1
0
mirror of https://github.com/e107inc/e107.git synced 2025-01-17 20:58:30 +01:00
php-e107/e107_handlers/secure_img_handler.php

224 lines
5.3 KiB
PHP
Raw Normal View History

2006-12-02 04:36:16 +00:00
<?php
/*
2009-11-12 15:11:17 +00:00
* e107 website system
*
2009-11-18 01:06:08 +00:00
* Copyright (C) 2008-2009 e107 Inc (e107.org)
2009-11-12 15:11:17 +00:00
* Released under the terms and conditions of the
* GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
*
*
2011-07-07 13:13:47 +00:00
* $URL$
* $Id$
2009-11-12 15:11:17 +00:00
*/
2006-12-02 04:36:16 +00:00
if (!defined('e107_INIT')) { exit; }
2011-06-30 11:10:34 +00:00
class secure_image
{
2011-06-30 11:10:34 +00:00
public $random_number;
protected $HANDLERS_DIRECTORY;
protected $IMAGES_DIRECTORY;
protected $MYSQL_INFO;
protected $THIS_DIR;
protected $BASE_DIR;
2006-12-02 04:36:16 +00:00
function secure_image()
{
2006-12-02 04:36:16 +00:00
list($usec, $sec) = explode(" ", microtime());
$this->random_number = str_replace(".", "", $sec.$usec);
2011-06-30 11:10:34 +00:00
$imgp = dirname(__FILE__);
2011-06-30 11:10:34 +00:00
if (substr($imgp,-1,1) != DIRECTORY_SEPARATOR) $imgp .= DIRECTORY_SEPARATOR;
$imgp = str_replace('/', DIRECTORY_SEPARATOR, $imgp);
@include($imgp.'..'.DIRECTORY_SEPARATOR.'e107_config.php');
if(!isset($mySQLserver))
{
if(defined('e_DEBUG'))
{
2011-06-30 11:10:34 +00:00
echo "FAILED TO LOAD e107_config.php in secure_img_handler.php";
}
exit;
}
$this->THIS_DIR = $imgp;
2011-06-30 11:10:34 +00:00
$this->BASE_DIR = realpath($imgp.'..'.DIRECTORY_SEPARATOR).DIRECTORY_SEPARATOR;
2011-07-07 12:24:32 +00:00
$this->HANDLERS_DIRECTORY = $HANDLERS_DIRECTORY;
2011-06-30 11:10:34 +00:00
$this->IMAGES_DIRECTORY = str_replace('/', DIRECTORY_SEPARATOR, $IMAGES_DIRECTORY);
$this->MYSQL_INFO = array('db' => $mySQLdefaultdb, 'server' => $mySQLserver, 'user' => $mySQLuser, 'password' => $mySQLpassword, 'prefix' => $mySQLprefix);
2006-12-02 04:36:16 +00:00
}
function create_code()
{
2006-12-02 04:36:16 +00:00
$pref = e107::getPref();
$sql = e107::getDb();
2006-12-02 04:36:16 +00:00
mt_srand ((double)microtime() * 1000000);
$maxran = 1000000;
$rand_num = mt_rand(0, $maxran);
$datekey = date("r");
$rcode = hexdec(md5($_SERVER['HTTP_USER_AGENT'] . serialize($pref). $rand_num . $datekey));
$code = substr($rcode, 2, 6);
$recnum = $this->random_number;
$del_time = time()+1200;
2011-06-30 11:10:34 +00:00
$sql->db_Insert("tmp", "'{$recnum}',{$del_time},'{$code}'");
2006-12-02 04:36:16 +00:00
return $recnum;
}
2011-06-30 11:10:34 +00:00
function verify_code($rec_num, $checkstr)
{
$sql = e107::getDb();
$tp = e107::getParser();
2011-06-30 11:10:34 +00:00
2006-12-02 04:36:16 +00:00
if ($sql->db_Select("tmp", "tmp_info", "tmp_ip = '".$tp -> toDB($rec_num)."'")) {
$row = $sql->db_Fetch();
$sql->db_Delete("tmp", "tmp_ip = '".$tp -> toDB($rec_num)."'");
2011-06-30 11:10:34 +00:00
//list($code, $path) = explode(",", $row['tmp_info']);
2011-07-10 23:21:09 +00:00
$code = intval($row['tmp_info']);
2006-12-02 04:36:16 +00:00
return ($checkstr == $code);
}
return FALSE;
}
function r_image()
{
2006-12-02 04:36:16 +00:00
$code = $this->create_code();
return "<img src='".e_HTTP.$this->HANDLERS_DIRECTORY."secure_img_render.php?{$code}' class='icon secure-image' alt='' />";
2006-12-02 04:36:16 +00:00
}
2011-06-30 11:10:34 +00:00
2011-06-26 20:09:45 +00:00
/**
2011-06-30 11:10:34 +00:00
* Render the generated Image. Called without class2 environment (standalone).
