diff options
Diffstat (limited to 'phpBB/includes')
| -rw-r--r-- | phpBB/includes/captcha/captcha_gd.php | 9 | ||||
| -rw-r--r-- | phpBB/includes/captcha/captcha_non_gd.php | 7 | ||||
| -rw-r--r-- | phpBB/includes/functions.php | 4 | ||||
| -rw-r--r-- | phpBB/includes/ucp/ucp_confirm.php | 4 | ||||
| -rw-r--r-- | phpBB/includes/ucp/ucp_register.php | 4 |
5 files changed, 17 insertions, 11 deletions
diff --git a/phpBB/includes/captcha/captcha_gd.php b/phpBB/includes/captcha/captcha_gd.php index 3d64cb1c26..c513c45fe7 100644 --- a/phpBB/includes/captcha/captcha_gd.php +++ b/phpBB/includes/captcha/captcha_gd.php @@ -19,7 +19,7 @@ class captcha var $width = 360; var $height = 96; - function execute($code) + function execute($code, $seed) { global $config; $stats = gd_info(); @@ -48,6 +48,9 @@ class captcha imageantialias($image, true); } + // seed the random generator + mt_srand($seed); + // set background color $back = imagecolorallocate($image, mt_rand(224, 255), mt_rand(224, 255), mt_rand(224, 255)); imagefilledrectangle($image, 0, 0, $this->width, $this->height, $back); @@ -79,7 +82,7 @@ class captcha $x = mt_rand(0, 360); $y = mt_rand(0, (int)($this->height - ($size / 5))); $color = $func2($image, mt_rand(160, 224), mt_rand(160, 224), mt_rand(160, 224)); - $text = $chars_allowed[array_rand($chars_allowed)]; + $text = $chars_allowed[mt_rand(0, sizeof($chars_allowed) - 1)]; imagettftext($image, $size, $angle, $x, $y, $color, $this->get_font(), $text); } unset($chars_allowed); @@ -145,7 +148,7 @@ class captcha closedir($dr); } - return $fonts[array_rand($fonts)]; + return $fonts[mt_rand(0, sizeof($fonts) - 1)]; } } diff --git a/phpBB/includes/captcha/captcha_non_gd.php b/phpBB/includes/captcha/captcha_non_gd.php index 41bd22868e..bb4e5af443 100644 --- a/phpBB/includes/captcha/captcha_non_gd.php +++ b/phpBB/includes/captcha/captcha_non_gd.php @@ -30,15 +30,14 @@ class captcha } /** - * Create the image containing $code + * Create the image containing $code with a seed of $seed */ - function execute($code) + function execute($code, $seed) { $img_height = $this->height - 10; $img_width = 0; - list($usec, $sec) = explode(' ', microtime()); - mt_srand($sec * $usec); + mt_srand($seed); $char_widths = $hold_chars = array(); $code_len = strlen($code); diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index e975469685..6f5ff42ac2 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -1903,12 +1903,14 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa // Generate code $code = gen_rand_string(mt_rand(5, 8)); $confirm_id = md5(unique_id($user->ip)); + $seed = hexdec(substr(unique_id(), 4, 10)); $sql = 'INSERT INTO ' . CONFIRM_TABLE . ' ' . $db->sql_build_array('INSERT', array( 'confirm_id' => (string) $confirm_id, 'session_id' => (string) $user->session_id, 'confirm_type' => (int) CONFIRM_LOGIN, - 'code' => (string) $code) + 'code' => (string) $code, + 'seed' => (int) $seed) ); $db->sql_query($sql); diff --git a/phpBB/includes/ucp/ucp_confirm.php b/phpBB/includes/ucp/ucp_confirm.php index 087a186fa7..e971dbb3ae 100644 --- a/phpBB/includes/ucp/ucp_confirm.php +++ b/phpBB/includes/ucp/ucp_confirm.php @@ -39,7 +39,7 @@ class ucp_confirm } // Try and grab code for this id and session - $sql = 'SELECT code + $sql = 'SELECT code, seed FROM ' . CONFIRM_TABLE . " WHERE session_id = '" . $db->sql_escape($user->session_id) . "' AND confirm_id = '" . $db->sql_escape($confirm_id) . "' @@ -64,7 +64,7 @@ class ucp_confirm } $captcha = new captcha(); - $captcha->execute($row['code']); + $captcha->execute($row['code'], $row['seed']); exit; } } diff --git a/phpBB/includes/ucp/ucp_register.php b/phpBB/includes/ucp/ucp_register.php index 2e355fe3c2..d78ea09806 100644 --- a/phpBB/includes/ucp/ucp_register.php +++ b/phpBB/includes/ucp/ucp_register.php @@ -441,12 +441,14 @@ class ucp_register $code = gen_rand_string(mt_rand(5, 8)); $confirm_id = md5(unique_id($user->ip)); + $seed = hexdec(substr(unique_id(), 4, 10)); $sql = 'INSERT INTO ' . CONFIRM_TABLE . ' ' . $db->sql_build_array('INSERT', array( 'confirm_id' => (string) $confirm_id, 'session_id' => (string) $user->session_id, 'confirm_type' => (int) CONFIRM_REG, - 'code' => (string) $code) + 'code' => (string) $code, + 'seed' => (int) $seed) ); $db->sql_query($sql); } |