diff options
| -rw-r--r-- | phpBB/develop/create_schema_files.php | 1 | ||||
| -rw-r--r-- | phpBB/includes/captcha/captcha_gd.php | 9 | ||||
| -rw-r--r-- | phpBB/includes/captcha/captcha_non_gd.php | 7 | ||||
| -rw-r--r-- | phpBB/includes/functions.php | 4 | ||||
| -rw-r--r-- | phpBB/includes/ucp/ucp_confirm.php | 4 | ||||
| -rw-r--r-- | phpBB/includes/ucp/ucp_register.php | 4 | ||||
| -rw-r--r-- | phpBB/install/database_update.php | 36 | ||||
| -rw-r--r-- | phpBB/install/schemas/firebird_schema.sql | 3 | ||||
| -rw-r--r-- | phpBB/install/schemas/mssql_schema.sql | 3 | ||||
| -rw-r--r-- | phpBB/install/schemas/mysql_40_schema.sql | 1 | ||||
| -rw-r--r-- | phpBB/install/schemas/mysql_41_schema.sql | 1 | ||||
| -rw-r--r-- | phpBB/install/schemas/oracle_schema.sql | 1 | ||||
| -rw-r--r-- | phpBB/install/schemas/postgres_schema.sql | 1 | ||||
| -rw-r--r-- | phpBB/install/schemas/sqlite_schema.sql | 1 | ||||
| -rw-r--r-- | phpBB/posting.php | 4 |
15 files changed, 65 insertions, 15 deletions
diff --git a/phpBB/develop/create_schema_files.php b/phpBB/develop/create_schema_files.php index 60324d94a8..cc657f7829 100644 --- a/phpBB/develop/create_schema_files.php +++ b/phpBB/develop/create_schema_files.php @@ -949,6 +949,7 @@ function get_schema_struct() 'session_id' => array('CHAR:32', ''), 'confirm_type' => array('TINT:3', 0), 'code' => array('VCHAR:8', ''), + 'seed' => array('UINT:10', 0), ), 'PRIMARY_KEY' => array('session_id', 'confirm_id'), 'KEYS' => array( diff --git a/phpBB/includes/captcha/captcha_gd.php b/phpBB/includes/captcha/captcha_gd.php index 3d64cb1c26..c513c45fe7 100644 --- a/phpBB/includes/captcha/captcha_gd.php +++ b/phpBB/includes/captcha/captcha_gd.php @@ -19,7 +19,7 @@ class captcha var $width = 360; var $height = 96; - function execute($code) + function execute($code, $seed) { global $config; $stats = gd_info(); @@ -48,6 +48,9 @@ class captcha imageantialias($image, true); } + // seed the random generator + mt_srand($seed); + // set background color $back = imagecolorallocate($image, mt_rand(224, 255), mt_rand(224, 255), mt_rand(224, 255)); imagefilledrectangle($image, 0, 0, $this->width, $this->height, $back); @@ -79,7 +82,7 @@ class captcha $x = mt_rand(0, 360); $y = mt_rand(0, (int)($this->height - ($size / 5))); $color = $func2($image, mt_rand(160, 224), mt_rand(160, 224), mt_rand(160, 224)); - $text = $chars_allowed[array_rand($chars_allowed)]; + $text = $chars_allowed[mt_rand(0, sizeof($chars_allowed) - 1)]; imagettftext($image, $size, $angle, $x, $y, $color, $this->get_font(), $text); } unset($chars_allowed); @@ -145,7 +148,7 @@ class captcha closedir($dr); } - return $fonts[array_rand($fonts)]; + return $fonts[mt_rand(0, sizeof($fonts) - 1)]; } } diff --git a/phpBB/includes/captcha/captcha_non_gd.php b/phpBB/includes/captcha/captcha_non_gd.php index 41bd22868e..bb4e5af443 100644 --- a/phpBB/includes/captcha/captcha_non_gd.php +++ b/phpBB/includes/captcha/captcha_non_gd.php @@ -30,15 +30,14 @@ class captcha } /** - * Create the image containing $code + * Create the image containing $code with a seed of $seed */ - function execute($code) + function execute($code, $seed) { $img_height = $this->height - 10; $img_width = 0; - list($usec, $sec) = explode(' ', microtime()); - mt_srand($sec * $usec); + mt_srand($seed); $char_widths = $hold_chars = array(); $code_len = strlen($code); diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index e975469685..6f5ff42ac2 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -1903,12 +1903,14 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa // Generate code $code = gen_rand_string(mt_rand(5, 8)); $confirm_id = md5(unique_id($user->ip)); + $seed = hexdec(substr(unique_id(), 4, 10)); $sql = 