Blog and Contact form with CAPTCHA

mecano · 04-02-2010 22:42:20

Hallo members,

After a lot of spam I decide to make captcha in the mail form with success.

But now I want to preserve form data if user doesn't pass the CAPTCHA
so if visitors click on the send button with the wrong captcha verification code the form data have to stay! So they don't have to start all over again from the beginning with typing.
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
08-02-2010 find a solution
Update: form data will stay now
----------------------------------------------------------------------------------------------
I've looked into the code from hydex (Advanced contactform)
changed form values in data/modules/contactform/pages_site/contactform.php
like this:

value=\"\"

into

value=\"$name\"

The only thing is that the form is still filled with data after a successful submit (send)
to solve the problem, add after this line (contactform.php):

if (mail($email,$subject,"<html><body>$lang_contact3 $name<br>$lang_contact4 $sender<br>$lang_contact14 $phone<br>$lang_contact15 $mailsubject<br><br>Bericht:<br>$message <br><hr>$lang_contact17 <br>Ip: $ipadress_sender<br>$httpagent_sender</body></html>","From: $sender \n" . "Content-type: text/html; charset=utf-8")){
echo "$lang_contact8";

the following code (refresh page after 5 sec)

echo '<meta http-equiv="refresh" content="5;url=' . $_SERVER['HTTP_REFERER'] . '">';

or make a new page in Pluck admin something like:
Thank you for email, we will contact you (or what ever)

remember the url

example:
// change kop.9 into your thank you page in Pluck CMS
header("location:index.php?file=kop10.php");

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
end update
----------------------------------------------------------------------------------------------

Last edited by mecano (27-02-2010 11:38:28)

mecano · 06-02-2010 14:15:22

This will add reCAPTCHA to contact form PLUCK CMS, for the people who like test the captcha, attachment is included

edit:
02/24/2010 new download:
dowload: Contact form with reCAPTCHA

Note all downloads are modifications and can't be installed trough the Pluck admin back-end, use your favourite FTP program

Contact form with reCAPTCHA
contents:
modified php files
reCAPTCHA php v1.10
Contact form with reCAPTCHA.jpg
readme.txt

Custom theming

 // Theming reCAPTCHA
echo "<script type=\"text/javascript\">
		var RecaptchaOptions = { 
			lang : 'nl', 
			theme : 'blackglass',
			};
</script>";

more about Custom Theming can be found here
(see: Look & Feel Customization)

Changed files:
data/modules/contactform/pages_site/contactform.php
data/inc/lang/en.php
data/inc/lang/nl.php

Before you make any changes to the files make a backup

contactform.php code:

<?php
/* 
 * This file is part of pluck, the easy content management system
 * Copyright (c) somp (www.somp.nl)
 * http://www.pluck-cms.org
 * Pluck is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 
 * See docs/COPYING for the complete license.
*/

//Make sure the file isn't accessed directly
if((!ereg("index.php", $_SERVER['SCRIPT_FILENAME'])) && (!ereg("admin.php", $_SERVER['SCRIPT_FILENAME'])) && (!ereg("install.php", $_SERVER['SCRIPT_FILENAME'])) && (!ereg("login.php", $_SERVER['SCRIPT_FILENAME']))){
    //Give out an "access denied" error
    echo "access denied";
    //Block all other code
    exit();
}

//First get the recipient emailaddress
include("data/settings/options.php");
//Then include Translation data
include("data/settings/langpref.php");
include("data/inc/lang/en.php");
include("data/inc/lang/$langpref");
//Define some variables
$name = $_POST['name'];
$sender = $_POST['sender'];
$message = $_POST['message'];

## reCAPTCHA *08-02-2010 mecano ##
//Get the reCAPTCHA library
require_once('data/inc/lib/recaptchalib.php');

# reCAPTCHA keys these are /not/ real keys - you must replace them with your *own* keys
# obtained from http://recaptcha.net/api/getkey
$publickey = "6LcTCgAAAAAAgOdATOWSL66jRLL6ioPibkgMp"; //  PUBLIC_KEY :you got this from the signup page
$privatekey = "6LcTCgAAAAAAgOdATOWSL66jRLL6ioPibkgMp"; // PRIVATE_KEY :you got this from the signup page
 
// Theming reCAPTCHA --> http://recaptcha.net/apidocs/captcha/client.html
echo "<script type=\"text/javascript\">
		var RecaptchaOptions = { 
			lang : 'en', 
			theme : 'red',
			};
</script>";

