Hello Everett and TimGS,
I have a similar need to do some job and I resolve it following your ideas and some pieces of my brain too.
My need was drawing a catpcha code at login form and verify it when an user submit the wlpeLogin form.
Making an user typing error with the captcha code input could be account blocker or not. We retain it will not enough to block the account if the login/password are correct.
So giving the solution here:
In the file
webloginpe.class.php search the
function Authenticate() {}
if (!$authenticate || (is_array($authenticate) && !in_array(TRUE, $authenticate)))
{
// check user password - local authentication
if ($this->User['password'] != md5($this->Password))
{
// in the case of a persistent login the password will already be a MD5 checksum.
if ($this->User['password'] != $this->Password)
{
$this->LoginErrorCount = 1;
}
}
//check captcha code entered... maybe mb_ereg_match() is far far better than this solution?
if ($_POST['formcode'] != $_SESSION['veriword'])
{
$this->LoginErrorCount = 2;
}
}
//doing verification job if the capctha is not correct
if ($this->LoginErrorCount == 2)
{
$anError = $this->LanguageArray[6];
$this->LoginErrorCount = 0;
return $this->FormatMessage($anError);
}
if ($this->LoginErrorCount == 1) {
...
}
After you will need to modify the event OnWebAuthentication to add the captcha parameter:
function OnWebAuthentication()
{
global $modx;
$parameters = array(
'internalKey' => $this->User['internalKey'],
'username' => $this->Username,
'form_password' => $this->Password,
'db_password' => $this->User['password'],
'rememberme' => $_POST['rememberme'],
'formcode' => $_POST['formcode'],
'stayloggedin' => $_POST['stayloggedin']
);
$modx->invokeEvent('OnWebAuthentication', $parameters);
}
Of course you need to add to your snippet call the
®Required fields like
formcode and including the captcha output in your login XHTML chunck used as template (like TimGS have said before).
Thanks for sharing your solutions and hope mine will be usefull too.
Terry.