1. Welcome to the feedback forum. Here's some tips for giving your suggestions the best shot:
    • Search before posting: See if someone else has already posted your suggestion. If you add your support to an existing, you're more likely to bubble up the request.
    • Keep one suggestion to one thread: Try not to club lots of different suggestions together in one thread. Otherwise, people will get confused about what they're voting for and we might miss your feedback.
  2. Kayako Download customers: we will continue to develop and support Kayako Download beyond July 2017, alongside the new Kayako for existing customers.

    Find out more.

  3. The forum you are viewing relates to Kayako Classic. If you signed up or upgraded to the new Kayako (after the 4th July 2016), the information in this thread may not apply to you. You can visit the forums for the new Kayako here.

Not planned Add captcha to the LiveChat leave message form

Discussion in 'Kayako product feedback and suggestions' started by jeffshead, Aug 14, 2012.

  1. jeffshead

    jeffshead Established Member

    When no staff is online for LiveChat, users can leave a message. In recent versions, admin can set up Kayako so messages are turned into tickets which basically turns the Leave a Message form into a ticket submission form.

    This is a really nice feature but the Leave a Message form needs captcha. :)
     
  2. ad_amin

    ad_amin Established Member

    Hi Jeff,
    You would need to modify class.Controller_Chat.php script under __modules/livechat/visitor directory. Add this to the __construct function:

    PHP:
    $this->Load->Library('Captcha:CaptchaManager'falsefalse);
    In the Message function you would need to add this code:

    PHP:
    $this->Template->Assign('_canCaptcha'false);
    if (
    $_SWIFT->Settings->Get('user_enablecaptcha') == '1')
    {
    $_CaptchaObject SWIFT_CaptchaManager::GetCaptchaObject();
    if (
    $_CaptchaObject instanceof SWIFT_CaptchaManager && $_CaptchaObject->GetIsClassLoaded())
    {
    $_captchaHTML $_CaptchaObject->GetHTML();
    if (
    $_captchaHTML)
    {
    $this->Template->Assign('_canCaptcha'true);               
    $this->Template->Assign('_captchaHTML'$_captchaHTML);
    }
    }
    then handle new variables in the leavemessage template and then modify the MessageSubmit function to check if the captcha was valid so add code like:

    PHP:
            // Check for captcha
    if ($_SWIFT->Settings->Get('user_enablecaptcha') == '1')
    {
    $_CaptchaObject SWIFT_CaptchaManager::GetCaptchaObject();
    if (
    $_CaptchaObject instanceof SWIFT_CaptchaManager && $_CaptchaObject->GetIsClassLoaded() && !$_CaptchaObject->IsValidCaptcha())
    {
    SWIFT::ErrorField('captcha');
    $this->UserInterface->Error(true$this->Language->Get('errcaptchainvalid'));
    $this->Load->Message();
    return 
    false;
    }
    not tested but I think this should work :)
     
  3. jeffshead

    jeffshead Established Member

    Thanks Adam :)

    I made the edits but I got some errors. I think I fixed the two minor ones by adding some missing brackets to your code snippets.

    Now I get the following error:
    Code:
    Fatal error: Call to a member function SetCaptcha() on a non-object in __swift\library\Captcha\class.SWIFT_Captcha.php on line 77 
    Here is the line mentioned in the error above:
    PHP:
    $this->Session->SetCaptcha($_captchaWord);
    I guess that means a session needs to be added???
     
  4. ad_amin

    ad_amin Established Member

    you cannot add the session as you don't know who is visiting your site at that point.

    In my opinion solutions would be:
    1. displaying the chat icon only if user is logged in (so session already exists) but then your customers would need to login/register to use the chat
    2. changing captcha engine to a different one - I use this one: http://areyouahuman.com/

    if you would like to change captcha then please let me know - I'll drop you the code
     
  5. masterctrl1

    masterctrl1 Kayako Guru

    You sure it needs capcha? Ours is up 24/7 and we've never had a bogus ticket submission. Perhaps required fields prevents that as well.
     
  6. jeffshead

    jeffshead Established Member

    I'm only guessing that's what's causing the error. Forgive my ignorance, but why couldn't a session be added? The captcha works on the ticket submission page and you don't have to have a Kayako account to submit a ticket.

    The site is in development so I'm assuming it will need some sort of captcha when it goes live. One of my other sites was really getting hammered by bots till I added captcha. Just trying to avoid that mess.
     
  7. ad_amin

    ad_amin Established Member

    because session gets created after user has been successfully verified as registered in the helpdesk. If you simply create a session for a user you will give him access to the helpdesk without asking for password... initializing a session object might work - you could check the ticket submition code and see how it passes captcha without active session.

    I'll take a look into the source tommorow at work and update this thread if I find a solution.
     
  8. masterctrl1

    masterctrl1 Kayako Guru

    I really don't think you are going to need capcha for the chat message form since no one has reported this as a problem before.
    I suppose an updated bot could cause problems in the future, but it's not an issue at the present.
     
