plugins/SpecialUserFuncs.php
changeset 1160 c0e0a1787a63
parent 1158 e733f984c990
child 1206 50f6c144ec68
child 1257 7365c9bf2106
equal deleted inserted replaced
1157:e154e8176700 1160:c0e0a1787a63
   815                   <br />
   815                   <br />
   816                   <?php echo $lang->get('user_reg_msg_captcha_blind'); ?>
   816                   <?php echo $lang->get('user_reg_msg_captcha_blind'); ?>
   817                 </small>
   817                 </small>
   818               </td>
   818               </td>
   819               <td class="row1">
   819               <td class="row1">
   820                 <img id="captchaimg" alt="CAPTCHA image" src="<?php echo makeUrlNS('Special', 'Captcha/'.$captchacode); ?>" /><br />
   820                 <img id="captchaimg" alt="CAPTCHA image" src="<?php echo makeUrlNS('Special', 'Captcha/'.$captchacode); ?>" style="cursor: pointer;" onclick="regenCaptcha(); return false;" />
   821                 <span id="b_username"></span>
       
   822               </td>
   821               </td>
   823               <td class="row1">
   822               <td class="row1">
       
   823                 <img alt="Good/bad icon" src="<?php echo scriptPath; ?>/images/checkbad.png" id="s_captcha" />
   824               </td>
   824               </td>
   825             </tr>
   825             </tr>
   826             
   826             
   827             <!-- FIELD: CAPTCHA input field -->
   827             <!-- FIELD: CAPTCHA input field -->
   828             <tr>
   828             <tr>
   829               <td class="row1" colspan="2">
   829               <td class="row1" colspan="2">
   830                 <?php echo $lang->get('user_reg_lbl_field_captcha_code'); ?>
   830                 <?php echo $lang->get('user_reg_lbl_field_captcha_code'); ?>
   831                 <input tabindex="6" name="captchacode" type="text" size="10" />
   831                 <input tabindex="6" name="captchacode" type="text" size="10" onkeyup="validateCaptcha(this);" />
       
   832                 <img id="captchaajax" width="16" height="16" src="<?php echo cdnPath; ?>/images/spacer.gif" />
   832                 <input type="hidden" name="captchahash" value="<?php echo $captchacode; ?>" />
   833                 <input type="hidden" name="captchahash" value="<?php echo $captchacode; ?>" />
   833               </td>
   834               </td>
   834             </tr>
   835             </tr>
   835             
   836             
   836             <!-- FIELD: TOU -->
   837             <!-- FIELD: TOU -->
  1058           }
  1059           }
  1059           function regenCaptcha()
  1060           function regenCaptcha()
  1060           {
  1061           {
  1061             var frm = document.forms.regform;
  1062             var frm = document.forms.regform;
  1062             document.getElementById('captchaimg').src = '<?php echo makeUrlNS("Special", "Captcha/$captchacode"); ?>/'+Math.floor(Math.random() * 100000);
  1063             document.getElementById('captchaimg').src = '<?php echo makeUrlNS("Special", "Captcha/$captchacode"); ?>/'+Math.floor(Math.random() * 100000);
       
  1064             frm.captchacode.value = '';
  1063             return false;
  1065             return false;
       
  1066           }
       
  1067           function validateCaptcha(input)
       
  1068           {
       
  1069             var frm = document.forms.regform;
       
  1070             if ( input.value.length < 7 )
       
  1071             {
       
  1072               return false;
       
  1073             }
       
  1074             var valid_field = document.getElementById('s_captcha');
       
  1075             var loader_img = document.getElementById('captchaajax');
       
  1076             loader_img.src = cdnPath + '/images/loading.gif';
       
  1077             ajaxGet(makeUrlNS('Special', 'Captcha/' + frm.captchahash.value + '/validate=' + input.value), function(ajax)
       
  1078               {
       
  1079                 if ( ajax.readyState == 4 && ajax.status == 200 )
       
  1080                 {
       
  1081                   var response = String(ajax.responseText + '');
       
  1082                   if ( !check_json_response(response) )
       
  1083                   {
       
  1084                     handle_invalid_json(response);
       
  1085                     return false;
       
