CAPTCHA
Contents |
About CAPTCHA
There is pretty good discussion right now (at time of writing, it's August 2008), about how CAPTCHA is dead. There are some discussions in the forums about it, basically revolving around the nasty problems that happen once spammers break through a CAPTCHA system. On one of my neglected blogs, I discovered 36,000 messages, all spam.
There is a better plugin jamesehly wrote, Better Veriword CAPTCHA Display.
Forum thread: Getting spam every 10 minutes
Article: How CAPTCHA got trashed
Read more about CAPTCHA technology at wikipedia
Editing CAPTCHA Settings
You can turn off CAPTCHA codes for manager logins from within the MODx manager interface: Tools-->Configuration-->User You can also alter the words used by the image generator. One of these words and a random number will be generated by the CAPTCHA script. The script and the "virtual" image are referenced by something like this src="/manager/includes/veriword.php?rand=414368623".
Server support
Be careful about enabling CAPTCHA support on a new server! The web server must have two PHP libraries installed in order for it to dynamically generate the images for the CAPTCHA image code:
- Required PHP Libraries for CAPTCHA Generation
- GD library
- FreeType library
To verify that the problem is with the server support, in Evolution, put this in your browser's address line:
http://yoursite.com/manager/includes/veriword.php
For MODx Revolution, it's:
http://yoursite.com/assets/components/captcha/captcha.php
If you go to that page and don't get a "page not found" message and there is no image, the server doesn't support CAPTCHA images.
See related threads: this thread and this one
Problems
I can't see the Image! CAPTCHA is required to Login, but it's not Working!
If you change the security settings in your manager interface to require CAPTCHA codes, but your web server can't actually make the images, you'll have a real problem logging in because there won't be an image containing the code!
If you find yourself in this unpleasant situation, but you still have access to the MySQL database where MODx is installed, fear not. You can log into the database, then execute the following command in a MySQL command prompt:
UPDATE modx_system_settings SET setting_value='0' WHERE setting_name='use_captcha' LIMIT 1;
(the table name modx_system_settings may vary depending on the table prefix used in your database)
You can also edit the modx_system_settings table in PhpMyAdmin and set the value of use_captcha to 0.
Or you can edit the assets/cache/sitecache.idx.php file: Change
$c['use_captcha'] = "1";
to
$c['use_captcha'] = "0";
In Revolution, it's the core/cache/config.cache.php file: Change
'use_captcha' => '1',
to
'use_captcha' => '0',
If you use the last technique, be sure to change the captcha system setting as soon as you log in. Otherwise, you'll be locked out again the next time you try to log in.
If you tried and failed to log in too many times, you may also be blocked. In that case, edit the modx_user_attributes table using PhpMyAdmin. Click on the little pencil next to the default admin user (should be the first record) and set the Value of blocked, blockeduntil, blockedafter, and failedlogincount all to 0. Then click on the "Go" button at the bottom to save your changes.
The real solution, of course, is to get the correct PHP modules installed (see above section). If you're not sure if you're going to get into trouble by enabling CAPTCHA codes, try turning it on in one browser, then (while still in the Manager) heading over to the manager login in another browser. If the image fails to generate in the second browser, you can turn off the CAPTCHA requirement back in the first browser.
Only Part of the CAPTCHA Image is showing!
There has been a bug identified in one of the generation scripts. The bug manifests itself on Windows. See the forum thread on the topic.
