mirror of
https://github.com/phpbb/phpbb.git
synced 2025-06-28 22:28:51 +00:00
Make captchas stricter by oly having one entry per session; fix a bug in ucp_register that caused three captcha instances to be generated. Non-MySQL databases and garbage collecting needs extensive testing.
git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@9626 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Henry Sudhof
parent
d7d96223e7
commit
5d9cf2aa41
4 changed files with 42 additions and 31 deletions
|
|
@ -983,6 +983,7 @@ function get_schema_struct()
|
||||||
'confirm_type' => array('TINT:3', 0),
|
'confirm_type' => array('TINT:3', 0),
|
||||||
'code' => array('VCHAR:8', ''),
|
'code' => array('VCHAR:8', ''),
|
||||||
'seed' => array('UINT:10', 0),
|
'seed' => array('UINT:10', 0),
|
||||||
|
'attempts' => array('UINT', 0),
|
||||||
),
|
),
|
||||||
'PRIMARY_KEY' => array('session_id', 'confirm_id'),
|
'PRIMARY_KEY' => array('session_id', 'confirm_id'),
|
||||||
'KEYS' => array(
|
'KEYS' => array(
|
||||||
|
|
|
||||||
|
|
@ -28,6 +28,7 @@ class phpbb_default_captcha
|
||||||
var $confirm_code;
|
var $confirm_code;
|
||||||
var $code;
|
var $code;
|
||||||
var $seed;
|
var $seed;
|
||||||
|
var $attempts = 0;
|
||||||
var $type;
|
var $type;
|
||||||
var $solved = false;
|
var $solved = false;
|
||||||
var $captcha_vars = false;
|
var $captcha_vars = false;
|
||||||
|
|
@ -43,7 +44,7 @@ class phpbb_default_captcha
|
||||||
|
|
||||||
$this->type = (int) $type;
|
$this->type = (int) $type;
|
||||||
|
|
||||||
if (!strlen($this->confirm_id))
|
if (!strlen($this->confirm_id) || !$this->load_code())
|
||||||
{
|
{
|
||||||
// we have no confirm ID, better get ready to display something
|
// we have no confirm ID, better get ready to display something
|
||||||
$this->generate_code();
|
$this->generate_code();
|
||||||
|
|
@ -183,7 +184,6 @@ class phpbb_default_captcha
|
||||||
global $config, $db, $user;
|
global $config, $db, $user;
|
||||||
|
|
||||||
$error = '';
|
$error = '';
|
||||||
$this->confirm_code = request_var('confirm_code', '');
|
|
||||||
if (!$this->confirm_id)
|
if (!$this->confirm_id)
|
||||||
{
|
{
|
||||||
$error = $user->lang['CONFIRM_CODE_WRONG'];
|
$error = $user->lang['CONFIRM_CODE_WRONG'];
|
||||||
|
|
@ -204,7 +204,7 @@ class phpbb_default_captcha
|
||||||
if (strlen($error))
|
if (strlen($error))
|
||||||
{
|
{
|
||||||
// okay, incorrect answer. Let's ask a new question.
|
// okay, incorrect answer. Let's ask a new question.
|
||||||
$this->generate_code();
|
$this->new_attempt();
|
||||||
return $error;
|
return $error;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
|
|
@ -259,6 +259,29 @@ class phpbb_default_captcha
|
||||||
$db->sql_query($sql);
|
$db->sql_query($sql);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* New Question, if desired.
|
||||||
|
*/
|
||||||
|
function new_attempt()
|
||||||
|
{
|
||||||
|
global $db, $user;
|
||||||
|
|
||||||
|
$this->code = gen_rand_string(mt_rand(CAPTCHA_MIN_CHARS, CAPTCHA_MAX_CHARS));
|
||||||
|
$this->seed = hexdec(substr(unique_id(), 4, 10));
|
||||||
|
$this->solved = false;
|
||||||
|
// compute $seed % 0x7fffffff
|
||||||
|
$this->seed -= 0x7fffffff * floor($this->seed / 0x7fffffff);
|
||||||
|
|
||||||
|
$sql = 'UPDATE ' . CONFIRM_TABLE . ' SET ' . $db->sql_build_array('UPDATE', array(
|
||||||
|
'code' => (string) $this->code,
|
||||||
|
'seed' => (int) $this->seed)) . '
|
||||||
|
, attempts = attempts + 1
|
||||||
|
WHERE
|
||||||
|
confirm_id = \'' . $db->sql_escape($this->confirm_id) . '\' AND
|
||||||
|
session_id = \'' . $db->sql_escape($user->session_id) . '\'';
|
||||||
|
$db->sql_query($sql);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Look up everything we need for painting&checking.
|
* Look up everything we need for painting&checking.
