________________________________________________________________________________________________ BSPSBARD ~ Baak's Simple phpBB2 Spam Bot Auto-Registering Defense ~ Last Updated: 2006-09-13 NOTICE: THIS INFORMATION COMES WITH ABSOLUTELY NO WARRANTY WHATSOEVER. USE AT YOUR OWN RISK. ________________________________________________________________________________________________ BACKUP the following files: --------------------------- /includes/usercp_register.php /language/lang_english/lang_main.php /templates//profile_add_body.tpl NOTE: You will need to edit multiple "lang_main.php" files if you have multiple languages NOTE: You will need to edit multiple "profile_add_body.tpl" files if you have multiple templates The Tweaks: ----------- NOTE: I always suggest in addition to backing up any changed files (a MUST!) that you comment out any lines you change with your name so you can see what you tweaked easily. Like so: // MYNAME: if ( variablex != variabley ) FILE: includes/usercp_register.php: DESC: This file includes the comparison of CAPTCHA text against what the user enters (1a) Look for the line that says "if ($row['code'] != $confirm_code)" $row['code'] is the literal value contained in the CAPTCHA image (e.g. "75MH32") $confirm_code is the value entered by the user (1b) Comment out this line of code and change it to, for example: if ( "XYZ".$row['code'] != $confirm_code ) If you want the user to always prefix the CAPTCHA code with the text "XYZ". You can do all kinds of other stuff here, including substr(), strpos(), etc. The most important thing is: THIS IS WHERE THE COMPARISON HAPPENS FILE: language/lang_english/lang_main.php: DESC: This is where the "form text strings" are located, including those that appear to tell the user what to enter (important if you want to add information), as well as error messages they will receive if they enter something improperly (important if you want to give them a hint) (2a) Search for the comment line that says: // Visual confirmation system strings to find the section you want to change. (2b) $lang['Confirm_code_explain'] is the string that you change to enter additional information for the user. You can do things as simple as: "Enter XYZ in front of the visual confirmation code listed above" or complex multi-paragraphs - whatever floats your boat. (2c) $lang['Confirm_code_wrong'] is where you can include hints on errors such as "Don't forget..." FILE: templates//profile_add_body.tpl DESC: This is where the input textbox is located for the user to enter the confirm_code (3a) Look for the line that contains: This is the form text box for the user to enter the confirmation code. Notice that the size and maxlength are both set to "6" by default. This means the user cannot enter anything longer than 6 characters - a problem if you are adding a prefix/suffix to the code. Adjust this accordingly (e.g. if you want them to add XYZ to the code, make the size AND maxlength fields both at least "9") This is the "simple" thwarting method - I'll post the more complex solution soon(tm)! ;) Hope it works for you! Let me know if it does/doesn't. Cheers, ~Baak