//Then show the contactform
echo "<form method=\"post\" action=\"\" style=\"margin-top: 15px; margin-bottom: 15px;\"><div>
$lang_contact3 <br /><input name=\"name\" type=\"text\" value=\"$name\" /><br />
$lang_contact4 <br /><input name=\"sender\" type=\"text\" value=\"$sender\" /><br />
$lang_contact5 <br /><textarea name=\"message\" rows=\"7\" cols=\"45\" value=\"$message\" />$message</textarea><br />
$lang_captcha22 <br />";
// the reCaptcha box
echo recaptcha_get_html($publickey);
echo "<br /><input type=\"submit\" name=\"Submit\" value=\"$lang_contact10\" /><br />
</div></form>";

//If the the contactform was submitted
if(isset($_POST['Submit'])) {

// Check if E-mail adress is valid. 
if (preg_match("/^[A-Za-z0-9._\-]+\@[A-Za-z0-9._\-]+\.[A-Za-z]{2,4}$/", "$sender")) 
{

}
else
{
	$ $_POST['sender'] = "";
	$sender = ""; 

} 
//Check if all fields were filled
if (($name) && ($sender) && ($message)) {
//Check for spam
if (eregi("\r", $name) || eregi("\n", $name)) {
	die("no spam please!");
}
if (eregi("\r", $sender) || eregi("\n", $sender)) {
	die("no spam please!");
}
if (eregi("\r", $resp->is_valid) || eregi("\n", $resp->is_valid)) {
	die("no spam please!");
}
// was there a reCAPTCHA response?
$resp = recaptcha_check_answer ($privatekey,
                                $_SERVER["REMOTE_ADDR"],
                                $_POST["recaptcha_challenge_field"],
                                $_POST["recaptcha_response_field"]);
								
// verify the entered Captcha 
if (!$resp->is_valid) {
   die ("<span style=\"color: red;\">$lang_captcha29  </span>". //for pluck messages only: die ("<span style=\"color: red;\">$lang_captcha29  </span>");
       "(reCAPTCHA said: " . $resp->error . ")");
}

//Check for wrong characters and delete them
$name = htmlspecialchars($name);
$sender = htmlspecialchars($sender);
$message = htmlspecialchars($message);
$name = stripslashes($name);
$sender = stripslashes($sender);
$message = stripslashes($message);
//Change enters in their html-equivalents
$message = str_replace ("\n","<br>", $message);

//Now we're going to send our email
$subject = "$lang_contact7 $name";

if (mail($email,$subject,"<html><body>$message</body></html>","From: $sender \n" . "Content-type: text/html; charset=utf-8")){
echo "$lang_contact8";
// Leave the CONTACT PAGE... GO TO: the thank you for the email PAGE 
// UNCOMMENT LINE 134 AND CHANGE: kop.9 into your thank you page in Pluck CMS
// header("location:index.php?file=kop9.php");

// COMMENT LINE 137 IF YOU USE THE THANK YOU PAGE ON LINE 134
echo '<meta http-equiv="refresh" content="5;url=' . $_SERVER['HTTP_REFERER'] . '">';
 }
 
//If email couldn't be send
else { 
echo "$lang_contact9"; } 
}
//If not all fields were filled
else {
echo "<span style=\"color: red;\">$lang_contact6</span>"; }
}
?>

Modified language files
English
Added new in data/inc/lang/en.php

$lang_captcha20 = "Validation code:";
$lang_captcha21 = "Verification code:";
$lang_captcha22 = "Security code required:"; 
$lang_captcha23 = "Refresh code";
$lang_captcha24 = "Refresh image";
$lang_captcha25 = "Type the code shown below";
$lang_captcha26 = "Enter Code from image"; 
$lang_captcha27 = "Verification code entered is invalid. Please check the code and try again!"; 
$lang_captcha28 = "Sorry, the code you entered was invalid!";
$lang_captcha29 = "The text you entered did not match the text shown.";

Dutch
Added new in data/inc/lang/nl.php

$lang_captcha20 = "Validatie code:";
$lang_captcha21 = "Verificatie code:";
$lang_captcha22 = "Beveiligings code nodig:"; 
$lang_captcha23 = "Vernieuw code";
$lang_captcha24 = "Vernieuw afbeelding"; 
$lang_captcha25 = "Type de hieronder getoonde beveiligingscode";
$lang_captcha26 = "Neem de verificatie code over van de afbeelding"; 
$lang_captcha27 = "Verkeerde verificatiecode ingevoerd, probeer het opnieuw!"; 
$lang_captcha28 = "Sorry, ingevoerde verificatie code komt niet overeen!";
$lang_captcha29 = "De tekst die u hebt ingevoerd komt niet overeen met de weergegeven tekst."

