From a8fe3aaff0f322c3558bdc6167143d3ff2bfbe32 Mon Sep 17 00:00:00 2001 From: CaMer0n Date: Wed, 13 Jun 2012 04:58:43 +0000 Subject: [PATCH] Fixes for sign-up popup on image-code failure. And general secure-image-code work --- e107_admin/auth.php | 72 ++++--------------- .../shortcodes/batch/signup_shortcodes.php | 14 +++- e107_handlers/e107_class.php | 15 +++- e107_handlers/override_class.php | 2 +- e107_handlers/secure_img_handler.php | 72 ++++++++++++++++++- e107_handlers/secure_img_render.php | 4 +- e107_languages/English/English.php | 4 ++ e107_themes/templates/signup_template.php | 2 +- signup.php | 59 ++++++++++++--- 9 files changed, 166 insertions(+), 78 deletions(-) diff --git a/e107_admin/auth.php b/e107_admin/auth.php index 75a7ee615..ec9ef47f0 100644 --- a/e107_admin/auth.php +++ b/e107_admin/auth.php @@ -56,23 +56,19 @@ else $use_imagecode = ($pref['logcode'] && extension_loaded("gd")); - if ($use_imagecode) - { - require_once (e_HANDLER."secure_img_handler.php"); - $sec_img = new secure_image; - } - if ($_POST['authsubmit']) { $obj = new auth; if ($use_imagecode) - { - if (!$sec_img->verify_code($_POST['rand_num'], $_POST['code_verify'])) + { + if (e107::getSecureImg()->invalidCode($_POST['rand_num'], $_POST['code_verify'])) { - echo "\n"; - header("location: ../index.php"); + e107::getRedirect()->redirect('admin.php?failed'); exit; + // echo "\n"; + // header("location: ../index.php"); + // exit; } } @@ -201,6 +197,9 @@ else #userpass {background: url(".e_IMAGE."admin_images/lock_16.png) no-repeat scroll 7px 7px; padding-left:30px; } + input[disabled] { color: silver; } + button[disabled] span { color: silver; } + "); @@ -227,51 +226,6 @@ class auth $frm = e107::getForm(); $incChap = (vartrue($pref['password_CHAP'], 0)) ? " onsubmit='hashLoginPassword(this)'" : ""; - - /* - - $text = "
-
- - - - - - - - - - \n"; - - if ($use_imagecode) - { - $text .= " - - - - - "; - } - - $text .= " - - - -
".(file_exists(THEME."images/password.png") ? "\n" : "\n")."".ADLAN_89."\n
".ADLAN_90."\n"; - - $session = e107::getSession(); - if ($session->is('challenge') && varset($pref['password_CHAP'], 0)) - - $text .= "\n\n"; - $text .= "
".ADLAN_152." - ".$sec_img->r_image()."
" - .$frm->admin_button('authsubmit',ADLAN_91). - "
-
-
"; - - e107::getRender()->tablerender(ADLAN_92, $text, 'admin-login'); - */ // Start Clean // NOTE: this should NOT be a template of the admin-template, however themes may style it using css. @@ -299,11 +253,9 @@ class auth { $text .= "
- - - " - .$sec_img->r_image(). - " + " + .e107::getSecureImg()->renderImage(). + e107::getSecureImg()->renderInput()."
"; } diff --git a/e107_core/shortcodes/batch/signup_shortcodes.php b/e107_core/shortcodes/batch/signup_shortcodes.php index d161b9ff7..52022fe77 100755 --- a/e107_core/shortcodes/batch/signup_shortcodes.php +++ b/e107_core/shortcodes/batch/signup_shortcodes.php @@ -289,7 +289,7 @@ class signup_shortcodes extends e_shortcode } - function sc_signup_images() + function sc_signup_images() // AVATARS { global $pref; if($pref['signup_option_image']) @@ -341,10 +341,20 @@ class signup_shortcodes extends e_shortcode global $signup_imagecode, $rs, $sec_img; if($signup_imagecode) { - return $rs->form_hidden("rand_num", $sec_img->random_number). $sec_img->r_image()."
".$rs->form_text("code_verify", 20, "", 20); + return e107::getSecureImg()->r_image()."
".e107::getSecureImg()->renderInput()."
"; + // return $rs->form_hidden("rand_num", $sec_img->random_number). $sec_img->r_image()."
