Miscellaneous Hacks - reCAPTCHA!vB

THIS MODIFICATION SHOULD NOT BE USED WITH VBULLETIN 3.7+ AS IT IS A DEFAULT FEATURE.

Keywords: reCAPTCHA, CAPTCHA, spam, register

Description:
This modification will replaced the default vBulletin registration CAPTCHA with the newer, more advanced reCAPTCHA.

What is CAPTCHA/reCAPTCHA?:
A CAPTCHA is a program that can tell whether its user is a human or a computer. You've probably seen them ? colorful images with distorted text at the bottom of Web registration forms. CAPTCHAs are used by many websites to prevent abuse from "bots," or automated programs usually written to generate spam. No computer program can read distorted text as well as humans can, so bots cannot navigate sites protected by CAPTCHAs.

About 60 million CAPTCHAs are solved by humans around the world every day. In each case, roughly ten seconds of human time are being spent. Individually, that's not a lot of time, but in aggregate these little puzzles consume more than 150,000 hours of work each day. What if we could make positive use of this human effort? reCAPTCHA does exactly that by channeling the effort spent solving CAPTCHAs online into "reading" books.

To archive human knowledge and to make information more accessible to the world, multiple projects are currently digitizing physical books that were written before the computer age. The book pages are being photographically scanned, and then, to make them searchable, transformed into text using "Optical Character Recognition" (OCR). The transformation into text is useful because scanning a book produces images, which are difficult to store on small devices, expensive to download, and cannot be searched. The problem is that OCR is not perfect.



reCAPTCHA improves the process of digitizing books by sending words that cannot be read by computers to the Web in the form of CAPTCHAs for humans to decipher. More specifically, each word that cannot be read correctly by OCR is placed on an image and used as a CAPTCHA. This is possible because most OCR programs alert you when a word cannot be read correctly.

But if a computer can't read such a CAPTCHA, how does the system know the correct answer to the puzzle? Here's how: Each new word that cannot be read correctly by OCR is given to a user in conjunction with another word for which the answer is already known. The user is then asked to read both words. If they solve the one for which the answer is known, the system assumes their answer is correct for the new one. The system then gives the new image to a number of other people to determine, with higher confidence, whether the original answer was correct.

Currently, we are helping to digitize books from the Internet Archive.

[hr]-[/hr]
Installation:

1. Download and unzip the recaptcha101.zip archive.
2. Upload the functions_recaptcha.php to your /includes/ directory.
3. Import the product-recaptcha.xml via the Product Manager.
4. Obtain a FREE public and private reCAPTCHA key here.
5. Make any desired configuration changes via AdminCP > vBulletin Options > reCAPTCHA Options
6. Make a backup of your register.php file, located in your forum root.
7. Perform ONE (1) of the following methods:
   • Method A:
     • Download the register-patch.zip archive, extract, then upload the register.patch file to your forum root, then apply the patch:
       
       *Note: Please note that this method requires a basic understanding of UNIX shell commands and requires shell access to your host. If you do not have either of these or you are unsure how to use GNU patch, I highly suggest performing Method B instead)
       
       
       Code:

       # patch -b register.php < register.patch

       This will perform the file edits automatically. Once finished, you may delete the register.patch file.
   • Method B:
     Perform the following simple file edits:
     • IN register.php:
       1. FIND:
          
          PHP Code:

          eval('$imagereg = "' . fetch_template('imagereg') . '";'); 

          REPLACE WITH:
          
          PHP Code:

          $imagereg = recaptcha_get_html($vbulletin->options['recaptcha_publickey'], $error); 

       2. FIND AND REMOVE:
          
          PHP Code:

                          'imagestamp'          => TYPE_STR,
                'imagehash'           => TYPE_STR, 

       3. FIND:
          
          PHP Code:

                  // Check Reg Image
        if ($vbulletin->options['regimagecheck'] AND $vbulletin->options['regimagetype'])
        {
                require_once(DIR . '/includes/functions_regimage.php');
                if (!verify_regimage_hash($vbulletin->GPC['imagehash'], $vbulletin->GPC['imagestamp']))
                {
                        $userdata->error('register_imagecheck');
                }
        } 

          REPLACE WITH:
          
          PHP Code:

                  // Check Reg Image
        if ($vbulletin->options['regimagecheck'] AND $vbulletin->options['regimagetype'])
        {
                $resp = recaptcha_check_answer ($vbulletin->options['recaptcha_privatekey'],
                                                $_SERVER["REMOTE_ADDR"],
                                                $_POST["recaptcha_challenge_field"],
                                                $_POST["recaptcha_response_field"]);

                if (!$resp->is_valid)
                {
                        $userdata->error('register_imagecheck');
                }
        } 


NOTE: YOU MAY ALSO REPLACE THE CAPTCHA DISPLAYED TO GUESTS WHEN USING THE "CONTACT US" FORM BY FOLLOWING THE INSTRUCTIONS HERE.

