Hi All,
Recently was asked to add in 1 layer of spam check against script hacking for opening a ticket for client. Google for a while and decided to use an image verification. Really simple one.
(1)First up:
create the image creation php page with the below source code and store it in /include/client/. For reference i will call it verificationimage.php. This script is responsible in generating a random image (numbers only - with 4 digits) and save it as a cookie call "imagevercheck". So remember to enable cookie option in the borwser for it to work.
<?php
header('Content-type: image/jpeg');
$width = 50;
$height = 24;
$my_image = imagecreatetruecolor($width, $height);
imagefill($my_image, 0, 0, 0xFFFFFF);
// add noise
for ($c = 0; $c < 40; $c++){
$x = rand(0,$width-1);
$y = rand(0,$height-1);
imagesetpixel($my_image, $x, $y, 0x000000);
}
$x = rand(1,10);
$y = rand(1,10);
$rand_string = rand(1000,9999);
imagestring($my_image, 5, $x, $y, $rand_string, 0x000000);
$codeword=(md5($rand_string).'a4xn');
setcookie("imagevercheck",$codeword, 0, "/");
imagejpeg($my_image);
imagedestroy($my_image);
?>
(2) Next Up Modify "open.inc.php" script found in same directory as above
Go to somewhere around line 34, you should see something like " ". Hit Enter at the end of the line for a new line space and insert the code below. This will insert a new text box and image in the open ticket form. Please note the codes contain a combination of html tags and php tags.
Image Verification:
">
;?)
" alt="verification image, type it in the box" width="50" height="24" align="absbottom" />
if the variable "wrong_code" is sent from previous page then display the error field
<?php if(isset($_GET)){?>
Wr
ong verification code
<?php ;}?>
Next up Modify "open.php" which is found on the home path where you install osticket.
This is a little messy, so for those who has not done any modification on the page "open.php" before, i strongly suggest you copy the whole codes and replace the whole content. Else please do a comparison and insert the necessary.
<?php
/*********************************************************************
open.php
New tickets handle.
Peter Rotich <peter@osticket.com>
Copyright (c) 2006,2007,2008 osTicket
http://www.osticket.com
Released under the GNU General Public License WITHOUT ANY WARRANTY.
See LICENSE.TXT for details.
vim: expandtab sw=4 ts=4 sts=4:
$Id: $
**********************************************************************/
include('client.inc.php');
define('SOURCE','Web'); //Ticket source.
$inc='open.inc.php'; //default include.
$errors=array();
if($_POST):
if(md5($_REQUEST).'a4xn' == $_COOKIE){
// if verification code was correct, reset cookie to null and proceed with the rest of the code
setcookie('imagevercheck','');
$_POST=$_POST=0; //Just Making sure we don't accept crap...only topicId is expected.
//Ticket:...checks for errors..
if(($ticket=Ticket:($_POST,$errors,SOURCE))){
$msg='Support ticket request created';
if($thisclient && $thisclient->isValid()) //Logged in...simply view the newly created ticket.
<USERMENTION username="header">@header</USERMENTION>('Location: view.php?id='.$ticket->getExtId());
//Thank the user and promise speedy resolution!
$inc='thankyou.inc.php';
}else{
$errors=$errors?$errors:'Unable to create a ticket. Please correct errors below and try again!';
}
} else {
// if verification code was incorrect then return to contact page and show error
header("Location:".$_SERVER."?&wrong_code=true");
exit;
}
endif;
//page
require(CLIENTINC_DIR.'header.inc.php');
require(CLIENTINC_DIR.$inc);
require(CLIENTINC_DIR.'footer.inc.php');
?>
