I've completed a modification of the RC3 code that provides reCAPTCHA for people trying to open a ticket. This isn't the holy grail of CAPTCHA, because it is dependent on an external host to provide the CAPTCHA validation, however it is quick and clean for public based osTicket deployments.

I will work on a self contained open source CAPTCHA solution for osTicket as well...but this works for my current needs.

Supported version of OST: 1.6 RC3

Pros:
- really really easy to implement
- provides both visual and audio CAPTCHA
- does not require that your system have any additional libraries
- does not require any web server configuration changes
- available to any form within your sites domain...not just osTicket

Cons:
- requires that the osTicket server be able to communicate with the Internet
- requires that you modify the osTicket code (forward compatibility an issue)


Instructions:

1) register for an account at reCAPTCHA (http://recaptcha.net/)
2) copy your private and public key for safe keeping
3) download the recaptcha-php-1.10.zip file from reCAPTCHA
4) create a "recaptcha" directory under osTicket's root directory
5) place the contents of the recaptcha zip file into this directory
6) add the following lines to the include/client/open.inc.php file between line 106 and 107
<tr>
<td></td>
<td>
<?php
require_once('recaptcha/recaptchalib.php');
$publickey = "your_public_key"; // you got this from the signup page
echo recaptcha_get_html($publickey);
?>
</td>
</tr>
7) add the following lines to the open.php file right after line 21
require_once('recaptcha/recaptchalib.php');
$privatekey = "your_private_key";
$resp = recaptcha_check_answer ($privatekey,
$_SERVER["REMOTE_ADDR"],
$_POST["recaptcha_challenge_field"],
$_POST["recaptcha_response_field"]);

if (!$resp->is_valid) {
die ("The reCAPTCHA wasn't entered correctly. Go back and try it again." .
"(reCAPTCHA said: " . $resp->error . ")");
}


thats it...you now have CAPTCHA within your web form. what is great is that you can add that code to just about any form system within your site to have CAPTCHA spam prevention.

later...
jason...

Cool!

Thanks Jason.

Edit: One other con is that is is much harder to guess the right words for not nativ english speaking people.

I understand what you are saying, however I'd probably argue the other way. I believe that any good CAPTCHA system is going to be somewhat difficult to read. The benefit of reCAPTCHA is that if you are capable of reading english then you have an advantage.

If the system were providing words in french or spanish I'd have no more difficulty reading them then I would a nonsense CAPTCHA system. However, if you changed it to a CAPTCHA system displaying russian...I'm fairly certain that I'd have a serious issue.

jason...

I do not like the fact that if you enter the wrong words it forwards you to a new page saying you entered it incorrectly and when hitting back all your submitted form is gone.

I like the way eticket does it much better. They just use a random list of generated numbers. Since numbers are the same everywhere then its more universal.

well...

1) the error response is nothing more than a one sentence statement...it could easily be changed to an html page, or even the form again with everything filled in allowing you to enter it again.

2) i certain understand your point about random numbers and characters. i was merely implementing one of the CAPTCHA systems out there. I intend to find ways of implementing others as well. This one was as easy as it gets however, so it was easy to put it up first.

later...
jason...

Thanks Jason,

It works well for me... nevertheless I modified a little the code of both files: open.php and include/client/open.inc.php. These modifications provide a management of the errors as it is done for the other fields of the form.

Between 106 and 107 of open.inc.php, add the code below:
<tr>
<td></td>
<td>
<font class="error">*&nbsp;<?=$errors['captcha']?></font><br/>
<?php
require_once('recaptcha/recaptchalib.php');
$publickey = "your_public_key"; // you got this from the signup page
echo recaptcha_get_html($publickey);
?>
</td>
</tr>

And between lines 21 and 22 of open.php, add the code below:
require_once('recaptcha/recaptchalib.php');
$privatekey = "your_private_key";
$resp = recaptcha_check_answer ($privatekey,
$_SERVER["REMOTE_ADDR"],
$_POST["recaptcha_challenge_field"],
$_POST["recaptcha_response_field"]);

if (!$resp->is_valid) {
$errors['captcha']='Incorrect text. Enter the text below.';
}

The errors array is managed by the Ticket::create function. But the array can be prefilled. Then if it is not empty, it returns an error... and the form is updated with error messages and fields to correct.

