2

We have a few sites that run on different CMS (Drupal, Joomla etc.). We would like these sites to share a phpbb forum (on a different domain) and for people that register on each site to have a user account automatically created on the forum as well.

For that I have writen a script that sends a php curl request that mimics phpbb's registration process.

First, I tired a simple sign up form and it worked well. But since the forum uses Captcha I needed to add a form to my script so the user could input the Captcha string. And here things did not pan out so well. After many hours of examining the phpbb code files I managed to more or less put my finger on where the problem occurs, although my limited phhbb knowledge prevents me from finding a solution so I thought I would ask for help here.

My script sends a curl request to ucp.php?mode=register to get past the "agree to terms" screen, parses the result to get the tokens and creation time and then sends another request. The returned value is the registration screen with the Captcha image. Except no image can be seen as the url to the image script is relative and so I alter the output result and make the url an absolute url.

So instead of 

./ucp.php?mode=confirm&confirm_id=xxxxxxxxxxxxx&type=1

I alter the code to 

http://www.mydomain.com/phpbb3/ucp.php?mode=confirm&confirm_id=xxxxxxxxxxxxx&type=1

And get a Captcha image (xxxxxxxxxxxxx is the confirm_id string that changes every time).

And this is where I hit a brick wall. The image generated is never the correct captcha string.

If I var_dump the $captcha variable in ucp_register.php I can see the correct string which is never the one in the Captcha image. I placed bits of code in the phpbb files that output certain variables to help me understand what's going on behind the scenes. Here is what I managed to gather, hoping some one could tell me why it's happening or at least point me in the right direction:

  1. In captcha_abstract.php and captcha_gd.php the is the variable $this->confirm_code. When I dump this into a file in both cases I can see the right captcha code (same as when I output the $captcha var in ucp_register.php).
  2. In ucp_confirm.php there is the $captcha->code var which turns out holds the string that I see when I output the Captcha image.
  3. When I just go through the registration process normally through the browser $this->confirm_code and $captcha->code holds the same value.

So it's obvious that changing the ucp.php?mode=confirm line above is causing this, yet I can not avoid that as if I don't do it I don't get a Captcha Image.

asheeshr
  • 4,088
  • 6
  • 31
  • 50
Eran A
  • 21
  • 2
  • Forget using the gd captcha on phpBB, the spambots broke that years ago so it offers no protection at all. The best to use (and recommended by the phpBB support team) is the Q&A with a question that can't be searched for, or follows simple logic (that can also be broken by bots). This can also work to your advantage because you will already know the answer to the captcha so will be able to work it into your registration script. – Eeji May 24 '14 at 17:55

0 Answers0