[MOD] Replace ISC Captcha with ReCaptcha

[Martin]

Not a particularly hard one this but I had to think outside the box to get it around the Javascript validation...

The mod should allow you to replace the ISC Captcha system for reviews and replace it with the Recaptcha service. Naturally you will need to get your API keys before you do anything and I'm not going to reinvent the wheel telling you how to do that... Find out yourself


Note: This modification assumes that you have decided to force captcha to be used on reviews regardless of your Captcha settings in ISC Admin.

Right.. modification is as follows:

Create a folder structure like this one: /modules/custom/recaptcha (ie: add "custom" inside modules, and then a "recaptcha" inside that)

Download the reCaptcha PHP library from here

Place the recaptchalib.php file in your newly created folder ie: in /modules/custom/recaptcha

Open recaptchalib.php

Find:

Code: Select all

/**
 * The reCAPTCHA server URL's
 */

Before, Add:

Code: Select all

$recaptcha_private_key = 'Your_Private_API_key_for_this_site';
$recaptcha_public_key = 'Your_Public_API_key_for_this_site';

... and edit the values to the correct API key...


Open /includes/classes/class.review.php

Find:

Code: Select all

		$captcha = '';
		if(isset($_POST['captcha'])) {
			$captcha = $_POST['captcha'];
		}
		$captcha_check = true;

		// Should reviews be approved automatically?
		if(GetConfig('AutoApproveReviews')) {
			$status = 1;
		}
		else {
			$status = 0;
		}

		// Do we need to check captcha?
		if(GetConfig('CaptchaEnabled') && isc_strtolower($captcha) != isc_strtolower($GLOBALS['ISC_CLASS_CAPTCHA']->LoadSecret())) {
			$_SESSION['productReviewData'] = $reviewPostData;
			FlashMessage(GetLang('ReviewBadCaptcha'), MSG_ERROR, $prodReviewsLink, 'reviews');
			exit;
		}

Replace with:

Code: Select all

//***************************************
// MOD Use ReCaptcha instead of ISC system

		require_once(dirname(__FILE__).'/../../modules/custom/recaptcha/recaptchalib.php');
		
		if(isset($recaptcha_private_key) && isset($recaptcha_public_key)) {

			$resp = recaptcha_check_answer ($recaptcha_private_key,
				$_SERVER["REMOTE_ADDR"],
				$_POST["recaptcha_challenge_field"],
				$_POST["recaptcha_response_field"]);

			// Invalid recaptcha so do as per normal ISC system
			if (!$resp->is_valid) {
				$_SESSION['productReviewData'] = $reviewPostData;
				FlashMessage(GetLang('ReviewBadCaptcha'), MSG_ERROR, $prodReviewsLink, 'reviews');
				exit;
			}
			
		}
		/*
		 * If the recaptcha key isn't set we gracefully degrade
		 * back to the ISC system rather than leave it wide open
		 */
		
		else {
			$captcha = '';
			if(isset($_POST['captcha'])) {
				$captcha = $_POST['captcha'];
			}
			$captcha_check = true;

			// Should reviews be approved automatically?
			if(GetConfig('AutoApproveReviews')) {
				$status = 1;
			}
			else {
				$status = 0;
			}
	//***************************************
	// MOD Force Capcha for reviews

			// Do we need to check captcha?
			//if(GetConfig('CaptchaEnabled') && isc_strtolower($captcha) != isc_strtolower($GLOBALS['ISC_CLASS_CAPTCHA']->LoadSecret())) {
			if(isc_strtolower($captcha) != isc_strtolower($GLOBALS['ISC_CLASS_CAPTCHA']->LoadSecret())) {
				$_SESSION['productReviewData'] = $reviewPostData;
				FlashMessage(GetLang('ReviewBadCaptcha'), MSG_ERROR, $prodReviewsLink, 'reviews');
				exit;
			}
	// MOD END Force Captcha for reviews		
	//***************************************
		}

// MOD END Use ReCaptcha instead of ISC system
//***************************************

Open: /modules/comments/builtincomments/module.builtincomments.php

Find:

Code: Select all

		// Is captcha enabled?
		if (GetConfig('CaptchaEnabled') == false) {
			$GLOBALS['HideReviewCaptcha'] = "none";
		}
		else {
			// Generate the captcha image
			$GLOBALS['ISC_CLASS_CAPTCHA'] = GetClass('ISC_CAPTCHA');
			$GLOBALS['ISC_CLASS_CAPTCHA']->CreateSecret();
			$GLOBALS['CaptchaImage'] = $GLOBALS['ISC_CLASS_CAPTCHA']->ShowCaptcha();
		}

Replace with:

Code: Select all

//***************************************
// MOD Force Capcha for reviews

/*		
		// Is captcha enabled?
		if (GetConfig('CaptchaEnabled') == false) {
			$GLOBALS['HideReviewCaptcha'] = "none";
		}
		else {
			// Generate the captcha image
			$GLOBALS['ISC_CLASS_CAPTCHA'] = GetClass('ISC_CAPTCHA');
			$GLOBALS['ISC_CLASS_CAPTCHA']->CreateSecret();
			$GLOBALS['CaptchaImage'] = $GLOBALS['ISC_CLASS_CAPTCHA']->ShowCaptcha();
		}
*/
		
