plugins/SpecialUserFuncs.php
changeset 266 917dcc6c4ceb
parent 227 0eca1498a77b
parent 263 d57af0b0302e
child 271 f088805540ae
equal deleted inserted replaced
265:7e0cdf71b1bb 266:917dcc6c4ceb
   500   if(isset($_POST['submit'])) 
   500   if(isset($_POST['submit'])) 
   501   {
   501   {
   502     $_GET['coppa'] = ( isset($_POST['coppa']) ) ? $_POST['coppa'] : 'x';
   502     $_GET['coppa'] = ( isset($_POST['coppa']) ) ? $_POST['coppa'] : 'x';
   503     
   503     
   504     $captcharesult = $session->get_captcha($_POST['captchahash']);
   504     $captcharesult = $session->get_captcha($_POST['captchahash']);
       
   505     $session->kill_captcha();
   505     if($captcharesult != $_POST['captchacode'])
   506     if($captcharesult != $_POST['captchacode'])
   506     {
   507     {
   507       $s = $lang->get('user_reg_err_captcha');
   508       $s = $lang->get('user_reg_err_captcha');
   508     }
   509     }
   509     else
   510     else
   882           {
   883           {
   883             var frm = document.forms.regform;
   884             var frm = document.forms.regform;
   884             
   885             
   885             if(!namegood)
   886             if(!namegood)
   886             {
   887             {
   887               var r = new RegExp('^([A-z0-9 \.:\!@\#\*]+){2,}$', 'g');
   888               <?php
   888               if(frm.username.value.match(r))
   889               // sorry for this ugly hack but jedit gets f***ed otherwise
       
   890               echo 'if(frm.username.value.match(/^([A-z0-9 \.:\!@\#\*]+){2,}$/ig))';
       
   891               ?>
   889               {
   892               {
   890                 document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/unknown.gif';
   893                 document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/unknown.gif';
   891                 document.getElementById('e_username').innerHTML = '&nbsp;';
   894                 document.getElementById('e_username').innerHTML = '&nbsp;';
   892               } else {
   895               } else {
   893                 document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/bad.gif';
   896                 document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/bad.gif';
  1150 }
  1153 }
  1151 
  1154 
  1152 function page_Special_Captcha()
  1155 function page_Special_Captcha()
  1153 {
  1156 {
  1154   global $db, $session, $paths, $template, $plugins; // Common objects
  1157   global $db, $session, $paths, $template, $plugins; // Common objects
  1155   if($paths->getParam(0) == 'make')
  1158   if ( $paths->getParam(0) == 'make' )
  1156   {
  1159   {
  1157     $session->kill_captcha();
  1160     $session->kill_captcha();
  1158     echo $session->make_captcha();
  1161     echo $session->make_captcha();
  1159     return;
  1162     return;
  1160   }
  1163   }
       
  1164   
  1161   $hash = $paths->getParam(0);
  1165   $hash = $paths->getParam(0);
  1162   if(!$hash || !preg_match('#^([0-9a-f]*){32,32}$#i', $hash)) $paths->main_page();
  1166   if ( !$hash || !preg_match('#^([0-9a-f]*){32,32}$#i', $hash) )
  1163   $code = $session->get_captcha($hash);
  1167   {
  1164   if(!$code) die('Invalid hash or IP address incorrect.');
  1168     $paths->main_page();
  1165   require(ENANO_ROOT.'/includes/captcha.php');
  1169   }
       
  1170   
       
  1171   // Determine code length
       
  1172   $ip = ip2hex($_SERVER['REMOTE_ADDR']);
       
  1173   if ( !$ip )
       
  1174     die('(very desperate) Hacking attempt');
       
  1175   $q = $db->sql_query('SELECT CHAR_LENGTH(salt) AS len FROM ' . table_prefix . 'session_keys WHERE session_key = \'' . $db->escape($hash) . '\' AND source_ip = \'' . $db->escape($ip) . '\';');
       
  1176   if ( !$q )
       
  1177     $db->_die('SpecialUserFuncs selecting CAPTCHA code');
       
  1178   if ( $db->numrows() < 1 )
       
  1179     die('Invalid hash or hacking attempt by IP');
       
  1180   
       
  1181   // Generate code
       
  1182   $row = $db->fetchrow();
       
  1183   $db->free_result();
       
  1184   $len = intval($row['len']);
       
  1185   if ( $len < 4 )
       
  1186     $len = 7;
       
  1187   $code = $session->generate_captcha_code($len);
       
  1188   
       
  1189   // Update database with new code
       
  1190   $q = $db->sql_query('UPDATE ' . table_prefix . 'session_keys SET salt = \'' . $code . '\' WHERE session_key = \'' . $db->escape($hash) . '\' AND source_ip = \'' . $db->escape($ip) . '\';');
       
  1191   if ( !$q )
       
  1192     $db->_die('SpecialUserFuncs generating new CAPTCHA confirmation code');
       
  1193   
       
  1194   require ( ENANO_ROOT.'/includes/captcha.php' );
  1166   $captcha = new captcha($code);
  1195   $captcha = new captcha($code);
  1167   //header('Content-disposition: attachment; filename=autocaptcha.png');
       
  1168   $captcha->make_image();
  1196   $captcha->make_image();
  1169   exit;
  1197   exit;
  1170 }
  1198 }
  1171 
  1199 
  1172 function page_Special_PasswordReset()
  1200 function page_Special_PasswordReset()