  9. ad_amin

    ad_amin Established Member

    Hi Jeff,

    You should keep in mind what masterctrl1 said - maybe it's not worth so much effort...

    But :)
    The code script for submitting a ticket differs only in this check:
    PHP:
    if ($this->Settings->Get('user_enablecaptcha') == '1' && !$_SWIFT->Session->IsLoggedIn())
    so I'm really a bit confused there :confused:

    How to add Are you a human plugin:
    1. put Are you a human package to the __swift/thirdparty directory
    2. in all places where you want ayah to be added just stick this code:

    PHP:
    $this->Template->Assign('_canCaptcha'false);
    if (
    $this->Settings->Get('user_enablecaptcha') == '1') {
    require_once (
    './' SWIFT_BASEDIRECTORY '/' SWIFT_THIRDPARTYDIRECTORY '/ayah/ayah.php');
                        
    $ayah = new AYAH();
                        
    $this->Template->Assign('_canCaptcha'true);
                        
    $this->Template->Assign('_captchaHTML'$ayah->getPublisherHTML());
    }
    3. to check if submitted captcha was valid use:
    PHP:
    if ($this->Settings->Get('user_enablecaptcha') == '1')
    {
    require_once (
    './' SWIFT_BASEDIRECTORY '/' SWIFT_THIRDPARTYDIRECTORY '/ayah/ayah.php');
                        
    $ayah = new AYAH();
                     
                        
    $score $ayah->scoreResult();
                        if (!
    $score) {
                            
    SWIFT::ErrorField('captcha');
     
                            
    $this->UserInterface->Error(true$this->Language->Get('errcaptchainvalid'));
     
                            
    $this->Load->SomeFunction();
     
                            return 
    false;
    }
    }
    4. I do it only in 2 places so it was quite easy to simply replace the code but it can be wrapped in a Kayako library

    Our customers were complaining about unreadable captcha so we desided to use ayah and it works very well.
     
  10. jeffshead

    jeffshead Established Member

    Adam and masterctrl1, I want both of you to know how much I appreciate all of the help and advise you have provided :)

    I despise captchas (especially reCAPTCHA) almost as much as I do spam bots.

    I was thinking it would be a quick, simple task to add the Kayako captcha to this form but as we found out, it's not.

    I ended up adding a token, time limitation and a couple of honey pots to the form instead of adding a captcha. I think I may do that to the other forms so I can get rid of all captchas. That's eliminated all spam and bogus signups, except for human entries, on my other site.

    Thanks again,

    Jeff
     
  11. Drew Keller

    Drew Keller Just one person in a world of millions.

    Jeff,

    I noticed you said this site was in Development earlier, I also notice that Kayako released 4.50.00 on the 15-August-2012 and it is quite a major change under the hood, I wonder if you shoudl look into it as I would hate for you to have to rethink all you changes based on this upgrade in only a few weeks of go live. Anyway thats my 2 cents worth.
     
  12. Artsiom

    Artsiom New Member

    Hi everyone.

    Can any one help with adding captcha on chat Submit form?

    Product: Fusion
    Version 4.61.0.4088

    My steps how I try to do that:

    In "leavemessage" template add:
    PHP:
    <{if $_canCaptcha == true}>
                <
    table class="hlineheader"><tr><th rowspan="2"><{$_language[captchaverification]}></th><td>&nbsp;</td></tr><tr><td class="hlinelower">&nbsp;</td></tr></table>
                <
    div class="subcontent"><{$_language[captchadesc]}></div>
            <{
    $_captchaHTML}>
    In "__apps\livechat\visitor\class.Controller_Chat.php":

    - insert to "function __construct" (before "$this->Template->Assign('_randomNumber', BuildHash());"):
    PHP:
    // Captcha
            
    $this->Template->Assign('_canCaptcha'false);
            if (
    $this->Settings->Get('user_enablecaptcha') == '1')
            {
                
    $_CaptchaObject SWIFT_CaptchaManager::GetCaptchaObject();
                if (
    $_CaptchaObject instanceof SWIFT_CaptchaManager && $_CaptchaObject->GetIsClassLoaded())
                {
                    
    $_captchaHTML $_CaptchaObject->GetHTML();
                    if (
    $_captchaHTML)
                    {
                        
    $this->Template->Assign('_canCaptcha'true);
                        
    $this->Template->Assign('_captchaHTML'$_captchaHTML);
                    }
                }
            }
    - insert to "Message" function (before "$this->_AssignVariables($_messageArguments);"):

    PHP:
    // Check for captcha
            
    if ($this->Settings->Get('user_enablecaptcha') == '1')
            {
                
    $_CaptchaObject SWIFT_CaptchaManager::GetCaptchaObject();
                if (
    $_CaptchaObject instanceof SWIFT_CaptchaManager && $_CaptchaObject->GetIsClassLoaded() && !$_CaptchaObject->IsValidCaptcha())
                {
                    
    SWIFT::ErrorField('captcha');

                    
    $this->UserInterface->Error(true$this->Language->Get('errcaptchainvalid'));

                    
    $this->Load->Index();

                    return 
    false;
                }
            }

    After this changes I get next error:

