Login Verification

SMF Customization Team · February 22, 2011, 02:22:33 PM

Link to Mod

This mod adds security verification to the login page.
The settings in admin panel > security and moderation > anti-spam apply.
In addition, the mod adds logging in SMF error log for a few errors it didn't log before.

Please set security questions rather than Captcha, to protect better against bots.

Note: currently, once verification is activated for registration and login pages, the mod will not allow login through quick login anymore, the user will be directed instead to the full login page, with the message "This forum requires verification".

Changelog:
1.1 Add security verification to login pages for mobile users.
1.0 First version. Add security verification to login pages.

-=[Vyorel]=- · February 22, 2011, 02:31:40 PM

Very nice!

Thanks for mod!

Masterd · February 23, 2011, 08:21:29 AM

Nice job, SMF Team!

Groovy™ · February 24, 2011, 10:26:52 AM

Nice mod

The code does not work when the forum in the "maintenance"

qtime · February 27, 2011, 06:03:50 PM

I think this will be very usefull at smf 1.1.13 as well... 2 is beta...

Arantor · February 27, 2011, 06:06:11 PM

Except that it would have to be totally rewritten for 1.1.x since there isn't a centralised system for creating CAPTCHAs in 1.1.x, while there is in 2.0.

qtime · February 28, 2011, 02:41:22 AM

ok, but looking to my security login table, it's needed, and a lack of smf script. Using email to login will disturb the normal members.

This is no critic to all people who developing modifications

Groovy™ · March 15, 2011, 01:58:16 PM

Please correct the error in the mode ... which I have listed above: (

XerraX · March 16, 2011, 12:11:48 PM

does not work with recaptcha.

"The letters you typed don't match the letters that were shown in the picture."

Masterd · March 16, 2011, 06:47:29 PM

Describe your problem in the support topic for reCaptcha mod.

Sionus · April 07, 2011, 01:40:34 AM

hi am new at this... forum smf.. and what ever else about this here..
now actually am making a forum for some way.. am really on need of this mod for 1.1.x,. 1.1.13...
so there is some way any possibility we gonna have this login verification mod for dha version??

would be cool

MC73 · April 26, 2011, 10:45:00 PM

Quote from: Groovy™ on February 24, 2011, 10:26:52 AM
Nice mod

The code does not work when the forum in the "maintenance"

I learned the hard way, lol ..... make sure to uninstall this mod b4 you put your site in maint mode. If you don't ... Filezilla will be your best friend to get it out of maint mode

slawko70 · June 26, 2011, 11:39:12 AM

Hi, will this mod be available for the SMF 2.0 Final?

Masterd · June 26, 2011, 02:42:07 PM

Did you tried it? It should work fine.

RonCz · April 03, 2014, 08:03:25 PM

I have installed the mod today hoping to chase away bots. I enabled all checkmarks for verification and set up a security question but the bots blew right by. 7 messages in a half day. I must be missing something with security. Forum here: http://videotolifeproductions.com/Public_Forum/index.php [nofollow]

Is there something I can do to fix this?

margarett · April 03, 2014, 08:15:55 PM

Well, it mostly depends on the questions you're using...
I just peeked at your registration and I see no questions there. Captcha is more is less useless

RonCz · April 03, 2014, 09:03:04 PM

Thanks I was wondering how good captcha was. I went ahead and added a question. However I did notice that even though I have the "disable administration security" disabled but I still have to go through Captcha.

Should this not have stopped asking me for Captcha?

margarett · April 03, 2014, 09:13:32 PM

No, that only stops SMF from asking your password when you enter ACP after 1h if last access.

RonCz · April 03, 2014, 09:26:01 PM

Newbie here, let me see if I understand. ACP means? administrator something, and only after an hour of being inactive would it ask me to verify again.

However I can log out and and log in as admin and I still have to captcha and do the questions... but worth it to stop the bots.

Would be nice to stop admin from security checks.

margarett · April 03, 2014, 09:33:03 PM

Ah, those are different things.
It's one thing to log you into the forum, it's another thing you have to re type your password (just the password!!!) to get to your admin panel.

I never used the mod but I assume that you always have to do the verification. I mean... If you are logging in, he has no idea who is logging in.

RonCz · April 11, 2014, 07:57:41 PM

Had to come back to the thread since I had three pages of members I did not approve. I have a question to be answered and the captcha but still they walk right in and post. Is there another mod that works better?
http://videotolifeproductions.com/Public_Forum/ [nofollow]

TonyG · January 04, 2015, 03:58:23 PM

Comments and requests:

Thanks for this valued mod.
It would be helpful if this mod were integrated into the Registration page for an added optional layer of protection.
When the user resets their password they are ultimately redirected to 'action=reminder;sa=setpassword2' This page does not have the mod integrated. So the user enters the user/psw, clicks submit, and then is sent back to standard login for verification. I'd like to eliminate that.
There's nothing in the package that links back to the mod page.
Since I've just installed it and have only been doing testing for about a week, I can't say if this is fully effective against bots. However, for those who say it doesn't help/work: I have 12 questions of various types and plan to add more. It's easy to do this and mixing it up a bit makes it a lot tougher for bots. I have also installed the KeyCAPTCHA mod for the registration page and I'm using the "Are you human" feature there. I believe this will eliminate all of the bot registrations, though not bogus manual registrations. My next line of defense from that point is Admin confirmations on registration, which is valid for my site but not for most. HTH

Thanks!

News:

Login Verification