includes/captcha/engine_default.php
author Dan Fuhry <dan@enanocms.org>
Mon, 28 Jun 2010 10:43:04 -0400
changeset 1253 13f8d373da67
parent 1227 bdac73ed481e
permissions -rw-r--r--
SECURITY: Multiple XSS in Special:ChangeStyle. Reported by Mesut Timur of Mavituna Security - thanks! Also removed my stand-in for ucfirst().

<?php

/*
 * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
 * Copyright (C) 2006-2009 Dan Fuhry
 * captcha.php - visual confirmation system used during registration
 *
 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
 *
 * This file contains code written by Paul Sohier (www.paulscripts.nl). The CAPTCHA code was ported from the phpBB Better
 * Captcha mod, and has been released under the GPLv2 by the original author.
 */

/**
 * The default CAPTCHA engine. Generates medium-strength captchas with very good performance.
 * @package Enano
 * @subpackage User management
 * @copyright 2007-2008 Dan Fuhry
 * @copyright Paul Sohier
 */
 
class captcha_engine_default extends captcha_base
{
	function make_image()
	{
		$code =& strtoupper($this->get_code());
		
		/**
			* The next part is orginnaly written by ted from mastercode.nl and modified for use in Enano.
			**/
		header("content-type:image/png");
		header('Cache-control: no-cache, no-store');
		$breedte = 320;
		$hoogte = 60;
		$img = imagecreatetruecolor($breedte,$hoogte);
		$achtergrond = imagecolorallocate($img, $this->color("bg"), $this->color("bg"), $this->color("bg"));
		
		imagefilledrectangle($img, 0, 0, $breedte-1, $hoogte-1, $achtergrond);
		for($g = 0;$g < 30; $g++)
		{
			$t = $this->dss_rand();
			$t = $t[0];
					
			$ypos = rand(0,$hoogte);
			$xpos = rand(0,$breedte);
					
			$kleur = imagecolorallocate($img, $this->color("bgtekst"), $this->color("bgtekst"), $this->color("bgtekst"));
					
			imagettftext($img, $this->size(), $this->move(), $xpos, $ypos, $kleur, $this->font(), $t);
		} 			
		$stukje = $breedte / (strlen($code) + 3);
		
		for($j = 0;$j < strlen($code); $j++)
		{
			
			
			$tek = $code[$j];
			$ypos = rand(33,43);
			$xpos = $stukje * ($j+1);
					
			$kleur2 = imagecolorallocate($img, $this->color("tekst"), $this->color("tekst"), $this->color("tekst"));
			
			imagettftext($img, $this->size(), $this->move(), $xpos, $ypos, $kleur2, $this->font() , $tek);
		}
			
		imagepng($img);
	}
	
	/**
		* Some functions :)
		* Also orginally written by mastercode.nl
		**/
	/**
		* Function to create a random color
		* @param $type string Mode for the color
		* @return int
		**/
	function color($type)
	{
		switch($type)
		{
			case "bg": 
				$kleur = rand(224,255); 
			break;
			case "tekst": 
				$kleur = rand(0,127); 
			break;
			case "bgtekst": 
				$kleur = rand(200,224); 
			break;
			default: 
				$kleur = rand(0,255); 
			break;
		}
		return $kleur;
	}
	/**
		* Function to ranom the size
		* @return int
		**/
	function size()
	{
		$grootte = rand(14,30);
		return $grootte;
	}
	/**
		* Function to random the posistion
		* @return int
		**/
	function move()
	{
		$draai = rand(-25,25);
		return $draai;
	}
	
	/**
		* Function to return a ttf file from fonts map
		* @return string
		**/
	function font()
	{
		$f = @opendir(ENANO_ROOT . '/includes/captcha/fonts/');
		if(!$f) die('Can\'t open includes/captcha/fonts/ for reading');
		$ar = array();
		while(($file = @readdir($f)) !== false)
		{
			if(!in_array($file, array('.','..')) && strstr($file, '.ttf'))
			{
				$ar[] = $file;
			}
		}
		if(count($ar))
		{
			shuffle($ar);
			$i = rand(0,(count($ar) - 1));
			return ENANO_ROOT . '/includes/captcha/fonts/' . $ar[$i];
		}
	}
	function dss_rand()
	{
		$val = microtime() .  mt_rand();
		$val = md5($val . 'a');
		return substr($val, 4, 16);
	}
}