Security Code Confirmation 2.2 rc3

[Mat Barrie]

Ahhh, I get it now. Perhaps you should post it in feature suggestions then?

[Amy T]

Done
http://forums.invisionpower.com/index.php?showtopic=230109

[Mesmer]

Amy, Dean has a fantastic mod for 2.1 (I assume it will be made for 2.2) where you click on an icon and a person speaks the code that is in the captcha box.

SMF has this option, works ok
http://www.duivelseschoonouders.nl/forum/i...action=register (click left textlink under captcha)

[Amy T]

SMF has this option, works ok

http://www.duivelseschoonouders.nl/forum/i...action=register

(click left textlink under captcha)

holly crap that code just looks like blurry dots.

[Strange_Will]

Amy, Dean has a fantastic mod for 2.1 (I assume it will be made for 2.2) where you click on an icon and a person speaks the code that is in the captcha box.

Which should be part of 3.0 IMHO.

[Amy T]

ya I think so too.

[Tim Dorr]

Amy, do you have problems transcribing actual words, rather than random sequences of characters? Perhaps it would be easier to have the generated images use actual words (like ticketmaster.com does) than nonsensical text.

[Amy T]

Amy, do you have problems transcribing actual words, rather than random sequences of characters? Perhaps it would be easier to have the generated images use actual words (like ticketmaster.com does) than nonsensical text.

That actually sounds like a good idea.
Should I add that to my suggestion or is there a way to do it.

[VelvetElvis]

My board is falls under the disability support umbrella so I have moral qualms about using text capatchas as well. If they can't be disabled I will be switching to vbullitin. This makes them unsuitable for use in government and industry where ADA and section 508 compliance is legally mandated. Since this is who it appears IPS is increasingly trying to market themselves to, this is shooting themselves in the foot bigtime. It's going to be the big IT directors in government, education and industry who have the most to lose by implementing a product that is not ADA compliant. These are also the people who are not going to install mods that are not officially supported. Mods are not an option. This has to fixed in the main codebase or IPS will lose many of its most important customers. I have worked in the field of website accessibility. The lawsuit potential there is real.

[Alex Duggan]

My board is falls under the disability support umbrella so I have moral qualms about using text capatchas as well. If they can't be disabled I will be switching to vbullitin. This makes them unsuitable for use in government and industry where ADA and section 508 compliance is legally mandated. Since this is who it appears IPS is increasingly trying to market themselves to, this is shooting themselves in the foot bigtime. It's going to be the big IT directors in government, education and industry who have the most to lose by implementing a product that is not ADA compliant. These are also the people who are not going to install mods that are not officially supported. Mods are not an option. This has to fixed in the main codebase or IPS will lose many of its most important customers. I have worked in the field of website accessibility. The lawsuit potential there is real.

All of the IPB 'Captcha' images can be disabled from the Admin CP :)

[Mark]

IIRC, Brandon was trying to worrk out the best way to do this for 2.2 - it was around that time Dean made said mod. It probably will be added in 3.0

I'll see if I can find quotes....

[Mark]

From this thread, here are the key points:

Yeah, Hotmail (IIRC) has an option to 'hear' the captcha numbers.

It's not really something that's possible to do on a standard server running a standard version of PHP.

Yeah, I was talking with Stewart after I replied yesterday...I agree, this feature would be quite cumbersome to do at present. I'd think you'd have to record all letter/number sounds, name the files the letter or number, then read off each individual letter/number in the captcha one at a time - download file would be *huge* most likely.

-discussion how this can be done, dean makes mod-

-Luke and Dean get into argument about security of this mod-

-Thread gets locked with no official word-

[Amy T]

I like the word or picture idea.

[RawkBob]

If you want a different way to sign up for the forum, why not use a custom registration page and hook it into the IPB system? this will probably help since the spam bots are usually programmed for specific forms. This is already a feature!! you just need to make (and ipsb is a place for help in making these) the form and some code to do it.

Also, if you do create a custom registration form a few hints:-

Don't use standard names for the information like <input type="text" name="name" value="" /> use something which the bots won't be interested in like.... <input type="text" name="fnar1" value="" /> for the name fnar2 for password etc.

have hidden input fields in the page with common names, like name email & password, and if any of these are filled in block that person from registering since only a bot or hacker would see these fields!

In fact, you could have the current registration page and replace these values (and the underlying code...).

For more info on the custom reg pages and hacking ipb to change the form field names, you're probably best posting on ipsbeyond!

[Amy T]

Thanks but I have already done that.