I have php 4 installed and I am using recaptcha for captcha, But its not so user friendly, So i am looking for any captcha script that is user friendly, easy to implement and must be compatible with php 4.3.x.
OR Is there any way to customize the recaptcha so that it becomes user friendly and not as complicated as now. and the characters length should be 3 or 4 max. I have searched many captcha's they were up to my requirements but there are not compatible with php4.
Related
I maintain an application written in C++Builder 2009. Part of it involves using a TWebBrowser control (based on Internet Explorer) to send users to a Google login page in order to obtain an OAuth key. This has worked well for a while, but now Google, bless their hearts, has implemented some kind of security upgrade, and now my users get to a page that says "Couldn't sign you in, this browser or app may not be secure". FYI, I am already setting a Registry key that is supposed to make IE run in version 11 emulation mode.
I do have a couple of workarounds: If the user runs IE first in admin mode, signs on, leaves it up while running my application, we don't get the problem. Second, I can start up the default browser - Chrome, IE, whatever - and send them to the URL for OAuth, then it avoids the error message.
The problem with this solution is that without being able to hook into TWebBrowser events, I don't have any way to automatically retrieve the OAuth key - it is necessary for the user to cut/paste it into my application. I'd like to avoid these clunky solutions.
I should also mention, this problem occurs only for certain Gmail accounts. I have no idea what the difference is between accounts that work and don't work. Any ideas on that?
So, is there any way to configure IE or TWebBrowser so this security issue is bypassed? Or, if I was to update to a modern version of C++Builder and use TWebBrowser (or something else?), would this problem be avoided? Any other ideas to fix this problem?
The latest C++Builder supports Google's Chromium engine, it's probably safe to say it'll be compatible with Google's security upgrades.
Powerful Chromium Based WebView Component To Host Web Content In Your Delphi/C++ Builder FireMonkey Apps
I'm curious how reCAPTCHA v3 works. Specifically the browser fingerprinting.
When I launch an instance of Chrome through Selenium/chromedriver and test against reCAPTCHA 3 (https://recaptcha-demo.appspot.com/recaptcha-v3-request-scores.php) I always get a score of 0.1 when using Selenium/chromedriver.
When using incognito with a normal instance, I get 0.3.
I've beaten other detection systems by injecting JavaScript and modifying the web driver object and recompiling webdriver from source and modifying the $cdc_ variables.
I can see what looks like some obfuscated POST back to the server, so I'm going to start digging there.
What might it be looking for to determine if I'm running Selenium/chromedriver?
reCaptcha
Websites can easily detect the network traffic and identify your program as a BOT. Google have already released 5(five) reCAPTCHA to choose from when creating a new site. While four of them are active and reCAPTCHA v1 being shutdown.
reCAPTCHA versions and types
reCAPTCHA v3 (verify requests with a score): reCAPTCHA v3 allows you to verify if an interaction is legitimate without any user interaction. It is a pure JavaScript API returning a score, giving you the ability to take action in the context of your site: for instance requiring additional factors of authentication, sending a post to moderation, or throttling bots that may be scraping content.
reCAPTCHA v2 - "I'm not a robot" Checkbox: The "I'm not a robot" Checkbox requires the user to click a checkbox indicating the user is not a robot. This will either pass the user immediately (with No CAPTCHA) or challenge them to validate whether or not they are human. This is the simplest option to integrate with and only requires two lines of HTML to render the checkbox.
reCAPTCHA v2 - Invisible reCAPTCHA badge: The invisible reCAPTCHA badge does not require the user to click on a checkbox, instead it is invoked directly when the user clicks on an existing button on your site or can be invoked via a JavaScript API call. The integration requires a JavaScript callback when reCAPTCHA verification is complete. By default only the most suspicious traffic will be prompted to solve a captcha. To alter this behavior edit your site security preference under advanced settings.
reCAPTCHA v2 - Android: The reCAPTCHA Android library is part of the Google Play services SafetyNet APIs. This library provides native Android APIs that you can integrate directly into an app. You should set up Google Play services in your app and connect to the GoogleApiClient before invoking the reCAPTCHA API. This will either pass the user through immediately (without a CAPTCHA prompt) or challenge them to validate whether they are human.
reCAPTCHA v1: reCAPTCHA v1 has been shut down since March 2018.
Solution
However there are some generic approaches to avoid getting detected while web-scraping:
The first and foremost attribute a website can determine your script/program is through your monitor size. So it is recommended not to use the conventional Viewport.
