- Visual Confirmation for guest posting

git-svn-id: file:///svn/phpbb/trunk@5739 89ea8834-ac86-4346-8a33-228a782c2dd0

phpBB/includes/acp/acp_board.php

@@ -77,7 +77,7 @@ class acp_board
 
 						'legend3'			=> 'REGISTRATION',
 						'require_activation'=> array('lang' => 'ACC_ACTIVATION',	'type' => 'custom', 'method' => 'select_acc_activation', 'explain' => true),
-						'enable_confirm'	=> array('lang' => 'VISUAL_CONFIRM',	'type' => 'radio:yes_no', 'explain' => true),
+						'enable_confirm'	=> array('lang' => 'VISUAL_CONFIRM_REG', 'type' => 'radio:yes_no', 'explain' => true),
 						'max_reg_attempts'	=> array('lang' => 'REG_LIMIT',			'type' => 'text:4:4', 'explain' => true),
 						'min_name_chars'	=> array('lang' => 'USERNAME_LENGTH',	'type' => 'custom', 'method' => 'username_length', 'explain' => true),
 						'min_pass_chars'	=> array('lang' => 'PASSWORD_LENGTH',	'type' => 'custom', 'method' => 'password_length', 'explain' => true),
@@ -102,6 +102,7 @@ class acp_board
 						'max_quote_depth'	=> array('lang' => 'QUOTE_DEPTH_LIMIT',	'type' => 'text:4:4', 'explain' => true),
 						'max_post_img_width' => array('lang' => 'MAX_POST_IMG_WIDTH', 'type' => 'text:5:4', 'explain' => true),
 						'max_post_img_height' => array('lang' => 'MAX_POST_IMG_HEIGHT', 'type' => 'text:5:4', 'explain' => true),
+						'enable_post_confirm'=> array('lang' => 'VISUAL_CONFIRM_POST', 'type' => 'radio:yes_no', 'explain' => true),
 
 						'legend5'			=> 'MODERATION',
 						'warnings_expire_days' => array('lang' => 'WARNINGS_EXPIRE', 'type' => 'text:3:4', 'explain' => true)

phpBB/includes/constants.php

@@ -104,6 +104,7 @@ define('PHYSICAL_LINK', 2);
 // Confirm types
 define('CONFIRM_REG', 1);
 define('CONFIRM_LOGIN', 2);
+define('CONFIRM_POST', 3);
 
 // Categories - Attachments
 define('ATTACHMENT_CATEGORY_NONE', 0);

phpBB/install/schemas/schema_data.sql

@@ -78,6 +78,7 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('email_function_nam
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('email_package_size', '50');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('email_pm', '1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('enable_confirm', '0');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('enable_post_confirm', '0');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('enable_pm_icons', '1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('flood_interval', '15');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('force_server_vars', '0');

phpBB/language/en/acp/board.php

@@ -245,8 +245,10 @@ $lang = array_merge($lang, array(
 	'ALLOW_AUTOLOGIN_EXPLAIN'	=> 'Determines whether users can autologin when they visit the board.', 
 	'AUTOLOGIN_LENGTH'			=> 'Persistent login key expiry days', 
 	'AUTOLOGIN_LENGTH_EXPLAIN'	=> 'Number of days after which persistent login keys are removed or zero to disable.', 
-	'VISUAL_CONFIRM'			=> 'Enable visual confirmation',
+	'VISUAL_CONFIRM_REG'		=> 'Enable visual confirmation',
-	'VISUAL_CONFIRM_EXPLAIN'	=> 'Requires new users enter a random code matching an image to help prevent mass registrations.',
+	'VISUAL_CONFIRM_REG_EXPLAIN'=> 'Requires new users to enter a random code matching an image to help prevent mass registrations.',
+	'VISUAL_CONFIRM_POST'		=> 'Enable visual confirmation',
+	'VISUAL_CONFIRM_POST_EXPLAIN'=> 'Requires anonymous users to enter a random code matching an image to help prevent mass postings.',
 	'LOGIN_LIMIT'				=> 'Login attempts',
 	'LOGIN_LIMIT_EXPLAIN'		=> 'Number of failed logins users can make before being locked out that session',
 	'REG_LIMIT'					=> 'Registration attempts',

phpBB/posting.php

@@ -46,7 +46,6 @@ $mode		= ($delete && !$preview && !$refresh && $submit) ? 'delete' : request_var
 $error = array();
 $current_time = time();
 
-
 // Was cancel pressed? If so then redirect to the appropriate page
 if ($cancel || ($current_time - $lastclick < 2 && $submit))
 {
@@ -669,6 +668,26 @@ if ($submit || $preview || $refresh)
 		}
 	}
 