//***************************************
// MOD Use ReCaptcha instead of ISC system

		require_once(dirname(__FILE__).'/../../custom/recaptcha/recaptchalib.php');
		
		if(isset($recaptcha_private_key) && isset($recaptcha_public_key)) {
			$GLOBALS['CaptchaImage'] = recaptcha_get_html($recaptcha_public_key);
			$GLOBALS['CaptchaImage'] .= "
<script type=\"text/javascript\">
	\$(function(){
		$('#captcha').hide();
		$('#captcha').val('true');
	});
</script>
			";
		}
		/*
		 * If the recaptcha key isn't set we gracefully degrade
		 * back to the ISC system rather than leave it wide open
		 */
		else {
			// Generate the captcha image
			$GLOBALS['ISC_CLASS_CAPTCHA'] = GetClass('ISC_CAPTCHA');
			$GLOBALS['ISC_CLASS_CAPTCHA']->CreateSecret();
			$GLOBALS['CaptchaImage'] = $GLOBALS['ISC_CLASS_CAPTCHA']->ShowCaptcha();
		}
// MOD END Force Captcha for reviews		
//***************************************

That's about it... This is a "free" mod but once again I would appreciate it if you would donate to the next charity bucket or sponsored form you see by way of passing it forward... Especially if you intend to resell this on to clients...

[Martin]

Well... this modification is now worthless as today has proven that some b**tard has taken the time to write the necessary code to break the recaptcha and start submitting review spam all over again.

I'm going to look at alternative solutions at some point but basically I think it's time to admit that spammers all need shooting, or having their heads removed with a dull spoon...

[Martin]

This mod has been rewritten to take advantage of the Akismet API system and hopefully it will be considerably more reliable than the cr*p Google still haven't admitted is broken.

The mod should allow you to replace the ISC Captcha system for reviews and replace it with the Akismet service. Naturally you will need to get your API keys before you do anything and I'm not going to reinvent the wheel telling you how to do that... Find out yourself


Note: This modification should work whether you have force captcha on or not...

Right.. modification is as follows:

Create a folder structure like this one: /modules/custom/akismet (ie: add "custom" inside modules, and then a "akismet" inside that)

Download the Akismet PHP library from here

Place the Akismet.class.php file in your newly created folder ie: in /modules/custom/akismet

Open Akismet.class.php

Find:

Code: Select all

/**
 *	The Akismet PHP5 Class

Before, Add:

Code: Select all

$akismet_api_key = '[YOUR_API_KEY_HERE]';

... and edit the values to the correct API key...


Open /includes/classes/class.review.php

Find:

Code: Select all

		$captcha = '';
		if(isset($_POST['captcha'])) {
			$captcha = $_POST['captcha'];
		}
		$captcha_check = true;

		// Should reviews be approved automatically?
		if(GetConfig('AutoApproveReviews')) {
			$status = 1;
		}
		else {
			$status = 0;
		}

		// Do we need to check captcha?
		if(GetConfig('CaptchaEnabled') && isc_strtolower($captcha) != isc_strtolower($GLOBALS['ISC_CLASS_CAPTCHA']->LoadSecret())) {
			$_SESSION['productReviewData'] = $reviewPostData;
			FlashMessage(GetLang('ReviewBadCaptcha'), MSG_ERROR, $prodReviewsLink, 'reviews');
			exit;
		}

Replace with:

Code: Select all

//***************************************
// MOD Use Akismet instead of ISC system

		require_once(dirname(__FILE__).'/../../modules/custom/akismet/Akismet.class.php');
		
		if(isset($akismet_api_key) && !empty($akismet_api_key)) {
			
			$akismet = new Akismet(GetConfig('ShopPathNormal'), $akismet_api_key);
			
			$akismet->setCommentAuthor($reviewPostData['revfromname']);
			$akismet->setCommentContent(($reviewPostData['revtitle']."\n".$reviewPostData['revtext']));
			$akismet->setPermalink($prodLink);
			$akismet->setCommentType('comment');

			// Invalid recaptcha so do as per normal ISC system
			if ($akismet->isCommentSpam()) {
				$_SESSION['productReviewData'] = $reviewPostData;
				FlashMessage("Sorry, review scored as spam... Please contact me with a copy of your review by email if genuine", MSG_ERROR, $prodReviewsLink, 'reviews');
				exit;
			}
			
		}
		/*
		 * If the recaptcha key isn't set we gracefully degrade
		 * back to the ISC system rather than leave it wide open
		 */
		
		else {
			$captcha = '';
			if(isset($_POST['captcha'])) {
				$captcha = $_POST['captcha'];
			}
			$captcha_check = true;

			// Should reviews be approved automatically?
			if(GetConfig('AutoApproveReviews')) {
				$status = 1;
			}
			else {
				$status = 0;
			}
	//***************************************
	// MOD Force Capcha for reviews

