diff options
Diffstat (limited to 'phpBB/includes/captcha/plugins/captcha_abstract.php')
| -rw-r--r-- | phpBB/includes/captcha/plugins/captcha_abstract.php | 139 |
1 files changed, 69 insertions, 70 deletions
diff --git a/phpBB/includes/captcha/plugins/captcha_abstract.php b/phpBB/includes/captcha/plugins/captcha_abstract.php index f88d82b2a0..0666a3ca67 100644 --- a/phpBB/includes/captcha/plugins/captcha_abstract.php +++ b/phpBB/includes/captcha/plugins/captcha_abstract.php @@ -18,7 +18,9 @@ if (!defined('IN_PHPBB')) /** -* This class holds the code shared by the two default 3.0 CAPTCHAs. +* This class holds the code shared by the two default 3.0.x CAPTCHAs. +* +* @package VC */ class phpbb_default_captcha { @@ -29,18 +31,17 @@ class phpbb_default_captcha var $type; var $solved = false; - function init($type) { global $config, $db, $user; - + // read input $this->confirm_id = request_var('confirm_id', ''); $this->confirm_code = request_var('confirm_code', ''); $refresh = request_var('refresh_vc', false) && $config['confirm_refresh']; - + $this->type = (int) $type; - + if (!strlen($this->confirm_id)) { // we have no confirm ID, better get ready to display something @@ -50,24 +51,22 @@ class phpbb_default_captcha { $this->regenerate_code(); } - } - + function execute_demo() { global $user; - - $this->code = gen_rand_string(mt_rand(5, 8)); + + $this->code = gen_rand_string(mt_rand(CAPTCHA_MIN_CHARS, CAPTCHA_MAX_CHARS)); $this->seed = hexdec(substr(unique_id(), 4, 10)); - + // compute $seed % 0x7fffffff $this->seed -= 0x7fffffff * floor($this->seed / 0x7fffffff); - + $captcha = new captcha(); $captcha->execute($this->code, $this->seed); } - - + function execute() { if (empty($this->code)) @@ -81,46 +80,46 @@ class phpbb_default_captcha $captcha = new captcha(); $captcha->execute($this->code, $this->seed); } - - + function get_template() { global $config, $user, $template, $phpEx, $phpbb_root_path; - + $template->set_filenames(array( 'captcha' => 'captcha_default.html') ); - + $template->assign_vars(array( 'CONFIRM_IMAGE' => append_sid($phpbb_root_path . 'ucp.' . $phpEx . '?mode=confirm&confirm_id=' . $this->confirm_id . '&type=' . $this->type), - 'CONFIRM_ID' => $this->confirm_id, + 'CONFIRM_ID' => $this->confirm_id, 'S_REFRESH' => (bool) $config['confirm_refresh'], )); - + return $template->assign_display('captcha'); } - + function get_demo_template($id) { global $config, $user, $template, $phpbb_admin_path, $phpEx; - + $template->set_filenames(array( 'captcha_demo' => 'captcha_default_acp_demo.html') ); + // acp_captcha has a delivery function; let's use it $template->assign_vars(array( 'CONFIRM_IMAGE' => append_sid($phpbb_admin_path . 'index.' . $phpEx . '?captcha_demo=1&mode=visual&i=' . $id . '&select_captcha=' . $this->get_class_name()), 'CONFIRM_ID' => $this->confirm_id, )); - + return $template->assign_display('captcha_demo'); } - + function get_hidden_fields() { $hidden_fields = array(); - + // this is required for postig.php - otherwise we would forget about the captcha being already solved if ($this->solved) { @@ -129,16 +128,16 @@ class phpbb_default_captcha $hidden_fields['confirm_id'] = $this->confirm_id; return $hidden_fields; } - + function garbage_collect($type) { global $db, $config; $sql = 'SELECT DISTINCT c.session_id - FROM ' . CONFIRM_TABLE . ' c - LEFT JOIN ' . SESSIONS_TABLE . ' s ON (c.session_id = s.session_id) - WHERE s.session_id IS NULL' . - ((empty($type)) ? '' : ' AND c.confirm_type = ' . (int) $type); + FROM ' . CONFIRM_TABLE . ' c + LEFT JOIN ' . SESSIONS_TABLE . ' s ON (c.session_id = s.session_id) + WHERE s.session_id IS NULL' . + ((empty($type)) ? '' : ' AND c.confirm_type = ' . (int) $type); $result = $db->sql_query($sql); if ($row = $db->sql_fetchrow($result)) @@ -159,21 +158,21 @@ class phpbb_default_captcha } $db->sql_freeresult($result); } - + function uninstall() { - self::garbage_collect(0); + $this->garbage_collect(0); } - + function install() { return; } - + function validate() { global $config, $db, $user; - + $this->confirm_code = request_var('confirm_code', ''); if (!