Patch to authimage captcha creation

Patch to authimage captcha creation

Postby BattleMage on Thu Apr 14, 2011 4:23 am

As the default images from the authimage plugin are really easy to read by machines I modified the version I am running a bit. I'm using this code since half a year and have not encountered any! spam since then (I only run small sites, but I got about 50 spam comments per day, now I get zero).

The patch will use another (custom) font to create the numbers and will add some small coloured lines through the numbers. I only encountered very few images which I was not able to read because of the font or the lines.

Code: Select all
diff --recursive -u authimage-orig/class/security/authimagefilter.class.php authimage/class/security/authimagefilter.class.php
--- authimage-orig/class/security/authimagefilter.class.php   2011-04-14 09:35:26.000000000 +0200
+++ authimage/class/security/authimagefilter.class.php   2011-04-14 09:22:06.000000000 +0200
@@ -57,7 +57,7 @@
             $key = $blogSettings->getValue( "plugin_authimage_key" );
             $code = $request->getValue( "authImage" );
             $encrypt = $this->encrypt($code, $key);
-            $tempFile = $cacheFolder."/".$encrypt.".gif";
+         $tempFile = $cacheFolder."/".$encrypt.".png";
               if ( !File::exists( $tempFile ) ) {
                   // if there is a match, we can quit and reject this request
                 $locale = $blogInfo->getLocale();
Only in authimage: fonts
diff --recursive -u authimage-orig/pluginauthimage.class.php authimage/pluginauthimage.class.php
--- authimage-orig/pluginauthimage.class.php   2010-01-13 17:03:42.000000000 +0100
+++ authimage/pluginauthimage.class.php   2011-04-14 09:47:34.000000000 +0200
@@ -110,24 +110,36 @@
             $code = $this->generateCode();
             $encrypt = $this->encrypt($code, $this->key);
             $background = AUTHIMAGE_BACKGROUND_FOLDER.$this->default;
-            $tempFile = $this->cacheFolder."/".$encrypt.".gif";
+            $tempFile = $this->cacheFolder."/".$encrypt.".png";
 
-            if(function_exists ( 'imagecreatefromgif' )){
+            if(function_exists ( 'imagecreatefrompng' )){
                 $image = @imagecreatefromgif($background) or die("Cannot Initialize new GD image stream");
          }
-         else if(function_exists ( 'imagecreatefrompng' )){
-                $image = @imagecreatefrompng($background) or die("Cannot Initialize new GD image stream");
+         else if(function_exists ( 'imagecreatefromgif' )){
+                $image = @imagecreatefromgif($background) or die("Cannot Initialize new GD image stream");
             } else {
            die("Server doesn't support GIF or PNG creation. Sorry.");
             }           
             
             $textColor = imageColorAllocate($image, 0x00, 0x00, 0x00);
-            ImageString($image, 5, 7, 2, $code, $textColor);
+            $width = imagesx($image);
+            $height = imagesy($image);
 
-            if ( !function_exists ( 'ImageGIF' ) ) {
-                ImagePNG($image, $tempFile);
-            } else {
+            $font = '/full/path/to/font.ttf';
+            imagettftext($image, 14.0, rand(5,10),10, 20, $textColor, $font, $code);
+            for ($ti=0;$ti != 3;$ti++) {
+                $ix1 = mt_rand(0,round($width/2));
+                $ix2 = mt_rand($ix1,$width);
+                $iy1 = mt_rand(0,round($height/2));
+                $iy2 = mt_rand($iy1,$height);
+                $lcolor = imagecolorallocate($image,mt_rand(20,220),mt_rand(20,220),mt_rand(20,220));
+                imageline($image,$ix1,$iy1,$ix2,$iy2,$lcolor);
+            }
+
+            if ( !function_exists ( 'ImagePNG' ) ) {
                 ImageGIF($image, $tempFile);
+            } else {
+                ImagePNG($image, $tempFile);
             }
             $temp = fopen($tempFile,"rb");
             $buffer = fread($temp,filesize($tempFile));
@@ -141,7 +153,7 @@
             // Now chmod it so it can be deleted later by the user
             chmod($tempFile, 0666);
             
-            header("Content-type: image/gif");
+            header("Content-type: image/png");
             echo $buffer;
         }
 


Save this code as authimage_custom.diff in your "plugins/authimage/" directory and apply the patches with "patch -p1 < authimage_custom.diff". Two files will be patched. Alternatively use a patching GUI (kdiff or whatever you prefer). After you applied the patch you have to edit plugins/authimage/pluginauthimage.class.php line 128 to point to the preferred font you want to use. I'm using AngelicWar for my personal (non commercial) use as the numbers are good enough for humans to be readable and hard enough for machines to not be able to read them.

Remember to always set a unique scrambled authimage key for each blog so spammers can't just easily reverse the code using "LifeType" as a key.
BattleMage
 
Posts: 11
Joined: Thu Apr 19, 2007 7:54 am
LifeType Version: 1.2.11 [modified]

Re: Patch to authimage captcha creation

Postby jondaley on Thu Apr 14, 2011 9:39 am

That looks good to me. Can you find a free-for-all-use font that we could include with the plugin? That way people won't have to edit the file at all, which will be simpler for users.

For my own blog, I stopped using captcha a while ago, and went to the hiddeninput mode, which works really well, but in the last 4 months or so, I started getting some more spam from 5 cent/post humans, and so there isn't any way to stop them, captcha or otherwise, and so I now use the moderate plugin, and I added some features to that plugin, where non-spam comments from the same ip in the past result in not being moderated in the future. It isn't perfect, but it works pretty well for me.
jondaley
Lifetype Expert
 
Posts: 6169
Joined: Thu May 20, 2004 6:19 pm
Location: Pittsburgh, PA, USA
LifeType Version: 1.2.11 devel branch


Return to Other Problems

cron