Visual Confirmation on New Posters

All new MODs released in our MOD Database will be announced in here. All support for released MODs needs to take place in here. No new MODs will be accepted into the MOD Database for phpBB2
Forum rules
READ: phpBB.com Board-Wide Rules and Regulations

On February 1, 2009 this forum will be set to read only as part of retiring of phpBB2.

Rating:

Excellent!
5
71%
Very Good
1
14%
Good
1
14%
Fair
0
No votes
Poor
0
No votes
 
Total votes: 7

Extensions Robot
Extensions Robot
Extensions Robot
Posts: 27867
Joined: Sat Aug 16, 2003 7:36 am

Visual Confirmation on New Posters

Post by Extensions Robot » Fri Sep 15, 2006 3:49 pm

Modification name: Visual Confirmation on New Posters
Author: Thoul
Modification description: Adds visual confirmation to the posting form for new posters.
Modification version: 3.0.1
Tested on phpBB version: See below

Download file: vc_newposts-301.zip
File size: 31113 Bytes

Modification overview page: View


Selected tags:
  1. category
    1. Security
  2. phpbb
    1. 2.0.22
Support for this modification needs to be asked within this topic. The phpBB Team is not responsible or required to give anyone support for this modification. By installing this MOD, you acknowledge that the phpBB Support Team or phpBB MODifications Team may not be able to provide support.

This MOD has only been tested by the phpBB MOD Team with the phpBB version listed in the topic. It may not work in any other versions of phpBB.
Last edited by Extensions Robot on Sat Aug 04, 2007 9:31 am, edited 2 times in total.
(this is a non-active account manager for the phpBB Extension Customisations Team)

ycl6
Translator
Posts: 5696
Joined: Sat Feb 15, 2003 10:35 am
Location: Taiwan
Contact:

Post by ycl6 » Wed Oct 18, 2006 12:03 pm

MOD Validated/Released

Notes:
Definition of "New Posters" is by the number of posts a member has.

Thoul
Registered User
Posts: 810
Joined: Sun Jun 23, 2002 1:25 am
Location: USA
Contact:

Post by Thoul » Wed Oct 18, 2006 2:12 pm

Ok, so basically this mod takes the visual confirmation feature from registration and sticks it into the posting form. It can be displayed for guests, registered users, or both types. You can define a number of posts for registered users and they won't be asked for confirmation after they have that number of posts.

Support for the following types of confirmation are included: If you want to use something other than the standard phpBB confirmation, you have to install that before options for it are available.

There's also a feature that can check posted messages against the poster's website profile field and block the message if the website is mentioned in it. That should block a few bots even if they bypass the CAPTCHA you're using.

This modification is intended to prevent spam bots that get past registration security measures from being able to post, while not being a great inconvenience to legitimate members. There are plenty of new admin panel options where you can tweak the settings or turn stuff on/off, also.

Thanks to the Mod Team for the validation.
Last edited by Thoul on Wed Mar 07, 2007 6:35 pm, edited 3 times in total.

ycl6
Translator
Posts: 5696
Joined: Sat Feb 15, 2003 10:35 am
Location: Taiwan
Contact:

Post by ycl6 » Thu Oct 19, 2006 12:30 pm

MOD Updated to version 1.0.0
See first post for Download Link

User avatar
bonelifer
Community Team Member
Community Team Member
Posts: 3456
Joined: Wed Oct 27, 2004 11:35 pm
Name: William
Contact:

Post by bonelifer » Fri Oct 27, 2006 2:47 pm

phpBB's Captcha has been bypassed and the AVC Captcha doesn't work on our server. I was wondering if you could provide a version for the Freecap Visual Confirmation mod: http://www.phpbb.com/phpBB/viewtopic.ph ... sc&start=0

Also is it possible to have it apply to guests.
Knowledge Base | phpBB Board Rules | Search Customisation Database
Image
Please don't contact me via PM or email for phpBB support .

Thoul
Registered User
Posts: 810
Joined: Sun Jun 23, 2002 1:25 am
Location: USA
Contact:

Post by Thoul » Fri Oct 27, 2006 3:39 pm

You might find this mod useful even with the phpBB captcha. It has a few little tricks to help throw off those bypasses. It was built for a forum where spammers were bypassing the registration captcha, and they haven't broken past this one yet.

I'll look into the Freecap support. It looks like it should be easy to add in. Thanks for the suggestion. :)

The mod could be enabled for guests by adding a couple of lines to vc_newposts.php. I haven't tested it with guests though, so I can't say how well it would work in that kind of condition.

User avatar
woocha
Registered User
Posts: 101
Joined: Tue Nov 28, 2006 9:39 pm
Location: online at woocha.com
Contact:

help please

Post by woocha » Fri Dec 01, 2006 2:17 am

I am a total Newbie with PHPBB, but I am trying to learn.