Note: the same language settings will be used in the post below
Securimage php captcha

Of course you can put your own language with the same $lang variables in your language file.

more info reCAPTCHA:
reCAPTCHA resources
reCAPTCHA Wiki

Last edited by mecano (28-02-2010 14:10:43)

mecano · 22-02-2010 19:45:42

This will add Securimage PHP captcha to Contact form PLUCK CMS
and will work out of the box no extra configuration needed

What is Securimage? http://www.phpcaptcha.org/

faq: http://www.phpcaptcha.org/faq/

Securimage is an open-source free PHP CAPTCHA script for generating complex images and CAPTCHA codes to protect forms from spam and abuse. It can be easily added into existing forms on your website to provide protection from spam bots. It can run on most any webserver as long as you have PHP installed, and GD support within PHP. Securimage does everything from generating the CAPTCHA images to validating the typed code

In Pluck CMS the Securimage libary can be found here:
data/inc/lib/securimage/securimage.php

modifying can be done by editing securimage.php
more info: Securimage Documentation
http://www.phpcaptcha.org/Securimage_Docs/

Edit:
Updated 02/24/2010
for the people who like test the Securimage captcha, attachment is included
dowload: Contact form with Securimage captcha

Contact form with Securimage captcha
contents:
modified php files
Securimage Library 2.0.1 beta
Contact form with captcha.jpg
readme.txt

<?php
/* 
 * This file is part of pluck, the easy content management system
 * Copyright (c) somp (www.somp.nl)
 * http://www.pluck-cms.org
 * Pluck is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 
 * See docs/COPYING for the complete license.
*/

//Make sure the file isn't accessed directly
if((!ereg("index.php", $_SERVER['SCRIPT_FILENAME'])) && (!ereg("admin.php", $_SERVER['SCRIPT_FILENAME'])) && (!ereg("install.php", $_SERVER['SCRIPT_FILENAME'])) && (!ereg("login.php", $_SERVER['SCRIPT_FILENAME']))){
    //Give out an "access denied" error
    echo "access denied";
    //Block all other code
    exit();
}

//First get the recipient emailaddress
include("data/settings/options.php");
//Then include Translation data
include("data/settings/langpref.php");
include("data/inc/lang/en.php");
include("data/inc/lang/$langpref");
//Define some variables
$name = $_POST['name'];
$sender = $_POST['sender'];
$message = $_POST['message'];

//Then show the contactform 
echo "<form method=\"post\" action=\"\" style=\"margin-top: 15px; margin-bottom: 15px;\"><div>
$lang_contact3 <br /><input name=\"name\" type=\"text\" value=\"$name\" /><br />
$lang_contact4 <br /><input name=\"sender\" type=\"text\" value=\"$sender\" /><br />
$lang_contact5 <br /><textarea name=\"message\" rows=\"7\" cols=\"45\" value=\"$message\" />$message</textarea><br />
$lang_captcha21 <br /><input type=\"text\" name=\"captcha_code\" size=\"10\" maxlength=\"6\" /><br />
$lang_captcha26 <br /><img id=\"captcha\" src=\"data/inc/lib/securimage/securimage_show.php\" alt=\"CAPTCHA Image\" /><br />
<a href=\"#\" onclick=\"document.getElementById('captcha').src = '/data/inc/lib/securimage/securimage_show.php?' + Math.random(); return false\">$lang_captcha23</a><br />
<br /><input type=\"submit\" name=\"Submit\" value=\"$lang_contact10\" /><br />
</div></form>";

//If the the contactform was submitted
if(isset($_POST['Submit'])) {
 
// Check if E-mail adress is valid. 
if (preg_match("/^[A-Za-z0-9._\-]+\@[A-Za-z0-9._\-]+\.[A-Za-z]{2,4}$/", "$sender")) 
{

}
else
{
	$ $_POST['sender'] = "";
	$sender = ""; 

} 
//Check if all fields were filled
if (($name) && ($sender) && ($message)) {
//Check for spam
if (eregi("\r", $name) || eregi("\n", $name)) {
	die("no spam please!");
}
if (eregi("\r", $sender) || eregi("\n", $sender)) {
	die("no spam please!");
}
if (eregi("\r", $resp->is_valid) || eregi("\n", $resp->is_valid)) {
	die("no spam please!");
}
//Get the Securimage CAPTCHA library
include_once ('data/inc/lib/securimage/securimage.php');
$securimage = new Securimage();