    [28-Dec-2018 13:32:06 Europe/Riga] PHP Fatal error: Call to a member function SetCaptcha() on a non-object in C:\inetpub\wwwroot\com.support\__swift\apps\base\library\Captcha\class.SWIFT_Captcha.php on line 78
     
  13. jeffshead

    jeffshead Established Member

    Wow! You resurrected a very old thread and you are using a very old version :eek:

    I never got it to work on the chat form. Besides, I hate inconveniencing customers with captcha. I will NEVER, ever use that reCAPTCHA garbage on any site that I build. Not only do users have to solve multiple problems but half the time they get blocked and have to wait before they can try again. Not to mention most people don't even know the real purpose of reCAPTCHA. Sorry for the rant but I just want you to know, most people hate solving stupid problems in order to use a website.

    You should consider getting away from using captcha, altogether, and use honeypots, instead. The only spam I got from the chat form was from humans and captcha is not going to stop that.

    There are enough honeypot examples on the web that you should be able to make it work on any form. You already know which Kayako files and templates need to be edited so it won't be very difficult.

    h**ps://stackoverflow.com/questions/36227376/better-honeypot-implementation-form-anti-spam
    h**ps://www.ostraining.com/blog/coding/honeypot/

    Basically, edit the config.php file so you can add PHP tags to your templates. Create a small PHP file that contains the honeypot. Use PHP to include the honeypot file in the chat template or forgo creating a separate file and just add the honeypot directly to the chat template. Use CSS to hide the honeypot. Then add a check for the honeypot in the class.Controller_Chat.php file. If the honeypot indicates bot activity, the form submission fails.
     
  14. bear

    bear Kayako Guru

    For us, there were few that used the offline option, until a day not long ago that a bot fell in love with it. Submitting several times every second, he generated several *hundred* thousand emails, and roughly 47K tickets (importing was slower than the generated emails). These days the offline form is removed from the template and a simple "submit a ticket" link to take them to the actual desk instead. No more bots.
    Less convenient than having a handy form, but better than catpcha or nothing at all.
     
  15. jeffshead

    jeffshead Established Member

    Your form must have been too sexy :D

    I've had really good luck with adding time checks along with other honeypot items. That's why I suggested using PHP instead of regular HTML for the honeypot. I know some advanced bots are able to defeat a lot of honeypots. Maybe I've been lucky, but it's never been an issue for me.
     
  16. bear

    bear Kayako Guru

    Definitely too sexy. ;)
    Just bad luck, I reckon. It was without any protection for a long while, and I just assumed (wrongly) it wasn't much of a target (how attractive is something that can only send spam to one address?). All it took was one random bot with no constraints or sophistication to prove that theory wrong. For me, since it was underused anyway, I didn't feel spending any time on updating/fixing something the folks at Kayako hadn't done (naturally, that appears to have been added just after my last supported version and the massive price changes) was worth it, so simply killed the form entirely.
     
  17. Gurpreet Singh

    Gurpreet Singh Staff Member

    Hello All,

    We have implemented the support for Captcha for both live chat online and offline forms. You may upgrade to the latest available release v4.92.6, restore the out of date templates and then run the following MySQL query:

    mysql>insert into `swsettings`(`section`, `vkey`, `data`) values('settings', 'livesupport_captcha', '1');

    I hope this helps!

    Kind regards,
    Gurpreet Singh
     
  18. bear

    bear Kayako Guru

    Our support expired, since my licenses would have been reduced in the process from unlimited seats to "continuously pay much higher per seat" licenses. No grandfathering, though I'd used Kayako for a seriously long time, long enough to remember the time the paid support period was reduced from a year to 6 months DURING the 1 year period I paid for (essentially doubling the support cost and negating the agreement in place at the time). And the time support was incredibly slow (for roughly a year) because you were building a "new support center" in India that was supposed to speed things up. Once completed it was revealed that it was a sales support center, and not in fact technical support.

    Appreciate useful things (like security) being added well after any hope of obtaining it had passed. How's that PHP7 compatibility going?
    Sorry for the rant, but wow, has Kayako earned it.
     
  19. jeffshead

    jeffshead Established Member

    If the user enters the captcha incorrectly in the live chat offline form, all text in the Message textbox is lost. Text in the other fields remain. This is very frustrating for customers. They have to re-type everything each time they mistype the captcha.
     
    Last edited: Feb 14, 2019
  20. jeffshead

    jeffshead Established Member

    If I change the 'leavemessage' template,...

    From:
    PHP:
    <td align="left" valign="middle"><textarea name="message" id="chatmessage" class="swifttextareawide required" rows="7" cols="30"><{$_message}></textarea></td>
    To:
    PHP:
    <td align="left" valign="middle"><textarea name="message" id="chatmessage" class="swifttextareawide required" rows="7" cols="30"><?php if(isset($_POST['message'])) { echo htmlentities($_POST['message']); } ?></textarea></td>
    ... the text is posted back after submitting the wrong captcha but this is a hack.

    Which files need to be edited to fix this the proper way?
     

Share This Page