Mercurial Mercurial > repos > enano-1.1 / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
plugins/SpecialUserFuncs.php
changeset 263 d57af0b0302e
parent 192 9237767a23ae
child 266 917dcc6c4ceb
child 270 5bcdee999015
equal deleted inserted replaced
262:596945fa6e56 263:d57af0b0302e 
   351   if(isset($_POST['submit'])) 
   351   if(isset($_POST['submit'])) 
   352   {
 
   352   {
 
   353     $_GET['coppa'] = ( isset($_POST['coppa']) ) ? $_POST['coppa'] : 'x';
 
   353     $_GET['coppa'] = ( isset($_POST['coppa']) ) ? $_POST['coppa'] : 'x';
 
   354     
   354     
   355     $captcharesult = $session->get_captcha($_POST['captchahash']);
 
   355     $captcharesult = $session->get_captcha($_POST['captchahash']);
 
       
   356     $session->kill_captcha();
 
   356     if($captcharesult != $_POST['captchacode'])
 
   357     if($captcharesult != $_POST['captchacode'])
 
   357     {
 
   358     {
 
   358       $s = 'The confirmation code you entered was incorrect.';
 
   359       $s = 'The confirmation code you entered was incorrect.';
 
   359     }
 
   360     }
 
   360     else
 
   361     else
 
   714           {
 
   715           {
 
   715             var frm = document.forms.regform;
 
   716             var frm = document.forms.regform;
 
   716             
   717             
   717             if(!namegood)
 
   718             if(!namegood)
 
   718             {
 
   719             {
 
   719               if(frm.username.value.match(/^([A-z0-9 \.:\!@\#\*]+){2,}$/ig))
 
   720               <?php
 
       
   721               // sorry for this ugly hack but jedit gets f***ed otherwise
 
       
   722               echo 'if(frm.username.value.match(/^([A-z0-9 \.:\!@\#\*]+){2,}$/ig))';
 
       
   723               ?>
 
   720               {
 
   724               {
 
   721                 document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/unknown.gif';
 
   725                 document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/unknown.gif';
 
   722                 document.getElementById('e_username').innerHTML = '';
 
   726                 document.getElementById('e_username').innerHTML = '';
 
   723               } else {
 
   727               } else {
 
   724                 document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/bad.gif';
 
   728                 document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/bad.gif';
 
   981 }
 
   985 }
 
   982 
   986 
   983 function page_Special_Captcha()
 
   987 function page_Special_Captcha()
 
   984 {
 
   988 {
 
   985   global $db, $session, $paths, $template, $plugins; // Common objects
 
   989   global $db, $session, $paths, $template, $plugins; // Common objects
 
   986   if($paths->getParam(0) == 'make')
 
   990   if ( $paths->getParam(0) == 'make' )
 
   987   {
 
   991   {
 
   988     $session->kill_captcha();
 
   992     $session->kill_captcha();
 
   989     echo $session->make_captcha();
 
   993     echo $session->make_captcha();
 
   990     return;
 
   994     return;
 
   991   }
 
   995   }
 
       
   996   
   992   $hash = $paths->getParam(0);
 
   997   $hash = $paths->getParam(0);
 
   993   if(!$hash || !preg_match('#^([0-9a-f]*){32,32}$#i', $hash)) $paths->main_page();
 
   998   if ( !$hash || !preg_match('#^([0-9a-f]*){32,32}$#i', $hash) )
 
   994   $code = $session->get_captcha($hash);
 
   999   {
 
   995   if(!$code) die('Invalid hash or IP address incorrect.');
 
  1000     $paths->main_page();
 
   996   require(ENANO_ROOT.'/includes/captcha.php');
 
  1001   }
 
       
  1002   
       
  1003   // Determine code length
 
       
  1004   $ip = ip2hex($_SERVER['REMOTE_ADDR']);
 
       
  1005   if ( !$ip )
 
       
  1006     die('(very desperate) Hacking attempt');
 
       
  1007   $q = $db->sql_query('SELECT CHAR_LENGTH(salt) AS len FROM ' . table_prefix . 'session_keys WHERE session_key = \'' . $db->escape($hash) . '\' AND source_ip = \'' . $db->escape($ip) . '\';');
 
       
  1008   if ( !$q )
 
       
  1009     $db->_die('SpecialUserFuncs selecting CAPTCHA code');
 
       
  1010   if ( $db->numrows() < 1 )
 
       
  1011     die('Invalid hash or hacking attempt by IP');
 
       
  1012   
       
  1013   // Generate code
 
       
  1014   $row = $db->fetchrow();
 
       
  1015   $db->free_result();
 
       
  1016   $len = intval($row['len']);
 
       
  1017   if ( $len < 4 )
 
       
  1018     $len = 7;
 
       
  1019   $code = $session->generate_captcha_code($len);
 
       
  1020   
       
  1021   // Update database with new code
 
       
  1022   $q = $db->sql_query('UPDATE ' . table_prefix . 'session_keys SET salt = \'' . $code . '\' WHERE session_key = \'' . $db->escape($hash) . '\' AND source_ip = \'' . $db->escape($ip) . '\';');
 
       
  1023   if ( !$q )
 
       
  1024     $db->_die('SpecialUserFuncs generating new CAPTCHA confirmation code');
 
       
  1025   
       
  1026   require ( ENANO_ROOT.'/includes/captcha.php' );
 
   997   $captcha = new captcha($code);
 
  1027   $captcha = new captcha($code);
 
   998   //header('Content-disposition: attachment; filename=autocaptcha.png');
 
       
   999   $captcha->make_image();
 
  1028   $captcha->make_image();
 
  1000   exit;
 
  1029   exit;
 
  1001 }
 
  1030 }
 
  1002 
  1031 
  1003 function page_Special_PasswordReset()
 
  1032 function page_Special_PasswordReset()
Enano CMS (1.1.x)