Hope this will help.

Thierry

Excellent! I like the addition.

jason...

Im using osTicket 1.6RC3 in my native language so I prefer random code instead of english words... so I made a search in google for a code to adapt in osTicket.

Here is what I have done ;)
Please remember that those changes are done in RC3 ver.

Code which I implemented in osTicket is quite easy.
You can find description of captcha code itself here:
http://www.white-hat-web-design.co.uk/articles/php-captcha.php

Download the package from here (http://www.white-hat-web-design.co.uk/articles/captcha.zip)

Upload two files: CaptchaSecurityImages.php and monofont.ttf into the main directory of osTicket.

Now lets make some changes in few files.
First:

class.ticket.php
In the code search for this function:

function create($var,&$errors,$origin,$autorespond=true,$alertstaff=true ) {
global $cfg,$thisclient,$_FILES;

$id=0;
$fields=array();
$fields['name'] = array('type'=>'string', 'required'=>1, 'error'=>'Name required');
$fields['email'] = array('type'=>'email', 'required'=>1, 'error'=>'Valid email required');
$fields['subject'] = array('type'=>'string', 'required'=>1, 'error'=>'Subject required');
$fields['message'] = array('type'=>'text', 'required'=>1, 'error'=>'Message required');

if(strcasecmp($origin,'web')==0) { //Help topic only applicable on web tickets.
$fields['topicId'] = array('type'=>'int', 'required'=>1, 'error'=>'Select help topic');

// INSERT CODE HERE

}elseif(strcasecmp($origin,'staff')==0){ //tickets created by staff...e.g on callins.
$fields['deptId'] = array('type'=>'int', 'required'=>1, 'error'=>'Dept. required');
$fields['source'] = array('type'=>'string', 'required'=>1, 'error'=>'Indicate source');
}else { //Incoming emails (PIPE or POP.
$fields['emailId'] = array('type'=>'int', 'required'=>1, 'error'=>'Email unknown');
}
$fields['pri'] = array('type'=>'int', 'required'=>0, 'error'=>'Invalid Priority');
$fields['phone'] = array('type'=>'phone', 'required'=>0, 'error'=>'Phone # required');

$validate = new Validator($fields);
if(!$validate->validate($var)){
$errors=array_merge($errors,$validate->errors());
}


Instead of '//INSERT CODE HERE' paste

$fields['security_code'] = array('type'=>'code', 'required'=>1, 'error'=>'Please type correct CAPTCHA code');


Done here.

2nd file is class.validator.php

Search for:

case 'integer':
case 'int':
if(!is_numeric($this->input[$k]))
$this->errors[$k]=$field['error'];
break;
case 'double':
if(!is_numeric($this->input[$k]))
$this->errors[$k]=$field['error'];
break;
case 'text':
// INSERT CODE HERE
case 'string':


Replace dummy line //INSERT ... with:


case 'code':
if( $_SESSION['security_code'] != $_POST['security_code'])
$this->errors[$k]=$field['error'];
break;


Now the last part. Lets make an Input field and place for image itself on open.php form.

File: open.inc.php


Just at the beggining you can see:


<?php
if(!defined('OSTCLIENTINC')) die('Kwaheri rafiki wangu?'); //Say bye to our friend..
// INSERT CODE HERE


As usual replace the dummy line with:

session_start();


Next, search for:

<tr>
<th>Attachment:</th>
<td>
<input type="file" name="attachment"><font class="error">&nbsp;<?=$errors['attachment']?></font>
</td>
</tr>
<?}?>
// INSERT CODE HERE


As usual replace the dummy code with:


<tr>
<th>Security code:</th>
<td valign="middle">
<img src="CaptchaSecurityImages.php?width=100&height=40&characters=5"/><br />
<input id="security_code" name="security_code" type="text" size="15"><font class="error">&nbsp;*&nbsp;<?=$errors['security_code']?></font>
</td>
</tr>


I hope the modification will become useful ;)

Greets.

@Art: Little mistake in your code. In your section of the Attachment where you add your security code, your INSERT HERE line is one line too high.

