includes/sessions.php
changeset 402 d907601ccad2
parent 401 6ae6e387a0e3
child 406 7468a663315f
equal deleted inserted replaced
401:6ae6e387a0e3 402:d907601ccad2
  2736   }
  2736   }
  2737   
  2737   
  2738   /**
  2738   /**
  2739    * Makes a CAPTCHA code and caches the code in the database
  2739    * Makes a CAPTCHA code and caches the code in the database
  2740    * @param int $len The length of the code, in bytes
  2740    * @param int $len The length of the code, in bytes
       
  2741    * @param string Optional, the hash to reuse
  2741    * @return string A unique identifier assigned to the code. This hash should be passed to sessionManager::getCaptcha() to retrieve the code.
  2742    * @return string A unique identifier assigned to the code. This hash should be passed to sessionManager::getCaptcha() to retrieve the code.
  2742    */
  2743    */
  2743   
  2744   
  2744   function make_captcha($len = 7)
  2745   function make_captcha($len = 7, $hash = '')
  2745   {
  2746   {
  2746     global $db, $session, $paths, $template, $plugins; // Common objects
  2747     global $db, $session, $paths, $template, $plugins; // Common objects
  2747     $code = $this->generate_captcha_code($len);
  2748     $code = $this->generate_captcha_code($len);
  2748     $hash = md5(microtime() . mt_rand());
  2749     if ( !preg_match('/^[a-f0-9]{32}([a-z0-9]{8})?$/', $hash) )
       
  2750       $hash = md5(microtime() . mt_rand());
  2749     $session_data = $db->escape(serialize(array()));
  2751     $session_data = $db->escape(serialize(array()));
  2750     
  2752     
  2751     // sanity check
  2753     // sanity check
  2752     if ( !is_valid_ip(@$_SERVER['REMOTE_ADDR']) || !is_int($this->user_id) )
  2754     if ( !is_valid_ip(@$_SERVER['REMOTE_ADDR']) || !is_int($this->user_id) )
  2753       return false;
  2755       return false;
  2754     
  2756     
  2755     $this->sql('INSERT INTO '.table_prefix.'captcha(session_id, code, session_data, source_ip, user_id)' . " VALUES('$hash', '$code', '$session_data', '{$_SERVER['REMOTE_ADDR']}', {$this->user_id});");
  2757     $this->sql('DELETE FROM ' . table_prefix . "captcha WHERE session_id = '$hash';");
       
  2758     $this->sql('INSERT INTO ' . table_prefix . 'captcha(session_id, code, session_data, source_ip, user_id)' . " VALUES('$hash', '$code', '$session_data', '{$_SERVER['REMOTE_ADDR']}', {$this->user_id});");
  2756     return $hash;
  2759     return $hash;
  2757   }
  2760   }
  2758   
  2761   
  2759   /**
  2762   /**
  2760    * Generates a "pronouncable" or "human-friendly" word using various phonics rules
  2763    * Generates a "pronouncable" or "human-friendly" word using various phonics rules
  2827     if ( !preg_match('/^[a-f0-9]{32}([a-z0-9]{8})?$/', $hash) )
  2830     if ( !preg_match('/^[a-f0-9]{32}([a-z0-9]{8})?$/', $hash) )
  2828     {
  2831     {
  2829       return false;
  2832       return false;
  2830     }
  2833     }
  2831     
  2834     
  2832     $q = $this->sql('SELECT code_id, code FROM ' . table_prefix . "captcha WHERE session_id = '$hash';");
  2835     // sanity check
       
  2836     if ( !is_valid_ip(@$_SERVER['REMOTE_ADDR']) || !is_int($this->user_id) )
       
  2837       return false;
       
  2838     
       
  2839     $q = $this->sql('SELECT code_id, code FROM ' . table_prefix . "captcha WHERE session_id = '$hash' AND source_ip = '{$_SERVER['REMOTE_ADDR']};");
  2833     if ( $db->numrows() < 1 )
  2840     if ( $db->numrows() < 1 )
  2834       return false;
  2841       return false;
  2835     
  2842     
  2836     list($code_id, $code) = $db->fetchrow_num();
  2843     list($code_id, $code) = $db->fetchrow_num();
  2837     $db->free_result();
  2844     $db->free_result();