Manor
09-12-2007, 03:18 PM
Thanks go out to akulion for first coming up with the original of this module.
After another posted brining up that the akulion's version didn't have a CAPTCHA verification, and, after having this module installed for only one day, having a botter attempt to use my form for illicit purposes, I decided to add a CAPTCHA functionality... and re-work the coding.
In this version I did a couple things different than akulion did.
The form does not submit to another PHP file somewhere on your server, it recurses back on itself.
Added the CAPTCHA functionality.
Added functionality to alert the webmaster of when this is used. (I'll explain how to remove this if you do not want it.)
Ok, so "how do I install it?" you ask, well, here it goes.
Install
Download and install the module adding it to any/whatever styles you have. Then, rename the js_ajax_imagereg.js.txt to js_ajax_imagereg.js. Here you're just removing the .txt extension.
Now, upload the file to the clientscript/ directory in your forums. This javascript file will not overwrite the default vbulletin file. It's needed to correct vbulletin's pathing in the javascript file.
vBulletin tries to link to the "ajax.php" file without pointing to the vBulletin directory. Basically, if your forum is located in a directory like "http://www.myhost.com/forum/" and you have the module running on a page that is located at "http://www.myhost.com/" it wouldn't be able to do a refresh on the CAPTCHA image. This javascript file fixes that by declaring the vbulletin bburl path in a snippet of JS code.
Some Assembly Required
Create a new page in CMPS named "referfriend" and include the new module as the only module on the page. This is how the module recurses back on itself. I did this so someone can't try to direct link to the PHP file.
Next, depending on how you have your CMPS page identifier set up, you'll need to create the adv_portal_referfriend template and adv_portal_referfriend_imagereg template in your style(s).
adv_portal_referfriend:
<script type="text/javascript">
function checkRFForm() {
rfname=document.getElementById('rf_name');
rftoname=document.getElementById('rf_toname');
rfemail=document.getElementById('rf_email');
rftoemail=document.getElementById('rf_toemail');
rfmsg=document.getElementById('rf_msg');
rfimage=document.getElementById('imagestamp');
if(rfemail.value.indexOf("@")==-1 || rfemail.value.indexOf(".")==-1) {
alert("You must supply a valid email address!");
rfemail.focus();
return false;
}
if(rftoemail.value.indexOf("@")==-1 || rftoemail.value.indexOf(".")==-1) {
alert("You must supply a valid recpient email address!");
rftoemail.focus();
return false;
}
if(rfname.value.length < 2) {
alert("How are they gonna know who sent the email if you don't enter your name? ");
rfname.focus();
return false;
}
if(rftoname.value.length < 2) {
alert("You have to enter the recipient's name! Or atleast some cute nickname.");
rftoname.focus();
return false;
}
if(rfmsg.value.length < 2) {
alert("You need to enter a message to accompany the email!");
rfmsg.focus();
return false;
}
if(rfimage.value.length==0) {
alert("You must enter the verify the CAPTCHA image by entering the text into the box!");
rfimage.focus();
return false;
}
return true;
}
</script>
<tr>
<td class="alt1">
<form method="post" action="$vboptions/page/referfriend" onsubmit="return checkRFForm();">
<input type="hidden" name="do" value="doemail" />
<if condition="$show['rf_error']"><div class="alt2">$rf_err</div></if>
<div align="center">
Your Name<br />
<input type="text" name="name" id="rf_name" class="bginput" value="<if condition="$name!=='Unregistered'">$name</if>"><br />
Your Email<br />
<input type="text" name="email" id="rf_email" class="bginput" value="$email"><br />
Your Friend's Name<br />
<input type="text" name="toname" id="rf_toname" class="bginput" value="$toname"><br />
Friend's Email<br />
<input type="text" name="toemail" id="rf_toemail" class="bginput" value="$toemail"><br />
Your Message<br />
<textarea name="msg" id="rf_msg" rows=5 cols=20 class="bginput">$msg</textarea><br />
$imagereg
</div>
</td>
</tr>
<tr>
<td align="center" class="alt2">
<input type=submit value='Send' class="bginput" onclick="return checkRFForm();">
</td>
</tr>
</form>
[B]adv_portal_referfriend_imagereg:
<div class="thead" style="margin-left: -10px; margin-right: -10px;">
<legend>$vbphrase[image_verification]</legend>
</div>
Please enter the four letters or digits that appear in the image below. <br />
<img id="progress_imagereg" style="display: none; float:$stylevar[right]" src="$stylevar[imgdir_misc]/progress.gif" alt="" />
<center><input id="imagestamp" type="text" class="bginput" name="imagestamp" size="6" maxlength="6" /></center>
<input id="imagehash" type="hidden" name="imagehash" value="$imagehash" />
<center>
<img id="imagereg" src="image.php?$session[sessionurl]type=regcheck&imagehash=$imagehash" alt="$vbphrase[registration_image]" width="150" height="50" border="0" /><br />
<span id="refresh_imagereg" style="display:none"><a href="#">$vbphrase[refresh_image]</a></span>
</center>
<script type="text/javascript" src="clientscript/js_ajax_imagereg.js?v=$vboptions[simpleversion]"></script>
<script type="text/javascript">
<!--
bburl = '$vboptions/';
vB_AJAX_ImageReg_Init();
//-->
</script>
Example:
On my site I have .htaccess set up to handle CMPS. So, when a browser is pointed to "http://www.myhost.com/page/mypage" it gets pointed to "http://www.myhost.com/cmps_index.php?page=mypage" (If you're wanting to know how to set up the "/page/mypage" thing, click here (http://www.vbadvanced.com/forum/showthread.php?t=24318)).
