From b776d02682492077a4fafd8835d7c4a17e50762d Mon Sep 17 00:00:00 2001 From: Henry Sudhof Date: Tue, 2 Jun 2009 14:12:23 +0000 Subject: Okay, a first ci of the new captcha plugins. We'll add dynamic template includes later, as well as documentation on how to use this. I'm prepared to get yelled at for bugs (oh, I know that there are plenty); but please blame spammers for broken styles and MODs. git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@9524 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/auth/auth_db.php | 39 ++++++--------------------------------- 1 file changed, 6 insertions(+), 33 deletions(-) (limited to 'phpBB/includes/auth/auth_db.php') diff --git a/phpBB/includes/auth/auth_db.php b/phpBB/includes/auth/auth_db.php index 24d4c56614..bdafefa70b 100644 --- a/phpBB/includes/auth/auth_db.php +++ b/phpBB/includes/auth/auth_db.php @@ -81,42 +81,15 @@ function login_db(&$username, &$password) } else { - global $user; - - $sql = 'SELECT code - FROM ' . CONFIRM_TABLE . " - WHERE confirm_id = '" . $db->sql_escape($confirm_id) . "' - AND session_id = '" . $db->sql_escape($user->session_id) . "' - AND confirm_type = " . CONFIRM_LOGIN; - $result = $db->sql_query($sql); - $confirm_row = $db->sql_fetchrow($result); - $db->sql_freeresult($result); - - if ($confirm_row) + $captcha = phpbb_captcha_factory::get_instance($config['captcha_plugin']); + $captcha->init(CONFIRM_LOGIN); + $vc_response = $captcha->validate(); + if ($vc_response) { - if (strcasecmp($confirm_row['code'], $confirm_code) === 0) - { - $sql = 'DELETE FROM ' . CONFIRM_TABLE . " - WHERE confirm_id = '" . $db->sql_escape($confirm_id) . "' - AND session_id = '" . $db->sql_escape($user->session_id) . "' - AND confirm_type = " . CONFIRM_LOGIN; - $db->sql_query($sql); - } - else - { - return array( + return array( 'status' => LOGIN_ERROR_ATTEMPTS, - 'error_msg' => 'CONFIRM_CODE_WRONG', + 'error_msg' => 'LOGIN_ERROR_ATTEMPTS', 'user_row' => $row, - ); - } - } - else - { - return array( - 'status' => LOGIN_ERROR_ATTEMPTS, - 'error_msg' => 'CONFIRM_CODE_WRONG', - 'user_row' => $row, ); } } -- cgit v1.2.1 From a539fca62b10f53a5f5dadf07f9ab07340fdabf9 Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Sun, 7 Jun 2009 11:34:01 +0000 Subject: some corrections, only very minor things. git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@9554 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/auth/auth_db.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'phpBB/includes/auth/auth_db.php') diff --git a/phpBB/includes/auth/auth_db.php b/phpBB/includes/auth/auth_db.php index bdafefa70b..f798264ada 100644 --- a/phpBB/includes/auth/auth_db.php +++ b/phpBB/includes/auth/auth_db.php @@ -68,7 +68,6 @@ function login_db(&$username, &$password) if ($config['max_login_attempts'] && $row['user_login_attempts'] >= $config['max_login_attempts']) { $confirm_id = request_var('confirm_id', ''); - $confirm_code = request_var('confirm_code', ''); // Visual Confirmation handling if (!$confirm_id) @@ -84,12 +83,13 @@ function login_db(&$username, &$password) $captcha = phpbb_captcha_factory::get_instance($config['captcha_plugin']); $captcha->init(CONFIRM_LOGIN); $vc_response = $captcha->validate(); + if ($vc_response) { return array( - 'status' => LOGIN_ERROR_ATTEMPTS, - 'error_msg' => 'LOGIN_ERROR_ATTEMPTS', - 'user_row' => $row, + 'status' => LOGIN_ERROR_ATTEMPTS, + 'error_msg' => 'LOGIN_ERROR_ATTEMPTS', + 'user_row' => $row, ); } } @@ -130,7 +130,7 @@ function login_db(&$username, &$password) $row['user_pass_convert'] = 0; $row['user_password'] = $hash; } - else + else { // Although we weren't able to convert this password we have to // increase login attempt count to make sure this cannot be exploited -- cgit v1.2.1 From 11dc41063313d62b100c16bceb289b12c7c3bf2b Mon Sep 17 00:00:00 2001 From: Henry Sudhof Date: Sat, 13 Jun 2009 14:09:51 +0000 Subject: Oh right. PHP4 git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@9581 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/auth/auth_db.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes/auth/auth_db.php') diff --git a/phpBB/includes/auth/auth_db.php b/phpBB/includes/auth/auth_db.php index f798264ada..5dc141ff77 100644 --- a/phpBB/includes/auth/auth_db.php +++ b/phpBB/includes/auth/auth_db.php @@ -80,7 +80,7 @@ function login_db(&$username, &$password) } else { - $captcha = phpbb_captcha_factory::get_instance($config['captcha_plugin']); + $captcha =& phpbb_captcha_factory::get_instance($config['captcha_plugin']); $captcha->init(CONFIRM_LOGIN); $vc_response = $captcha->validate(); -- cgit v1.2.1