Utter Randomness

Stop torchering yourself. I’ve done this too many times, and I think it’s time to shed a little light into the web design world. Do you have experience with php? If you do, I heavily suggest  you create a system similar to mine.

The gist: You have a php include file with a bunch of functions to echo content. Then, once you’ve created a template php file with all of the functions in the correct places echoing the correct stuff, create the site.

Why? Let’s say you find a template you like, or just make a mistake in your custom edited template php/html file. Now, it turns out that 8 hours later you discover that you made a mistake and you’ll have to redo all of those dozens of pages. Or maybe you’re like me and just want to keep adding navigation links left and right – then remembering that you’ll have to redit and reupload every single file.

You get the idea. Here’s what one of my sites looks like:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37

<?php
require_once("page.php");
?>
<html>
<link href="main.css" rel="stylesheet" type="text/css">
<head>
<title>
 
</title>
</head>
<body>
<?php logo(); ?>
<div id="wrap">
 
<?php menu(); ?>
	<div id="container">
<?php sidebar(); ?>
	<div id="mainbox">
		<div id="text">
			<div id="midbar">
				<div id="midbartxt">
					Text
				</div>
			</div>
			<div id="midbaritm">
				<div id="text">
					Some text
				</div>
			</div>
		</div>
	</div>
	</div>
 
</div>
<?php footer(); ?>
</body>
</html>

You can see how this is working, right? Well here’s what the page.php file looks like anyway

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33

<?php
 
function logo() {
	echo '<div id="logo">Logo</div>';
}
 
function menu() {
echo <<<EOF
<div id="menu">
 <div id="link">Hello
 <div id="link">Hello again
</div>
EOF;
 
}
 
function sidebar() {
echo <<<EOF
<div id="sidebar">
		<div id="text">
		Ello
		</div>
</div>
EOF;
}
 
function footer() {
echo <<<EOF
<div id="copy">&copy; their respective owners.</div>
EOF;
}
 
?>

Seeing the potential benefits yet? Yes? Then go spread the word and implement something like this yourself. It is such a headache to manually edit every single page all over again just to add another navigation link. Just edit page.php or something similar and have the changes appear across all pages.

- You’re welcome.

As mentioned in a previous post, I’m being spammed and hard. Phpbb3’s captcha has been broken, and I needed a fix. With phpbb.com down due to unrelated problems, I set off to create my own captcha.

In this post, I will walk you through the steps of modifying the captcha to display a math problem (addition). If you have the brains/guts, you can easily modify this to make it more secure, do subtraction, and make the text harder to read by bots – but the fact is, this is currently a unique system. There’s no need to change the text to anything fancy at the moment.

Where do we start? The most obvious is to decide your target areas.
Backup all files before proceeding.

Changing the captcha in guest chat sections
All of the changes we’ll be doing in this section center around posting.php, which is in the root directory.

Let’s start off by changing the line that displays the captcha image.
Find this line:

1

'CONFIRM_IMAGE'				=> '<img src="' . append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=confirm&amp;id=' . $confirm_id . '&amp;type=' . CONFIRM_POST) . '" alt="" title="" />',

And change it to this:

1

'CONFIRM_IMAGE' => '<img src="'.$phpbb_root_path.'conf.'.$phpEx.'?s1='.$seed.'&s2='.$seed2.'">',

Because we’re not using the default captcha anymore, go ahead and delete the following lines:

1

$seed -= 0x7fffffff * floor($seed / 0x7fffffff);

Alrighty, now we want to generate 2 random numbers between 1 and 5 for the user to add together, so he can easily do it without being annoyed.

Find this line:

1

$seed = hexdec(substr(unique_id(), 4, 10));

and change it to

1

$seed = rand(1,5);

And after that line, add the following two lines:

1
2

$seed2 = rand(1,5);
$seed3=$seed+$seed2;

Now scroll down a bit until you find the $sql variable. Change the code and seed lines to these:

1
2

'code'			=> (string) $seed3,
'seed'			=> (int) $seed3)

Now we have the SUM of $seed and $seed2 stored in the database in the spot previously held by phpbb’s captcha. This is so we don’t have to muck around changing the database. (Note here: If it doesn’t work you may need to go in with phpmyadmin and change the confirm table to be unsigned).

What do we have so far? We have the sum of two values stored in a database, and the captcha image changed to a custom value. The form should also be able to check if the value is correct without further changes.

The captcha generator
Create a new file and name it conf.php. Paste this into the file:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16

<?php
	$img = imagecreate(250, 32);
	$background_color = imagecolorallocate($img,222,190,148);
	$black = imagecolorallocate($img, 0, 0, 0);
	$str = "";
	if(!isset($_REQUEST['s1']) || !isset($_REQUEST['s2'])) {
		$str=" Error. Please refresh page.";
	} else {
		$str="What is ".$_REQUEST['s1']." + ".$_REQUEST['s2']."?";
	}
	// 12 is font
	imagestring($img,12,0,0,$str,$black);
	header('Content-type: image/gif');
	imagegif($img);
	imagedestroy($img);
?>

This will take 2 get parameters and simple say “What is X + Y”. Save this file into your root install folder, where posting.php is. Change the $background_color to your own preferences; currently it is a tannish color to fit into the theme of my site.

Now just upload the files to your server (remember: backup if you haven’t already), and hopefully all will be working well.

Live PHP image creation demo: http://kingoflands.com/forum/conf.php?s1=Phpbb&s2=Captcha

If you have any problems, post a comment. I created this captcha system yesterday and I’m hoping I included everything I did in it.

- Adding this to the registration page is yet to be added.

Over the last week, me and many others with phpbb3 forums have been pounded with spam. Same old, trying to sell meds. This is occurring on the registration page and guest chat sections. For registration, they simply put a link to their drug selling site in their profile and never post. In the guest chat section, they write out spam posts.

What’s causing this? A cracked (able to be solved by bots) captcha. Being the geek that I am, I changed the captcha system to something completely different – and the spam dropped dead. I haven’t yet put the new captcha on the registration page, and surprise surprise, I’m still getting spam registrations. This is almost definitely a bot.

Voice your thoughts on this, want a solution? I may give some starting points if I get comments requesting an example. Otherwise, just try out google.