For those you might have a problem seeing it, you actually need to add the code AFTER the line with the closing curly bracket as per example below, otherwise it only displays if you have "Attachments" enabled on the web interface.


<tr>
<th>Attachment:</th>
<td>
<input type="file" name="attachment"><font class="error">&nbsp;<?=$errors['attachment']?></font>
</td>
</tr>
<?}?>
<tr>
<th>Security code:</th>
<td valign="middle">
<img src="CaptchaSecurityImages.php?width=100&height=40&characters=5"/><br />
<input id="security_code" name="security_code" type="text" size="15"><font class="error">&nbsp;*&nbsp;<?=$errors['security_code']?></font>
</td>
</tr>

@Art: Little mistake in your code. In your section of the Attachment where you add your security code, your INSERT HERE line is one line too high.

For those you might have a problem seeing it, you actually need to add the code AFTER the line with the closing curly bracket as per example below, otherwise it only displays if you have "Attachments" enabled on the web interface.


<tr>
<th>Attachment:</th>
<td>
<input type="file" name="attachment"><font class="error">&nbsp;<?=$errors['attachment']?></font>
</td>
</tr>
<?}?>
<tr>
<th>Security code:</th>
<td valign="middle">
<img src="CaptchaSecurityImages.php?width=100&height=40&characters=5"/><br />
<input id="security_code" name="security_code" type="text" size="15"><font class="error">&nbsp;*&nbsp;<?=$errors['security_code']?></font>
</td>
</tr>


Right ^^ sorry, i must overlooked it ;)

Greets.

no worries, I've just got onto osticket and already see myself patching alot of areas. Seems like it needs plugable modules for things like this, people can add the capabilities where they want it instead of patching in...

The captcha you put in looks alright too,might change the code a little as it places the image in the exact same location making it easier to pick up where the characters are and figuring out whats in that spot.. i'm going to try an up/down pixel randomisation.. see how i go......

Hey I just realised now that i can't add a ticket on the web interface in the /scp section.. it always says "Unable to create the ticket. Correct the error(s) and try again" but there's no errors or missing fields.
I wonder if it's expecting a captcha value even when there is none on this page..... ?????? *thinks*..

I'll sus it out.. anyone using this Art finding this problem too?

Found the problem.
The validator is checking for the code when the form didn't have one. So I've now changed the code and it works only on the anonymous side of the system and the staff side doesn't require a captcha (unless you really wanted it)...

All I changed to what Art has in class.ticket.php is this where the INSERT code goes (again :P ):
function create($var,&$errors,$origin,$autorespond=true,$alertstaff=true ) {
global $cfg,$thisclient,$_FILES;

$id=0;
$fields=array();
$fields['name'] = array('type'=>'string', 'required'=>1, 'error'=>'Name required');
$fields['email'] = array('type'=>'email', 'required'=>1, 'error'=>'Valid email required');
$fields['subject'] = array('type'=>'string', 'required'=>1, 'error'=>'Subject required');
$fields['message'] = array('type'=>'text', 'required'=>1, 'error'=>'Message required');

if(strcasecmp($origin,'web')==0) { //Help topic only applicable on web tickets.
// INSERT CODE HERE
$fields['topicId'] = array('type'=>'int', 'required'=>1, 'error'=>'Select help topic');
}elseif(strcasecmp($origin,'staff')==0){ //tickets created by staff...e.g on callins.
$fields['deptId'] = array('type'=>'int', 'required'=>1, 'error'=>'Dept. required');
$fields['source'] = array('type'=>'string', 'required'=>1, 'error'=>'Indicate source');
}else { //Incoming emails (PIPE or POP.
$fields['emailId'] = array('type'=>'int', 'required'=>1, 'error'=>'Email unknown');
}
$fields['pri'] = array('type'=>'int', 'required'=>0, 'error'=>'Invalid Priority');
$fields['phone'] = array('type'=>'phone', 'required'=>0, 'error'=>'Phone # required');

$validate = new Validator($fields);
if(!$validate->validate($var)){
$errors=array_merge($errors,$validate->errors());
}


Oh and the class.validator.php needs changing too here :

case 'text':
break; // <-- Inserted a break...
case 'code':
if( $_SESSION['security_code'] != $_POST['security_code'])
$this->errors[$k]=$field['error'];
break;
case 'string':

Hey I just realised now that i can't add a ticket on the web interface in the /scp section.. it always says "Unable to create the ticket. Correct the error(s) and try again" but there's no errors or missing fields.
I wonder if it's expecting a captcha value even when there is none on this page..... ?????? *thinks*..