+	if ($config['enable_post_confirm'] && !$user->data['is_registered'] && ($mode == 'post' || $mode == 'reply'))
+	{
+		$confirm_id = request_var('confirm_id', '');
+		$confirm_code = request_var('confirm_code', '');
+
+		$sql = 'SELECT code
+			FROM ' . CONFIRM_TABLE . "
+			WHERE confirm_id = '" . $db->sql_escape($confirm_id) . "'
+				AND session_id = '" . $db->sql_escape($user->session_id) . "'
+				AND confirm_type = " . CONFIRM_POST;
+		$result = $db->sql_query($sql);
+		$confirm_row = $db->sql_fetchrow($result);
+		$db->sql_freeresult($result);
+
+		if ($confirm_row['code'] !== $confirm_code)
+		{
+			$error[] = $user->lang['CONFIRM_CODE_WRONG'];
+		}
+	}
+
 	// Parse subject
 	if (!$subject && ($mode == 'post' || ($mode == 'edit' && $topic_first_post_id == $post_id)))
 	{
@@ -1064,6 +1083,33 @@ generate_forum_nav($forum_data);
 // Build Forum Rules
 generate_forum_rules($forum_data);
 
+if ($config['enable_post_confirm'] && !$user->data['is_registered'] && ($mode == 'post' || $mode == 'reply'))
+{
+	// Show confirm image
+	$sql = 'DELETE FROM ' . CONFIRM_TABLE . "
+		WHERE session_id = '" . $db->sql_escape($user->session_id) . "'
+			AND confirm_type = " . CONFIRM_POST;
+	$db->sql_query($sql);
+
+	// Generate code
+	$code = gen_rand_string(mt_rand(5, 8));
+	$confirm_id = md5(unique_id(0, $user->ip));
+
+	$sql = 'INSERT INTO ' . CONFIRM_TABLE . ' ' . $db->sql_build_array('INSERT', array(
+		'confirm_id'	=> (string) $confirm_id,
+		'session_id'	=> (string) $user->session_id,
+		'confirm_type'	=> (int) CONFIRM_POST,
+		'code'			=> (string) $code)
+	);
+	$db->sql_query($sql);
+
+	$template->assign_vars(array(
+		'S_CONFIRM_CODE'			=> true,
+		'CONFIRM_ID'				=> $confirm_id,
+		'CONFIRM_IMAGE'				=> '<img src="' . $phpbb_root_path . 'ucp.' . $phpEx . $SID . '&amp;mode=confirm&amp;id=' . $confirm_id . '&amp;type=' . CONFIRM_POST . '" alt="" title="" />'
+	));
+}
+
 $s_hidden_fields = ($mode == 'reply' || $mode == 'quote') ? '<input type="hidden" name="topic_cur_post_id" value="' . $topic_last_post_id . '" />' : '';
 $s_hidden_fields .= '<input type="hidden" name="lastclick" value="' . $current_time . '" />';
 $s_hidden_fields .= ($draft_id || isset($_REQUEST['draft_loaded'])) ? '<input type="hidden" name="draft_loaded" value="' . ((isset($_REQUEST['draft_loaded'])) ? intval($_REQUEST['draft_loaded']) : $draft_id) . '" />' : '';

phpBB/styles/subSilver/template/posting_body.html

@@ -369,6 +369,25 @@ function checkForm()
 		</tr>
 	<!-- ENDIF -->
 
+	<!-- IF S_CONFIRM_CODE -->
+	<tr> 
+		<th colspan="2" height="28" valign="middle">{L_POST_CONFIRMATION}</th>
+	</tr>
+	<tr> 
+		<td class="row3" colspan="2"><span class="gensmall">{L_POST_CONFIRM_EXPLAIN}</span></td>
+	</tr>
+	<tr>
+		<td class="row1" colspan="2" align="center">
+			<input type="hidden" name="confirm_id" value="{CONFIRM_ID}" />
+			{CONFIRM_IMAGE}
+		</td>
+	</tr>
+	<tr> 
+		<td class="row1"><b class="genmed">{L_CONFIRM_CODE}:  </b><br /><span class="gensmall">{L_CONFIRM_CODE_EXPLAIN}</span></td>
+		<td class="row2"><input class="post" type="text"  name="confirm_code" size="8" maxlength="8" /></td>
+	</tr>
+	<!-- ENDIF -->
+
 	<!-- IF S_SHOW_ATTACH_BOX or S_SHOW_POLL_BOX -->
 		<tr>
 			<td class="cat" colspan="2" align="center">