Go Back   vb.org Archive > vBulletin Modifications > vBulletin 4.x Modifications > vBulletin 4.x Add-ons

Reply
 
Thread Tools
[BetoPho] reCaptcha v3 Login Integration Details »»
[BetoPho] reCaptcha v3 Login Integration
Version: 1.1.0, by BetoPho BetoPho is offline
Developer Last Online: Nov 2023 Show Printable Version Email this Page

Category: Anti-Spam Options - Version: 4.2.5 Rating:
Released: 07-03-2019 Last Update: 07-05-2019 Installs: 33
Supported Uses Plugins Template Edits Auto-Templates
 

There are several requests to make this around the forum, so I guess I would contribute one.

Product Information
Provide reCaptcha intergration for vBulletin 4's login process that can check for bots or unsafe traffics using Google's famous reCaptcha engine.

Main Features
  • Ultilizing reCaptcha v3 advantages: invisible checks that can determine how safe a user/traffic is, from very likely human to very likely bot, using reCaptcha's 'score' system.
  • Performing specific actions to unsafe users/traffics, reject the login or redirect to another URL.
  • Bad traffic users captured by the product will just be displayed with an invalid login screen.
  • Ability to exclude users that won't be checked by reCaptcha.
  • Lightweight and easy to configure.
  • Simple installation: Install - Get reCaptcha keys - Configure the action - Done.

Future Versions Planning
  • Expanding integration with other forum sections, like thread/post posting, PM, album, etc.
  • Expanding integration with other activities, like register, search, page viewing, etc.
  • Combining suport with reCaptcha v2, adding additional layer of human verification, for example, only when reCaptcha v3 detected likely unsafe traffic, verification form from v2 will show for the user to verify.
  • Admincp Dashboard to view all failed login attemps captured by reCaptcha.
  • Support for vBulletin 3 & 5.
  • You name it.

Details
  • Files upload: none
  • Plugins: 6
  • Templates: 3 (2 templates, 1 CSS template)
  • Phrases: 2

Instructions
  1. (Preparation) Have your reCaptcha v3 keys ready first. reCaptcha homepage.
  2. Import the product XML file using Product section.
  3. Go to Options > [BetoPho] reCaptcha Integration.
  4. Insert the keys first (this product won't work without the keys).
  5. Configure and start using.

Additional Instructions
  1. To check if automatic template works, after putting the keys and configuring everything, view the homepage source (with the login form) as a Guest user and search for this code:
    HTML Code:
    <input type="hidden" name="btp_rcaptcha_response" id="btp_rcaptcha_input">
    If found, it's good. If not found, it means you are using modified templates/style.
  2. In case it's not found, modify the template with the login form (usually 'header' template, might be other one depends on your style), search for the login form:
    HTML Code:
    action="login.php?do=login"
    When found, insert the product code in the #1 section into anywhere inside of the form. For example, it will look like this:
    Code:
    <form id="navbar_loginform" action="login.php?do=login" method="post" (other codes...)>
    ...
    <input type="hidden" name="btp_rcaptcha_response" id="btp_rcaptcha_input">
    ...
    </form>
    Then it will work.

Let me know if you have any questions or suggestions.
Thank you

Changelog
1.0.0 - Jul 05 2019
  • Initial Release
1.1.0 - Jul 07 2019
  • Fix Admincp/Modcp locked out issue
  • Cleaning up codes and preparation for additional features

Download Now

File Type: xml product-btp_rcaptcha_v1.1.0.xml (14.0 KB, 255 views)

Screenshots

File Type: jpg btp_rcaptcha_screenshot_options.jpg (122.4 KB, 0 views)

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.
3 благодарности(ей) от:
Hostboard, TAIFUN_T, z3r0

Comments
  #2  
Old 07-04-2019, 04:48 PM
BetoPho BetoPho is offline
 
Join Date: Nov 2014
Posts: 18
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Issues
  • Being locked out from logging into Admincp/Modcp
    This issue is fixed since v1.1.0.
Reply With Quote
  #3  
Old 07-04-2019, 11:35 PM
Gadget_Guy Gadget_Guy is offline
 
Join Date: Jun 2010
Posts: 271
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Thanks! Been waiting for this!

