added securimage captcha

webui/config.php

@@ -33,6 +33,8 @@ $config['SITE_NAME'] = 'piler.yourdomain.com';
 $config['SITE_URL'] = 'http://piler.yourdomain.com/';
 
 $config['ENABLE_SAAS'] = 0;
+$config['CAPTCHA_FAILED_LOGIN_COUNT'] = 0;
+
 $config['ENABLE_TABLE_RESIZE'] = 0;
 $config['DEMO_MODE'] = 0;
 

webui/controller/login/login.php

@@ -35,6 +35,9 @@ class ControllerLoginLogin extends Controller {
       $this->data['title'] = $this->data['text_login'];
       $this->data['title_prefix'] = TITLE_PREFIX;
 
+      $this->data['failed_login_count'] = $this->model_user_auth->get_failed_login_count();
+
+
       if($this->request->server['REQUEST_METHOD'] == 'POST' && $this->validate() == true) {
 
          if($this->model_user_auth->checkLogin($this->request->post['username'], $_POST['password']) == 1) {
@@ -55,6 +58,10 @@ class ControllerLoginLogin extends Controller {
             header("Location: " . SITE_URL . "search.php");
             exit;
          }
+         else {
+            $this->model_user_auth->increment_failed_login_count($this->data['failed_login_count']);
+            $this->data['failed_login_count']++;
+         }
 
          $this->data['x'] = $this->data['text_invalid_email_or_password'];
 
@@ -91,6 +98,16 @@ class ControllerLoginLogin extends Controller {
       }
 
 
+      if(CAPTCHA_FAILED_LOGIN_COUNT > 0 && $this->data['failed_login_count'] > CAPTCHA_FAILED_LOGIN_COUNT) {
+         require_once $_SERVER['DOCUMENT_ROOT'] . '/securimage/securimage.php';
+         $image = new Securimage();
+
+         if($image->check($this->request->post['captcha']) != true) {
+            $this->error['captcha'] = 'captcha error';
+         }
+      }
+
+
       if (!$this->error) {
          return true;
       } else {

webui/model/user/auth.php

@@ -306,6 +306,24 @@ class ModelUserAuth extends Model {
    }
 
 
+   public function get_failed_login_count() {
+      $session = Registry::get('session');
+
+      $n = $session->get('failed_logins');
+      if($n == '') { $n = 0; }
+
+      return $n;
+   }
+
+
+   public function increment_failed_login_count($n = 0) {
+      $session = Registry::get('session');
+
+      $n = $session->get('failed_logins') + 1;
+      $session->set('failed_logins', $n);
+   }
+
+
    public function change_password($username = '', $password = '') {
       if($username == "" || $password == ""){ return 0; }
 

webui/securimage/LICENSE.txt

@@ -0,0 +1,25 @@
+COPYRIGHT:
+    Copyright (c) 2011 Drew Phillips
+    All rights reserved.
+
+    Redistribution and use in source and binary forms, with or without modification,
+    are permitted provided that the following conditions are met:
+
+    - Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+    - Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+
+    THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+    AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+    IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+    ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+    LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+    CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+    POSSIBILITY OF SUCH DAMAGE.
+

webui/securimage/README.FONT.txt

@@ -0,0 +1,12 @@
+AHGBold.ttf is used by Securimage under the following license:
+
+Alte Haas Grotesk is a typeface that look like an helvetica printed in an old Muller-Brockmann Book.
+
+These fonts are freeware and can be distributed as long as they are
+together with this text file. 
+
+I would appreciate very much to see what you have done with it anyway.
+
+yann le coroller 
+www.yannlecoroller.com
+yann@lecoroller.com