I installed you mod and when A new user trys to post a reply, the verification image is posted 4 times...

do you or does anyone, have any thoughts

thank you
sean
Free online auctions at:
http://www.woocha.com/auctions

Thoul
Registered User
Posts: 810
Joined: Sun Jun 23, 2002 1:25 am
Location: USA
Contact:

Post by Thoul » Sat Dec 02, 2006 2:27 am

Go over the edits to each file again and double check what you've added. Most likely you just added something several times by accident. It happens sometimes. :)

User avatar
woocha
Registered User
Posts: 101
Joined: Tue Nov 28, 2006 9:39 pm
Location: online at woocha.com
Contact:

Post by woocha » Sat Dec 02, 2006 4:04 am

yeah you were right.... I added it a couple of times last night...I must have been way tired. Thanks for the tip

sean
Free online auctions at:
http://www.woocha.com/auctions

WulfX
Registered User
Posts: 6
Joined: Sat Dec 09, 2006 1:33 am

Post by WulfX » Sun Dec 10, 2006 6:34 pm

Don't mean to be a bother...

But I installed this mod on my forum. However, I encountered a small technical issue that I'm not entirely sure how to resolve. At first, the visual confirmation didn't appear. I cleared out my template cache and did some more tinkering... anyways, it appears for first time posters.

However, if no code (or a wrong code) is entered, I get a "Hacking Attempt!" message. When you hit back and hit submit again (still with incorrect confirmation information), the post goes through.

As a side note, I also have AVC mod installed. Your mod uses that confirmation image with no problem that I could see.

Thoul
Registered User
Posts: 810
Joined: Sun Jun 23, 2002 1:25 am
Location: USA
Contact:

Post by Thoul » Sun Dec 10, 2006 10:18 pm

Double check the changes to posting.php to make sure they're all in the right place. What other mods are you using that edit posting.php? This might be a conflict with another mod, though it would be the first one I've heard of.

WulfX
Registered User
Posts: 6
Joined: Sat Dec 09, 2006 1:33 am

Post by WulfX » Sun Dec 10, 2006 10:47 pm

I'm using a lot of mods, unfortunately.

Some of them are ones I custom wrote for the site, which I haven't released. But after looking around, I came up with a conclusive list of mods that directly affect the posting.php

Code: Select all

// Generate a signature to validate this page
$authkey = md5("[REMOVED]" . $secretkey . "[REMOVED]");
$authval = md5($HTTP_SERVER_VARS['HTTP_USER_AGENT'] . $secretkey . $HTTP_SERVER_VARS['REMOTE_ADDR']);  
$timekey = md5("time" . $secretkey);
$timepad = preg_replace('/[^0-9]/', '', $HTTP_SERVER_VARS['REMOTE_ADDR']) + 0;
$timeval = time() ^ $timepad;

// Check the signature - if this is a submit which doesn't jive with the above, turn it into a preview
if ($submit && (!isset($HTTP_POST_VARS[$authkey])
                || $HTTP_POST_VARS[$authkey] != $authval
                || !isset($HTTP_POST_VARS[$timekey])
                || ($HTTP_POST_VARS[$timekey] ^ $timepad) > time() - 5))
{
	$submit = false;
	$preview = true;
}
Adds a unique md5 encoded value to the posting form to force users to use the posting form provided (anti-bot thing).

Also have the Anti-bot Guest Post Mod and the admin_llama mod (something I custom wrote that functions like the admin_mod command from Counter-Strike/Team Fortress). A brief summary of the latter is that it detects if the admin has set a flag on the users account. If so, it modifies their posts to read "Ooorle!" "Bleeat!" and the like.

And also attachment mod, and Cash Mod.

If you think any of those could be the problem, just say which and I'll include a snippet of code. But so far, I can find nothing that I think would interfere. :x

WulfX
Registered User
Posts: 6
Joined: Sat Dec 09, 2006 1:33 am

Post by WulfX » Sun Dec 10, 2006 11:05 pm

On closer examination, I believe this could be the root of trouble. I can't quite see how though. It's related to the snippet I posted above.

Code: Select all

// Check the signature - if this is a submit which doesn't jive with the above, turn it into a preview
if ($submit && (!isset($HTTP_POST_VARS[$authkey])
                || $HTTP_POST_VARS[$authkey] != $authval
                || !isset($HTTP_POST_VARS[$timekey])
                || ($HTTP_POST_VARS[$timekey] ^ $timepad) > time() - 5))
{
	$submit = false;
	$preview = true;
}

rharagon
Registered User
Posts: 1
Joined: Mon Dec 11, 2006 9:03 am

How to use for guest

Post by rharagon » Mon Dec 11, 2006 9:06 am

Hi,

Please could someone help me to use this mod for guest, and not only for registered users.

Thanks in advance

Thoul
Registered User
Posts: 810
Joined: Sun Jun 23, 2002 1:25 am
Location: USA
Contact:

Re: How to use for guest

Post by Thoul » Mon Dec 11, 2006 6:18 pm

WulfX, I'll look into those mods and see what I can find as far as possible conflicts.
rharagon wrote: Hi,

Please could someone help me to use this mod for guest, and not only for registered users.

Thanks in advance


It's not possible in the current version. I'm going to include that in a future version.

Post Reply

Return to “[2.0.x] MOD Database Releases”