However, if you just use the (cmps_)index.php?page=mypage scheme, then you'll need to change the form's action url in the template.
To do this, open up the template adv_portal_referfriend and find this line:
<form method="post" action="$vboptions[bburl]/page/referfriend" onsubmit="return checkRFForm();">
Change the "$vboptions[bburl]/page/referfriend" to however you have your CMPS scheme setup.
[B]NOTE: Be sure to leave the $vboptions part in there. This is crucial for the module to recurse on itself.
If you don't get this last step right, then the form will not be able to submit to the correct place.
So, that's it. Now anybody (including non-registered members) who visit your site can invite others to view that specific page.
[B]How to remove the Webmaster alert
This is actually fairly simple. Open the "referfriend.php" file in the "/modules" directory on you site. Find the line:
rfmail($vbulletin->options['webmasteremail'], "DUPLICATE: " . $subject, "Sent by: $name ($email)<br />\n" . $message, $email, $u_headers, $name);
Add // before this line. This will comment the line of code out and will not send the webmaster a copy of the email when some uses this addon.
Anyway. I hope this helps.
Cheers!
Edit:
Ok, apparently I inadvertently missed a security hole. But, it's an easy fix.
Open referfriend.php in your modules folder and search for this line of code:
if (!verify_regimage_hash($vbulletin->GPC['imagehash'], $vbulletin->GPC['imagestamp']))
And replace it with this:
if (!verify_regimage_hash($vbulletin->GPC['imagehash'], $vbulletin->GPC['imagestamp']) || !$vbulletin->userinfo['userid'])
I didn't realize it but, some botters had found a way around the CAPTCHA scheme by just botting the correct info into the imagehash. Don't ask me how, I'm into that, so...
The one downside to this is that only those registered on your site will be able to use this functionality. So, if you want anyone who visits your site, member and guest alike, then don't do this fix. :)
After another posted brining up that the akulion's version didn't have a CAPTCHA verification, and, after having this module installed for only one day, having a botter attempt to use my form for illicit purposes, I decided to add a CAPTCHA functionality... and re-work the coding.
In this version I did a couple things different than akulion did.
The form does not submit to another PHP file somewhere on your server, it recurses back on itself.
Added the CAPTCHA functionality.
Added functionality to alert the webmaster of when this is used. (I'll explain how to remove this if you do not want it.)
Ok, so "how do I install it?" you ask, well, here it goes.
Install
Download and install the module adding it to any/whatever styles you have. Then, rename the js_ajax_imagereg.js.txt to js_ajax_imagereg.js. Here you're just removing the .txt extension.
Now, upload the file to the clientscript/ directory in your forums. This javascript file will not overwrite the default vbulletin file. It's needed to correct vbulletin's pathing in the javascript file.
vBulletin tries to link to the "ajax.php" file without pointing to the vBulletin directory. Basically, if your forum is located in a directory like "http://www.myhost.com/forum/" and you have the module running on a page that is located at "http://www.myhost.com/" it wouldn't be able to do a refresh on the CAPTCHA image. This javascript file fixes that by declaring the vbulletin bburl path in a snippet of JS code.
Some Assembly Required
Create a new page in CMPS named "referfriend" and include the new module as the only module on the page. This is how the module recurses back on itself. I did this so someone can't try to direct link to the PHP file.
Next, depending on how you have your CMPS page identifier set up, you'll need to create the adv_portal_referfriend template and adv_portal_referfriend_imagereg template in your style(s).