webui/securimage/README.txt

@@ -0,0 +1,181 @@
+NAME:
+
+    Securimage - A PHP class for creating captcha images and audio with many options.
+
+VERSION: 3.5.1
+
+AUTHOR:
+
+    Drew Phillips <drew@drew-phillips.com>
+
+DOWNLOAD:
+
+    The latest version can always be
+    found at http://www.phpcaptcha.org
+
+DOCUMENTATION:
+
+    Online documentation of the class, methods, and variables can
+    be found at http://www.phpcaptcha.org/Securimage_Docs/
+
+REQUIREMENTS:
+    PHP 5.2 or greater
+    GD  2.0
+    FreeType (Required, for TTF fonts)
+    PDO (if using Sqlite, MySQL, or PostgreSQL)
+
+SYNOPSIS:
+
+    require_once 'securimage.php';
+
+    $image = new Securimage();
+
+    $image->show();
+
+    // Code Validation
+
+    $image = new Securimage();
+    if ($image->check($_POST['code']) == true) {
+      echo "Correct!";
+    } else {
+      echo "Sorry, wrong code.";
+    }
+
+DESCRIPTION:
+
+    What is Securimage?
+
+    Securimage is a PHP class that is used to generate and validate CAPTCHA images.
+    The classes uses an existing PHP session or creates its own if none is found to store the
+    CAPTCHA code.  Variables within the class are used to control the style and display of the image.
+    The class supports TTF fonts and effects for strengthening the security of the image.
+    An audible code can also be streamed to the browser for visually impared users.
+
+
+COPYRIGHT:
+    Copyright (c) 2013 Drew Phillips
+    All rights reserved.
+
+    Redistribution and use in source and binary forms, with or without modification,
+    are permitted provided that the following conditions are met:
+
+    - Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+    - Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+
+    THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+    AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+    IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+    ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+    LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+    CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+    POSSIBILITY OF SUCH DAMAGE.
+
+    -----------------------------------------------------------------------------
+    The WavFile.php class used in Securimage by Drew Phillips and Paul Voegler is
+    used under the BSD License.  See WavFile.php for details.
+    Many thanks to Paul Voegler (http://www.voegler.eu/) for contributing to
+    Securimage.
+
+    -----------------------------------------------------------------------------
+    Flash code created for Securimage by Age Bosma & Mario Romero (animario@hotmail.com)
+    Many thanks for releasing this to the project!
+
+    ------------------------------------------------------------------------------
+    Portions of Securimage contain code from Han-Kwang Nienhuys' PHP captcha
+        
+    Han-Kwang Nienhuys' PHP captcha
+    Copyright June 2007
+    
+    This copyright message and attribution must be preserved upon
+    modification. Redistribution under other licenses is expressly allowed.
+    Other licenses include GPL 2 or higher, BSD, and non-free licenses.
+    The original, unrestricted version can be obtained from
+    http://www.lagom.nl/linux/hkcaptcha/
+    
+    -------------------------------------------------------------------------------
+    AHGBold.ttf (AlteHaasGroteskBold.ttf) font was created by Yann Le Coroller and is distributed as freeware
+    
+    Alte Haas Grotesk is a typeface that look like an helvetica printed in an old Muller-Brockmann Book.
+    
+    These fonts are freeware and can be distributed as long as they are
+    together with this text file. 
+    
+    I would appreciate very much to see what you have done with it anyway.
+    
+    yann le coroller 
+    www.yannlecoroller.com
+    yann@lecoroller.com
+
+    -------------------------------------------------------------------------------
+    Portions of securimage_play.swf use the PopForge flash library for playing audio
+
+    /**
+     * Copyright(C) 2007 Andre Michelle and Joa Ebert
+     *
+     * PopForge is an ActionScript3 code sandbox developed by Andre Michelle and Joa Ebert
+     * http://sandbox.popforge.de
+     *
+     * PopforgeAS3Audio is free software; you can redistribute it and/or modify
+     * it under the terms of the GNU General Public License as published by
+     * the Free Software Foundation; either version 3 of the License, or
+     * (at your option) any later version.
+     *
+     * PopforgeAS3Audio is distributed in the hope that it will be useful,
+     * but WITHOUT ANY WARRANTY; without even the implied warranty of
+     * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+     * GNU General Public License for more details.
+     *
+     * You should have received a copy of the GNU General Public License
+     * along with this program. If not, see <http://www.gnu.org/licenses/>
+     */
+     
+     -------------------------------------------------------------------------------
+     Some graphics used are from the Humility Icon Pack by WorLord
+
+     License: GNU/GPL (http://findicons.com/pack/1723/humility)
+     http://findicons.com/icon/192558/gnome_volume_control
+     http://findicons.com/icon/192562/gtk_refresh
+
+     -------------------------------------------------------------------------------
+     Background noise sound files are from SoundJay.com
+     http://www.soundjay.com/tos.html
+     
+     All sound effects on this website are created by us and protected under
+     the copyright laws, international treaty provisions and other applicable
+     laws. By downloading sounds, music or any material from this site implies
+     that you have read and accepted these terms and conditions:
+
+     Sound Effects
+     You are allowed to use the sounds free of charge and royalty free in your
+     projects (such as films, videos, games, presentations, animations, stage
+     plays, radio plays, audio books, apps) be it for commercial or
+     non-commercial purposes.
+    
+     But you are NOT allowed to
+     - post the sounds (as sound effects or ringtones) on any website for
+       others to download, copy or use
+     - use them as a raw material to create sound effects or ringtones that
+       you will sell, distribute or offer for downloading
+     - sell, re-sell, license or re-license the sounds (as individual sound
+       effects or as a sound effects library) to anyone else
+     - claim the sounds as yours
+     - link directly to individual sound files
+     - distribute the sounds in apps or computer programs that are clearly
+       sound related in nature (such as sound machine, sound effect
+       generator, ringtone maker, funny sounds app, sound therapy app, etc.)
+       or in apps or computer programs that use the sounds as the program's
+       sound resource library for other people's use (such as animation
+       creator, digital book creator, song maker software, etc.). If you are
+       developing such computer programs, contact us for licensing options.
+    
+     If you use the sound effects, please consider giving us a credit and
+     linking back to us but it's not required.
+     
+     

