  $alt_char = array('a' => 'ay',
		'b' => 'bee',
		'c' => 'see',
		'd' => 'dee',
		'e' => 'eee',
		'f' => 'eff',
		'g' => 'jee',
		'h' => 'aych',
		'i' => 'eye',
		'j' => 'jay',
		'k' => 'kay',
		'l' => 'ell',
		'm' => 'em',
		'n' => 'en',
		'o' => 'oh',
		'p' => 'pea',
		'q' => 'que',
		'r' => 'are',
		's' => 'ess',
		't' => 'tee',
		'u' => 'you',
		'v' => 'vee',
		'w' => 'double-u',
		'x' => 'ecks',
		'y' => 'why',
		'z' => 'zee',
		'0' => 'zero',
		'1' => 'one',
		'2' => 'two',
		'3' => 'three',
		'4' => 'four',
		'5' => 'five',
		'6' => 'six',
		'7' => 'seven',
		'8' => 'eight',
		'9' => 'nine');

  $alt_code = "";

  for($i = 0; $i < 5; $i++) {
    if (!is_numeric($code{$i})) {
      if (ctype_upper($code{$i})) {
        $alt_code = $alt_code . "upper-" . $alt_char[strtolower($code{$i})] . " ";
      } else {
        $alt_code = $alt_code . "lower-" . $alt_char[$code{$i}] . " ";
      }
    } else {
      $alt_code = $alt_code . $alt_char[$code{$i}] . " ";
    }
  }

  return $alt_code;
}

function randomString($type='num',$length=6)
{
  $randstr='';
  srand((double)microtime()*1000000);

  $chars = array ( '1','2','3','4','5','6','7','8','9','0' );
  if ($type == "alpha") {
    array_push ( $chars, '1' );
  }

  for ($rand = 0; $rand < $length; $rand++)
  {
    $random = rand(0, count($chars) -1);
    $randstr .= $chars[$random];
  }
  return $randstr;
}


?>

As far as I know I've done nothing to this. Let me know if you would like to see any other code.

110 Jan 22, 2006 13:55

ill put that on my site, see if it works for me :P

.. and yeah I do, but i switched to working days and now I cant even seem to sleep in on weekends :-/

-----------

your authimage.php works on my site, so its not that...you have the font in the right place ..

safe to assume that this is a different host than your other site?

111 Jan 22, 2006 14:29

Yes, that's correct. It's a different host. I have not got this hack working on this host before, so maybe there's some problem there. :(

What if I put a different font in there? Might that be that possible/maybe useful?

112 Jan 25, 2006 02:33

Just so you're aware the authimage captcha is easily defeated by character recognition software such as pwncaptcha and gimpy. I'm working on writing a php class around a more advanced captcha generation engine. The class is almost done but I'm still trying to make it as easy as possible to integrate into b2evolution (think plugin).

113 Jan 25, 2006 03:17

I believe Ive already stated that, Ben, in response to my being asked why I wasnt pursuing anything for Phoenix.

This is a support thread for the plugin as it exists now. I would like to limit conversation to that, thank you.

@filthio I doubt thats the problem.

114 Jan 25, 2006 09:54

No, I don't think it is either. I'm going to take the mod off for now as comments are not essential for this project. If you or anyone has any further ideas in the future about this issue. I'd love to hear them. Any ideas on how to easily disable all comments for the whole installation?

BTW I'm well aware of the limitations of captcha as expressed but frankly, it succeeds for me (more or less no spam) and this particular hack implements it very nicely, so I'm willing to take that risk until the arms race moves on a bit. This hack works and works well - glory to Whoo. I really don't see why the response 'we might be defeated' leads to the presumption 'we shouldn't do anything'.

115 Mar 04, 2006 10:38

Can the image be transparent yet?
And all the servers i've dealt with don't have the GD library installed so that could be a problem..

116 Mar 04, 2006 20:42

Capcha still working fine on my original blog. I've noticed something which if I've got it right I thought worth pointing out. If I've missed something here I'd be glad to hear it. Otherwise, I hope this is of some use.

When the error message comes up, eg if the code is wrongly entered, or if no email is given, or whatever, the error page invites the user to go back (using javascript -1 function). If they do so, they then might get to see the original security code which they just entered displayed on the page. So when they resubmit, the code is wrong, and they don't know why because it looks right. What they need to do is press refresh before they resubmit, to ensure a fresh code is shown.