// Check the CAPTCHA
if ($securimage->check($_POST['captcha_code']) == false) {
  // the code was incorrect
  die("<span style=\"color: red;\">$lang_captcha27</span>");
}
//Check for wrong characters and delete them
$name = htmlspecialchars($name);
$sender = htmlspecialchars($sender);
$message = htmlspecialchars($message);
$name = stripslashes($name);
$sender = stripslashes($sender);
$message = stripslashes($message);
//Change enters in their html-equivalents
$message = str_replace ("\n","<br>", $message);

//Now we're going to send our email
$subject = "$lang_contact7 $name";

if (mail($email,$subject,"<html><body>$message</body></html>","From: $sender \n" . "Content-type: text/html; charset=utf-8")){
echo "$lang_contact8";
// Leave the CONTACT PAGE... GO TO: the thank you for the email PAGE 
// UNCOMMENT LINE 96 AND CHANGE: kop.9 into your thank you page in Pluck CMS
// header("location:index.php?file=kop9.php");

// COMMENT LINE 99 IF YOU USE THE THANK YOU PAGE ON LINE 96
echo '<meta http-equiv="refresh" content="5;url=' . $_SERVER['HTTP_REFERER'] . '">';
} 

//If email couldn't be send
else { 
echo "$lang_contact9"; } 
}
//If not all fields were filled
else {
echo "<span style=\"color: red;\">$lang_contact6</span>"; }
}
?>

Contact form with Securimage v2.0.1 beta

Note:
Language files have the same modification as post above

1.) Before you make any changes to the files make a backup from:

data/modules/contactform/pages_site/contactform.php
data/inc/lang/en.php
data/inc/lang/nl.php

2.)
Start your FTP program and upload the folder 'data' to your website override all, YES

Done

Last edited by mecano (04-04-2010 15:02:55)

mecano · 26-02-2010 12:01:35

This will add captcha to the Blog module PLUCK CMS

Edit:
Blog module with reCAPTCHA
Updated 02/24/2010
for the people who like to test the blog with reCAPTCHA, attachment is included
dowload: Blog with reCAPTCHA

Blog with reCAPTCHA
contents:
modified php files
reCAPTCHA php-1.10
Blog with reCAPTCHA.jpg
readme.txt

Blog with reCAPTCHA:

Edit:
Blog module with Securimage captcha
Updated 02/24/2010
for the people who like to test the blog with Securimage captcha, attachment is included
dowload: Blog with Securimage captcha

Blog with Securimage captcha
contents:
modified php files
Securimage Library 2.0.1 beta
Blog with captcha.jpg
readme.txt

Blog with Securimage PHP captcha:

Note:
Language files have the same modification as post above

1.) Before you make any changes to the files make a backup from:

data/modules/blog/pages_site/viewpost.php
data/inc/lang/en.php
data/inc/lang/nl.php

2.)
Start your FTP program and upload the folder 'data' to your website override all, YES

Done

Any comments / suggestions / translations are welcome

Last edited by mecano (28-02-2010 14:16:53)

maiji · 24-05-2010 00:39:14

Thank you so much for working on this and sharing! I just recently installed pluck and this was a big concern for me.

A question though - I installed both blog and form files following the instructions in the readme, and everything looks great. But for some bizarre reason the reCAPTCHA input field will not let me type anything but capital letters. (and my caps lock is not on - I can type normally in the blog/form fields).

When I hit send, the blog reCAPTCHA says "Could not find socket", and the Contact form reCAPTCHA says "You didn't fill in all fields correctly."

Sorry if this is a dumb question I'm not sure what I might have done to cause this capital letters issue!

EDIT: Bother, I guess it's a problem from my end somehow with however I'm installing it. It seems that if I disable Javascript in my browser, I can type normally in the field. No clue how to fix this though.

Last edited by maiji (24-05-2010 14:22:48)

vark · 09-12-2011 21:48:27

Hello all, thanx to mecano for useful work.

I`ve installed pluck cms 4.7 and adapted mecano`s "Contact form with Securimage captcha" to it.