webui/securimage/captcha.html

@@ -0,0 +1,13 @@
+  <!-- The following is example HTML that can be used on your form -->
+  
+  <p>
+    <img id="siimage" style="border: 1px solid #000; margin-right: 15px" src="./securimage_show.php?sid=<?php echo md5(uniqid()) ?>" alt="CAPTCHA Image" align="left">
+    <object type="application/x-shockwave-flash" data="./securimage_play.swf?bgcol=#ffffff&amp;icon_file=./images/audio_icon.png&amp;audio_file=./securimage_play.php" height="32" width="32">
+    <param name="movie" value="./securimage_play.swf?bgcol=#ffffff&amp;icon_file=./images/audio_icon.png&amp;audio_file=./securimage_play.php" />
+    </object>
+    &nbsp;
+    <a tabindex="-1" style="border-style: none;" href="#" title="Refresh Image" onclick="document.getElementById('siimage').src = './securimage_show.php?sid=' + Math.random(); this.blur(); return false"><img src="./images/refresh.png" alt="Reload Image" onclick="this.blur()" align="bottom" border="0"></a><br />
+    <strong>Enter Code*:</strong><br />
+    <input type="text" name="ct_captcha" size="12" maxlength="16" />
+  </p>
+  

webui/securimage/database/.htaccess

@@ -0,0 +1 @@
+deny from all

webui/securimage/database/index.html

@@ -0,0 +1 @@
+ 

webui/securimage/example_form.ajax.php

@@ -0,0 +1,207 @@
+<?php
+session_start(); // this MUST be called prior to any output including whitespaces and line breaks!
+
+$GLOBALS['ct_recipient']   = 'YOU@EXAMPLE.COM'; // Change to your email address!
+$GLOBALS['ct_msg_subject'] = 'Securimage Test Contact Form';
+
+$GLOBALS['DEBUG_MODE'] = 1;
+// CHANGE TO 0 TO TURN OFF DEBUG MODE
+// IN DEBUG MODE, ONLY THE CAPTCHA CODE IS VALIDATED, AND NO EMAIL IS SENT
+
+
+// Process the form, if it was submitted
+process_si_contact_form();
+
+?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+    <meta http-equiv="Content-type" content="text/html;charset=UTF-8" />
+    <title>Securimage Example Form</title>
+    <style type="text/css">
+    <!--
+        #success_message { border: 1px solid #000; width: 550px; text-align: left; padding: 10px 7px; background: #33ff33; color: #000; font-weight; bold; font-size: 1.2em; border-radius: 4px; -moz-border-radius: 4px; -webkit-border-radius: 4px; }
+        fieldset { width: 90%; }
+        legend { font-size: 24px; }
+        .note { font-size: 18px; }
+    -->
+    </style>
+    </head>
+<body>
+
+<fieldset>
+<legend>Example Form</legend>
+
+<p class="note">
+  This is an example PHP form that processes user information, checks for errors, and validates the captcha code.<br />
+  This example form also demonstrates how to submit a form to itself to display error messages.
+</p>
+
+<div id="success_message" style="display: none">Your message has been sent!<br />We will contact you as soon as possible.</div>
+
+<form method="post" action="" id="contact_form" onsubmit="return processForm()">
+  <input type="hidden" name="do" value="contact" />
+
+  <p>
+    <strong>Name*:</strong><br />
+    <input type="text" name="ct_name" size="35" value="" />
+  </p>
+
+  <p>
+    <strong>Email*:</strong><br />
+    <input type="text" name="ct_email" size="35" value="" />
+  </p>
+
+  <p>
+    <strong>URL:</strong><br />
+    <input type="text" name="ct_URL" size="35" value="" />
+  </p>
+
+  <p>
+    <strong>Message*:</strong><br />
+    <textarea name="ct_message" rows="12" cols="60"></textarea>
+  </p>
+
+  <p>
+    <img id="siimage" style="border: 1px solid #000; margin-right: 15px" src="./securimage_show.php?sid=<?php echo md5(uniqid()) ?>" alt="CAPTCHA Image" align="left" />
+    <object type="application/x-shockwave-flash" data="./securimage_play.swf?bgcol=#ffffff&amp;icon_file=./images/audio_icon.png&amp;audio_file=./securimage_play.php" height="32" width="32">
+    <param name="movie" value="./securimage_play.swf?bgcol=#ffffff&amp;icon_file=./images/audio_icon.png&amp;audio_file=./securimage_play.php" />
+    </object>
+    &nbsp;
+    <a tabindex="-1" style="border-style: none;" href="#" title="Refresh Image" onclick="document.getElementById('siimage').src = './securimage_show.php?sid=' + Math.random(); this.blur(); return false"><img src="./images/refresh.png" alt="Reload Image" height="32" width="32" onclick="this.blur()" align="bottom" border="0" /></a><br />
+    <strong>Enter Code*:</strong><br />
+    <input type="text" name="ct_captcha" size="12" maxlength="8" />
+  </p>
+
+  <p>
+    <br />
+    <input type="submit" value="Submit Message" />
+  </p>
+
+</form>
+</fieldset>
+
+<script src="http://code.jquery.com/jquery-1.10.1.min.js"></script>
+<script type="text/javascript">