There may well be a more elegant solution but I'm going for the low-tech one. To prompt the user to do this my fix is:

In comment_post.php after /*end flood-protection */

if( errors_display( T_('<font face="Verdana"> <h2>Sorry, your comment has not been posted yet</h2> <p>But dont give up! Please check the messages below and go back to correct them.</p> Important - when you go back to the comment screen you will need to enter a new authorisation code. The same one will not work twice, so remember to get a new one by pressing <strong>refresh</strong> on your browser once you have corrected your post - or you will see this message again. Thanks.'),
	'[<a href="javascript:history.go(-1)">'. T_('Go back to your comment') . '</a></font>]' ) )

And in skins/_feedback.php immediately before
<img src="../../authimage.php?type=image" width="155" height="50" alt="authimage" class="authimage" />

<label for="code"><?php echo T_("<br>Please type the following number code into the box above to ensure your comment is not treated as spam.<br> <strong>Important:</strong> the same code will not work twice. So if you have come back to this page, for example to correct a mistake, you must press <strong>refresh</strong> on your browser to get a new code:<br>"); ?></label>

117 Mar 27, 2006 11:07

I've installed your hack - it appears to be just what I'm looking for.

However, visiting authimage?type=image doesn't display an image:

http://www.philnet.net/phil/blog/authimage.php?type=image

the script is unmodified from the version in the zip file.

I suspect part of the issue may be that I'm running 0.9.1?

Or possibly I don't have all the correct libraries installed?

I installed libgd2 - what else might need to be there. Also, apache1, php4.3.

Thanks,
- Phil

120 Mar 27, 2006 13:29

hmmm... ive absolutely no experience with setting this up on IIS.

I would check all of the comments on my site regarding this. supposedly, i had THREE dots (...) in a path but i never saw them to fix 'em. The most important thing is making sure that the path to your font is correct, but since this:

http://www.phildev.net/phil/blog/atomicclockradio.ttf

works, and you said you havent changed .. that would be right.

(at a loss)

121 Mar 27, 2006 14:24

IIS?!?! See my original post, it's apache on debian linux!

I don't use Windows. Ever. For anything.

- Phil

122 Mar 27, 2006 14:38

I actually was fidling with the GD library just [url=http://www.balupton.com/dev/msn/statusimages/]then[/url], do you have your font file uploaded to the location of your generator, with the filenames exactly the same?

Also is it your server? or someone else who is hosting your stuff?

EDIT: Ok ignore this post if your not using IIS....

125 Mar 27, 2006 22:26

...your original link...

yes, we're past that. phpinfo please?

126 Mar 28, 2006 05:31

Hi,

Need some help, why do I get this error?

Fatal error: Call to undefined function: imagettftext() in /home/gamesho2/public_html/authimage.php on line 48

( http://gameshogun.info/authimage.php?type=image )

It was okay a few days ago, now it isn't.
GD and FreeType are installed fine and also my captcha for the other sites I have in the same server are working fine.

Thanks..

127 Mar 28, 2006 05:37

Laibcoms wrote:

Hi,

Need some help, why do I get this error?

Fatal error: Call to undefined function: imagettftext() in /home/gamesho2/public_html/authimage.php on line 48

( http://gameshogun.info/authimage.php?type=image )

It was okay a few days ago, not it isn't.
GD and FreeType are installed fine and also my captcha for the other sites I have in the same server are working fine.

Thanks..

You do not have FreeType support installed, It is part of the GD Library, If its your server, then download the zip file of php and extract its contents in you php/ directory and then run go-pear.dat, and enable the gd extension in your php.ini file.
If its your hosts server ask nicely.

128 Mar 28, 2006 07:06

whoo wrote:

yes, we're past that. phpinfo please?