If you need to send multiple requests to a website keep on changing the User Agent on each request. Here you can find a detailed discussion on Way to change Google Chrome user agent in Selenium?
To simulate human like behavior you may require to slow down the script execution even beyond WebDriverWait and expected_conditions inducing time.sleep(secs). Here you can find a detailed discussion on How to sleep webdriver in python for milliseconds
Outro
Some food for thought:
Selenium webdriver: Modifying navigator.webdriver flag to prevent selenium detection
Unable to use Selenium to automate Chase site login
Confidence Score of the request using reCAPTCHA v3 API
Selenium and Puppeteer have some browser configurations that is different from a non-automated browser. Also, since some JavaScript functions are injected into browser to manipulate elements, you need to create some override to avoid detections.
There are some good articles explaining some points about Selenium and Puppeteer detection while it runs on a site with detection mechanisms:
Detecting Chrome headless, new techniques - You can use it to write defensive code for your bot.
It is not possible to detect and block Google Chrome headless - it explains in a clear and sound way the differences that JavaScript code can detect between a browser launched by automated software and a real one, and also how to fake it.
GitHub - headless-cat-n-mouse - Example using Puppeteer + Python to avoid detection
I am trying to develop app/plugin for shopify in PHP. Shopify is fully develped in Ruby on Rails. There are so many apps developed for shopify that are installable. I tried to search plugin for shopify that are made in PHP but couldn't find.
My question is that can we create installable app/plugin in PHP for shopify? If yes then it will support for shopify? Please clarify me.
All your interaction with Shopify is via a RESTful API. You can create your App/Plugin in any language you want. It makes zero difference to Shopify, so long as you deal with the API correctly. .Net, Python, Ruby, PHP, Go, Javascript, take your pick.
There are a couple of open-source PHP example Apps floating around out there, suitable as a starting point for your copy&paste efforts. Working with Shopify API in PHP allows you to draw from PHP samples of connecting to any other common API out there, nothing special.
I start using laravel (ver 4) and I got to the point I need to use authentication on my website.
I tried to find package that will allow me to wrap the all idea of "standard" / simple authentication and the social one (like facebook, google+ and etc..).
I found ion_auth and with some extensions it's allow me to use one authentication library for all kind of users - but it only works in codeigniter framework.
After a lot of research I couldn't find any ready package that allows me what I'm looking for, Does anyone familiar with such library or had this kind of issue and can tell me how he handle it?
This is a paid library, but it works pretty well. https://cartalyst.com/manual/sentry-social
i had a good experience using artdarek/oauth-4-laravel. it also has got a nice set of examples for using with different login providers.
I have a phpbb forum and i am developing a rails application that will be used for a mobile friendly app. I need a way to perform SSO between phpbb and rails.
I found a ruby gem called phpbb-auth on github but it hasn't been updated in over 3 years.
My initial thoughts were to mimic phpass (which i believe is what the latest phpbb uses) in rails and then just have rails reference the phpbb_users table when authenticating with Devise/Warden.
However, that task became daunting and would become just another lib to manage.
My next thought was to write a plugin for Warden to check for a phpbb_session and if its there, then continue. Otherwise redirect them to the phpbb login page.
Has anyone come across doing this before, and if so what was the method you used.
I doing same thing right now (already succeed actually).
So, you basically have several options depending on your setup/deployment. Consider following:
Will you deploy your rails app and phpbb on same domain or different domains?
Have both sites access to each other db.
Which authentication system you whish to use? So, you'd like rails (i.e. devise, authlogic or whatever) authenticate and handle users or phpbb db auth (i.e. storing logins and password in phpbb users table).
So far, I've implement auth through phpbb db auth + single domain with my app (phpbb: forum.example.com, my rails app is on: example.com for cookie sharing). In this case you can use code from gem you have mentioned (phpbb-auth). It's not very hard. Code is still working fine (with some adjustments probably).
BUT
I do not like it this way :) I consider my site as a main app and do not want forum to handle my users...
So, as I understand starting from phpbb 3 you can write plugin (API docs) for external auth for phpbb.
There are several examples in Python and Django in the net. Looks like this one for same domain + db access. And looks like this one for doing things remotely with JavaScript. Those are in Python, but there's not too much Python inside, only some examples :), so you can easily adopt them for rails, I think.
This question discuss same stuff, but in more generic way.