X-Cart:Image Verification

From X-Cart 4 Classic
Jump to: navigation, search

What Image Verification module does

X-Cart's Image Verification module is a solution designed to prevent your store's forms from being automatically filled and submitted. Such solutions are also commonly known as CAPTCHA.

The problem of automated form filling and submission is caused by spam robots (spambots) - software programs that impersonate human beings and imitate their online activities for various malicious purposes. In an X-Cart based store not using Image Verification module, spambots are likely to attempt to take advantage of the following forms:

  • 'Profile details' form (customer registration page);
  • 'Authentication' form (any pages from which existing customers can log in);
  • 'Send to friend' form (product details page);
  • 'Customer reviews' form (product details page);
  • 'Contact us' form (one of the help pages available through X-Cart's 'Help' menu);
  • 'Subscribe to newslists' form (news subscription page for anonymous customers);
  • Survey forms (any pages on which surveys can be completed/submitted);
  • 'Password recovery' forms ('Forgot password?' pages);
  • 'Ask a question about this product' form (product details page).

The damage induced by automated submissions of the above forms by spambots may vary from insignificant to serious, but, in the most general case, is likely to include automated registrations of customer accounts (up to thousands of accounts every minute), dictionary/brute force attacks aiming to defeat the store's password system by continuously submitting to it various words/combinations of characters making the server iterate through the entire space of passwords, sending spam messages to the email addresses of the store owner/company ('Contact us' form) and email addresses of other Internet users ('Send to friend' form), distortion of survey statistics and posting annoying messages as product reviews.

Image Verification module generates tests that allow X-Cart system to determine whether it is dealing with a human or with a program pretending to be human (a spambot). Tests are designed in such a way that they can be easily passed by most humans, but cannot be passed by current computer programs. A test is pretty simple: the user is required to type a sequence of characters (letters, digits or both) that is displayed to him or her as an obscured, distorted image on the screen:


While the disguised code cannot be read by a computer program, it is easily read by a human. As a result, only human beings are allowed to submit forms.

It should be said that, although most code strings can be read by humans without problems, as a result of image distortion, certain combinations of characters may be poorly legible. You should not worry about that, as there is a link 'Get a different code' displayed below each distorted image, which allows the user to choose a different image at any time he or she wishes to do so.

The module is rather flexible in that you can adjust the type of characters (letters, digits or both) and the length of string that may appear in images protecting the store forms. It is also possible to choose, which of the forms that can be protected by image verification should actually be protected (all the forms or just some of the forms).

Roles in Image Verification module management

If you are an X-Cart GOLD or GOLD PLUS administrator/provider or an X-Cart PLATINUM or PRO administrator:

  • You can enable/disable the module Image Verification and adjust its configuration settings.

Enabling the Image Verification module

Image Verification is available as a built-in module in all X-Cart editions. It does not require installation and can be enabled in the Modules section of X-Cart Admin area.

X-Cart's 'Image Verification' module requires GDLib (GD extension for PHP). Before enabling the module, please ensure that GDLib is installed and properly configured on your system.

To enable the module, follow these steps:

  1. In Admin area, go to the Modules section (Settings menu->Modules).
  2. Locate the entry for 'Image Verification' module.
    Note: In X-Cart versions 4.6 and later, the Image Verification module would be found on the 'Built-in and installed modules' tab under the 'Security' tag.
  3. X-Cart versions 4.6 and later: Select the Enable check box to the left of the module name.
    X-Cart versions prior to 4.6: Select the check box to the left of the module name and click the Apply changes button.
    The module will be activated.

Configuring the Image Verification module

After the Image Verification module has been enabled in your store, you should check and adjust its configuration:

  1. In the Modules section (Settings menu->Modules), click the Configure link opposite the module name ('Image Verification').
    The module configuration page (titled by the name of the module) opens.
    Img verification.png
  2. Adjust the settings on the module configuration page. Detailed information regarding the Image Verification module configuration settings is available below.
  3. Click the Apply changes button to save the changes.

Image Verification module configuration settings

Here is an explanation of the Image Verification module configuration settings:

  1. Image generator options section:
    • Image generator: At present, the only available option is the default generator.
    • Type of string that should be used for the image: The type of characters that you wish to be displayed in the image (Numbers only, Letters only, Numbers and letters).
      Note: Please be aware that image verification tests using letters are case-sensitive. If a distorted image displayed on the screen includes any letters, the user needs to enter them in the appropriate case. If you think that might represent a difficulty for your customers, disable use of letters for your image verification tests.
    • Length of string: The number of characters that should be displayed in the image.
    • The code must be case sensitive: Select the check box if you wish the code to be case-sensitive.
  2. Where to display section (Here you can specify what forms should be protected by image verification):
    • On Registration page: Select this to prevent automated registrations of new customer accounts.
    • On pages with an authentication form (after 3 unsuccessful attempts to log in): Select this to prevent multiple log-in attempts by spambots trying to fit passwords to customer accounts. When this option is enabled, the protecting image appears in the form only after a user makes three unsuccessful attempts to sign in.
    • On Contact us page: Select this to prevent spam being sent through the 'Contact us' help section of your store.
    • On Send to friend page: Select this to prevent spam being sent through the 'Send to friend' section of the product details page.
    • On customer reviews page: Select this to prevent automated postings of reviews.
    • On ask about product form: Select this to prevent automated submission of messages through the 'Ask a question about this product' form on the product details page.
    • On survey page: Select this to prevent automated submissions of survey forms aiming to distort survey results.
    • On news subscription page: Select this to prevent automated subscriptions of emails to your store's news.
    • On password recovery page: (This option is available in X-Cart versions 4.5.5 and later.) Select this to prevent automated submissions of password reset requests via the form on the password recovery page.