'INSERT INTO ' . CONFIRM_TABLE . ' ' . $db->sql_build_array('INSERT', array( 'confirm_id' => (string) $confirm_id, 'session_id' => (string) $user->session_id, 'confirm_type' => (int) CONFIRM_LOGIN, - 'code' => (string) $code) + 'code' => (string) $code, + 'seed' => (int) $seed) ); $db->sql_query($sql); diff --git a/phpBB/includes/ucp/ucp_confirm.php b/phpBB/includes/ucp/ucp_confirm.php index 087a186fa7..e971dbb3ae 100644 --- a/phpBB/includes/ucp/ucp_confirm.php +++ b/phpBB/includes/ucp/ucp_confirm.php @@ -39,7 +39,7 @@ class ucp_confirm } // Try and grab code for this id and session - $sql = 'SELECT code + $sql = 'SELECT code, seed FROM ' . CONFIRM_TABLE . " WHERE session_id = '" . $db->sql_escape($user->session_id) . "' AND confirm_id = '" . $db->sql_escape($confirm_id) . "' @@ -64,7 +64,7 @@ class ucp_confirm } $captcha = new captcha(); - $captcha->execute($row['code']); + $captcha->execute($row['code'], $row['seed']); exit; } } diff --git a/phpBB/includes/ucp/ucp_register.php b/phpBB/includes/ucp/ucp_register.php index 2e355fe3c2..d78ea09806 100644 --- a/phpBB/includes/ucp/ucp_register.php +++ b/phpBB/includes/ucp/ucp_register.php @@ -441,12 +441,14 @@ class ucp_register $code = gen_rand_string(mt_rand(5, 8)); $confirm_id = md5(unique_id($user->ip)); + $seed = hexdec(substr(unique_id(), 4, 10)); $sql = 'INSERT INTO ' . CONFIRM_TABLE . ' ' . $db->sql_build_array('INSERT', array( 'confirm_id' => (string) $confirm_id, 'session_id' => (string) $user->session_id, 'confirm_type' => (int) CONFIRM_REG, - 'code' => (string) $code) + 'code' => (string) $code, + 'seed' => (int) $seed) ); $db->sql_query($sql); } diff --git a/phpBB/install/database_update.php b/phpBB/install/database_update.php index 011e7bfa35..fa691d9119 100644 --- a/phpBB/install/database_update.php +++ b/phpBB/install/database_update.php @@ -196,6 +196,33 @@ $dbms_type_map = array( 'VARBINARY' => '[varchar] (255)', ), + 'db2' => array( + 'INT:' => 'integer', + 'BINT' => 'float', + 'UINT' => 'integer', + 'UINT:' => 'integer', + 'TINT:' => 'smallint', + 'USINT' => 'smallint', + 'BOOL' => 'smallint', + 'VCHAR' => 'varchar(255)', + 'VCHAR:' => 'varchar(%d)', + 'CHAR:' => 'char(%d)', + 'XSTEXT' => 'varchar(1000)', + 'STEXT' => 'varchar(3000)', + 'TEXT' => 'varchar(8000)', + 'MTEXT' => 'varchar(32672)', + 'XSTEXT_UNI'=> 'varchar(100)', + 'STEXT_UNI' => 'varchar(255)', + 'TEXT_UNI' => 'varchar(4000)', + 'MTEXT_UNI' => 'varchar(32672)', + 'TIMESTAMP' => 'integer', + 'DECIMAL' => 'float', + 'VCHAR_UNI' => 'varchar(255)', + 'VCHAR_UNI:'=> 'varchar(%d)', + 'VCHAR_CI' => 'varchar(255)', + 'VARBINARY' => 'varchar(255)', + ), + 'oracle' => array( 'INT:' => 'number(%d)', 'BINT' => 'number(20)', @@ -308,7 +335,14 @@ $database_update_info = array( ), ), // Latest version - '3.0.b4' => array(), + '3.0.b4' => array( + // Add the following columns + 'add_columns' => array( + CONFIRM_TABLE => array( + 'seed' => array('UINT:10', 0), + ), + ), + ), ); // Determine mapping database type diff --git a/phpBB/install/schemas/firebird_schema.sql b/phpBB/install/schemas/firebird_schema.sql index f06c98b657..e983744fb7 100644 --- a/phpBB/install/schemas/firebird_schema.sql +++ b/phpBB/install/schemas/firebird_schema.sql @@ -226,7 +226,8 @@ CREATE TABLE phpbb_confirm ( confirm_id CHAR(32) CHARACTER SET NONE DEFAULT '' NOT NULL, session_id CHAR(32) CHARACTER SET NONE DEFAULT '' NOT NULL, confirm_type INTEGER DEFAULT 0 NOT NULL, - code VARCHAR(8) CHARACTER SET NONE DEFAULT '' NOT NULL + code VARCHAR(8) CHARACTER SET NONE DEFAULT '' NOT NULL, + seed INTEGER DEFAULT 0 NOT NULL );; ALTER TABLE phpbb_confirm ADD PRIMARY KEY (session_id, confirm_id);; diff --git a/phpBB/install/schemas/mssql_schema.sql b/phpBB/install/schemas/mssql_schema.sql