2011-06-26 20:09:45 +00:00
*/
2011-06-30 11:10:34 +00:00
function render($qcode)
2011-06-26 20:09:45 +00:00
{
2011-06-30 11:10:34 +00:00
if(!is_numeric($qcode)){ exit; }
$recnum = preg_replace('#\D#',"",$qcode);
2011-06-26 20:09:45 +00:00
$imgtypes = array('jpg'=>"jpeg",'png'=>"png",'gif'=>"gif");
2011-06-30 11:10:34 +00:00
@mysql_connect($this->MYSQL_INFO['server'], $this->MYSQL_INFO['user'], $this->MYSQL_INFO['password']) || die('db connection failed');
@mysql_select_db($this->MYSQL_INFO['db']);
$result = mysql_query("SELECT tmp_info FROM {$this->MYSQL_INFO['prefix']}tmp WHERE tmp_ip = '{$recnum}'");
if(!$result || !($row = mysql_fetch_array($result, MYSQL_ASSOC)))
2011-06-26 20:09:45 +00:00
{
2011-11-26 01:45:10 +00:00
// echo "Render Failed";
// echo "SELECT tmp_info FROM {$this->MYSQL_INFO['prefix']}tmp WHERE tmp_ip = '{$recnum}'";
2011-06-26 20:09:45 +00:00
exit;
}
2011-06-30 11:10:34 +00:00
$code = intval($row['tmp_info']); // new value
2011-06-26 20:09:45 +00:00
$type = "none";
2011-06-30 11:10:34 +00:00
2011-06-26 20:09:45 +00:00
foreach($imgtypes as $k=>$t)
{
if(function_exists("imagecreatefrom".$t))
{
$ext = ".".$k;
$type = $t;
break;
}
}
2011-06-30 11:10:34 +00:00
$path = $this->BASE_DIR.$this->IMAGES_DIRECTORY;
$secureimg = array();
if(is_readable($path."secure_image_custom.php"))
2011-06-26 20:09:45 +00:00
{
2011-06-30 11:10:34 +00:00
require_once($path."secure_image_custom.php");
/* Example secure_image_custom.php file:
$secureimg['image'] = "code_bg_custom"; // filename excluding the .ext
$secureimg['size'] = "15";
$secureimg['angle'] = "0";
$secureimg['x'] = "6";
$secureimg['y'] = "22";
$secureimg['font'] = "imagecode.ttf";
$secureimg['color'] = "90,90,90"; // red,green,blue
*/
2011-06-26 20:09:45 +00:00
$bg_file = $secureimg['image'];
2011-06-30 11:10:34 +00:00
2011-07-10 23:21:09 +00:00
if(!is_readable($path.$secureimg['font']))
2011-06-26 20:09:45 +00:00
{
echo "Font missing"; // for debug only. translation not necessary.
exit;
}
2011-06-30 11:10:34 +00:00
2011-07-10 23:21:09 +00:00
if(!is_readable($path.$secureimg['image'].$ext))
2011-06-26 20:09:45 +00:00
{
2011-06-30 11:10:34 +00:00
echo "Missing Background-Image: ".$secureimg['image'].$ext; // for debug only. translation not necessary.
2011-06-26 20:09:45 +00:00
exit;
}
// var_dump($secureimg);
}
else
{
$bg_file = "generic/code_bg";
}
2011-06-30 11:10:34 +00:00
2011-06-26 20:09:45 +00:00
switch($type)
{
case "jpeg":
$image = ImageCreateFromJPEG($path.$bg_file.".jpg");
break;
case "png":
$image = ImageCreateFromPNG($path.$bg_file.".png");
break;
case "gif":
$image = ImageCreateFromGIF($path.$bg_file.".gif");
break;
}
2011-06-30 11:10:34 +00:00
2011-06-26 20:09:45 +00:00
if(isset($secureimg['color']))
{
$tmp = explode(",",$secureimg['color']);
$text_color = ImageColorAllocate($image,$tmp[0],$tmp[1],$tmp[2]);
}
else
{
$text_color = ImageColorAllocate($image, 90, 90, 90);
}
2011-06-30 11:10:34 +00:00
2011-06-26 20:09:45 +00:00
header("Content-type: image/{$type}");
2011-06-30 11:10:34 +00:00
2011-06-26 20:09:45 +00:00
if(isset($secureimg['font']) && is_readable($path.$secureimg['font']))
{
imagettftext($image, $secureimg['size'],$secureimg['angle'], $secureimg['x'], $secureimg['y'], $text_color,$path.$secureimg['font'], $code);
}
else
{
imagestring ($image, 5, 12, 2, $code, $text_color);
}
2011-06-30 11:10:34 +00:00
2011-06-26 20:09:45 +00:00
switch($type)
{
case "jpeg":
imagejpeg($image);
break;
case "png":
imagepng($image);
break;
case "gif":
imagegif($image);
break;
}
2011-06-30 11:10:34 +00:00
2011-06-26 20:09:45 +00:00
}
2011-06-30 11:10:34 +00:00
2006-12-02 04:36:16 +00:00
}
2011-06-26 20:09:45 +00:00
?>