adv_portal_referfriend:
<script type="text/javascript">
function checkRFForm() {
rfname=document.getElementById('rf_name');
rftoname=document.getElementById('rf_toname');
rfemail=document.getElementById('rf_email');
rftoemail=document.getElementById('rf_toemail');
rfmsg=document.getElementById('rf_msg');
rfimage=document.getElementById('imagestamp');
if(rfemail.value.indexOf("@")==-1 || rfemail.value.indexOf(".")==-1) {
alert("You must supply a valid email address!");
rfemail.focus();
return false;
}
if(rftoemail.value.indexOf("@")==-1 || rftoemail.value.indexOf(".")==-1) {
alert("You must supply a valid recpient email address!");
rftoemail.focus();
return false;
}
if(rfname.value.length < 2) {
alert("How are they gonna know who sent the email if you don't enter your name? ");
rfname.focus();
return false;
}
if(rftoname.value.length < 2) {
alert("You have to enter the recipient's name! Or atleast some cute nickname.");
rftoname.focus();
return false;
}
if(rfmsg.value.length < 2) {
alert("You need to enter a message to accompany the email!");
rfmsg.focus();
return false;
}
if(rfimage.value.length==0) {
alert("You must enter the verify the CAPTCHA image by entering the text into the box!");
rfimage.focus();
return false;
}
return true;
}
</script>
<tr>
<td class="alt1">
<form method="post" action="$vboptions/page/referfriend" onsubmit="return checkRFForm();">
<input type="hidden" name="do" value="doemail" />
<if condition="$show['rf_error']"><div class="alt2">$rf_err</div></if>
<div align="center">
Your Name<br />
<input type="text" name="name" id="rf_name" class="bginput" value="<if condition="$name!=='Unregistered'">$name</if>"><br />
Your Email<br />
<input type="text" name="email" id="rf_email" class="bginput" value="$email"><br />
Your Friend's Name<br />
<input type="text" name="toname" id="rf_toname" class="bginput" value="$toname"><br />
Friend's Email<br />
<input type="text" name="toemail" id="rf_toemail" class="bginput" value="$toemail"><br />
Your Message<br />
<textarea name="msg" id="rf_msg" rows=5 cols=20 class="bginput">$msg</textarea><br />
$imagereg
</div>
</td>
</tr>
<tr>
<td align="center" class="alt2">
<input type=submit value='Send' class="bginput" onclick="return checkRFForm();">
</td>
</tr>
</form>
[B]adv_portal_referfriend_imagereg:
<div class="thead" style="margin-left: -10px; margin-right: -10px;">
<legend>$vbphrase[image_verification]</legend>
</div>
Please enter the four letters or digits that appear in the image below. <br />
<img id="progress_imagereg" style="display: none; float:$stylevar[right]" src="$stylevar[imgdir_misc]/progress.gif" alt="" />
<center><input id="imagestamp" type="text" class="bginput" name="imagestamp" size="6" maxlength="6" /></center>
<input id="imagehash" type="hidden" name="imagehash" value="$imagehash" />
<center>
<img id="imagereg" src="image.php?$session[sessionurl]type=regcheck&imagehash=$imagehash" alt="$vbphrase[registration_image]" width="150" height="50" border="0" /><br />
<span id="refresh_imagereg" style="display:none"><a href="#">$vbphrase[refresh_image]</a></span>
</center>
<script type="text/javascript" src="clientscript/js_ajax_imagereg.js?v=$vboptions[simpleversion]"></script>
<script type="text/javascript">
<!--
bburl = '$vboptions/';
vB_AJAX_ImageReg_Init();
//-->
</script>
Example:
On my site I have .htaccess set up to handle CMPS. So, when a browser is pointed to "http://www.myhost.com/page/mypage" it gets pointed to "http://www.myhost.com/cmps_index.php?page=mypage" (If you're wanting to know how to set up the "/page/mypage" thing, click here (http://www.vbadvanced.com/forum/showthread.php?t=24318)).
However, if you just use the (cmps_)index.php?page=mypage scheme, then you'll need to change the form's action url in the template.
To do this, open up the template adv_portal_referfriend and find this line:
<form method="post" action="$vboptions[bburl]/page/referfriend" onsubmit="return checkRFForm();">
Change the "$vboptions[bburl]/page/referfriend" to however you have your CMPS scheme setup.
[B]NOTE: Be sure to leave the $vboptions part in there. This is crucial for the module to recurse on itself.
If you don't get this last step right, then the form will not be able to submit to the correct place.
So, that's it. Now anybody (including non-registered members) who visit your site can invite others to view that specific page.
[B]How to remove the Webmaster alert
This is actually fairly simple. Open the "referfriend.php" file in the "/modules" directory on you site. Find the line:
rfmail($vbulletin->options['webmasteremail'], "DUPLICATE: " . $subject, "Sent by: $name ($email)<br />\n" . $message, $email, $u_headers, $name);
Add // before this line. This will comment the line of code out and will not send the webmaster a copy of the email when some uses this addon.
Anyway. I hope this helps.
Cheers!
Edit:
Ok, apparently I inadvertently missed a security hole. But, it's an easy fix.
Open referfriend.php in your modules folder and search for this line of code:
if (!verify_regimage_hash($vbulletin->GPC['imagehash'], $vbulletin->GPC['imagestamp']))
And replace it with this:
if (!verify_regimage_hash($vbulletin->GPC['imagehash'], $vbulletin->GPC['imagestamp']) || !$vbulletin->userinfo['userid'])
I didn't realize it but, some botters had found a way around the CAPTCHA scheme by just botting the correct info into the imagehash. Don't ask me how, I'm into that, so...
The one downside to this is that only those registered on your site will be able to use this functionality. So, if you want anyone who visits your site, member and guest alike, then don't do this fix. :)