D
Reply With Quote
  #4  
Old 07-05-2019, 12:24 AM
stangger5's Avatar
stangger5 stangger5 is offline
 
Join Date: Jan 2005
Location: Online
Posts: 1,130
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Thanks!!
Reply With Quote
  #5  
Old 07-05-2019, 09:17 PM
Gadget_Guy Gadget_Guy is offline
 
Join Date: Jun 2010
Posts: 271
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I am having an issue with this installed now.

My admincp login doesn't work anymore and I am locked out of my site.

Any idea how I can manually revert the plug-in?

D
Reply With Quote
  #6  
Old 07-05-2019, 10:31 PM
BetoPho BetoPho is offline
 
Join Date: Nov 2014
Posts: 18
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Gadget_Guy View Post
I am having an issue with this installed now.

My admincp login doesn't work anymore and I am locked out of my site.

Any idea how I can manually revert the plug-in?

D
You can edit config.php, add this line to globally disabling all plugins:

PHP Code:
define('DISABLE_HOOKS'1); 
After that, login into your Admincp, please whitelist yourself by putting your user ID into the Excluded users field. Then remove that line again to re-enable the plugins.

Can you let me know on which steps you did that made you being locked out of the Admincp?
Reply With Quote
  #7  
Old 07-06-2019, 12:21 PM
Gadget_Guy Gadget_Guy is offline
 
Join Date: Jun 2010
Posts: 271
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Thanks,

I was able to disable the plugins, disable, and got the site back to normal.

All I did was add the plug-in, then whenever I tried to log in to adminCP it wouldn't accept my password and it locked my account out from number of failed attempts.

No matter what I did, it wouldn't let me log in.

Question: What I am not understanding is how your implementation is intended to work. it doesn't add itself as a human verification for registration?

D
Reply With Quote
  #8  
Old 07-06-2019, 04:00 PM
BetoPho BetoPho is offline
 
Join Date: Nov 2014
Posts: 18
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

You can download the latest version, v1.1.0 and update the product, it will fix the issue.

Quote:
Originally Posted by Gadget_Guy View Post
Question: What I am not understanding is how your implementation is intended to work. it doesn't add itself as a human verification for registration?
The main concept of this product is to prevent brute force password attack and any kind of non-human automatically trying to login via the HTML form.

Currently, vBulletin's Human Verification system only supports these type of actions: Register, Post, Search, Contact Us, and Recover Lost Password. So there won't be a way to hook Login action using vBulletin hook system.

For your question, here is the full process of how this product works:
  1. User logging in;
  2. The product captures reCaptcha check value from the login form and send to Google server;
  3. Google checks and return the 'score' value to the product;
  4. If the score is less than the defined 'human' score, we assume this is either not human or an unsafe traffic;
  5. Do the provided actions (eg. redirect them to another URL).

So when the user is treated like a bot, even if the username/password combination is correct, their login will be rejected and being sent to another URL (if you choose that), making the board a little bit safer.
Reply With Quote
  #9  
Old 07-07-2019, 11:15 PM
Gadget_Guy Gadget_Guy is offline
 
Join Date: Jun 2010
Posts: 271
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Thanks for the explanation.

I like what you did.

I will try the updated version later this week when I can make sure I have time to test.

Much appreciated.

D
Reply With Quote
  #10  
Old 07-28-2019, 10:34 AM
dknelson dknelson is offline
 
Join Date: Oct 2004
Posts: 412
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I just installed it this morning. Trying about everything I can. My forum has been running for well over 10 years and though I've had the occasional registration spam, it exploded about 2 3 days ago and I've had well over a thousand since them. Hope this helps.
Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 11:09 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04720 seconds
  • Memory Usage 2,326KB
  • Queries Executed 26 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)bbcode_code
  • (2)bbcode_html
  • (1)bbcode_php
  • (2)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (4)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (10)post_thanks_box
  • (3)post_thanks_box_bit
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit
  • (10)post_thanks_postbit_info
  • (9)postbit
  • (2)postbit_attachment
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_attachment
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete