Version: 0.9, by kh99
Developer Last Online: Sep 2020
Category: Miscellaneous Hacks -
Version: 4.2.x
Rating:
Released: 03-18-2015
Last Update: Never
Installs: 30
Uses Plugins Auto-Templates
Re-useable Code Translations
No support by the author.
What is it?
----------------------------
This mod adds human verification to login, after a selectable number of failures (strikes).
Why would I want this? Users will hate it.
----------------------------
The idea is that attempts at account hacking by guessing passwords will fail if they are automated and not expecting the HV input. This will reduce the number of guesses per lockout period, and also since an incorrect or missing HV response does not count as a strike, your users will not get "lockout" emails. You can configure the mod so that HV input isn't required until a certain number of failures, so most of the time users won't even notice. Also, many users probably use "Remember Me" and so will never notice.
Note: This hasn't been tested with Forum Runner, Tapatalk, or anything similar. The mod attempts to disable itself for Forum Runner and Tapatalk, but this hasn't been tested. If you install this mod and you use one those on your forum, you should test it (for example, try logging in with incorrect password 4 times and make sure it works if you enter the correct password the 5th time). Also, I will appreciate any reports of problems or success.
Thanks to woodmj for ideas and testing.
Installation:
----------------------------
1) Import the product XML file from the Product Manager.
2) Go to Settings > Human Verification Options (in the options, not the human verification manager) to enable and configure.
You can select a different type of HV than you are using for other actions. For example, you might use some type of captcha for registration, but use Q&A for login. Note that you still have to use the Human Verification Manager to configure each type. So if you want to use Q&A for login, you would have to temporarily select it in the HV Manager to configure your questions. You can then re-select a different HV type for other actions if desired.
3) Test the mod in each of your styles. There is a field in the options for an ip address, and if this is filled in, the HV will only be active for that ip address, allowing testing without affecting other users. You can then clear the field when you are done testing.
Testing each style is important because the mod attempts to insert the HV template automatically, but if it can't (if you have custom styles for example) the mod will still be expecting the HV answer to be submitted, which will result in login failures. If this happens, the mod can still be used by manually editing the STANDARD_ERROR and mobile_login templates and inserting {vb:raw kh99_login_hv} after the password field.
OK I fixed the problem. I was using Keycaptcha and for some weird reasons, the captcha wasn't showing on login page.
I used the browser console as suggested Dave to see what was going on, and the fact that my website was using SSL was blocking the loading of a captcha script (mixed content).
So for those using Keycaptcha, edit the class_humanverify_keycaptcha.php file and replace the http with https and that should work fine
Human Verification on Login Details »»
About Developer
Uses Plugins 
No support by the author.
01-19-2020, 12:54 PM