Sorry, I thought you wanted that if I was using IIS.

phpinfo is pages and pages, I'm assuming you want the configure string:

'../configure' '--prefix=/usr' '--with-apxs=/usr/bin/apxs' '--with-config-file-path=/etc/php4/apache' '--enable-memory-limit' '--disable-debug' '--with-regex=php' '--disable-rpath' '--disable-static' '--with-pic' '--with-layout=GNU' '--with-pear=/usr/share/php' '--enable-calendar' '--enable-sysvsem' '--enable-sysvshm' '--enable-sysvmsg' '--enable-track-vars' '--enable-trans-sid' '--enable-bcmath' '--with-bz2' '--enable-ctype' '--with-db4' '--with-iconv' '--enable-exif' '--enable-filepro' '--enable-ftp' '--with-gettext' '--enable-mbstring' '--with-pcre-regex=/usr' '--enable-shmop' '--enable-sockets' '--enable-wddx' '--disable-xml' '--with-expat-dir=/usr' '--with-xmlrpc' '--enable-yp' '--with-zlib' '--without-pgsql' '--with-kerberos=/usr' '--with-openssl=/usr' '--with-zip=/usr' '--enable-dbx' '--with-mime-magic=/usr/share/misc/file/magic.mime' '--with-exec-dir=/usr/lib/php4/libexec' '--without-mm' '--with-curl=shared,/usr' '--with-dom=shared,/usr' '--with-dom-xslt=shared,/usr' '--with-dom-exslt=shared,/usr' '--with-zlib-dir=/usr' '--with-gd=shared,/usr' '--enable-gd-native-ttf' '--with-jpeg-dir=shared,/usr' '--with-xpm-dir=shared,/usr/X11R6' '--with-png-dir=shared,/usr' '--with-freetype-dir=shared,/usr' '--with-imap=shared,/usr' '--with-imap-ssl' '--with-ldap=shared,/usr' '--with-mcal=shared,/usr' '--with-mhash=shared,/usr' '--with-mysql=shared,/usr' '--with-unixODBC=shared,/usr' '--with-recode=shared,/usr' '--enable-xslt=shared' '--with-xslt-sablot=shared,/usr' '--with-snmp=shared,/usr' '--with-sybase-ct=shared,/usr' '--with-ttf=shared,/usr' '--with-t1lib=shared,/usr'

- Phil

130 Apr 21, 2006 09:06

Nevermind, I figured it out. Didn't have php4-libgd installed.

Thanks....

131 May 19, 2006 11:03

Folks,

I'm running 1.6 Phoenix Alpha and have some problems implementing Captcha. I followed the instructions on http://www.village-idiot.org/archives/2005/01/28/b2evo-captcha-explained/

The first two changes were possible, but my _feedback.php has no such entry:

# <p>
# <label for="comment">< ?php echo T_('Your Comment'); ?></label>
# <br />textarea name="comment" id="comment" cols="70" rows="4" tabindex="4">
# </p>

Could you give me some assistance? Thanks a lot!

132 May 19, 2006 11:29

Find this bit of code and add the red bit :-

// TODO: use a smaller textarea when using c=1 GET param
form_textarea( 'comment', '', 10, T_('Comment text'),
T_('Allowed XHTML tags').': '.htmlspecialchars(str_replace( '><',', ', $comment_allowed_tags)), 40, 'bComment' );
form_text( 'code', '', 28, T_('Enter this code').' <img src=".../../authimage.php?type=image" width="155" height="50" alt="authimage" class="authimage" />', '', '', '' );

¥

133 May 19, 2006 12:06

Any idea what file it could be in?

134 May 19, 2006 12:12

That's the code for _feedback.php.

¥

135 May 19, 2006 12:39

Unfortunately, this is all what my _feedback.php in the skins fodler contains:

<?php
/**
* This is the template that displays the feedback for a post
* (comments, trackbak, pingback...)
*
* This file is not meant to be called directly.
* It is meant to be called by an include in the _main.php template.
* To display a feedback, you should call a stub AND pass the right parameters
* For example: /blogs/index.php?p=1&more=1&c=1&tb=1&pb=1
* Note: don't code this URL by hand, use the template functions to generate it!
*
* b2evolution - {@link http://b2evolution.net/}
* Released under GNU GPL License - {@link http://b2evolution.net/about/license.html}
* @copyright (c)2003-2005 by Francois PLANQUE - {@link http://fplanque.net/}
*
* @package evoskins
* @subpackage custom
*/
if( !defined('EVO_MAIN_INIT') ) die( 'Please, do not access this page directly.' );

/**
* We now call the default feedback handler...
* However you can replace this file with the full handler (in /blogs) and customize it!
*/
require get_path('skins').'_feedback.php';

?>

136 May 19, 2006 13:20

In that case you need to make the changes to skins/_feedback.php (as opposed to skins/<skin name>/_feedback.php )

¥

140 Jun 11, 2006 01:28

If I remember right, I had to play with the path to the font ../../ You might try adding or subtracting one ../ or using an absolute path.