I'll sus it out.. anyone using this Art finding this problem too?

Yes, I noticed it right now.... I think its taken from configuration where Captcha field is marked as required.... I need to deal with it somehow ;)

All fixed.. 2 places have been changed as per my previous post.

basically it only checks on the "web" form which is the non authenticated user based section and the validator expects the security_code there now but for staff it doesn't.

the "text" checking in the validator didn't have a break which caused any text fields in the forms to fall through to the security_code checker and fail...

all working for me now.. ;) thanks Art for the original stuff.

All fixed.. 2 places have been changed as per my previous post.

basically it only checks on the "web" form which is the non authenticated user based section and the validator expects the security_code there now but for staff it doesn't.

the "text" checking in the validator didn't have a break which caused any text fields in the forms to fall through to the security_code checker and fail...

all working for me now.. ;) thanks Art for the original stuff.

Strange, this break wasnt there from the beginning... ;)
But what I needed to do is only move my line a little bit lower:

in class.ticket.php

function create($var,&$errors,$origin,$autorespond=true,$alertstaff=true ) {
global $cfg,$thisclient,$_FILES;

$id=0;
$fields=array();
$fields['name'] = array('type'=>'string', 'required'=>1, 'error'=>'Należy podać nick');
$fields['email'] = array('type'=>'email', 'required'=>1, 'error'=>'Należy podać prawidłowy adres email');
$fields['subject'] = array('type'=>'string', 'required'=>1, 'error'=>'Należy podać temat zgłoszenia');
$fields['message'] = array('type'=>'text', 'required'=>1, 'error'=>'Należy podać tre¶ć zgłoszenia');
if(strcasecmp($origin,'web')==0) { //Help topic only applicable on web tickets.
$fields['topicId'] = array('type'=>'int', 'required'=>1, 'error'=>'Należy wybrać kategorię');
$fields['security_code'] = array('type'=>'code', 'required'=>1, 'error'=>'Należy podać poprawny kod obrazkowy');
}elseif(strcasecmp($origin,'staff')==0){ //tickets created by staff...e.g on callins.
$fields['deptId'] = array('type'=>'int', 'required'=>1, 'error'=>'Należy wybrać departament');
$fields['source'] = array('type'=>'string', 'required'=>1, 'error'=>'Należy wskazać żródło');
}else { //Incoming emails (PIPE or POP.
$fields['emailId'] = array('type'=>'int', 'required'=>1, 'error'=>'Niepoprawny adres e-mail');
}
$fields['pri'] = array('type'=>'int', 'required'=>0, 'error'=>'Nieprawidłowy priorytet');
$fields['phone'] = array('type'=>'phone', 'required'=>0, 'error'=>'Należy podać poprawny PlayerID');



And it worked ;)

it really works !!!!

@Art,

Thank you very much for sharing this. This is really really helpful. :)

Best regards,
Masino Sinaga

Could someone please post a section of the code above and below where the two sections to be inserted are as my code editor inst displaying the line numbers correctly, there seems to be some spacing issues etc.

Cheers,
Adzi

Hi,

Could someone please post a section of the code above and below where the two sections to be inserted are as my code editor inst displaying the line numbers correctly, there seems to be some spacing issues etc.

Cheers,
Adzi

Yes. Simply search this following term:
How to Add Captcha Security Code in osTicket System 1.6 RC5

from Google, then you will find the answer. ;)

Sincerely,
Masino Sinaga

Masino,

Everything works fine on the CAPTCHA except for the picture. It just shows a broken image.

