From 5922903264ef43d5bfb04af378863945f911018a Mon Sep 17 00:00:00 2001 From: David M Date: Thu, 26 Jan 2006 21:39:23 +0000 Subject: Fixes in both CAPTCHA and Compress Compress: - The "crc bug" is not a bug, it is actually a feature (the function returns an Adler hash, not a crc hash. This is more usefull for PNG files..) and was "fixed" by using the proper function instead of munging a substring - Zip files that are BZip2'd are now supported for extraction :-) CAPTCHA: - PNG generation now returns positive numbers for CRC, length, height and width! - We generate a variable number of images git-svn-id: file:///svn/phpbb/trunk@5496 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/functions_compress.php | 21 +++++++++++++-------- phpBB/includes/ucp/ucp_confirm.php | 15 ++++++--------- phpBB/includes/ucp/ucp_register.php | 17 ++++++++++++++--- 3 files changed, 33 insertions(+), 20 deletions(-) (limited to 'phpBB') diff --git a/phpBB/includes/functions_compress.php b/phpBB/includes/functions_compress.php index 4443292182..3bc83107f0 100644 --- a/phpBB/includes/functions_compress.php +++ b/phpBB/includes/functions_compress.php @@ -246,7 +246,7 @@ class compress_zip extends compress { trigger_error("Could not create directory $dir"); } - @chmod("$dir", 0777); + @chmod("$dst$str", 0777); } } } @@ -270,22 +270,28 @@ class compress_zip extends compress $mode = $fdetails['c_method']; $content = fread($this->fp, $fdetails['c_size']); + + $fp = fopen($target_filename, "w"); + switch ($mode) { case 0: // Not compressed - $fp = fopen($target_filename, "w"); fwrite($fp, $content); - fclose($fp); break; case 8: // Deflate - $fp = fopen($target_filename, "w"); fwrite($fp, gzinflate($content, $fdetails['uc_size'])); - fclose($fp); + break; + + case 12: + // Bzip2 + fwrite($fp, bzdecompress($content)); break; } + + fclose($fp); } } } @@ -306,7 +312,7 @@ class compress_zip extends compress $name = str_replace('\\', '/', $name); $dtime = dechex($this->unix_to_dos_time($stat[9])); - $hexdtime = pack('H*', $dtime[6] . $dtime[7] . $dtime[4] . $dtime[5] . $dtime[2] . $dtime[3] . $dtime[0] . $dtime[1]); + $hexdtime = pack('H8', $dtime[6] . $dtime[7] . $dtime[4] . $dtime[5] . $dtime[2] . $dtime[3] . $dtime[0] . $dtime[1]); if ($is_dir) { @@ -317,8 +323,7 @@ class compress_zip extends compress { $unc_len = strlen($data); $crc = crc32($data); - $zdata = gzcompress($data); - $zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2); // fix crc bug + $zdata = gzdeflate($data); $c_len = strlen($zdata); // Did we compress? No, then use data as is diff --git a/phpBB/includes/ucp/ucp_confirm.php b/phpBB/includes/ucp/ucp_confirm.php index 9e698cadb1..69336bb9fd 100644 --- a/phpBB/includes/ucp/ucp_confirm.php +++ b/phpBB/includes/ucp/ucp_confirm.php @@ -24,7 +24,7 @@ class ucp_confirm { function main($id, $mode) { - global $config, $db, $user, $auth, $SID, $template, $phpbb_root_path, $phpEx; + global $db, $user; // Do we have an id? No, then just exit $confirm_id = request_var('id', ''); @@ -34,13 +34,10 @@ class ucp_confirm exit; } - // Define available charset - $chars = array('A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', '1', '2', '3', '4', '5', '6', '7', '8', '9'); - // Try and grab code for this id and session $sql = 'SELECT code FROM ' . CONFIRM_TABLE . " - WHERE session_id = '" . $db->sql_escape($user->data['session_id']) . "' + WHERE session_id = '" . $db->sql_escape($user->session_id) . "' AND confirm_id = '" . $db->sql_escape($confirm_id) . "'"; $result = $db->sql_query($sql); @@ -198,9 +195,9 @@ class ucp_confirm $raw = $type; $raw .= $data; $crc = crc32($raw); - $raw .= pack('C4', $crc >> 24, $crc >> 16, $crc >> 8, $crc); + $raw .= pack('C4', ($crc >> 24) & 255, ($crc >> 16) & 255, ($crc >> 8) & 255, $crc & 255); - return pack('C4', $length >> 24, $length >> 16, $length >> 8, $length) . $raw; + return pack('C4', ($length >> 24) & 255, ($length >> 16) & 255, ($length >> 8) & 255, $length & 255) . $raw; } // Creates greyscale 8bit png - The PNG spec can be found at @@ -212,8 +209,8 @@ class ucp_confirm // SIG $image = pack('C8', 137, 80, 78, 71, 13, 10, 26, 10); // IHDR - $raw = pack('C4', $width >> 24, $width >> 16, $width >> 8, $width); - $raw .= pack('C4', $height >> 24, $height >> 16, $height >> 8, $height); + $raw = pack('C4', ($width >> 24) & 255, ($width >> 16) & 255, ($width >> 8) & 255, $width & 255); + $raw .= pack('C4', ($height >> 24) & 255, ($height >> 16) & 255, ($height >> 8) & 255, $height & 255); $raw .= pack('C5', 8, 0, 0, 0, 0); $image .= $this->png_chunk(13, 'IHDR', $raw); // IDAT diff --git a/phpBB/includes/ucp/ucp_register.php b/phpBB/includes/ucp/ucp_register.php index 918774c1b2..f9e7e09b13 100644 --- a/phpBB/includes/ucp/ucp_register.php +++ b/phpBB/includes/ucp/ucp_register.php @@ -420,7 +420,8 @@ class ucp_register } $db->sql_freeresult($result); - $code = gen_rand_string(6); + $code = gen_rand_string(mt_rand(5, 8)); + $confirm_id = md5(uniqid($user->ip)); $sql = 'INSERT INTO ' . CONFIRM_TABLE . ' ' . $db->sql_build_array('INSERT', array( @@ -431,8 +432,18 @@ class ucp_register $db->sql_query($sql); } - $confirm_image = (@extension_loaded('zlib')) ? "\"\"" : "\"\"\"\"\"\"\"\"\"\"\"\""; - $s_hidden_fields .= ''; + if (@extension_loaded('zlib')) + { + $confirm_image = "\"\""; + } + else + { + $confirm_image = ''; + for ($i = 1; $i < strlen($code) + 1; $i++) + { + $confirm_image .= "\"\""; + } + } } // -- cgit v1.2.1