plugins/SpecialUserFuncs.php
changeset 212 d57af0b0302e
parent 181 9237767a23ae
child 217 5bcdee999015
equal deleted inserted replaced
211:596945fa6e56 212:d57af0b0302e
   351   if(isset($_POST['submit'])) 
   351   if(isset($_POST['submit'])) 
   352   {
   352   {
   353     $_GET['coppa'] = ( isset($_POST['coppa']) ) ? $_POST['coppa'] : 'x';
   353     $_GET['coppa'] = ( isset($_POST['coppa']) ) ? $_POST['coppa'] : 'x';
   354     
   354     
   355     $captcharesult = $session->get_captcha($_POST['captchahash']);
   355     $captcharesult = $session->get_captcha($_POST['captchahash']);
       
   356     $session->kill_captcha();
   356     if($captcharesult != $_POST['captchacode'])
   357     if($captcharesult != $_POST['captchacode'])
   357     {
   358     {
   358       $s = 'The confirmation code you entered was incorrect.';
   359       $s = 'The confirmation code you entered was incorrect.';
   359     }
   360     }
   360     else
   361     else
   714           {
   715           {
   715             var frm = document.forms.regform;
   716             var frm = document.forms.regform;
   716             
   717             
   717             if(!namegood)
   718             if(!namegood)
   718             {
   719             {
   719               if(frm.username.value.match(/^([A-z0-9 \.:\!@\#\*]+){2,}$/ig))
   720               <?php
       
   721               // sorry for this ugly hack but jedit gets f***ed otherwise
       
   722               echo 'if(frm.username.value.match(/^([A-z0-9 \.:\!@\#\*]+){2,}$/ig))';
       
   723               ?>
   720               {
   724               {
   721                 document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/unknown.gif';
   725                 document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/unknown.gif';
   722                 document.getElementById('e_username').innerHTML = '';
   726                 document.getElementById('e_username').innerHTML = '';
   723               } else {
   727               } else {
   724                 document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/bad.gif';
   728                 document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/bad.gif';
   981 }
   985 }
   982 
   986 
   983 function page_Special_Captcha()
   987 function page_Special_Captcha()
   984 {
   988 {
   985   global $db, $session, $paths, $template, $plugins; // Common objects
   989   global $db, $session, $paths, $template, $plugins; // Common objects
   986   if($paths->getParam(0) == 'make')
   990   if ( $paths->getParam(0) == 'make' )
   987   {
   991   {
   988     $session->kill_captcha();
   992     $session->kill_captcha();
   989     echo $session->make_captcha();
   993     echo $session->make_captcha();
   990     return;
   994     return;
   991   }
   995   }
       
   996   
   992   $hash = $paths->getParam(0);
   997   $hash = $paths->getParam(0);
   993   if(!$hash || !preg_match('#^([0-9a-f]*){32,32}$#i', $hash)) $paths->main_page();
   998   if ( !$hash || !preg_match('#^([0-9a-f]*){32,32}$#i', $hash) )
   994   $code = $session->get_captcha($hash);
   999   {
   995   if(!$code) die('Invalid hash or IP address incorrect.');
  1000     $paths->main_page();
   996   require(ENANO_ROOT.'/includes/captcha.php');
  1001   }
       
  1002   
       
  1003   // Determine code length
       
  1004   $ip = ip2hex($_SERVER['REMOTE_ADDR']);
       
  1005   if ( !$ip )
       
  1006     die('(very desperate) Hacking attempt');
       
  1007   $q = $db->sql_query('SELECT CHAR_LENGTH(salt) AS len FROM ' . table_prefix . 'session_keys WHERE session_key = \'' . $db->escape($hash) . '\' AND source_ip = \'' . $db->escape($ip) . '\';');
       
  1008   if ( !$q )
       
  1009     $db->_die('SpecialUserFuncs selecting CAPTCHA code');
       
  1010   if ( $db->numrows() < 1 )
       
  1011     die('Invalid hash or hacking attempt by IP');
       
  1012   
       
  1013   // Generate code
       
  1014   $row = $db->fetchrow();
       
  1015   $db->free_result();
       
  1016   $len = intval($row['len']);
       
  1017   if ( $len < 4 )
       
  1018     $len = 7;
       
  1019   $code = $session->generate_captcha_code($len);
       
  1020   
       
  1021   // Update database with new code
       
  1022   $q = $db->sql_query('UPDATE ' . table_prefix . 'session_keys SET salt = \'' . $code . '\' WHERE session_key = \'' . $db->escape($hash) . '\' AND source_ip = \'' . $db->escape($ip) . '\';');
       
  1023   if ( !$q )
       
  1024     $db->_die('SpecialUserFuncs generating new CAPTCHA confirmation code');
       
  1025   
       
  1026   require ( ENANO_ROOT.'/includes/captcha.php' );
   997   $captcha = new captcha($code);
  1027   $captcha = new captcha($code);
   998   //header('Content-disposition: attachment; filename=autocaptcha.png');
       
   999   $captcha->make_image();
  1028   $captcha->make_image();
  1000   exit;
  1029   exit;
  1001 }
  1030 }
  1002 
  1031 
  1003 function page_Special_PasswordReset()
  1032 function page_Special_PasswordReset()