141 Jun 11, 2006 21:19

I tried an absolute path:

if ($type != "text") {
$font = "http://www.everydogsblog.com/b2evolution/blogs/atomicclockradio.ttf";

Nothing. I put this in the authimage.php file, that was the only path to the font file I could find.

142 Jun 11, 2006 21:41

ok ...

the current relative path i see is :

".../../authimage.php?type=image"

(thats from your source)

the font file is here:

http://www.everydogsblog.com/b2evolution/blogs/atomicclockradio.ttf


and your blog is here:

http://www.everydogsblog.com/b2evolution/blogs/index.php

so that current relative path is incorrect.


the path to the font from your blog should be:

./authimage.php

--

lesson in slashdots follows: :)

./

= current directory we are in

../

= up one dir

../../

= up two dirs

try that change and see if it helps.

btw, that 3 dot thing is wrong all-together. I believe thats a typo off my site. There is no such thing as .../ that I'm aware of :P

143 Jun 13, 2006 13:25

I'm having a problem with Firefox - when the user hits the back button after entering an incorrect code, Firefox displays the original graphic (which is now the wrong code!) instead of calling authimage.php again.

Seemingly Firefox is ignoring the cache-control header, but it seems to be working fine in IE - any ideas anyone?

144 Jun 16, 2006 17:43

thanks alot. i hope no more spam in my site.

*aaaa, those spam bots can read the numbers. :( . i guess i have to modify some parts abit.

145 Jun 17, 2006 06:14

the path to the font from your blog should be:

./authimage.php

Thanks for the slash/dot lesson :D I tried putting in the ./ and it didn't work, so I tried the ../ and that didn't work either. Since that actual bit of code resides in the /skins/_feedback.php file, I thought perhaps i needed to use the ../ . Anyway since neither worked, now that i understand the whole dot/slash stuff I just put in the full path in the right spot and IT WORKED!

147 Jun 20, 2006 15:54

Is anyone else finding spammers defeating Captcha? For the first time in a while I got hit with about 100 pieces of test spam on my Captcha enabled blog.

Are they using character recognition? Do you think rotating the fonts might help? The arms race continues.

148 Jun 30, 2006 09:29

Captcha "word" was defeated a long time ago, but there are few blogs being targeted by anti-WordCaptcha yet. I get a few but not much (usually useless spams that goes :IAM: :GOOGLE: :YADDA YADDA: :JPASOFJPAS:) unlike the trackbacks.

There is a new version of Captcha, the MATH-Captcha as I call it. I haven't seen a single script yet out there for the MATH-Captcha, the use of it is very low still, so maybe that explains why no one is offering a free script for it.

:)

149 Jul 05, 2006 03:52

Hi everyone- I've just upgraded my b2evo to version 0.9.2 and found the instructions for installing captcha. I installed it, and it appears correct on the comments form, but it keeps coming back as a 404 error page when I hit 'send comment' whether I put in the right numbers or the wrong. I've been through the script and can't find where it might be calling a page incorrectly and I've been through this thread and I can't find where anyone else has run into this. I'm sure it's something simple and I'm just being a blockhead so I would really appreciate any help with this as I'd like to be able to allow comments with this version (I had just totally removed the comments area from the last version so that no one could leave them- human or bot).

Here is my blog page:
http://www.oddsandinsonline.com/blog
authimage and the font are both installed directly into the /blog/ directory (this is where my default.php file is)
comment_post is as defined in the instructions
I did have to play with the code a bit in /skins/_feedback.php (and hardcoded the call for authimage just in case):

{ // User is not logged in: 
					?>
					<input type="checkbox" class="checkbox" name="comment_cookies" value="1" checked tabindex="7" id="comment_cookies" /> <label for="comment_cookies"><?php echo T_('Remember me') ?></label> <span class="notes"><?php echo T_('(Set cookies for name, email &amp; url)') ?></span>
					<?php 
				} ?>
<p>
<input type="text" name="code" id="code" value="<?php echo ""; ?>" size="28" tabindex="4" />
          <label for="code"><br><?php echo T_("In the box above, enter this code: "); ?><br></label>
          <img src="http://www.oddsandinsonline.com/blog/authimage.php?type=image" width="155" height="50" alt="authimage" class="authimage" />
<br>
Please enter the verification code from the image above into the entry area before clicking on Send comment.  
<b>Note:</b> if your comment IS rejected you MUST REFRESH the page before trying to submit again!
</p>
				</div>
			</fieldset>
	
			<fieldset>
				<div class="input">
					<input type="submit" name="submit" class="submit" value="<?php echo T_('Send comment') ?>" tabindex="8" />
				</div>
			</fieldset>
		
			<div class="clear"></div>
		
		</form>

I hope someone can help- the only other thing I can think of is that there is an error in the actual upgrade code calling a .php rather than in the captcha code and if that's it I'm having a hard time finding it.

150 Jul 05, 2006 04:21

I've only spent 5 seconds looking at this so apologies if this sounds stupid (it's also 3:30 am).

The action of your form is set to: http://www.oddsandinsonline.com/blog/htsrv231/spam_sucks.php which doesn't seem to exist.

In otherwords it may be f**k all to do with captcha - your commentors aren't being REdirected to a missing page, that's just where the form's pointing - is it not?

151 Jul 05, 2006 04:56

You're absolutely right- and now my htsrv folder is behaving poorly on me so I can't even tell if it's fixed- at least I know it's not captcha so that gives me somewhere to start- thank you!

ETA: I was able to source the error the access error this morning (my .htaccess file which I had changed according to a recommendation in the manual) and after removing that call and reuploading the appropriate files it works perfectly- thanks again, a fresh pair of eyes was just what was needed!

152 Aug 15, 2006 04:31

Just wanted to say thanks for this code which works great!
I had to modify the code because of the path of the files, but now it's ok

One think though: for a while, the image captcha wouldn't show except for one of my skins : it seems that dreamweaver had somewhat corrupted the altered authimage.php file, I just copied it again from the skin where it was working and it was all good again :) (but before I understood that I thought I would go crazy :lol: )

Just in case someone had the same problem!

Thanks again!

153 Sep 27, 2006 19:04

##edited below##

I followed the instructions to the "T" I am using the newest v. 1.8.2 ("stable", installed 2 days ago) I can't see the box with the code in it. I can see the "copy code here" text box however. When I put numbers (random) I don't get the default "Error, go back and try again" page, I get a "code error on line __" and that line number isn't where I installed the code.

in my htsrv/comment_post.php file it doesn't say:

require_once( dirname(__FILE__) . '/../b2evocore/_main.php' );

mine says:

require_once dirname(__FILE__).'/../conf/_config.php';

thats a direct copy-paste from the file ("before") should this matter?

what am I doing wrong?

##Edited##

Ok I got the image to show (removed the 3rd dot on the <img src=" .../../ that is on your tutorial) but I am getting the error

Fatal error: Call to undefined function: errors_add() in /blog/htsrv/comment_post.php on line 115

that line 115 says this:

errors_add( T_('Error: You have not entered the correct authorization code.') );

I have tried playing around with it but not knowing php I am at a loss...?

here is a url:

http://tunnel13.com/blog/index.php?title=kitchen_remodeling_iv&more=1&c=1&tb=1&pb=1#comments

###EDIT 2####
ok I finally got the error to go away (I had to change errors_add to $message->add, I get the default "you did not enter the correct code" only I get it after corectly adding the correct code. I have refreshed page, cleared cache, zip, won't let be post comment even when correct code is added...

154 Sep 28, 2006 05:45

I gave up. I found the new "Captcha 1.8.2" plugin for said v., installed it in the plugin folder, made a few personal settings adjustments, viola!

I still would like to know how to fix my problem as mentioned above because that is how I learn. perhaps it just needs some tweaking from it's creator for the v. 1.8.2? Thanks :lol:

155 Sep 28, 2006 11:39

the hack on my site isnt written for 1.8 -- thats the ultimate source of any errors.


Form is loading...