index 804d5eafc8..9e0e90d48c 100644 --- a/phpBB/install/schemas/mssql_schema.sql +++ b/phpBB/install/schemas/mssql_schema.sql @@ -292,7 +292,8 @@ CREATE TABLE [phpbb_confirm] ( [confirm_id] [char] (32) DEFAULT ('') NOT NULL , [session_id] [char] (32) DEFAULT ('') NOT NULL , [confirm_type] [int] DEFAULT (0) NOT NULL , - [code] [varchar] (8) DEFAULT ('') NOT NULL + [code] [varchar] (8) DEFAULT ('') NOT NULL , + [seed] [int] DEFAULT (0) NOT NULL ) ON [PRIMARY] GO diff --git a/phpBB/install/schemas/mysql_40_schema.sql b/phpBB/install/schemas/mysql_40_schema.sql index cf4d43b768..635faf81a5 100644 --- a/phpBB/install/schemas/mysql_40_schema.sql +++ b/phpBB/install/schemas/mysql_40_schema.sql @@ -163,6 +163,7 @@ CREATE TABLE phpbb_confirm ( session_id char(32) DEFAULT '' NOT NULL, confirm_type tinyint(3) DEFAULT '0' NOT NULL, code varchar(8) DEFAULT '' NOT NULL, + seed int(10) UNSIGNED DEFAULT '0' NOT NULL, PRIMARY KEY (session_id, confirm_id), KEY confirm_type (confirm_type) ); diff --git a/phpBB/install/schemas/mysql_41_schema.sql b/phpBB/install/schemas/mysql_41_schema.sql index aaf00d077e..99e16ac4c8 100644 --- a/phpBB/install/schemas/mysql_41_schema.sql +++ b/phpBB/install/schemas/mysql_41_schema.sql @@ -163,6 +163,7 @@ CREATE TABLE phpbb_confirm ( session_id char(32) DEFAULT '' NOT NULL, confirm_type tinyint(3) DEFAULT '0' NOT NULL, code varchar(8) DEFAULT '' NOT NULL, + seed int(10) UNSIGNED DEFAULT '0' NOT NULL, PRIMARY KEY (session_id, confirm_id), KEY confirm_type (confirm_type) ) CHARACTER SET `utf8` COLLATE `utf8_bin`; diff --git a/phpBB/install/schemas/oracle_schema.sql b/phpBB/install/schemas/oracle_schema.sql index 816d584b97..c267fff059 100644 --- a/phpBB/install/schemas/oracle_schema.sql +++ b/phpBB/install/schemas/oracle_schema.sql @@ -337,6 +337,7 @@ CREATE TABLE phpbb_confirm ( session_id char(32) DEFAULT '' , confirm_type number(3) DEFAULT '0' NOT NULL, code varchar2(8) DEFAULT '' , + seed number(10) DEFAULT '0' NOT NULL, CONSTRAINT pk_phpbb_confirm PRIMARY KEY (session_id, confirm_id) ) / diff --git a/phpBB/install/schemas/postgres_schema.sql b/phpBB/install/schemas/postgres_schema.sql index aa22d5b0fa..206dff3b2e 100644 --- a/phpBB/install/schemas/postgres_schema.sql +++ b/phpBB/install/schemas/postgres_schema.sql @@ -275,6 +275,7 @@ CREATE TABLE phpbb_confirm ( session_id char(32) DEFAULT '' NOT NULL, confirm_type INT2 DEFAULT '0' NOT NULL, code varchar(8) DEFAULT '' NOT NULL, + seed INT4 DEFAULT '0' NOT NULL CHECK (seed >= 0), PRIMARY KEY (session_id, confirm_id) ); diff --git a/phpBB/install/schemas/sqlite_schema.sql b/phpBB/install/schemas/sqlite_schema.sql index ee42bfec4b..ba86abe6e4 100644 --- a/phpBB/install/schemas/sqlite_schema.sql +++ b/phpBB/install/schemas/sqlite_schema.sql @@ -160,6 +160,7 @@ CREATE TABLE phpbb_confirm ( session_id char(32) NOT NULL DEFAULT '', confirm_type tinyint(3) NOT NULL DEFAULT '0', code varchar(8) NOT NULL DEFAULT '', + seed INTEGER UNSIGNED NOT NULL DEFAULT '0', PRIMARY KEY (session_id, confirm_id) ); diff --git a/phpBB/posting.php b/phpBB/posting.php index ba32f24626..d991f27b35 100644 --- a/phpBB/posting.php +++ b/phpBB/posting.php @@ -1128,12 +1128,14 @@ if ($config['enable_post_confirm'] && !$user->data['is_registered'] && $solved_c // Generate code $code = gen_rand_string(mt_rand(5, 8)); $confirm_id = md5(unique_id($user->ip)); + $seed = hexdec(substr(unique_id(), 4, 10)); $sql = 'INSERT INTO ' . CONFIRM_TABLE . ' ' . $db->sql_build_array('INSERT', array( 'confirm_id' => (string) $confirm_id, 'session_id' => (string) $user->session_id, 'confirm_type' => (int) CONFIRM_POST, - 'code' => (string) $code) + 'code' => (string) $code, + 'seed' => (int) $seed) ); $db->sql_query($sql); |