			// Do we need to check captcha?
			//if(GetConfig('CaptchaEnabled') && isc_strtolower($captcha) != isc_strtolower($GLOBALS['ISC_CLASS_CAPTCHA']->LoadSecret())) {
			if(isc_strtolower($captcha) != isc_strtolower($GLOBALS['ISC_CLASS_CAPTCHA']->LoadSecret())) {
				$_SESSION['productReviewData'] = $reviewPostData;
				FlashMessage(GetLang('ReviewBadCaptcha'), MSG_ERROR, $prodReviewsLink, 'reviews');
				exit;
			}
	// MOD END Force Captcha for reviews		
	//***************************************
		}

// MOD END Use Akismet instead of ISC system
//***************************************

Open: /modules/comments/builtincomments/module.builtincomments.php

Find:

Code: Select all

		// Is captcha enabled?
		if (GetConfig('CaptchaEnabled') == false) {
			$GLOBALS['HideReviewCaptcha'] = "none";
		}
		else {
			// Generate the captcha image
			$GLOBALS['ISC_CLASS_CAPTCHA'] = GetClass('ISC_CAPTCHA');
			$GLOBALS['ISC_CLASS_CAPTCHA']->CreateSecret();
			$GLOBALS['CaptchaImage'] = $GLOBALS['ISC_CLASS_CAPTCHA']->ShowCaptcha();
		}

Replace with:

Code: Select all

//***************************************
// MOD Force Capcha for reviews

/*		
		// Is captcha enabled?
		if (GetConfig('CaptchaEnabled') == false) {
			$GLOBALS['HideReviewCaptcha'] = "none";
		}
		else {
			// Generate the captcha image
			$GLOBALS['ISC_CLASS_CAPTCHA'] = GetClass('ISC_CAPTCHA');
			$GLOBALS['ISC_CLASS_CAPTCHA']->CreateSecret();
			$GLOBALS['CaptchaImage'] = $GLOBALS['ISC_CLASS_CAPTCHA']->ShowCaptcha();
		}
*/
		
//***************************************
// MOD Use Akismet instead of ISC system

		require_once(dirname(__FILE__).'/../../custom/akismet/Akismet.class.php');
		
		if(isset($akismet_api_key) && !empty($akismet_api_key)) {
			$GLOBALS['CaptchaImage'] .= "
<script type=\"text/javascript\">
   \$(function(){
      $('#captcha').hide();
      $('#captcha').val('true');
   });
</script>
         ";
		}
		/*
		 * If the recaptcha key isn't set we gracefully degrade
		 * back to the ISC system rather than leave it wide open
		 */
		else {
			// Generate the captcha image
			$GLOBALS['ISC_CLASS_CAPTCHA'] = GetClass('ISC_CAPTCHA');
			$GLOBALS['ISC_CLASS_CAPTCHA']->CreateSecret();
			$GLOBALS['CaptchaImage'] = $GLOBALS['ISC_CLASS_CAPTCHA']->ShowCaptcha();
		}
// MOD END Force Captcha for reviews		
//***************************************

That's about it... This is a "free" mod but once again I would appreciate it if you would donate to the next charity bucket or sponsored form you see by way of passing it forward... Especially if you intend to resell this on to clients...[/quote]

[mipra]

thank you...it works flawlesly!
By the way, how do I do this with the contact us form captcha?

thank you

[Martin]

So now some pr**k has worked out how to beat the Akismet mod as well and is sending random pieces of crap at my store from a variety of IP's and I'm guessing testing to see if the review appears before attempting the next stage of actually sending the spam URL...

So got to figure out how to up the ante...

I just love spammer... to long and painful death... preferably...

[Superbank]

Wow!

That's just what I was dreaming of.

Recently my Interspire Shopping Cart Product Review section has been spammed by thousands of spam messages, so I had to disable Product Reviews completely.

But after disabling the Product Comments I found that all the previous comments do not show up any more. This is not a good solution for me as I have hundreds of good product comments already and I want them to be visible on the product's page.

Is this thread alive or not?

The latest Google Recaptcha 2 is the best captcha system today!

It has not been cracked and Google is constantly upgrading its Recaptcha 2 staying always ahead of crackers.

We are not talking about the so called Captcha Solving Services where human operators will solve bulk captchas for a fee. There is no remedy against this kind of activity.

What I'm dreaming of is incorporating the new Google Recaptcha 2 in my Interspire Shopping Cart Prtoduct Comment section.

I am using Interspire Shopping Cart version 6.1.1.

Can anyone help me to change the original ISC captcha to Google Recaptcha 2 ?

Any help will be very much appreciated.

[kasbahouse]

is there an update on this issue? i tried to use it and always get wrong captchA
tks

[Superbank]

is there an update on this issue? i tried to use it and always get wrong captchA
tks

Would you please provide more details and screenshots.

I want to change the original ISC captcha to Google Recaptcha 2.

Is the above PHP code modification applicable to Google Recaptcha 2?

[kasbahouse]

here is the screen shot

[kasbahouse]

i put the text correct but still issue
very strange
windows server 20008 r2