+    $.noConflict();
+
+    function reloadCaptcha()
+    {
+        jQuery('#siimage').src = './securimage_show.php?sid=' + Math.random();
+    }
+
+    function processForm()
+    {
+		jQuery.ajax({
+			url: '<?php echo $_SERVER['PHP_SELF'] ?>',
+			type: 'POST',
+			data: jQuery('#contact_form').serialize(),
+			dataType: 'json',
+		}).done(function(data) {
+			if (data.error === 0) {
+				jQuery('#success_message').show();
+				jQuery('#contact_form')[0].reset();
+				reloadCaptcha();
+				setTimeout("jQuery('#success_message').fadeOut()", 30000);
+			} else {
+				alert("There was an error with your submission.\n\n" + data.message);
+			}
+		});
+
+        return false;
+    }
+</script>
+
+</body>
+</html>
+
+<?php
+
+// The form processor PHP code
+function process_si_contact_form()
+{
+    if ($_SERVER['REQUEST_METHOD'] == 'POST' && @$_POST['do'] == 'contact') {
+        // if the form has been submitted
+
+        foreach($_POST as $key => $value) {
+            if (!is_array($key)) {
+                // sanitize the input data
+                if ($key != 'ct_message') $value = strip_tags($value);
+                $_POST[$key] = htmlspecialchars(stripslashes(trim($value)));
+            }
+        }
+
+        $name    = @$_POST['ct_name'];    // name from the form
+        $email   = @$_POST['ct_email'];   // email from the form
+        $URL     = @$_POST['ct_URL'];     // url from the form
+        $message = @$_POST['ct_message']; // the message from the form
+        $captcha = @$_POST['ct_captcha']; // the user's entry for the captcha code
+        $name    = substr($name, 0, 64);  // limit name to 64 characters
+
+        $errors = array();  // initialize empty error array
+
+        if (isset($GLOBALS['DEBUG_MODE']) && $GLOBALS['DEBUG_MODE'] == false) {
+            // only check for errors if the form is not in debug mode
+
+            if (strlen($name) < 3) {
+                // name too short, add error
+                $errors['name_error'] = 'Your name is required';
+            }
+
+            if (strlen($email) == 0) {
+                // no email address given
+                $errors['email_error'] = 'Email address is required';
+            } else if ( !preg_match('/^(?:[\w\d]+\.?)+@(?:(?:[\w\d]\-?)+\.)+\w{2,4}$/i', $email)) {
+                // invalid email format
+                $errors['email_error'] = 'Email address entered is invalid';
+            }
+
+            if (strlen($message) < 20) {
+                // message length too short
+                $errors['message_error'] = 'Please enter a message';
+            }
+        }
+
+        // Only try to validate the captcha if the form has no errors
+        // This is especially important for ajax calls
+        if (sizeof($errors) == 0) {
+            require_once dirname(__FILE__) . '/securimage.php';
+            $securimage = new Securimage();
+
+            if ($securimage->check($captcha) == false) {
+                $errors['captcha_error'] = 'Incorrect security code entered';
+            }
+        }
+
+        if (sizeof($errors) == 0) {
+            // no errors, send the form
+            $time       = date('r');
+            $message = "A message was submitted from the contact form.  The following information was provided.<br /><br />"
+                     . "Name: $name<br />"
+                     . "Email: $email<br />"
+                     . "URL: $URL<br />"
+                     . "Message:<br />"
+                     . "<pre>$message</pre>"
+                     . "<br /><br />IP Address: {$_SERVER['REMOTE_ADDR']}<br />"
+                     . "Time: $time<br />"
+                     . "Browser: {$_SERVER['HTTP_USER_AGENT']}<br />";
+
+            if (isset($GLOBALS['DEBUG_MODE']) && $GLOBALS['DEBUG_MODE'] == false) {
+                // send the message with mail()
+                mail($GLOBALS['ct_recipient'], $GLOBALS['ct_msg_subject'], $message, "From: {$GLOBALS['ct_recipient']}\r\nReply-To: {$email}\r\nContent-type: text/html; charset=ISO-8859-1\r\nMIME-Version: 1.0");
+            }
+
+            $return = array('error' => 0, 'message' => 'OK');
+            die(json_encode($return));
+        } else {
+            $errmsg = '';
+            foreach($errors as $key => $error) {
+                // set up error messages to display with each field
+                $errmsg .= " - {$error}\n";
+            }
+
+            $return = array('error' => 1, 'message' => $errmsg);
+            die(json_encode($return));
+        }
+    } // POST
+} // function process_si_contact_form()