[hr]-[/hr]
Tips, tricks and modifications:

• Apply "Method A" without shell access (DOCTOR DAN)
• Restore "image verification" frame around reCAPTCHA panel (DOCTOR DAN)

[hr]-[/hr]
Comments:
As with all my hacks, this modification is provided free of charge. However, if you find this product useful and have money burning a hole in your pocket, feel free to make a small donation, I won't mind.. really.

Version History:

• 1.0.0 - Initial release, here's to hoping...
• 1.0.1 - Woops! Forgot to include a aesthetic template edit in the original release. All is well, simply redownload and overwrite the XML. That's it!
• 1.1.0 - Added alternate language support. Now various reCAPTCHA tags and text will be displayed in your selected language. Also added a fieldset to the automatic template edits around the display block for a more uniform look (thanks DOCTOR DAN!).

Currently Known Bugs:

• None

* Please note that this modification was developed on a forum with a userbase of 1 (myself). I've tested it for basic functionality but I cannot guarantee functionality or behavior on your forum. So, please -- make backups before installing this product!

[magnus]

Quote:

Originally Posted by CeesT

Thanks Magnus, have just installed it and it works fine.

Only the local-language and color does not work in the 'sendmessage.php' (in register.php this works fine), it has default red-color and english language in sendmessage.php, can I change this somewhere in the code ?

And could you give a recipe what to change for implementing this in 'search.php' ?

To add support for themes/language in sendmessage.php, perform the following template edit:

In contactus:

FIND:

HTML Code:

			$imagereg

REPLACE WITH:

HTML Code:

			<script type='text/javascript'>	
				var RecaptchaOptions = {
					theme : '$vboptions[recaptcha_theme]',
					tabindex : $vboptions[recaptcha_tabindex],
					lang : '$vboptions[recaptcha_lang]'
				};
			</script>

			<fieldset class='fieldset'>
				<legend>$vbphrase[image_verification]</legend>
				$imagereg
			</fieldset>

That should do the trick.

I haven't done the code for search.php yet, it's on my list.

[CeesT]

Quote:

Originally Posted by magnus

That should do the trick.

That worked fine , thanks :up:

[Dr.H]

Hi I'm going to be trying to update my 3.5.4 forum to 3.7 beta but it will take a little while since all I have is ftp access and can't get ssh access from my host yet.
My question is.. is there any chance of this working with 3.5.4? I've turned off my registration until the upgrade but I have people hounding me to join so I wanted to have this security until the upgrade is done.

I looked at my register.php file and can't find:

Quote:

eval('$imagereg = "' . fetch_template('imagereg') . '";');

So I assume I'm out of luck?

[magnus]

Not necessarily. It may not be a quick install like with 3.6, however, with a bit of meddling I don't see why it would be all too difficult. Try searching for just "$imagereg =", see if that yields any results.

I'll see if I can download 3.5 later and run through register.php.

[Dr.H]

I tried searching the file for multiple parts of the line and no luck. It doesn't seem to contain the text. I will see if I can maybe do an upgrade to 3.6.8 before I start the beta.

[Nitro212]

uh is there a bug in the send message code? i was testing it after a few attempts of saying the words was wrong i refreshed and it sent the message.. i tried this a couple times after 2 or 3 bad attempts i refreshed and the message was sent :/

edit: actually if i leave the field empty it still sends it works fine for the register but not for the contatc us form

[magnus]

Quote:

Originally Posted by Nitro212

uh is there a bug in the send message code? i was testing it after a few attempts of saying the words was wrong i refreshed and it sent the message.. i tried this a couple times after 2 or 3 bad attempts i refreshed and the message was sent :/

edit: actually if i leave the field empty it still sends it works fine for the register but not for the contatc us form

Ah hah! You are correct. It was a simple typo on my part, sorry.

In sendmessage.php:

FIND:

PHP Code:

if ($resp->is_valid) 


REPLACE WITH:

PHP Code:

if (!$resp->is_valid) 


I modified the original post to reflect this change. Thanks for pointing it out!

[Jazzi]

Thanks for your work on this mod - it installed and operated exactly as it should do...

However, I've had to uninstall it again. Why? In my personal opinion it would massively reduce signups to my forum - given that 8 out of 10 of the captcha images are totally impossible to decipher, and the audio alternative almost as bad.

I'm fully aware that neither of these issues aren't your fault of course - it's just a shame that something so obviously brilliant is also so fundamentally flawed.

[invitezone]

I have successfully added this mod to my board so thankyouverymuch for this.

I was just wondering if it was possible to add the function to the board login as well?
Is this possible?

im am fairly new to vbulletin and editing code etc so if it is coulkd you tell me how to do it please.
Thanks very much

[magnus]

Yes, it could be added to the board login as well as anywhere else, however, that would require much more work than the scope of this modification was intended for. I'm not even sure there's appropriate custom hooks, so there may possibly be yet more file edits.

So, while yes it can be done, it's really not something I'm planning on implementing nor describing how to do in any great detail, sorry. You best bet would be asking around in Requests For Paid Services.