Miscellaneous Hacks - reCAPTCHA!vB

THIS MODIFICATION SHOULD NOT BE USED WITH VBULLETIN 3.7+ AS IT IS A DEFAULT FEATURE.

Keywords: reCAPTCHA, CAPTCHA, spam, register

Description:
This modification will replaced the default vBulletin registration CAPTCHA with the newer, more advanced reCAPTCHA.

What is CAPTCHA/reCAPTCHA?:
A CAPTCHA is a program that can tell whether its user is a human or a computer. You've probably seen them ? colorful images with distorted text at the bottom of Web registration forms. CAPTCHAs are used by many websites to prevent abuse from "bots," or automated programs usually written to generate spam. No computer program can read distorted text as well as humans can, so bots cannot navigate sites protected by CAPTCHAs.

About 60 million CAPTCHAs are solved by humans around the world every day. In each case, roughly ten seconds of human time are being spent. Individually, that's not a lot of time, but in aggregate these little puzzles consume more than 150,000 hours of work each day. What if we could make positive use of this human effort? reCAPTCHA does exactly that by channeling the effort spent solving CAPTCHAs online into "reading" books.

To archive human knowledge and to make information more accessible to the world, multiple projects are currently digitizing physical books that were written before the computer age. The book pages are being photographically scanned, and then, to make them searchable, transformed into text using "Optical Character Recognition" (OCR). The transformation into text is useful because scanning a book produces images, which are difficult to store on small devices, expensive to download, and cannot be searched. The problem is that OCR is not perfect.



reCAPTCHA improves the process of digitizing books by sending words that cannot be read by computers to the Web in the form of CAPTCHAs for humans to decipher. More specifically, each word that cannot be read correctly by OCR is placed on an image and used as a CAPTCHA. This is possible because most OCR programs alert you when a word cannot be read correctly.

But if a computer can't read such a CAPTCHA, how does the system know the correct answer to the puzzle? Here's how: Each new word that cannot be read correctly by OCR is given to a user in conjunction with another word for which the answer is already known. The user is then asked to read both words. If they solve the one for which the answer is known, the system assumes their answer is correct for the new one. The system then gives the new image to a number of other people to determine, with higher confidence, whether the original answer was correct.

Currently, we are helping to digitize books from the Internet Archive.

[hr]-[/hr]
Installation:

1. Download and unzip the recaptcha101.zip archive.
2. Upload the functions_recaptcha.php to your /includes/ directory.
3. Import the product-recaptcha.xml via the Product Manager.
4. Obtain a FREE public and private reCAPTCHA key here.
5. Make any desired configuration changes via AdminCP > vBulletin Options > reCAPTCHA Options
6. Make a backup of your register.php file, located in your forum root.
7. Perform ONE (1) of the following methods:
   • Method A:
     • Download the register-patch.zip archive, extract, then upload the register.patch file to your forum root, then apply the patch:
       
       *Note: Please note that this method requires a basic understanding of UNIX shell commands and requires shell access to your host. If you do not have either of these or you are unsure how to use GNU patch, I highly suggest performing Method B instead)
       
       
       Code:

       # patch -b register.php < register.patch

       This will perform the file edits automatically. Once finished, you may delete the register.patch file.
   • Method B:
     Perform the following simple file edits:
     • IN register.php:
       1. FIND:
          
          PHP Code:

          eval('$imagereg = "' . fetch_template('imagereg') . '";'); 

          REPLACE WITH:
          
          PHP Code:

          $imagereg = recaptcha_get_html($vbulletin->options['recaptcha_publickey'], $error); 

       2. FIND AND REMOVE:
          
          PHP Code:

                          'imagestamp'          => TYPE_STR,
                'imagehash'           => TYPE_STR, 

       3. FIND:
          
          PHP Code:

                  // Check Reg Image
        if ($vbulletin->options['regimagecheck'] AND $vbulletin->options['regimagetype'])
        {
                require_once(DIR . '/includes/functions_regimage.php');
                if (!verify_regimage_hash($vbulletin->GPC['imagehash'], $vbulletin->GPC['imagestamp']))
                {
                        $userdata->error('register_imagecheck');
                }
        } 

          REPLACE WITH:
          
          PHP Code:

                  // Check Reg Image
        if ($vbulletin->options['regimagecheck'] AND $vbulletin->options['regimagetype'])
        {
                $resp = recaptcha_check_answer ($vbulletin->options['recaptcha_privatekey'],
                                                $_SERVER["REMOTE_ADDR"],
                                                $_POST["recaptcha_challenge_field"],
                                                $_POST["recaptcha_response_field"]);

                if (!$resp->is_valid)
                {
                        $userdata->error('register_imagecheck');
                }
        } 


NOTE: YOU MAY ALSO REPLACE THE CAPTCHA DISPLAYED TO GUESTS WHEN USING THE "CONTACT US" FORM BY FOLLOWING THE INSTRUCTIONS HERE.