That`s my instructions:
1. Download: Contact form with Securimage captcha , unzip it and add data/inc/lib/securimage directory as is to your pluck installation .
2. In data/modules/contactform do not touch file called "contactform.php", but you have to modify contactform.site.php, I will show only diff with original "contactform.site.php" from pluck-4.7 tarball :

diff -uNr contactform.site.php.orig contactform.site.php
--- contactform.site.php.orig    2011-09-28 20:12:07.000000000 +0300
+++ contactform.site.php        2011-12-09 00:16:15.000000000 +0200
@@ -17,7 +17,7 @@
 
 function contactform_theme_main() {
        global $lang;
-
+       $captcha_passed = false;
        //Define some variables.
        if (isset($_POST['contactform_name']))
                $name = $_POST['contactform_name'];
@@ -31,7 +31,17 @@
                //Check if all fields were filled.
                if ($name && $sender && $message) {
                        //TODO: We need a better way to check for spam.
-
+                       //Get the Securimage CAPTCHA library
+                       include_once ('data/inc/lib/securimage/securimage.php');
+                       $securimage = new Securimage();
+                       // Check the CAPTCHA
+                       if ($securimage->check($_POST['captcha_code']) == false) {
+                       // the code was incorrect
+                               //die($lang['contactform']['captcha27']);
+                               echo '<p class="error">'.$lang['contactform']['captcha27'].'</p>';
+                               $captcha_passed = false;
+                       }
+                       else {$captcha_passed = true; };
                        //Sanitize the fields.
                        $name = sanitize($name);
                        $sender = sanitize($sender);
@@ -41,7 +51,7 @@
                        $message = nl2br($message);
 
                        //Now we're going to send our email.
-                       if (mail(EMAIL, $lang['contactform']['email_title'].$name, '<html><body>'.$message.'</body></html>', 'From: '.$sender."\n".'Content-type: text/html; charset=utf-8'))
+                       if (($captcha_passed == true) && mail(EMAIL, $lang['contactform']['email_title'].$name, '<html><body>'.$message.'</body></html>', 'From: '.$sender."\n".'Content-type: text/html; charset=utf-8'))
                                echo $lang['contactform']['been_send'];
                        //If email couldn't be send.
                        else
@@ -68,10 +78,20 @@
                                <br />
                                <textarea name="contactform_message" id="contactform_message" rows="7" cols="45"></textarea>
                                <br />
+                               <label for="contactform_captcha_code"><?php echo $lang['contactform']['captcha21']; ?></label>
+                               <br />
+                               <input name="captcha_code" id="captcha_code" type="text" />
+                               <br />
+                               <label for="contactform_captcha"><?php echo $lang['contactform']['captcha26']; ?></label>
+                               <br />
+                               <img id="captcha" src="data/inc/lib/securimage/securimage_show.php" alt="CAPTCHA Image" />
+                               <br />
+                               <a href="#" onclick="document.getElementById('captcha').src = '/data/inc/lib/securimage/securimage_show.php?' + Math.random(); return false"><?php echo $lang['contactform']['captcha23']; ?></a>
+                               <br /><br />
                                <input type="submit" name="submit" value="<?php echo $lang['general']['send']; ?>" />
                        </div>
                </form>
        <?php
+       
 }
 ?>

3. Add some new variables to language file, at least to data/inc/lang/en.php:

$lang['contactform']['captcha20'] = 'Validation code:';
$lang['contactform']['captcha21'] = 'Verification code:';
$lang['contactform']['captcha22'] = 'Security code required:';
$lang['contactform']['captcha23'] = 'Refresh code';
$lang['contactform']['captcha24'] = 'Refresh image';
$lang['contactform']['captcha25'] = 'Type the code shown below';
$lang['contactform']['captcha26'] = 'Enter Code from image';
$lang['contactform']['captcha27'] = 'Verification code entered is invalid. Please check the code and try again!'; 
$lang['contactform']['captcha28'] = 'Sorry, the code you entered was invalid!';
$lang['contactform']['captcha29'] = 'The text you entered did not match the text shown.';

4. Profit!

P.S. I tried to update Securimage captcha library to latest version from site (3.0), but no luck - some things has seriously changed, I have no time yet to grok it and I`m not a php coder

pluck support forums

Announcement

#1 04-02-2010 22:42:20

Blog and Contact form with CAPTCHA

#2 06-02-2010 14:15:22

Re: Blog and Contact form with CAPTCHA

#3 22-02-2010 19:45:42

Re: Blog and Contact form with CAPTCHA

#4 26-02-2010 12:01:35

Re: Blog and Contact form with CAPTCHA

#5 24-05-2010 00:39:14

Re: Blog and Contact form with CAPTCHA

#6 09-12-2011 21:48:27

Re: Blog and Contact form with CAPTCHA

Board footer