$this->confirm_id) { @@ -191,10 +190,10 @@ class phpbb_default_captcha $error = $user->lang['CONFIRM_CODE_WRONG']; } } - + if (strlen($error)) { - // okay, inorect answer. Let's ask a new question + // okay, incorrect answer. Let's ask a new question. $this->generate_code(); return $error; } @@ -203,16 +202,15 @@ class phpbb_default_captcha return false; } } - - + /** * The old way to generate code, suitable for GD and non-GD. Resets the internal state. */ function generate_code() { global $db, $user; - - $this->code = gen_rand_string(mt_rand(5, 8)); + + $this->code = gen_rand_string(mt_rand(CAPTCHA_MIN_CHARS, CAPTCHA_MAX_CHARS)); $this->confirm_id = md5(unique_id($user->ip)); $this->seed = hexdec(substr(unique_id(), 4, 10)); $this->solved = false; @@ -228,19 +226,20 @@ class phpbb_default_captcha ); $db->sql_query($sql); } - + /** * New Question, if desired. */ function regenerate_code() { global $db, $user; - - $this->code = gen_rand_string(mt_rand(5, 8)); + + $this->code = gen_rand_string(mt_rand(CAPTCHA_MIN_CHARS, CAPTCHA_MAX_CHARS)); $this->seed = hexdec(substr(unique_id(), 4, 10)); $this->solved = false; // compute $seed % 0x7fffffff $this->seed -= 0x7fffffff * floor($this->seed / 0x7fffffff); + $sql = 'UPDATE ' . CONFIRM_TABLE . ' SET ' . $db->sql_build_array('UPDATE', array( 'code' => (string) $this->code, 'seed' => (int) $this->seed)) . ' @@ -249,35 +248,37 @@ class phpbb_default_captcha session_id = \'' . $db->sql_escape($user->session_id) . '\''; $db->sql_query($sql); } - + /** - * Look up everything we need for painting&checking. + * Look up everything we need for painting&checking. */ function load_code() { global $db, $user; + $sql = 'SELECT code, seed - FROM ' . CONFIRM_TABLE . " - WHERE confirm_id = '" . $db->sql_escape($this->confirm_id) . "' - AND session_id = '" . $db->sql_escape($user->session_id) . "' - AND confirm_type = " . $this->type; + FROM ' . CONFIRM_TABLE . " + WHERE confirm_id = '" . $db->sql_escape($this->confirm_id) . "' + AND session_id = '" . $db->sql_escape($user->session_id) . "' + AND confirm_type = " . $this->type; $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); + if ($row) { $this->code = $row['code']; $this->seed = $row['seed']; return true; } + return false; - } - + function check_code() { global $db; - + if (empty($this->code)) { if (!$this->load_code()) @@ -287,47 +288,45 @@ class phpbb_default_captcha } return (strcasecmp($this->code, $this->confirm_code) === 0); } - + function delete_code() { global $db, $user; - + $sql = 'DELETE FROM ' . CONFIRM_TABLE . " - WHERE confirm_id = '" . $db->sql_escape($confirm_id) . "' - AND session_id = '" . $db->sql_escape($user->session_id) . "' - AND confirm_type = " . $this->type; + WHERE confirm_id = '" . $db->sql_escape($confirm_id) . "' + AND session_id = '" . $db->sql_escape($user->session_id) . "' + AND confirm_type = " . $this->type; $db->sql_query($sql); } - + function get_attempt_count() { global $db, $user; - + $sql = 'SELECT COUNT(session_id) AS attempts - FROM ' . CONFIRM_TABLE . " - WHERE session_id = '" . $db->sql_escape($user->session_id) . "' - AND confirm_type = " . $this->type; + FROM ' . CONFIRM_TABLE . " + WHERE session_id = '" . $db->sql_escape($user->session_id) . "' + AND confirm_type = " . $this->type; $result = $db->sql_query($sql); $attempts = (int) $db->sql_fetchfield('attempts'); $db->sql_freeresult($result); - + return $attempts; } - - + function reset() { global $db, $user; - + $sql = 'DELETE FROM ' . CONFIRM_TABLE . " - WHERE session_id = '" . $db->sql_escape($user->session_id) . "' - AND confirm_type = " . (int) $this->type; + WHERE session_id = '" . $db->sql_escape($user->session_id) . "' + AND confirm_type = " . (int) $this->type; $db->sql_query($sql); - + // we leave the class usable by generating a new question $this->generate_code(); } - } ?>
\ No newline at end of file |