• Changing Phpbb3’s Captcha

    05 Feb 2009 /  Web Design 7 Comments

    As mentioned in a previous post, I’m being spammed and hard. Phpbb3’s captcha has been broken, and I needed a fix. With phpbb.com down due to unrelated problems, I set off to create my own captcha.

    In this post, I will walk you through the steps of modifying the captcha to display a math problem (addition). If you have the brains/guts, you can easily modify this to make it more secure, do subtraction, and make the text harder to read by bots – but the fact is, this is currently a unique system. There’s no need to change the text to anything fancy at the moment.

    Where do we start? The most obvious is to decide your target areas.
    Backup all files before proceeding.

    Changing the captcha in guest chat sections
    All of the changes we’ll be doing in this section center around posting.php, which is in the root directory.

    Let’s start off by changing the line that displays the captcha image.
    Find this line:

    1

    'CONFIRM_IMAGE'				=> '<img src="' . append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=confirm&amp;id=' . $confirm_id . '&amp;type=' . CONFIRM_POST) . '" alt="" title="" />',

    And change it to this:

    1

    'CONFIRM_IMAGE' => '<img src="'.$phpbb_root_path.'conf.'.$phpEx.'?s1='.$seed.'&s2='.$seed2.'">',

    Because we’re not using the default captcha anymore, go ahead and delete the following lines:

    1

    $seed -= 0x7fffffff * floor($seed / 0x7fffffff);

    Alrighty, now we want to generate 2 random numbers between 1 and 5 for the user to add together, so he can easily do it without being annoyed.

    Find this line:

    1

    $seed = hexdec(substr(unique_id(), 4, 10));

    and change it to

    1

    $seed = rand(1,5);

    And after that line, add the following two lines:

    1
2

    $seed2 = rand(1,5);
$seed3=$seed+$seed2;

    Now scroll down a bit until you find the $sql variable. Change the code and seed lines to these:

    1
2

    'code'			=> (string) $seed3,
'seed'			=> (int) $seed3)

    Now we have the SUM of $seed and $seed2 stored in the database in the spot previously held by phpbb’s captcha. This is so we don’t have to muck around changing the database. (Note here: If it doesn’t work you may need to go in with phpmyadmin and change the confirm table to be unsigned).

    What do we have so far? We have the sum of two values stored in a database, and the captcha image changed to a custom value. The form should also be able to check if the value is correct without further changes.

    The captcha generator
    Create a new file and name it conf.php. Paste this into the file:

    1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16

    <?php
	$img = imagecreate(250, 32);
	$background_color = imagecolorallocate($img,222,190,148);
	$black = imagecolorallocate($img, 0, 0, 0);
	$str = "";
	if(!isset($_REQUEST['s1']) || !isset($_REQUEST['s2'])) {
		$str=" Error. Please refresh page.";
	} else {
		$str="What is ".$_REQUEST['s1']." + ".$_REQUEST['s2']."?";
	}
	// 12 is font
	imagestring($img,12,0,0,$str,$black);
	header('Content-type: image/gif');
	imagegif($img);
	imagedestroy($img);
?>

    This will take 2 get parameters and simple say “What is X + Y”. Save this file into your root install folder, where posting.php is. Change the $background_color to your own preferences; currently it is a tannish color to fit into the theme of my site.

    Now just upload the files to your server (remember: backup if you haven’t already), and hopefully all will be working well.

    Live PHP image creation demo: http://kingoflands.com/forum/conf.php?s1=Phpbb&s2=Captcha

    If you have any problems, post a comment. I created this captcha system yesterday and I’m hoping I included everything I did in it.

    - Adding this to the registration page is yet to be added.

    Posted by Matt @ 9:54 pm

    Tags: , ,

7 Responses

WP_Blue_Mist

Leave a Comment

Please note: Comment moderation is enabled and may delay your comment. There is no need to resubmit your comment.