mirror of
https://github.com/phpbb/phpbb.git
synced 2025-06-28 22:28:51 +00:00
Make captchas stricter by oly having one entry per session; fix a bug in ucp_register that caused three captcha instances to be generated. Non-MySQL databases and garbage collecting needs extensive testing.
git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@9626 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Henry Sudhof
parent
d7d96223e7
commit
5d9cf2aa41
4 changed files with 42 additions and 31 deletions
|
|
@ -983,6 +983,7 @@ function get_schema_struct()
|
|||
'confirm_type' => array('TINT:3', 0),
|
||||
'code' => array('VCHAR:8', ''),
|
||||
'seed' => array('UINT:10', 0),
|
||||
'attempts' => array('UINT', 0),
|
||||
),
|
||||
'PRIMARY_KEY' => array('session_id', 'confirm_id'),
|
||||
'KEYS' => array(
|
||||
|
|
|
|||
|
|
@ -28,6 +28,7 @@ class phpbb_default_captcha
|
|||
var $confirm_code;
|
||||
var $code;
|
||||
var $seed;
|
||||
var $attempts = 0;
|
||||
var $type;
|
||||
var $solved = false;
|
||||
var $captcha_vars = false;
|
||||
|
|
@ -43,7 +44,7 @@ class phpbb_default_captcha
|
|||
|
||||
$this->type = (int) $type;
|
||||
|
||||
if (!strlen($this->confirm_id))
|
||||
if (!strlen($this->confirm_id) || !$this->load_code())
|
||||
{
|
||||
// we have no confirm ID, better get ready to display something
|
||||
$this->generate_code();
|
||||
|
|
@ -183,7 +184,6 @@ class phpbb_default_captcha
|
|||
global $config, $db, $user;
|
||||
|
||||
$error = '';
|
||||
$this->confirm_code = request_var('confirm_code', '');
|
||||
if (!$this->confirm_id)
|
||||
{
|
||||
$error = $user->lang['CONFIRM_CODE_WRONG'];
|
||||
|
|
@ -204,7 +204,7 @@ class phpbb_default_captcha
|
|||
if (strlen($error))
|
||||
{
|
||||
// okay, incorrect answer. Let's ask a new question.
|
||||
$this->generate_code();
|
||||
$this->new_attempt();
|
||||
return $error;
|
||||
}
|
||||
else
|
||||
|
|
@ -259,6 +259,29 @@ class phpbb_default_captcha
|
|||
$db->sql_query($sql);
|
||||
}
|
||||
|
||||
/**
|
||||
* New Question, if desired.
|
||||
*/
|
||||
function new_attempt()
|
||||
{
|
||||
global $db, $user;
|
||||
|
||||
$this->code = gen_rand_string(mt_rand(CAPTCHA_MIN_CHARS, CAPTCHA_MAX_CHARS));
|
||||
$this->seed = hexdec(substr(unique_id(), 4, 10));
|
||||
$this->solved = false;
|
||||
// compute $seed % 0x7fffffff
|
||||
$this->seed -= 0x7fffffff * floor($this->seed / 0x7fffffff);
|
||||
|
||||
$sql = 'UPDATE ' . CONFIRM_TABLE . ' SET ' . $db->sql_build_array('UPDATE', array(
|
||||
'code' => (string) $this->code,
|
||||
'seed' => (int) $this->seed)) . '
|
||||
, attempts = attempts + 1
|
||||
WHERE
|
||||
confirm_id = \'' . $db->sql_escape($this->confirm_id) . '\' AND
|
||||
session_id = \'' . $db->sql_escape($user->session_id) . '\'';
|
||||
$db->sql_query($sql);
|
||||
}
|
||||
|
||||
/**
|
||||
* Look up everything we need for painting&checking.
|
||||
*/
|
||||
|
|
@ -266,7 +289,7 @@ class phpbb_default_captcha
|
|||
{
|
||||
global $db, $user;
|
||||
|
||||
$sql = 'SELECT code, seed
|
||||
$sql = 'SELECT code, seed, attempts
|
||||
FROM ' . CONFIRM_TABLE . "
|
||||
WHERE confirm_id = '" . $db->sql_escape($this->confirm_id) . "'
|
||||
AND session_id = '" . $db->sql_escape($user->session_id) . "'
|
||||
|
|
@ -279,6 +302,7 @@ class phpbb_default_captcha
|
|||
{
|
||||
$this->code = $row['code'];
|
||||
$this->seed = $row['seed'];
|
||||
$this->attempts = $row['attempts'];
|
||||
return true;
|
||||
}
|
||||
|
||||
|
|
@ -287,15 +311,6 @@ class phpbb_default_captcha
|
|||
|
||||
function check_code()
|
||||
{
|
||||
global $db;
|
||||
|
||||
if (empty($this->code))
|
||||
{
|
||||
if (!$this->load_code())
|
||||
{
|
||||
return false;
|
||||
}
|
||||
}
|
||||
return (strcasecmp($this->code, $this->confirm_code) === 0);
|
||||
}
|
||||
|
||||
|
|
@ -312,17 +327,7 @@ class phpbb_default_captcha
|
|||
|
||||
function get_attempt_count()
|
||||
{
|
||||
global $db, $user;
|
||||
|
||||
$sql = 'SELECT COUNT(session_id) AS attempts
|
||||
FROM ' . CONFIRM_TABLE . "
|
||||
WHERE session_id = '" . $db->sql_escape($user->session_id) . "'
|
||||
AND confirm_type = " . $this->type;
|
||||
$result = $db->sql_query($sql);
|
||||
$attempts = (int) $db->sql_fetchfield('attempts');
|
||||
$db->sql_freeresult($result);
|
||||
|
||||
return $attempts;
|
||||
return $this->attempts;
|
||||
}
|
||||
|
||||
function reset()
|
||||
|
|
|
|||
|
|
@ -52,13 +52,6 @@ class ucp_register
|
|||
add_form_key('ucp_register_terms');
|
||||
}
|
||||
|
||||
$captcha_solved = false;
|
||||
if ($config['enable_confirm'])
|
||||
{
|
||||
include($phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx);
|
||||
$captcha =& phpbb_captcha_factory::get_instance($config['captcha_plugin']);
|
||||
$captcha->init(CONFIRM_REG);
|
||||
}
|
||||
|
||||
if ($change_lang || $user_lang != $config['default_lang'])
|
||||
{
|
||||
|
|
@ -150,6 +143,13 @@ class ucp_register
|
|||
return;
|
||||
}
|
||||
|
||||
$captcha_solved = false;
|
||||
if ($config['enable_confirm'])
|
||||
{
|
||||
include($phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx);
|
||||
$captcha =& phpbb_captcha_factory::get_instance($config['captcha_plugin']);
|
||||
$captcha->init(CONFIRM_REG);
|
||||
}
|
||||
|
||||
// Try to manually determine the timezone and adjust the dst if the server date/time complies with the default setting +/- 1
|
||||
$timezone = date('Z') / 3600;
|
||||
|
|
|
|||
|
|
@ -683,6 +683,11 @@ function database_update_info()
|
|||
|
||||
// Changes from 3.0.5
|
||||
'3.0.5' => array(
|
||||
'add_columns' => array(
|
||||
CONFIRM_TABLE => array(
|
||||
'attempts' => array('UINT', 0),
|
||||
),
|
||||
),
|
||||
'add_index' => array(
|
||||
LOG_TABLE => array(
|
||||
'log_time' => array('log_time'),
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue