mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-07-30 19:30:25 +02:00
Code Issues Releases Wiki Activity

Fixes for sign-up popup on image-code failure. And general secure-image-code work

Browse Source
This commit is contained in:
CaMer0n
2012-06-13 04:58:43 +00:00
parent 7b2c83d033
commit a8fe3aaff0
9 changed files with 166 additions and 78 deletions
Download Patch File Download Diff File Expand all files Collapse all files

72
e107_admin/auth.php
View File

@@ -56,23 +56,19 @@ else
$use_imagecode = ($pref['logcode'] && extension_loaded("gd"));
if ($use_imagecode)
{
require_once (e_HANDLER."secure_img_handler.php");
$sec_img = new secure_image;
}
if ($_POST['authsubmit'])
{
$obj = new auth;
if ($use_imagecode)
{
if (!$sec_img->verify_code($_POST['rand_num'], $_POST['code_verify']))
{
if (e107::getSecureImg()->invalidCode($_POST['rand_num'], $_POST['code_verify']))
{
echo "<script type='text/javascript'>document.location.href='../index.php'</script>\n";
header("location: ../index.php");
e107::getRedirect()->redirect('admin.php?failed');
exit;
// echo "<script type='text/javascript'>document.location.href='../index.php'</script>\n";
// header("location: ../index.php");
// exit;
}
}
@@ -201,6 +197,9 @@ else
#userpass {background: url(".e_IMAGE."admin_images/lock_16.png) no-repeat scroll 7px 7px; padding-left:30px; }
input[disabled] { color: silver; }
button[disabled] span { color: silver; }
");
@@ -227,51 +226,6 @@ class auth
$frm = e107::getForm();
$incChap = (vartrue($pref['password_CHAP'], 0)) ? " onsubmit='hashLoginPassword(this)'" : "";
/*
$text = "<div {$class} style='padding:20px;text-align:center'>
<form method='post' action='".e_SELF."' {$incChap} >
<table style='width:50%' class='fborder'>
<tr>
<td rowspan='4' style='vertical-align:middle;width:65px'>".(file_exists(THEME."images/password.png") ? "<img src='".THEME_ABS."images/password.png' alt='' />\n" : "<img src='".e_IMAGE."generic/password.png' alt='' />\n")."</td>
<td style='width:35%' class='forumheader3'>".ADLAN_89."</td>
<td class='forumheader3' style='text-align:center'><input autofocus class='tbox' type='text' name='authname' id='username' size='30' value='' maxlength='".varset($pref['loginname_maxlength'], 30)."' />\n</td>
</tr>
<tr>
<td style='width:35%' class='forumheader3'>".ADLAN_90."</td>
<td class='forumheader3' style='text-align:center'><input class='tbox' type='password' name='authpass' id='userpass' size='30' value='' maxlength='30' />\n";
$session = e107::getSession();
if ($session->is('challenge') && varset($pref['password_CHAP'], 0))
$text .= "<input type='hidden' name='hashchallenge' id='hashchallenge' value='".$session->get('challenge')."' />\n\n";
$text .= "</td></tr>\n";
if ($use_imagecode)
{
$text .= "
<tr>
<td style='width:35%' class='forumheader3'>".ADLAN_152."</td>
<td style='text-align:center'>
<input type='hidden' name='rand_num' value='".$sec_img->random_number."' />".$sec_img->r_image()."<br /><input class='tbox' type='text' name='code_verify' size='15' maxlength='20' /></td>
</tr>
";
}
$text .= "
<tr>
<td colspan='2' class='forumheader center'>"
.$frm->admin_button('authsubmit',ADLAN_91).
"</td>
</tr>
</table>
</form>
</div>";
e107::getRender()->tablerender(ADLAN_92, $text, 'admin-login');
*/
// Start Clean
// NOTE: this should NOT be a template of the admin-template, however themes may style it using css.
@@ -299,11 +253,9 @@ class auth
{
$text .= "
<div class='field'>
<label for='code_verify'>".ADLAN_152."</label>
<input type='hidden' name='rand_num' value='".$sec_img->random_number."' />
<span class='code-image'>"
.$sec_img->r_image().
"</span><input class='tbox' type='text' required='required' name='code_verify' size='15' maxlength='20' />
<label for='code_verify'>".ADLAN_152."</label>"
.e107::getSecureImg()->renderImage().
e107::getSecureImg()->renderInput()."
</div>";
}

14
e107_core/shortcodes/batch/signup_shortcodes.php
View File

@@ -289,7 +289,7 @@ class signup_shortcodes extends e_shortcode
}
function sc_signup_images()
function sc_signup_images() // AVATARS
{
global $pref;
if($pref['signup_option_image'])
@@ -341,10 +341,20 @@ class signup_shortcodes extends e_shortcode
global $signup_imagecode, $rs, $sec_img;
if($signup_imagecode)
{
return $rs->form_hidden("rand_num", $sec_img->random_number). $sec_img->r_image()."<br />".$rs->form_text("code_verify", 20, "", 20);
return e107::getSecureImg()->r_image()."<div>".e107::getSecureImg()->renderInput()."</div>";
// return $rs->form_hidden("rand_num", $sec_img->random_number). $sec_img->r_image()."<br />".$rs->form_text("code_verify", 20, "", 20);
}
}
function sc_signup_imagecode_label()
{
global $signup_imagecode,$sec_img;
if($signup_imagecode)
{
return $sec_img->renderLabel();
}
}
function sc_signup_form_close()
{

15
e107_handlers/e107_class.php
View File

@@ -202,8 +202,8 @@ class e107
'user_class' => '{e_HANDLER}userclass_class.php',
'userlogin' => '{e_HANDLER}login.php',
'xmlClass' => '{e_HANDLER}xml_class.php',
'eIPHandler' => '{e_HANDLER}iphandler_class.php'
'eIPHandler' => '{e_HANDLER}iphandler_class.php',
'secure_image' => '{e_HANDLER}secure_img_handler.php'
);
@@ -958,6 +958,17 @@ class e107
{
return self::getSingleton('e_parse_shortcode', true);
}
/**
* Retrieve secure_image singleton object
*
* @return secure_image
*/
public static function getSecureImg()
{
return self::getSingleton('secure_image', true);
}
/**
* Retrieve registered sc object (batch) by class name

2
e107_handlers/override_class.php
View File

@@ -70,7 +70,7 @@ class override {
public function check($override,$method='') // alias with check for class object
{
if(vartrue($method))
if($method != '')
{
$class = get_class($override);
$override = $class."::".$method;

72
e107_handlers/secure_img_handler.php
View File

@@ -13,6 +13,8 @@
if (!defined('e107_INIT')) { exit; }
class secure_image
{
public $random_number;
@@ -24,11 +26,15 @@ class secure_image
function secure_image()
{
/*
if ($user_func = e107::getOverride()->check($this,'secure_image'))
{
return call_user_func($user_func);
}
* */
list($usec, $sec) = explode(" ", microtime());
$this->random_number = str_replace(".", "", $sec.$usec);
@@ -74,7 +80,9 @@ class secure_image
return $recnum;
}
/* Return TRUE if code is valid, otherwise return FALSE
*
*/
function verify_code($rec_num, $checkstr)
{
if ($user_func = e107::getOverride()->check($this,'verify_code'))
@@ -94,6 +102,31 @@ class secure_image
}
return FALSE;
}
// Return an Error message (true) if check fails, otherwise return false.
function invalidCode($rec_num,$checkstr)
{
if ($user_func = e107::getOverride()->check($this,'invalidCode'))
{
return call_user_func($user_func,$rec_num,$checkstr);
}
if($this->verify_code($rec_num,$checkstr))
{
return false;
}
else
{
return LAN_INVALID_CODE;
}
return true;
}
function r_image()
{
@@ -105,16 +138,49 @@ class secure_image
$code = $this->create_code();
return "<img src='".e_HTTP.$this->HANDLERS_DIRECTORY."secure_img_render.php?{$code}' class='icon secure-image' alt='' />";
}
function renderImage() // Alias of r_image
{
return $this->r_image();
}
function renderInput()
{
if ($user_func = e107::getOverride()->check($this,'renderInput'))
{
return call_user_func($user_func);
}
$frm = e107::getForm();
return $frm->hidden("rand_num", $this->random_number).$frm->text("code_verify", "", 20, "","size=20");
}
function renderLabel()
{
if ($user_func = e107::getOverride()->check($this,'renderLabel'))
{
return call_user_func($user_func);
}
return LAN_ENTER_CODE;
}
/**
* Render the generated Image. Called without class2 environment (standalone).
*/
function render($qcode)
{
if ($user_func = e107::getOverride()->check($this,'render'))
require_once($this->BASE_DIR.$this->HANDLERS_DIRECTORY."override_class.php");
$over = new override;
if ($user_func = $over->check($this,'render'))
{
return call_user_func($user_func,$qcode);
}

4
e107_handlers/secure_img_render.php
View File

@@ -24,11 +24,13 @@
?>
*/
// error_reporting(E_ALL);
define('e107_INIT', true);
require_once(realpath(dirname(__FILE__)."/secure_img_handler.php"));
$sim = new secure_image();
$sim->render($_SERVER['QUERY_STRING']);
exit;

4
e107_languages/English/English.php
View File

@@ -55,4 +55,8 @@ define('LAN_OK', 'OK');
define('LAN_CONTINUE', 'Continue');
define('LAN_ENTER', 'Enter');
define('LAN_HOOKS', 'Hooks');
define('LAN_ENTER_CODE', "Enter code");
define('LAN_INVALID_CODE', "Incorrect code entered.");

2
e107_themes/templates/signup_template.php
View File

@@ -146,7 +146,7 @@ $sc_style['SIGNUP_IMAGES']['post'] = "
$sc_style['SIGNUP_IMAGECODE']['pre'] = "
<tr>
<td class='forumheader3' style='width:30%'>".LAN_SIGNUP_95.req(2)."</td>
<td class='forumheader3' style='width:30%'>".e107::getSecureImg()->renderLabel().req(2)."</td>
<td class='forumheader3' style='width:70%'>
";
$sc_style['SIGNUP_IMAGECODE']['post'] = "

59
signup.php
View File

@@ -2,7 +2,7 @@
/*
* e107 website system
*
* Copyright (C) 2008-2011 e107 Inc (e107.org)
* Copyright (C) 2008-2012 e107 Inc (e107.org)
* Released under the terms and conditions of the
* GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
*
@@ -208,6 +208,45 @@ if(!$_POST)
$signature = '';
}
if(e_QUERY == 'thirdparty')
{
$config = array(
"base_url" => "http://godoholics.org/e107_handlers/hybridauth/",
"providers" => array
(
"Facebook" => array
(
"enabled" => true,
"keys" => array ( "id" => "341715689232729", "secret" => "001c35bdb735ace858317eba40b2ed15" ),
"scope" => "email, user_about_me, user_birthday, user_hometown",
"display" => "popup",
)
),
"debug_mode" => true ,
"debug_file" => e_HANDLER."hybridauth/hybridauth.log"
);
require_once(e_HANDLER."hybridauth/Hybrid/Auth.php");
$hybridauth = new Hybrid_Auth( $config );
$adapter = $hybridauth->authenticate( "Facebook" );
$user_profile = $adapter->getUserProfile();
print_a($user_profile);
}
if(ADMIN && (e_QUERY == 'preview' || e_QUERY == 'test' || e_QUERY == 'preview.aftersignup'))
{
if(e_QUERY == "preview.aftersignup")
@@ -366,15 +405,17 @@ if (e_QUERY)
//----------------------------------------
// Initial signup (registration)
//----------------------------------------
if (isset($_POST['register']))
{
{
$e107cache->clear("online_menu_totals");
require_once(e_HANDLER."message_handler.php");
if (isset($_POST['rand_num']) && $signup_imagecode)
{
if (!$sec_img->verify_code($_POST['rand_num'], $_POST['code_verify']))
{
if ($badCodeMsg = e107::getSecureImg()->invalidCode($_POST['rand_num'], $_POST['code_verify'])) // better: allows class to return the error.
{
$extraErrors[] = LAN_SIGNUP_3."\\n";
//$extraErrors[] = LAN_SIGNUP_3."\\n";
$extraErrors[] = $badCodeMsg."\\n";
$error = TRUE;
}
}
@@ -385,7 +426,6 @@ if (isset($_POST['register']))
$error = TRUE;
}
if (!$error)
{
if (varsettrue($pref['predefinedLoginName']))
@@ -478,7 +518,7 @@ if (isset($_POST['register']))
$error = ((isset($allData['errors']) && count($allData['errors'])) || (isset($eufVals['errors']) && count($eufVals['errors'])) || count($extraErrors));
// All validated here - handle any errors
if ($error)
if ($error) //FIXME - this ignores the errors caused by invalid image-code.
{
require_once(e_HANDLER."message_handler.php");
$temp = array();
@@ -498,7 +538,10 @@ if (isset($_POST['register']))
message_handler('P_ALERT', implode('<br />', $temp));
}
} // End of data validation
else
{
message_handler('P_ALERT', implode('<br />', $extraErrors)); // Workaround for image-code errors.
}
// ========== End of verification.. ==============