Help? :D

Scott,

Can I see your live site demo?

proximitisupport.com If you need anything else, shoot me an email at scottbaty at gmail

I tried to call this:

http://www.proximitisupport.com/CaptchaSecurityImages.php?width=100&height=38&characters=6

and it returned an error:
"Error in imagettfbbox function"

It seemed that your server does not support "php_gd2" or FreeType libraries, as said in the header of that CaptchaSecurityImages.php file:

/*
* File: CaptchaSecurityImages.php
* Author: Simon Jarvis
* Copyright: 2006 Simon Jarvis
* Date: 03/08/06
* Updated: 07/02/07
* Requirements: PHP 4/5 with GD and FreeType libraries
* Link: http://www.white-hat-web-design.co.uk/articles/php-captcha.php
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details:
* http://www.gnu.org/licenses/gpl.html
*
*/


There is no problem with mine and the others as long as that requirements have been fulfilled.

Sincerely,
Masino Sinaga

You are correct. I missed that. So I guess I'm back to square one.

Thanks,
Scott

I tried to call this:

http://www.proximitisupport.com/CaptchaSecurityImages.php?width=100&height=38&characters=6

and it returned an error:
"Error in imagettfbbox function"

I just tried to follow the same howto and had the same result - but when looking into my logfiles i saw:
PHP Warning: imagettfbbox() [<a href='function.imagettfbbox'>function.imagettfbbox</a>]: Could not find/open font in osticket/upload/CaptchaSecurityImages.php on line 60
... the simple solution was to change the line
var $font = 'monofont.ttf'; to
var $font = './monofont.ttf';
My webhost runs with debian 5 / php5, i hope this helps some people :)

Based on Art code suggestion I am glad to publish here the Patch to integrate his Captcha recommendation over osTicket 1.6.rc5 [June-26-2009] version.
1) Make a backup of your osTicket main Dir before to proceed.
2) Extract the files and Add/Replace them in the main osTicket Dir.
3) That's all!
4) Test with and without attachments, before to delay your backup.

Works excelent on my Joomla! 1.5.15 site where I have wrapped (iframe) my osTicket system.
Hope will be helpfull for other users,
Thanks for the code and
Rgdrs,
GammX1

Greetings,

I suppose this post would be more appropriately meant for jprost, however, help from anyone would be appreciated. I followed the install directions to the T and here's what I get:

http://www.ebizhelpworld.com/helpdesk/open.php

I checked the php setup in the server and GD is enabled.

I attached screen shots of both files that include the modifications and the server php setup for GD.

169

172

171


Any help would be appreciated and thank you in advance for your time and attention.

Regards,
rozmo

Based on Art code suggestion I am glad to publish here the Patch to integrate his Captcha recommendation over osTicket 1.6.rc5 [June-26-2009] version.
---
Hope will be helpfull for other users,
Thanks for the code and
Rgdrs,
GammX1

Just to let you know it works a treat here. The simplest of all installs and the best of all outcomes.

Many thanks,

T.

Hello :)

I'm very new to this... this is my first post.

And my first mod install :)

Just letting you know that your instructions were spot on!

2 second job!

I have used winMerge as my system is customised.

Total breeze.

Thank-you very much!

ladyAnne

Is there anyway to use a different version of CAPTCHA for this mod?

I'm assuming that, since this mod uses reCAPTCHA, my security codes will look like this (http://sky.geocities.jp/bri_sama18/docs/captcha-code1.jpg):
http://sky.geocities.jp/bri_sama18/docs/captcha-code1.jpg

...but what if I want my codes to be like this (http://sky.geocities.jp/bri_sama18/docs/captcha-code1.jpg):
http://sky.geocities.jp/bri_sama18/docs/captcha-code2.png

What would I do? (I don't even know who makes this "second version" of CAPTCHA. I took that bottom image from this site (http://www.openscriptsolution.com/2009/09/11/how-to-add-captcha-security-code-in-osticket-system-1-6-rc5/), in a post that Mr. Sinaga made)

PS: Does this mod include a Refresh button (or an Audio button)? Just in case someone gets a really hard-to-read code...

I've been unsuccessful getting this mod to work with 1.6ST release. Also, this is incorporated into WordPress with the Zingiri Ticket plugin. I'm able to see the captcha on the new ticket form, but it won't validate. Any ideas what could be different from RC5 and ST releases?