|
||||||
*/
|
*/
|
||||||
|
|
@ -266,7 +289,7 @@ class phpbb_default_captcha
|
||||||
{
|
{
|
||||||
global $db, $user;
|
global $db, $user;
|
||||||
|
|
||||||
$sql = 'SELECT code, seed
|
$sql = 'SELECT code, seed, attempts
|
||||||
FROM ' . CONFIRM_TABLE . "
|
FROM ' . CONFIRM_TABLE . "
|
||||||
WHERE confirm_id = '" . $db->sql_escape($this->confirm_id) . "'
|
WHERE confirm_id = '" . $db->sql_escape($this->confirm_id) . "'
|
||||||
AND session_id = '" . $db->sql_escape($user->session_id) . "'
|
AND session_id = '" . $db->sql_escape($user->session_id) . "'
|
||||||
|
|
@ -279,6 +302,7 @@ class phpbb_default_captcha
|
||||||
{
|
{
|
||||||
$this->code = $row['code'];
|
$this->code = $row['code'];
|
||||||
$this->seed = $row['seed'];
|
$this->seed = $row['seed'];
|
||||||
|
$this->attempts = $row['attempts'];
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -287,15 +311,6 @@ class phpbb_default_captcha
|
||||||
|
|
||||||
function check_code()
|
function check_code()
|
||||||
{
|
{
|
||||||
global $db;
|
|
||||||
|
|
||||||
if (empty($this->code))
|
|
||||||
{
|
|
||||||
if (!$this->load_code())
|
|
||||||
{
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return (strcasecmp($this->code, $this->confirm_code) === 0);
|
return (strcasecmp($this->code, $this->confirm_code) === 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -312,17 +327,7 @@ class phpbb_default_captcha
|
||||||
|
|
||||||
function get_attempt_count()
|
function get_attempt_count()
|
||||||
{
|
{
|
||||||
global $db, $user;
|
return $this->attempts;
|
||||||
|
|
||||||
$sql = 'SELECT COUNT(session_id) AS attempts
|
|
||||||
FROM ' . CONFIRM_TABLE . "
|
|
||||||
WHERE session_id = '" . $db->sql_escape($user->session_id) . "'
|
|
||||||
AND confirm_type = " . $this->type;
|
|
||||||
$result = $db->sql_query($sql);
|
|
||||||
$attempts = (int) $db->sql_fetchfield('attempts');
|
|
||||||
$db->sql_freeresult($result);
|
|
||||||
|
|
||||||
return $attempts;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
function reset()
|
function reset()
|
||||||
|
|
|
||||||
|
|
@ -52,13 +52,6 @@ class ucp_register
|
||||||
add_form_key('ucp_register_terms');
|
add_form_key('ucp_register_terms');
|
||||||
}
|
}
|
||||||
|
|
||||||
$captcha_solved = false;
|
|
||||||
if ($config['enable_confirm'])
|
|
||||||
{
|
|
||||||
include($phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx);
|
|
||||||
$captcha =& phpbb_captcha_factory::get_instance($config['captcha_plugin']);
|
|
||||||
$captcha->init(CONFIRM_REG);
|
|
||||||
}
|
|
||||||
|
|
||||||
if ($change_lang || $user_lang != $config['default_lang'])
|
if ($change_lang || $user_lang != $config['default_lang'])
|
||||||
{
|
{
|
||||||
|
|
@ -150,6 +143,13 @@ class ucp_register
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$captcha_solved = false;
|
||||||
|
if ($config['enable_confirm'])
|
||||||
|
{
|
||||||
|
include($phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx);
|
||||||
|
$captcha =& phpbb_captcha_factory::get_instance($config['captcha_plugin']);
|
||||||
|
$captcha->init(CONFIRM_REG);
|
||||||
|
}
|
||||||
|
|
||||||
// Try to manually determine the timezone and adjust the dst if the server date/time complies with the default setting +/- 1
|
// Try to manually determine the timezone and adjust the dst if the server date/time complies with the default setting +/- 1
|
||||||
$timezone = date('Z') / 3600;
|
$timezone = date('Z') / 3600;
|
||||||
|
|
|
||||||
|
|
@ -683,6 +683,11 @@ function database_update_info()
|
||||||
|
|
||||||
// Changes from 3.0.5
|
// Changes from 3.0.5
|
||||||
'3.0.5' => array(
|
'3.0.5' => array(
|
||||||
|
'add_columns' => array(
|
||||||
|
CONFIRM_TABLE => array(
|
||||||
|
'attempts' => array('UINT', 0),
|
||||||
|
),
|
||||||
|
),
|
||||||
'add_index' => array(
|
'add_index' => array(
|
||||||
LOG_TABLE => array(
|
LOG_TABLE => array(
|
||||||
'log_time' => array('log_time'),
|
'log_time' => array('log_time'),
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue