The Visual Verify Code (VVC) contribution is an answer to harmful automated scripts that create large numbers of user accounts, or repeatedly send emails via “Tell-A-Friend” and “Contact Us” . The system works by displaying some random characters in an image and asking the user to enter the text that they see displayed. The image is dynamically generated, the characters are of differing sizes and placements, and the number of characters displayed is random. The pool of characters that serve as fodder for the resulting image is user definable. In addition, this contribution leverages the
database to keep the visual code characters out of the HTML stream (to avoid
interception by automated systems) and to enable the possibility of distributed
image rendering and generation.
This contribution is based on osCommerce 2.2m2 and has not been tested against other versions. It works on both my Windows and Linux environments, but I cannot guarantee it will in yours so you use this at your own risk.
The functionality can be seen on www.onlyvotives.com. Simply go to the ‘create a profile’ or ‘contact us’ page and you will see it in action.
-William (“Bill”) L. Peer, Jr.
p.s. I’m into PHP and osCommerce two weeks now ... and they are both amazing! This is my gift back to the project ... thanks all
Legend: 
Download
Report
Re-written instructions, repackaged with all updates and some code changes to make it work on an RC2a store.
All credit to the original author and thanks for the help of those in the forum
Features
The Visual Verify Code (VVC) contribution is an answer to harmful automated scripts that create large numbers of accounts, or repeatedly send emails via "Tell-A-Friend". The system works by displaying some random characters in an image and asking the user to enter the text that they see displayed.
The image is dynamically generated, and the characters are of random sizes and placements. The pool of characters that serve as fodder for the resulting image is user definable.
You can view this contribution running at
http://www.sk8factoryshop.com/contact_us.php
This contribution is provided "AS IS" and no responsibility is taken by any of the authors, previous or current. Use it at your own risk.....
It should take about 20 minutes or less on a modified store. Only a few changes to core files - and nothing major.
BACK UP BACK UP BACK UP
Forum:
http://forums.oscommerce.com/index.php?showtopic=60044
************************
Complete package
This works great on create account, but didn't work on contact us, however, I believe this is the answer (it works for me)
The contribution below must be installed first (up to and including marcinmf's "Better Image" file.
BACK UP BACK UP BACK UP your files & db
in catalogue > contact_us.php find (about line 31):
//VISUAL VERIFY CODE start
require(DIR_WS_FUNCTIONS . 'visual_verify_code.php');
$code_query = tep_db_query("select code from visual_verify_code where oscsid = '" . tep_session_id($HTTP_GET_VARS[tep_session_name()]) . "'");
$code_array = tep_db_fetch_array($code_query);
$code = $code_array['code'];
tep_db_query("DELETE FROM " . TABLE_VISUAL_VERIFY_CODE . " WHERE oscsid='" . $vvcode_oscsid . "'"); //remove the visual verify code associated with this session to clean database and ensure new results
$user_entered_code = $HTTP_POST_VARS['visual_verify_code'];
if (!(strcasecmp($user_entered_code, $code) == 0)) { //make the check case insensitive
$error = true;
$messageStack->add('contact', VISUAL_VERIFY_CODE_ENTRY_ERROR);
}
//VISUAL VERIFY CODE stop
REPLACE with:
//VISUAL VERIFY CODE start
require(DIR_WS_FUNCTIONS . 'visual_verify_code.php');
$code_query = tep_db_query("select code from visual_verify_code where oscsid = '" . $HTTP_GET_VARS['osCsid'] . "'");
$code_array = tep_db_fetch_array($code_query);
$code = $code_array['code'];
tep_db_query("DELETE FROM " . TABLE_VISUAL_VERIFY_CODE . " WHERE oscsid='" . $vvcode_oscsid . "'"); //remove the visual verify code associated with this session to clean database and ensure new results
$user_entered_code = $HTTP_POST_VARS['visual_verify_code'];
if (!(strcasecmp($user_entered_code, $code) == 0)) { //make the check case insensitive
$error = true;
$messageStack->add('contact', VISUAL_VERIFY_CODE_ENTRY_ERROR);
}
//VISUAL VERIFY CODE stop
Hope it works for you
Good Luck
NB file attached is just the above
Here is part of code that will improve look of the generated code. I found this on CRE forum but
should work for regular osCommerce stores.
**** Backup your files first ****
In zip file you will find visual_verify_code.php that should be paste(replace) in catalog/includes/functions/ and new folder "fonts" that should be placed in catalog/includes/. Folder contain 4 fonts that can be changed choice is yours. automatic.gdf is used to start with.
You will have control to: set image height, width, font size, font position, bg color, text color, border color, noise color.
Screen shot is included.
It is not a full package.
Hi,
U will find a minor update for VVC. in visual_verify_code file with a noise & png format.
Regards,
@+
Tequyla
This is just a bundle of vvc2.1_with_german and the after submitted fixes.
Full package
All credits to original contributors
Following up on the SQL error with the Default timestamp value, it needs to be corrected to:
DROP TABLE IF EXISTS visual_verify_code;
CREATE TABLE visual_verify_code (
oscsid varchar(32) NOT NULL,
code varchar(6) NOT NULL,
dt TIMESTAMP(12) NOT NULL DEFAULT NOW(),
PRIMARY KEY (oscsid)
);
VVC is a great contribution and has helped to prevent my online store from receive tones a spam every day! VVC is one of those must install patches.
The original code lacked garbage collection, which meant a busy site could end up with thousands of vvc's in their database, which just grows and grows over time. For this reason I have added garbage collection to the code :-
firstly find the comment :-
//can replace the following loop with $visual_verify_code = substr(str_shuffle (VISUAL_VERIFY_CODE_CHARACTER_POOL), 0, rand(3,6)); if you have PHP 4.3
and directly before it add :-
// ----- begin garbage collection --------
$included_code_query = tep_db_query("SELECT oscsid, code, dt FROM " . TABLE_VISUAL_VERIFY_CODE);
$endtime = time();
while ($included_code = tep_db_fetch_array($included_code_query)) {
$starttime=mktime(
substr($included_code['dt'], 6, 2), // hour
substr($included_code['dt'], 8, 2), // minute
substr($included_code['dt'], 10, 2),// second
substr($included_code['dt'], 2, 2), // month
substr($included_code['dt'], 4, 2), // day
substr($included_code['dt'], 0, 2) // year
);
$timediff = intval(($endtime-$starttime)/3600);
if ($timediff > 5) { // 5+ hours should be enough to fill in a form
tep_db_query("DELETE FROM " . TABLE_VISUAL_VERIFY_CODE . " WHERE code='" .$included_code['code'] . "' AND dt='" .$included_code['dt'] . "'");
}
}
// ----- end garbage collection --------
That's it!
What the code does is check how long a each vvc has been in your database, when someone visits a page with a vvc on it. If the vvc is older then 5 hours, it gets removed.
You can set the time limit to any number of hours you like in the above code, I thought 5 hours should be long enough for someone to type the vvc in.
This file contains only the fix and is not the full package!
Regards
Lukec
I Just remove curdate()
made like this:
DROP TABLE IF EXISTS visual_verify_code;
CREATE TABLE visual_verify_code (
oscsid varchar(32) NOT NULL,
code varchar(6) NOT NULL,
dt TIMESTAMP(12) NOT NULL ,
PRIMARY KEY (oscsid)
);
Its working with me.
i took VVC 2.1 and corrected the files that used that button_submit.gif. thes use the buttons button_continue.gif and /button_continue_shopping.gif now.
the button_submit is not needed at all!
i added translations for german too
don?t know about that bug, cause it didnt happen at my version, but i added a warning
"# DEFAULT 'CURDATE()' does not work on very old mysql versions"
you just need this version now to install this wonderful contribution
thx a lot
error on SQL:-- NO download !
#1067 - Invalid default value for 'dt'
dtTIMESTAMP( 12 ) NOT NULL DEFAULT 'CURDATE()',
The current contribution download for Visual Verification Code for osCommerce M2.2 is missing an essential file called button_submit.gif --here is a usable version.
add the unzipped file to includes/languages/english/images/buttons/
Without it the only named button on the contact_us (and tell_a_friend) pages is 'Continue' which does just what it is supposed to do, discarding the contents of the message and returning the customer to the store with neither a confirmation and no indication that the message has not been sent. (and terribly frustrating would-be VVC 2.1users, since their code is all at least nominally clean)
With the button added to the correct directory the VVC patch works perfectly (as it already does on create_an_account)
NOTE THIS IS A QUICK
This is the second package with the cookie fix from below. I only added the fix and rezipped the files.
Visual verify code is a great add on to your store. Before vvc I would just get spam emails every day. Now that I have installed vvc the spam has gone away, as you need to enter in the code to send me a email. Very nice.
However, there was a problem if you are using cookies, visual verify code could fail if two or more people tried to view a page with a security code on it, because the variable $HTTP_GET_VARS['osCsid'] returns an empty string (when using cookies) for each person. This effectively over writes the security code as each new person views a page with a security code on it. For a busy site this would cause problems.
To fix this problem simply replace all $HTTP_GET_VARS['osCsid'] with :-
tep_session_id($HTTP_GET_VARS[tep_session_name()])
which correctly returns a session id when using cookies.
See http://www.bettercomputers.com.au/contact_us.php for an example of the fix. Use the contact form to email me if you have any questions.
This package is the same as the original, with the added .php files and README instructions for contact_us and tell_a_friend.
The complete files are in catalog content structure and are 2.2 MS2 originals modified for all three setups (create_account, contact_us, and tell_a_friend).
The README contains all the same info so you can modify your own files. The text is original as Bill Peer wrote it with additional text in or following (* these *).
vvcode2.zip contains all .php files and README and .sql
Thanks to Bill Peer for all the work! Great mod, Great Guy!
--Jeff Schreiber
The Visual Verify Code (VVC) contribution is an answer to harmful automated scripts that create large numbers of user accounts, or repeatedly send emails via “Tell-A-Friend” and “Contact Us” . The system works by displaying some random characters in an image and asking the user to enter the text that they see displayed. The image is dynamically generated, the characters are of differing sizes and placements, and the number of characters displayed is random. The pool of characters that serve as fodder for the resulting image is user definable. In addition, this contribution leverages the
database to keep the visual code characters out of the HTML stream (to avoid
interception by automated systems) and to enable the possibility of distributed
image rendering and generation.
This contribution is based on osCommerce 2.2m2 and has not been tested against other versions. It works on both my Windows and Linux environments, but I cannot guarantee it will in yours so you use this at your own risk.
The functionality can be seen on www.onlyvotives.com. Simply go to the ‘create a profile’ or ‘contact us’ page and you will see it in action.
-William (“Bill”) L. Peer, Jr.
p.s. I’m into PHP and osCommerce two weeks now ... and they are both amazing! This is my gift back to the project ... thanks all
Add file to this package