summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMax Kremmel <xing@synapse.plus.com>2006-09-16 09:52:01 +0000
committerMax Kremmel <xing@synapse.plus.com>2006-09-16 09:52:01 +0000
commit01c52d5e20cec05e4f0a835b181153abb50ec1d8 (patch)
treeb17d0cfb353477f4b56c32d7dab7faac4c40d821
parent6ea296a1e1e4988759b46a83c7cbc48f448a5ca8 (diff)
downloadusers-01c52d5e20cec05e4f0a835b181153abb50ec1d8.tar.gz
users-01c52d5e20cec05e4f0a835b181153abb50ec1d8.tar.bz2
users-01c52d5e20cec05e4f0a835b181153abb50ec1d8.zip
massive captcha cleanup, centralised captcha verification, added option to use freecap (settings in liberty admin screen), only one captcha verification needed per session
-rw-r--r--BitUser.php19
-rw-r--r--admin/admin_login_inc.php4
-rw-r--r--captcha_image.php6
-rw-r--r--register.php9
-rw-r--r--templates/admin_login.tpl6
-rw-r--r--templates/register.tpl8
6 files changed, 30 insertions, 22 deletions
diff --git a/BitUser.php b/BitUser.php
index 7fb5c96..6766826 100644
--- a/BitUser.php
+++ b/BitUser.php
@@ -1,6 +1,6 @@
<?php
/**
- * $Header: /cvsroot/bitweaver/_bit_users/BitUser.php,v 1.107 2006/09/13 00:25:31 spiderr Exp $
+ * $Header: /cvsroot/bitweaver/_bit_users/BitUser.php,v 1.108 2006/09/16 09:52:01 squareing Exp $
*
* Lib for user administration, groups and permissions
* This lib uses pear so the constructor requieres
@@ -12,7 +12,7 @@
* All Rights Reserved. See copyright.txt for details and a complete list of authors.
* Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details
*
- * $Id: BitUser.php,v 1.107 2006/09/13 00:25:31 spiderr Exp $
+ * $Id: BitUser.php,v 1.108 2006/09/16 09:52:01 squareing Exp $
* @package users
*/
@@ -40,7 +40,7 @@ define("ACCOUNT_DISABLED", -6);
* Class that holds all information for a given user
*
* @author spider <spider@steelsun.com>
- * @version $Revision: 1.107 $
+ * @version $Revision: 1.108 $
* @package users
* @subpackage BitUser
*/
@@ -575,6 +575,19 @@ return false;
return( $ret );
}
+ function verifyCaptcha( $pCaptcha = NULL ) {
+ if( $this->hasPermission( 'p_users_bypass_captcha' ) || ( !empty( $_SESSION['captcha_verified'] ) && $_SESSION['captcha_verified'] === TRUE ) ) {
+ return TRUE;
+ } else {
+ if( empty( $pCaptcha ) || $_SESSION['captcha'] != md5( $pCaptcha ) ) {
+ return FALSE;
+ } else {
+ $_SESSION['captcha_verified'] = TRUE;
+ return TRUE;
+ }
+ }
+ }
+
function store( &$pParamHash ) {
if( $this->verify( $pParamHash ) ) {
diff --git a/admin/admin_login_inc.php b/admin/admin_login_inc.php
index b13b822..8d61c93 100644
--- a/admin/admin_login_inc.php
+++ b/admin/admin_login_inc.php
@@ -1,5 +1,5 @@
<?php
-// $Header: /cvsroot/bitweaver/_bit_users/admin/admin_login_inc.php,v 1.23 2006/09/02 10:00:19 wolff_borg Exp $
+// $Header: /cvsroot/bitweaver/_bit_users/admin/admin_login_inc.php,v 1.24 2006/09/16 09:52:01 squareing Exp $
// Copyright (c) 2002-2003, Luis Argerich, Garland Foster, Eduardo Polidor, et. al.
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
@@ -8,7 +8,7 @@ require_once( USERS_PKG_PATH.'BaseAuth.php' );
$loginSettings = array(
'users_create_user_auth' => array(
- 'label' => "Propgate Users",
+ 'label' => "Propagate Users",
'type' => "checkbox",
'note' => "Create a User in all lower Authentication Methods.<br />This won't work for methods in Method 1.",
),
diff --git a/captcha_image.php b/captcha_image.php
index 7070cfb..0915b55 100644
--- a/captcha_image.php
+++ b/captcha_image.php
@@ -1,6 +1,6 @@
<?php
/**
- * $Header: /cvsroot/bitweaver/_bit_users/captcha_image.php,v 1.3 2006/09/15 21:16:56 spiderr Exp $
+ * $Header: /cvsroot/bitweaver/_bit_users/captcha_image.php,v 1.4 2006/09/16 09:52:01 squareing Exp $
*
* Copyright (c) 2004 bitweaver.org
* Copyright (c) 2003 tikwiki.org
@@ -8,7 +8,7 @@
* All Rights Reserved. See copyright.txt for details and a complete list of authors.
* Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details
*
- * $Id: captcha_image.php,v 1.3 2006/09/15 21:16:56 spiderr Exp $
+ * $Id: captcha_image.php,v 1.4 2006/09/16 09:52:01 squareing Exp $
* @package users
* @subpackage functions
*/
@@ -39,7 +39,7 @@ imagefill( $img, 0, 0, $bg );
imagerectangle( $img, 1, 1, $width - 1, $height - 1, $border );
srand( time() );
$number = rand( 10000, 99999 );
-$_SESSION['captcha'] = $number;
+$_SESSION['captcha'] = md5( $number );
for( $i = 0; $i < 5; $i++ ) {
imagestring( $img, 10, ( $width / 6 ) - 5 + ( $width / 6 ) * $i + rand( 0, 2 ), 2 + rand( 0, $height - 22 ), substr( $number, $i, 1 ), $text[rand( 0, count( $text ) - 1 )] );
}
diff --git a/register.php b/register.php
index 3cf6ddf..c3ce729 100644
--- a/register.php
+++ b/register.php
@@ -1,6 +1,6 @@
<?php
/**
- * $Header: /cvsroot/bitweaver/_bit_users/register.php,v 1.26 2006/09/15 21:07:42 spiderr Exp $
+ * $Header: /cvsroot/bitweaver/_bit_users/register.php,v 1.27 2006/09/16 09:52:01 squareing Exp $
*
* Copyright (c) 2004 bitweaver.org
* Copyright (c) 2003 tikwiki.org
@@ -8,7 +8,7 @@
* All Rights Reserved. See copyright.txt for details and a complete list of authors.
* Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details
*
- * $Id: register.php,v 1.26 2006/09/15 21:07:42 spiderr Exp $
+ * $Id: register.php,v 1.27 2006/09/16 09:52:01 squareing Exp $
* @package users
* @subpackage functions
*/
@@ -40,8 +40,9 @@ if( isset( $_REQUEST["register"] ) ) {
$reg = $_REQUEST;
// novalidation is set to yes if a user confirms his email is correct after tiki fails to validate it
if( $gBitSystem->isFeatureActive( 'users_random_number_reg' ) ) {
- if( (empty( $reg['novalidation'] ) || $reg['novalidation'] != 'yes')
- && (!isset( $_SESSION['captcha'] ) || $_SESSION['captcha']!=$reg['captcha'])) {
+ if( ( empty( $reg['novalidation'] ) || $reg['novalidation'] != 'yes' )
+ &&( !isset( $_SESSION['captcha'] ) || $_SESSION['captcha'] != md5( $reg['captcha'] ) ) )
+ {
$errors['captcha'] = "Wrong registration code";
}
}
diff --git a/templates/admin_login.tpl b/templates/admin_login.tpl
index 89f961a..a40380d 100644
--- a/templates/admin_login.tpl
+++ b/templates/admin_login.tpl
@@ -4,10 +4,10 @@
<input type="hidden" name="page" value="{$page}" />
<div class="row">
- {foreach from=$authSettings.err item='auth_error' key='auth_type'}
- {formfeedback error=$auth_error}
- {/foreach}
+ {formfeedback hash=$authSettings.err}
+
{formlabel label="Authentication method"}
+
{forminput}
{foreach from=$authSettings.avail_method item='auth_method' key='iter'}
<label>Method {$iter+1}
diff --git a/templates/register.tpl b/templates/register.tpl
index ff1943e..6a5b37c 100644
--- a/templates/register.tpl
+++ b/templates/register.tpl
@@ -191,13 +191,7 @@
{if $gBitSystem->isFeatureActive('users_random_number_reg')}
<hr />
- <div class="row">
- {formfeedback error=$errors.captcha}
- {formlabel label="Your registration code"}
- {forminput}
- <img src="{$smarty.const.USERS_PKG_URL}captcha_image.php" alt="{tr}Random Image{/tr}"/>
- {/forminput}
- </div>
+ {captcha variant=row}
<div class="row">
{formlabel label="Registration code" for="regcode"}