Difference between revisions of "NATS4 Adding a Verification Image"

NATS4 contains the option to use CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) images on the external access page. This can provide an additional security measure that helps to prevent against automated login attempts. However, this option is not enabled by default in NATS.

Affiliate CAPTCHA

If you would like to add CAPTCHA images to your external access page, first go to the Configuration Admin. In the "Current Section" drop down menu, select "Affiliates" option and click the change section button. Find the AFFILIATE_SIGNUP_CAPTCHA and enable the check box and save. Your external access page will now contain a CAPTCHA image that must be completed by your affiliates before they can continue browsing.

Members CAPTCHA

CAPTCHA can be used for your site's join page. To turn on the CAPTCHA for the site join form, you must do one of the following:

• Set the 'Member CAPTCHA' setting in the Tour settings that this join page is for to 'Yes'
• Enable MEMBER_SIGNUP_USE_CAPTCHA in the Config Admin -> Misc Section

• Set a value for MEMBER_RETRY_CAPTCHA in Config Admin -> Misc Section. This field requires a number greater than 1 and is the minimum number of failed signups before the CAPTCHA shows.
  • In order for the CAPTCHA to show:
    • The surfer has to have already attempted to sign up once, and within one hour prior to the present signup.
    • The signups have to use the same IP.
    • The members have to be Never Joined members for the same site.

Then, add

{if !empty($vars.captcha_required) || !empty($errors.captcha)}
  <tr>
    <td colspan="2" style="border:none; text-align: center">
      <img src="/captcha_image.php?width=300&height=90" width="300" height="90" /><br />
      <strong>Please fill in the text from the image</strong><br />
      <input class="join_input" type="text" name="signup[captcha:1]" />
      
      {if !empty($errors.captcha)}
        <br />
        <span>{$errors.captcha}</span>
      {/if}
    </td>
  </tr>
{/if} 

before your submit button for the join template.

A more stylized example is shown below:

{if !empty($vars.captcha_required) || !empty($errors.captcha)}
<fieldset> 
<legend>Captcha Image</legend> 
<div class="form_input"> 
  <tr>
    <td colspan="2" style="border:none; text-align: center">
      <img src="/captcha_image.php?width=300&height=90" width="300" height="90" /><br />
      <strong>Please fill in the text from the image</strong><br />
      <input class="join_input" type="text" name="signup[captcha:1]" />
      
      {if !empty($errors.captcha)}
        <br />
        <span>{$errors.captcha}</span>
      {/if}
    </td>
  </tr>
</fieldset>
{/if} 

Config Admin

Config Admin -> 'Misc' section:

• MEMBER_PASSWORD_USE_CAPTCHA : If Set, Password retrieval will require a CAPTCHA verification
• MEMBER_PASSWORD_USE_CAPTCHA_RETRY : Number of Tries a Surfer can make on the Password retrieval page if CAPTCHA is used
• MEMBER_SIGNUP_USE_CAPTCHA : If Set, member signups will require a CAPTCHA verification
• MEMBER_RETRY_CAPTCHA : Number of tries a surfer can make to signup before a CAPTCHA is used
• MEMBER_RETRY_CAPTCHA_HOURS : Number of hours to look back when checking aginst the MEMBER_RETRY_CAPTCHA configuration. By default NATS will look for signup attempts within the past hour

Config Admin -> 'Affiliate' section:

• AFFILIATE_SIGNUP_CAPTCHA : Enable Affiliate Signup CAPTCHA Image.