Last Updated: 26 May, 2006
phpBB is "an open source, flat style, message board written in PHP." Because thousands of people use it with little or no modifications, it is a very popular target for spammers. They can use bots to automatically fill out the registration forms, including "clicking" on the activation link inside e-mails. A CAPTCHA is some sort of challenge that will (in theory) be easy for a human to solve, but hard for a computer to. Typically, they are implemented as a distorted word that the user must enter to complete the form.
sample CAPTCHA image
The method that I will describe is very much a hack, but it is quite simple (despite looking long). I haven't packaged anything up in an installable mod. Consider this an exercise in how to make your own mods, as the principles here apply to any custom registration mod. If you prefer to use phpBB2's default CAPTCHA, just go to your control panel's General Admin, Configuration, and Enable Visual Confirmation and forget you saw this. :)
Some people may have difficulty reading a CAPTCHA image. If you think your audience will need assistance, it would be kind of you to supply an e-mail address for those who cannot read the image. There may, in fact, be legal reasons (depending on your line of business, etc.) why you have to supply a valid alternative. And last of all, I am not responsible for any damage done by following this tutorial.
You'll need several things:
Note that you will be editing three files. I highly recommend that you make a backup copy of these those files before you edit them. Once you are sure you will be able to get everything you need:
$site_tags[0] = ""; $site_tags[1] = "For Access to MYDOMAIN.COM";(Leaving the first [0] one empty will help prevent text from covering up the image.)
<tr> <td class="row1"><span class="gen">CAPTCHA Image:</span><br /> <td class="row2"> <img id="freecap" src="/phpBB2/freecap/freecap.php" /> <div style="margin: 0.5em 0;"> <label style="font-size: 10px;" for="captcha">Word in Above Image:</label> <input id="captcha" name="captcha" type="text" size="10" /> </div> <div style="font-size: 10px;"> Cannot read the image? <a href="#" onclick="document.getElementById('freecap').src='/phpBB2/freecap/freecap.php?'+Math.random();">Click Here</a> to generate a new one. </div> </td> </tr>Note: There are two places (underlined and in bold) in the above snippet where you may have to adjust the path to match yours. If you use a custom skin, you may have to modify the code slightly. But I'm sure you'll figure that out.
else if ( $mode == 'register' ) { if ( empty($username) || empty($new_password) || empty($password_confirm) || empty($email) ) { $error = TRUE; $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Fields_empty']; } }You need to add some lines to it, just in front of that closing brace. That section should look like:
else if ( $mode == 'register' ) { if ( empty($username) || empty($new_password) || empty($password_confirm) || empty($email) ) { $error = TRUE; $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Fields_empty']; } session_start(); if (!isset($_POST['captcha']) || !isset($_SESSION['freecap_word_hash']) || $_SESSION['hash_func']($_POST['captcha']) != $_SESSION['freecap_word_hash']) { $error = TRUE; $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . "The word you entered did not match the image."; } unset($_SESSION['freecap_word_hash']); }Note that you are only adding those seven lines in bold!
It's highly possible that future upgrades of phpBB2 will overwrite your changes. If that happens, you can always start over at step 5. This should keep your boards spambot free!
If you need help or have feedback, you can try emailing me. But I don't make any promises that I'll have time to reply, and I won't be able to help you fix anything if you've broken something.