webui/securimage/example_form.php

@@ -0,0 +1,192 @@
+<?php
+session_start(); // this MUST be called prior to any output including whitespaces and line breaks!
+
+$GLOBALS['DEBUG_MODE'] = 1;
+// CHANGE TO 0 TO TURN OFF DEBUG MODE
+// IN DEBUG MODE, ONLY THE CAPTCHA CODE IS VALIDATED, AND NO EMAIL IS SENT
+
+$GLOBALS['ct_recipient']   = 'YOU@EXAMPLE.COM'; // Change to your email address!
+$GLOBALS['ct_msg_subject'] = 'Securimage Test Contact Form';
+
+?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+  <meta http-equiv="Content-type" content="text/html;charset=UTF-8" />
+  <title>Securimage Example Form</title>
+  <style type="text/css">
+  <!--
+  .error { color: #f00; font-weight: bold; font-size: 1.2em; }
+  .success { color: #00f; font-weight: bold; font-size: 1.2em; }
+  fieldset { width: 90%; }
+  legend { font-size: 24px; }
+  .note { font-size: 18px;
+  -->
+  </style>
+</head>
+<body>
+
+<fieldset>
+<legend>Example Form</legend>
+
+<p class="note">
+  This is an example PHP form that processes user information, checks for errors, and validates the captcha code.<br />
+  This example form also demonstrates how to submit a form to itself to display error messages.
+</p>
+
+<?php
+
+process_si_contact_form(); // Process the form, if it was submitted
+
+if (isset($_SESSION['ctform']['error']) &&  $_SESSION['ctform']['error'] == true): /* The last form submission had 1 or more errors */ ?>
+<span class="error">There was a problem with your submission.  Errors are displayed below in red.</span><br /><br />
+<?php elseif (isset($_SESSION['ctform']['success']) && $_SESSION['ctform']['success'] == true): /* form was processed successfully */ ?>
+<span class="success">The captcha was correct and the message has been sent!</span><br /><br />
+<?php endif; ?>
+
+<form method="post" action="<?php echo htmlspecialchars($_SERVER['REQUEST_URI'] . $_SERVER['QUERY_STRING']) ?>" id="contact_form">
+  <input type="hidden" name="do" value="contact" />
+
+  <p>
+    <strong>Name*:</strong>&nbsp; &nbsp;<?php echo @$_SESSION['ctform']['name_error'] ?><br />
+    <input type="text" name="ct_name" size="35" value="<?php echo htmlspecialchars(@$_SESSION['ctform']['ct_name']) ?>" />
+  </p>
+
+  <p>
+    <strong>Email*:</strong>&nbsp; &nbsp;<?php echo @$_SESSION['ctform']['email_error'] ?><br />
+    <input type="text" name="ct_email" size="35" value="<?php echo htmlspecialchars(@$_SESSION['ctform']['ct_email']) ?>" />
+  </p>
+
+  <p>
+    <strong>URL:</strong>&nbsp; &nbsp;<?php echo @$_SESSION['ctform']['URL_error'] ?><br />
+    <input type="text" name="ct_URL" size="35" value="<?php echo htmlspecialchars(@$_SESSION['ctform']['ct_URL']) ?>" />
+  </p>
+
+  <p>
+    <strong>Message*:</strong>&nbsp; &nbsp;<?php echo @$_SESSION['ctform']['message_error'] ?><br />
+    <textarea name="ct_message" rows="12" cols="60"><?php echo htmlspecialchars(@$_SESSION['ctform']['ct_message']) ?></textarea>
+  </p>
+
+  <p>
+    <img id="siimage" style="border: 1px solid #000; margin-right: 15px" src="./securimage_show.php?sid=<?php echo md5(uniqid()) ?>" alt="CAPTCHA Image" align="left" />
+    <object type="application/x-shockwave-flash" data="./securimage_play.swf?bgcol=#ffffff&amp;icon_file=./images/audio_icon.png&amp;audio_file=./securimage_play.php" height="32" width="32">
+    <param name="movie" value="./securimage_play.swf?bgcol=#ffffff&amp;icon_file=./images/audio_icon.png&amp;audio_file=./securimage_play.php" />
+    </object>
+    &nbsp;
+    <a tabindex="-1" style="border-style: none;" href="#" title="Refresh Image" onclick="document.getElementById('siimage').src = './securimage_show.php?sid=' + Math.random(); this.blur(); return false"><img src="./images/refresh.png" alt="Reload Image" height="32" width="32" onclick="this.blur()" align="bottom" border="0" /></a><br />
+    <strong>Enter Code*:</strong><br />
+     <?php echo @$_SESSION['ctform']['captcha_error'] ?>
+    <input type="text" name="ct_captcha" size="12" maxlength="16" />
+  </p>
+
+  <p>
+    <br />
+    <input type="submit" value="Submit Message" />
+  </p>
+
+</form>
+</fieldset>
+
+</body>
+</html>
+
+<?php
+
+// The form processor PHP code
+function process_si_contact_form()
+{
+  $_SESSION['ctform'] = array(); // re-initialize the form session data
+
+  if ($_SERVER['REQUEST_METHOD'] == 'POST' && @$_POST['do'] == 'contact') {
+  	// if the form has been submitted
+
+    foreach($_POST as $key => $value) {
+      if (!is_array($key)) {
+      	// sanitize the input data
+        if ($key != 'ct_message') $value = strip_tags($value);
+        $_POST[$key] = htmlspecialchars(stripslashes(trim($value)));
+      }
+    }
+
+    $name    = @$_POST['ct_name'];    // name from the form
+    $email   = @$_POST['ct_email'];   // email from the form
+    $URL     = @$_POST['ct_URL'];     // url from the form
+    $message = @$_POST['ct_message']; // the message from the form
+    $captcha = @$_POST['ct_captcha']; // the user's entry for the captcha code
+    $name    = substr($name, 0, 64);  // limit name to 64 characters
+
+    $errors = array();  // initialize empty error array
+
+    if (isset($GLOBALS['DEBUG_MODE']) && $GLOBALS['DEBUG_MODE'] == false) {
+      // only check for errors if the form is not in debug mode
+
+      if (strlen($name) < 3) {
+        // name too short, add error
+        $errors['name_error'] = 'Your name is required';
+      }
+
+      if (strlen($email) == 0) {
+        // no email address given
+        $errors['email_error'] = 'Email address is required';
+      } else if ( !preg_match('/^(?:[\w\d]+\.?)+@(?:(?:[\w\d]\-?)+\.)+\w{2,4}$/i', $email)) {
+        // invalid email format
+        $errors['email_error'] = 'Email address entered is invalid';
+      }
+
+      if (strlen($message) < 20) {
+        // message length too short
+        $errors['message_error'] = 'Please enter a message';
+      }
+    }
+
+    // Only try to validate the captcha if the form has no errors
+    // This is especially important for ajax calls
+    if (sizeof($errors) == 0) {
+      require_once dirname(__FILE__) . '/securimage.php';
+      $securimage = new Securimage();
+
+      if ($securimage->check($captcha) == false) {
+        $errors['captcha_error'] = 'Incorrect security code entered<br />';
+      }
+    }
+
+    if (sizeof($errors) == 0) {
+      // no errors, send the form
+      $time       = date('r');
+      $message = "A message was submitted from the contact form.  The following information was provided.<br /><br />"
+                    . "Name: $name<br />"
+                    . "Email: $email<br />"
+                    . "URL: $URL<br />"
+                    . "Message:<br />"
+                    . "<pre>$message</pre>"
+                    . "<br /><br />IP Address: {$_SERVER['REMOTE_ADDR']}<br />"
+                    . "Time: $time<br />"
+                    . "Browser: {$_SERVER['HTTP_USER_AGENT']}<br />";
+
+      $message = wordwrap($message, 70);
+
+      if (isset($GLOBALS['DEBUG_MODE']) && $GLOBALS['DEBUG_MODE'] == false) {
+      	// send the message with mail()
+        mail($GLOBALS['ct_recipient'], $GLOBALS['ct_msg_subject'], $message, "From: {$GLOBALS['ct_recipient']}\r\nReply-To: {$email}\r\nContent-type: text/html; charset=ISO-8859-1\r\nMIME-Version: 1.0");
+      }
+
+      $_SESSION['ctform']['error'] = false;  // no error with form
+      $_SESSION['ctform']['success'] = true; // message sent
+    } else {
+      // save the entries, this is to re-populate the form
+      $_SESSION['ctform']['ct_name'] = $name;       // save name from the form submission
+      $_SESSION['ctform']['ct_email'] = $email;     // save email
+      $_SESSION['ctform']['ct_URL'] = $URL;         // save URL
+      $_SESSION['ctform']['ct_message'] = $message; // save message
+
+      foreach($errors as $key => $error) {
+      	// set up error messages to display with each field
+        $_SESSION['ctform'][$key] = "<span style=\"font-weight: bold; color: #f00\">$error</span>";
+      }
+
+      $_SESSION['ctform']['error'] = true; // set error floag
+    }
+  } // POST
+}
+
+$_SESSION['ctform']['success'] = false; // clear success value after running

webui/securimage/securimage_play.php

@@ -0,0 +1,47 @@
+<?php
+
+/**
+ * Project:     Securimage: A PHP class for creating and managing form CAPTCHA images<br />
+ * File:        securimage_play.php<br />
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or any later version.<br /><br />
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.<br /><br />
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA<br /><br />
+ *
+ * Any modifications to the library should be indicated clearly in the source code
+ * to inform users that the changes are not a part of the original software.<br /><br />
+ *
+ * If you found this script useful, please take a quick moment to rate it.<br />
+ * http://www.hotscripts.com/rate/49400.html  Thanks.
+ *
+ * @link http://www.phpcaptcha.org Securimage PHP CAPTCHA
+ * @link http://www.phpcaptcha.org/latest.zip Download Latest Version
+ * @link http://www.phpcaptcha.org/Securimage_Docs/ Online Documentation
+ * @copyright 2012 Drew Phillips
+ * @author Drew Phillips <drew@drew-phillips.com>
+  * @version 3.5.1 (June 21, 2013)
+ * @package Securimage
+ *
+ */
+
+require_once dirname(__FILE__) . '/securimage.php';
+
+$img = new Securimage();
+
+// To use an alternate language, uncomment the following and download the files from phpcaptcha.org
+// $img->audio_path = $img->securimage_path . '/audio/es/';
+
+// If you have more than one captcha on a page, one must use a custom namespace
+// $img->namespace = 'form2';
+
+$img->outputAudioFile();

webui/securimage/securimage_show.php

@@ -0,0 +1,77 @@
+<?php
+
+/**
+ * Project:     Securimage: A PHP class for creating and managing form CAPTCHA images<br />
+ * File:        securimage_show.php<br />
+ *
+ * Copyright (c) 2013, Drew Phillips
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without modification,
+ * are permitted provided that the following conditions are met:
+ *
+ *  - Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *
+ * Any modifications to the library should be indicated clearly in the source code
+ * to inform users that the changes are not a part of the original software.<br /><br />
+ *
+ * If you found this script useful, please take a quick moment to rate it.<br />
+ * http://www.hotscripts.com/rate/49400.html  Thanks.
+ *
+ * @link http://www.phpcaptcha.org Securimage PHP CAPTCHA
+ * @link http://www.phpcaptcha.org/latest.zip Download Latest Version
+ * @link http://www.phpcaptcha.org/Securimage_Docs/ Online Documentation
+ * @copyright 2013 Drew Phillips
+ * @author Drew Phillips <drew@drew-phillips.com>
+  * @version 3.5.1 (June 21, 2013)
+ * @package Securimage
+ *
+ */
+
+// Remove the "//" from the following line for debugging problems
+// error_reporting(E_ALL); ini_set('display_errors', 1);
+
+require_once dirname(__FILE__) . '/securimage.php';
+
+$img = new Securimage();
+
+// You can customize the image by making changes below, some examples are included - remove the "//" to uncomment
+
+//$img->ttf_file        = './Quiff.ttf';
+//$img->captcha_type    = Securimage::SI_CAPTCHA_MATHEMATIC; // show a simple math problem instead of text
+//$img->case_sensitive  = true;                              // true to use case sensitve codes - not recommended
+//$img->image_height    = 90;                                // height in pixels of the image
+//$img->image_width     = $img->image_height * M_E;          // a good formula for image size based on the height
+$img->perturbation    = .9;                               // 1.0 = high distortion, higher numbers = more distortion
+//$img->image_bg_color  = new Securimage_Color("#0099CC");   // image background color
+//$img->text_color      = new Securimage_Color("#EAEAEA");   // captcha text color
+//$img->num_lines       = 8;                                 // how many lines to draw over the image
+$img->line_color      = new Securimage_Color("#0000CC");   // color of lines over the image
+//$img->image_type      = SI_IMAGE_JPEG;                     // render as a jpeg image
+
+//$img->signature_color = new Securimage_Color(rand(0, 64), rand(64, 128), rand(128, 255));
+
+// see securimage.php for more options that can be set
+
+$img->code_length = rand(4,6);
+
+
+$img->show();  // outputs the image and content headers to the browser
+// alternate use:
+// $img->show('/path/to/background_image.jpg');

webui/view/theme/default/templates/login/login.tpl

@@ -41,6 +41,12 @@
         <?php } else { ?>
                 <input type="text" class="input-block-level" name="username" placeholder="<?php print $text_email; ?>">
                 <input type="password" class="input-block-level" name="password" placeholder="<?php print $text_password; ?>">
+
+            <?php if(CAPTCHA_FAILED_LOGIN_COUNT > 0 && $failed_login_count > CAPTCHA_FAILED_LOGIN_COUNT) { ?>
+                <img src="securimage/securimage_show.php" alt="captcha image" id="captcha" />
+                <input type="text" class="input-block-level" name="captcha" placeholder="CAPTCHA" />
+            <?php } ?>
+
                 <button class="btn btn-large btn-primary" type="submit" value="<?php print $text_submit; ?>"><?php print $text_submit; ?></button>
         <?php } ?>
 

webui/view/theme/mobile/templates/login/login.tpl

@@ -45,6 +45,12 @@
         <?php } else { ?>
                 <input type="text" class="input-block-level" name="username" placeholder="<?php print $text_email; ?>">
                 <input type="password" class="input-block-level bold" name="password" placeholder="<?php print $text_password; ?>">
+
+            <?php if(CAPTCHA_FAILED_LOGIN_COUNT > 0 && $failed_login_count > CAPTCHA_FAILED_LOGIN_COUNT) { ?>
+                <img src="securimage/securimage_show.php" alt="captcha image" id="captcha" />
+                <input type="text" class="input-block-level" name="captcha" placeholder="CAPTCHA" />
+            <?php } ?>
+
                 <button class="btn btn-large btn-primary" type="submit" value="<?php print $text_submit; ?>"><?php print $text_submit; ?></button>
         <?php } ?>