[hr]-[/hr]
Tips, tricks and modifications:

• Apply "Method A" without shell access (DOCTOR DAN)
• Restore "image verification" frame around reCAPTCHA panel (DOCTOR DAN)

[hr]-[/hr]
Comments:
As with all my hacks, this modification is provided free of charge. However, if you find this product useful and have money burning a hole in your pocket, feel free to make a small donation, I won't mind.. really.

Version History:

• 1.0.0 - Initial release, here's to hoping...
• 1.0.1 - Woops! Forgot to include a aesthetic template edit in the original release. All is well, simply redownload and overwrite the XML. That's it!
• 1.1.0 - Added alternate language support. Now various reCAPTCHA tags and text will be displayed in your selected language. Also added a fieldset to the automatic template edits around the display block for a more uniform look (thanks DOCTOR DAN!).

Currently Known Bugs:

• None

* Please note that this modification was developed on a forum with a userbase of 1 (myself). I've tested it for basic functionality but I cannot guarantee functionality or behavior on your forum. So, please -- make backups before installing this product!

[magnus]

Quote:

Originally Posted by Boofo

You mean it's missing in this line, not the other one:

Code:

$resp = recaptcha_check_answer ($vbulletin->options['recaptcha_privatekey'],

No, I mean it's missing from the line I originally mentioned. I highlighted the missing bracket in red.

On a side note, this was months ago and the user found and corrected the problem immediately following. I see no reason to bring it back up.

[Boofo]

The only reason I commented was I didn't see a beginning bracket on that line you highlighted the bracket in, in case someone runs in to the same problem later. Since it is your thread, I will let your attitude slide this time and be on my way.

[magnus]

Uh, excuse me?

I don't see what you're letting me "slide" on -- you posted up information implied as a correction to a post of mine, which helped the user solve his problem, that didn't need any correction. Nevermind the fact that the post was 5+ months old and hasn't had a single question, clarification or comment made towards it until you brought it up.

Why couldn't you have simply hit the post button after your first sentence? Was the second sentence really necessary? What does it add to the topic? How does it benefit the conversation or thread? I don't understand, instead of simply stating you only skimmed and overlooked the detail in question you become defensive and act as if you were going to drop the wrath of God on me but instead decided to grant me a reprieve.

I'm not trying to pick a fight. I'm simply trying to figure out what rule I've broken that you're going to let me slide on "this time". I try to keep the information in my threads factual, so when someone has a problem they can find a fix easily (if available).

Feel free to delete this post as well as the 3 before it.

[Doctor Dan]

Quote:

Originally Posted by magnus

Thanks, Dan! I've linked your tips in the first post.

My pleasure.

Thank YOU for this very useful vBulletin reCAPTCHA integration! The problem with the standard vB CAPTCHA is that with all the options activated, it frequently generates images which people can't even read.

I think that the most intriguing aspect of reCAPTCHA is that if an automated crack for the obfuscation technique emerges, the reCAPTCHA team at CMU designs a new one, and all sites which use reCAPTCHA are automatically updated.

- Dan

[zagman76]

Thanks magnus - this is an awesome mod!

[ChaosBurnt]

Thank you very very much magnus, your efforts are greatly appreciated.

*installed very happily*

[airaffair]

you guys should just do what I did and get rid of captcha all together by going with a session token ....only humans get in and they don't have to do the captcha interpretations ...which is always a negative requirement if you ask me..... just google this "session token instead of captcha" and you guys may find what you want....the down side of what I use is that it requires the users to have java script enabled....but hey, what site doesn't have some sort of java script in it these days right? =)

[magnus]

Session tokens aren't 100% secure. They're just an alternative method, it all boils down to preference. Either way, if you've already implemented session tokens in place of vB's CAPTCHA -- why not release it here on vB.org for the rest of the community?

[rsuplido]

Anyone modified search.php too? TIA.

[magnus]

Replacing any of vB's CAPTCHA with reCAPTCHA is pretty much the same across the board. By looking at the code changes for registration and contact us, you'll see the similarities.

I'll go ahead and whip up a search replacement in my free time and post it up here.