  1086                   }
       
  1087                   response = parseJSON(response);
       
  1088                   if ( response.valid )
       
  1089                   {
       
  1090                     loader_img.src = cdnPath + '/images/spacer.gif';
       
  1091                     valid_field.src = cdnPath + '/images/check.png';
       
  1092                   }
       
  1093                   else
       
  1094                   {
       
  1095                     valid_field.src = cdnPath + '/images/checkbad.png';
       
  1096                     regenCaptcha();
       
  1097                     document.getElementById('captchaimg').onload = function()
       
  1098                     {
       
  1099                       document.getElementById('captchaajax').src = cdnPath + '/images/spacer.gif';
       
  1100                       input.focus();
       
  1101                     };
       
  1102                     input.value = '';
       
  1103                   }
       
  1104                 }
       
  1105               });
  1064           }
  1106           }
  1065           addOnloadHook(function()
  1107           addOnloadHook(function()
  1066             {
  1108             {
  1067               <?php if ( getConfig('pw_strength_enable') == '1' ): ?>
  1109               <?php if ( getConfig('pw_strength_enable') == '1' ): ?>
  1068               var frm = document.forms.regform;
  1110               var frm = document.forms.regform;
  1280   $hash = $paths->getParam(0);
  1322   $hash = $paths->getParam(0);
  1281   if ( !$hash || !preg_match('#^([0-9a-f]*){32,40}$#i', $hash) )
  1323   if ( !$hash || !preg_match('#^([0-9a-f]*){32,40}$#i', $hash) )
  1282   {
  1324   {
  1283     $paths->main_page();
  1325     $paths->main_page();
  1284   }
  1326   }
       
  1327   
       
  1328   if ( $validate_code = $paths->getParam(1) )
       
  1329   {
       
  1330     if ( preg_match('/^validate=(.+)$/', $validate_code, $match) )
       
  1331     {
       
  1332       header('Content-type: text/javascript');
       
  1333       $code = $session->get_captcha($hash, true);
       
  1334       $valid = strtolower($code) === strtolower($match[1]);
       
  1335       if ( !$valid )
       
  1336       {
       
  1337         $session->make_captcha(7, $hash);
       
  1338       }
       
  1339       echo enano_json_encode(array(
       
  1340         'valid' => $valid
       
  1341         ));
       
  1342       exit;
       
  1343     }
       
  1344   }
  1285 
  1345 
  1286   $session->make_captcha(7, $hash);
  1346   $session->make_captcha(7, $hash);
  1287   $code = $session->generate_captcha_code();
  1347   $code = $session->generate_captcha_code();
  1288   // Avoid letting our captchas end up on failblog.org
  1348   // Avoid letting our captchas end up on failblog.org
  1289   // BTW, the last one was a real-life encounter: http://files.ha.xx0r.info/murder.png
  1349   // BTW, the last one was a real-life encounter: http://files.ha.xx0r.info/murder.png
  1290   foreach ( array('shit', 'cock', 'fuck', 'nazi', 'cunt', 'clit', 'pussy', 'penis', 'piss', 'tits', 'murder') as $word )
  1350   foreach ( array('shit', 'cock', 'fuck', 'nazi', 'cunt', 'clit', 'pussy', 'penis', 'piss', 'tits', 'murder') as $word )
  1291   {
  1351   {
  1292     if ( stristr($code, $word) )
  1352     if ( stristr($code, $word) )
  1293     {
  1353     {
  1294       // but don't put too much effort into this (will only correct this once)
  1354       // but don't put too much effort into this (will only correct this once)
       
  1355       // I mean, face it. If it generates one of those words twice in a row, either the local root has had
       
  1356       // way too much fun with his /dev/random, or this server is just plain gutter-minded.
  1295       $code = $session->generate_captcha_code();
  1357       $code = $session->generate_captcha_code();
  1296       break;
  1358       break;
  1297     }
  1359     }
  1298   }
  1360   }
  1299   $q = $db->sql_query('UPDATE ' . table_prefix . "captcha SET code = '$code' WHERE session_id = '$hash';");
  1361   $q = $db->sql_query('UPDATE ' . table_prefix . "captcha SET code = '$code' WHERE session_id = '$hash';");