diff options
| author | Max Kremmel <xing@synapse.plus.com> | 2006-09-16 09:52:01 +0000 |
|---|---|---|
| committer | Max Kremmel <xing@synapse.plus.com> | 2006-09-16 09:52:01 +0000 |
| commit | 01c52d5e20cec05e4f0a835b181153abb50ec1d8 (patch) | |
| tree | b17d0cfb353477f4b56c32d7dab7faac4c40d821 | |
| parent | 6ea296a1e1e4988759b46a83c7cbc48f448a5ca8 (diff) | |
| download | users-01c52d5e20cec05e4f0a835b181153abb50ec1d8.tar.gz users-01c52d5e20cec05e4f0a835b181153abb50ec1d8.tar.bz2 users-01c52d5e20cec05e4f0a835b181153abb50ec1d8.zip | |
massive captcha cleanup, centralised captcha verification, added option to use freecap (settings in liberty admin screen), only one captcha verification needed per session
| -rw-r--r-- | BitUser.php | 19 | ||||
| -rw-r--r-- | admin/admin_login_inc.php | 4 | ||||
| -rw-r--r-- | captcha_image.php | 6 | ||||
| -rw-r--r-- | register.php | 9 | ||||
| -rw-r--r-- | templates/admin_login.tpl | 6 | ||||
| -rw-r--r-- | templates/register.tpl | 8 |
6 files changed, 30 insertions, 22 deletions
diff --git a/BitUser.php b/BitUser.php index 7fb5c96..6766826 100644 --- a/BitUser.php +++ b/BitUser.php @@ -1,6 +1,6 @@ <?php /** - * $Header: /cvsroot/bitweaver/_bit_users/BitUser.php,v 1.107 2006/09/13 00:25:31 spiderr Exp $ + * $Header: /cvsroot/bitweaver/_bit_users/BitUser.php,v 1.108 2006/09/16 09:52:01 squareing Exp $ * * Lib for user administration, groups and permissions * This lib uses pear so the constructor requieres @@ -12,7 +12,7 @@ * All Rights Reserved. See copyright.txt for details and a complete list of authors. * Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details * - * $Id: BitUser.php,v 1.107 2006/09/13 00:25:31 spiderr Exp $ + * $Id: BitUser.php,v 1.108 2006/09/16 09:52:01 squareing Exp $ * @package users */ @@ -40,7 +40,7 @@ define("ACCOUNT_DISABLED", -6); * Class that holds all information for a given user * * @author spider <spider@steelsun.com> - * @version $Revision: 1.107 $ + * @version $Revision: 1.108 $ * @package users * @subpackage BitUser */ @@ -575,6 +575,19 @@ return false; return( $ret ); } + function verifyCaptcha( $pCaptcha = NULL ) { + if( $this->hasPermission( 'p_users_bypass_captcha' ) || ( !empty( $_SESSION['captcha_verified'] ) && $_SESSION['captcha_verified'] === TRUE ) ) { + return TRUE; + } else { + if( empty( $pCaptcha ) || $_SESSION['captcha'] != md5( $pCaptcha ) ) { + return FALSE; + } else { + $_SESSION['captcha_verified'] = TRUE; + return TRUE; + } + } + } + function store( &$pParamHash ) { if( $this->verify( $pParamHash ) ) { diff --git a/admin/admin_login_inc.php b/admin/admin_login_inc.php index b13b822..8d61c93 100644 --- a/admin/admin_login_inc.php +++ b/admin/admin_login_inc.php @@ -1,5 +1,5 @@ <?php -// $Header: /cvsroot/bitweaver/_bit_users/admin/admin_login_inc.php,v 1.23 2006/09/02 10:00:19 wolff_borg Exp $ +// $Header: /cvsroot/bitweaver/_bit_users/admin/admin_login_inc.php,v 1.24 2006/09/16 09:52:01 squareing Exp $ // Copyright (c) 2002-2003, Luis Argerich, Garland Foster, Eduardo Polidor, et. al. // All Rights Reserved. See copyright.txt for details and a complete list of authors. // Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details. @@ -8,7 +8,7 @@ require_once( USERS_PKG_PATH.'BaseAuth.php' ); $loginSettings = array( 'users_create_user_auth' => array( - 'label' => "Propgate Users", + 'label' => "Propagate Users", 'type' => "checkbox", 'note' => "Create a User in all lower Authentication Methods.<br />This won't work for methods in Method 1.", ), diff --git a/captcha_image.php b/captcha_image.php index 7070cfb..0915b55 100644 --- a/captcha_image.php +++ b/captcha_image.php @@ -1,6 +1,6 @@ <?php /** - * $Header: /cvsroot/bitweaver/_bit_users/captcha_image.php,v 1.3 2006/09/15 21:16:56 spiderr Exp $ + * $Header: /cvsroot/bitweaver/_bit_users/captcha_image.php,v 1.4 2006/09/16 09:52:01 squareing Exp $ * * Copyright (c) 2004 bitweaver.org * Copyright (c) 2003 tikwiki.org @@ -8,7 +8,7 @@ * All Rights Reserved. See copyright.txt for details and a complete list of authors. * Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details * - * $Id: captcha_image.php,v 1.3 2006/09/15 21:16:56 spiderr Exp $ + * $Id: captcha_image.php,v 1.4 2006/09/16 09:52:01 squareing Exp $ * @package users * @subpackage functions */ @@ -39,7 +39,7 @@ imagefill( $img, 0, 0, $bg ); imagerectangle( $img, 1, 1, $width - 1, $height - 1, $border ); srand( time() ); $number = rand( 10000, 99999 ); -$_SESSION['captcha'] = $number; +$_SESSION['captcha'] = md5( $number ); for( $i = 0; $i < 5; $i++ ) { imagestring( $img, 10, ( $width / 6 ) - 5 + ( $width / 6 ) * $i + rand( 0, 2 ), 2 + rand( 0, $height - 22 ), substr( $number, $i, 1 ), $text[rand( 0, count( $text ) - 1 )] ); } diff --git a/register.php b/register.php index 3cf6ddf..c3ce729 100644 --- a/register.php +++ b/register.php @@ -1,6 +1,6 @@ <?php /** - * $Header: /cvsroot/bitweaver/_bit_users/register.php,v 1.26 2006/09/15 21:07:42 spiderr Exp $ + * $Header: /cvsroot/bitweaver/_bit_users/register.php,v 1.27 2006/09/16 09:52:01 squareing Exp $ * * Copyright (c) 2004 bitweaver.org * Copyright (c) 2003 tikwiki.org @@ -8,7 +8,7 @@ * All Rights Reserved. See copyright.txt for details and a complete list of authors. * Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details * - * $Id: register.php,v 1.26 2006/09/15 21:07:42 spiderr Exp $ + * $Id: register.php,v 1.27 2006/09/16 09:52:01 squareing Exp $ * @package users * @subpackage functions */ @@ -40,8 +40,9 @@ if( isset( $_REQUEST["register"] ) ) { $reg = $_REQUEST; // novalidation is set to yes if a user confirms his email is correct after tiki fails to validate it if( $gBitSystem->isFeatureActive( 'users_random_number_reg' ) ) { - if( (empty( $reg['novalidation'] ) || $reg['novalidation'] != 'yes') - && (!isset( $_SESSION['captcha'] ) || $_SESSION['captcha']!=$reg['captcha'])) { + if( ( empty( $reg['novalidation'] ) || $reg['novalidation'] != 'yes' ) + &&( !isset( $_SESSION['captcha'] ) || $_SESSION['captcha'] != md5( $reg['captcha'] ) ) ) + { $errors['captcha'] = "Wrong registration code"; } } diff --git a/templates/admin_login.tpl b/templates/admin_login.tpl index 89f961a..a40380d 100644 --- a/templates/admin_login.tpl +++ b/templates/admin_login.tpl @@ -4,10 +4,10 @@ <input type="hidden" name="page" value="{$page}" /> <div class="row"> - {foreach from=$authSettings.err item='auth_error' key='auth_type'} - {formfeedback error=$auth_error} - {/foreach} + {formfeedback hash=$authSettings.err} + {formlabel label="Authentication method"} + {forminput} {foreach from=$authSettings.avail_method item='auth_method' key='iter'} <label>Method {$iter+1} diff --git a/templates/register.tpl b/templates/register.tpl index ff1943e..6a5b37c 100644 --- a/templates/register.tpl +++ b/templates/register.tpl @@ -191,13 +191,7 @@ {if $gBitSystem->isFeatureActive('users_random_number_reg')} <hr /> - <div class="row"> - {formfeedback error=$errors.captcha} - {formlabel label="Your registration code"} - {forminput} - <img src="{$smarty.const.USERS_PKG_URL}captcha_image.php" alt="{tr}Random Image{/tr}"/> - {/forminput} - </div> + {captcha variant=row} <div class="row"> {formlabel label="Registration code" for="regcode"} |