".$rs->form_text("code_verify", 20, "", 20); } } + function sc_signup_imagecode_label() + { + global $signup_imagecode,$sec_img; + if($signup_imagecode) + { + return $sec_img->renderLabel(); + } + } + function sc_signup_form_close() { diff --git a/e107_handlers/e107_class.php b/e107_handlers/e107_class.php index a928ea216..9f573cc0a 100644 --- a/e107_handlers/e107_class.php +++ b/e107_handlers/e107_class.php @@ -202,8 +202,8 @@ class e107 'user_class' => '{e_HANDLER}userclass_class.php', 'userlogin' => '{e_HANDLER}login.php', 'xmlClass' => '{e_HANDLER}xml_class.php', - 'eIPHandler' => '{e_HANDLER}iphandler_class.php' - + 'eIPHandler' => '{e_HANDLER}iphandler_class.php', + 'secure_image' => '{e_HANDLER}secure_img_handler.php' ); @@ -958,6 +958,17 @@ class e107 { return self::getSingleton('e_parse_shortcode', true); } + + + /** + * Retrieve secure_image singleton object + * + * @return secure_image + */ + public static function getSecureImg() + { + return self::getSingleton('secure_image', true); + } /** * Retrieve registered sc object (batch) by class name diff --git a/e107_handlers/override_class.php b/e107_handlers/override_class.php index 512598952..9d873b897 100644 --- a/e107_handlers/override_class.php +++ b/e107_handlers/override_class.php @@ -70,7 +70,7 @@ class override { public function check($override,$method='') // alias with check for class object { - if(vartrue($method)) + if($method != '') { $class = get_class($override); $override = $class."::".$method; diff --git a/e107_handlers/secure_img_handler.php b/e107_handlers/secure_img_handler.php index ee43e925a..0f3f911bd 100644 --- a/e107_handlers/secure_img_handler.php +++ b/e107_handlers/secure_img_handler.php @@ -13,6 +13,8 @@ if (!defined('e107_INIT')) { exit; } + + class secure_image { public $random_number; @@ -24,11 +26,15 @@ class secure_image function secure_image() { + +/* if ($user_func = e107::getOverride()->check($this,'secure_image')) { return call_user_func($user_func); } - + * */ + + list($usec, $sec) = explode(" ", microtime()); $this->random_number = str_replace(".", "", $sec.$usec); @@ -74,7 +80,9 @@ class secure_image return $recnum; } - + /* Return TRUE if code is valid, otherwise return FALSE + * + */ function verify_code($rec_num, $checkstr) { if ($user_func = e107::getOverride()->check($this,'verify_code')) @@ -94,6 +102,31 @@ class secure_image } return FALSE; } + + + + // Return an Error message (true) if check fails, otherwise return false. + function invalidCode($rec_num,$checkstr) + { + if ($user_func = e107::getOverride()->check($this,'invalidCode')) + { + return call_user_func($user_func,$rec_num,$checkstr); + } + + if($this->verify_code($rec_num,$checkstr)) + { + return false; + } + else + { + return LAN_INVALID_CODE; + } + + return true; + + } + + function r_image() { @@ -105,16 +138,49 @@ class secure_image $code = $this->create_code(); return ""; } + + + function renderImage() // Alias of r_image + { + return $this->r_image(); + } + function renderInput() + { + if ($user_func = e107::getOverride()->check($this,'renderInput')) + { + return call_user_func($user_func); + } + + $frm = e107::getForm(); + return $frm->hidden("rand_num", $this->random_number).$frm->text("code_verify", "", 20, "","size=20"); + } + + function renderLabel() + { + if ($user_func = e107::getOverride()->check($this,'renderLabel')) + { + return call_user_func($user_func); + } + + return LAN_ENTER_CODE; + } + + /** * Render the generated Image. Called without class2 environment (standalone). */ function render($qcode) { - if ($user_func = e107::getOverride()->check($this,'render')) + + require_once($this->BASE_DIR.$this->HANDLERS_DIRECTORY."override_class.php"); + $over = new override; + + if ($user_func = $over->check($this,'render')) { + return call_user_func($user_func,$qcode); } diff --git a/e107_handlers/secure_img_render.php b/e107_handlers/secure_img_render.php index 16d24d878..9618213ca 100644 --- a/e107_handlers/secure_img_render.php +++ b/e107_handlers/secure_img_render.php @@ -24,11 +24,13 @@ ?> */ - +// error_reporting(E_ALL); define('e107_INIT', true); + require_once(realpath(dirname(__FILE__)."/secure_img_handler.php")); $sim = new secure_image(); + $sim->render($_SERVER['QUERY_STRING']); exit; diff --git a/e107_languages/English/English.php b/e107_languages/English/English.php index c509de911..5b8880497 100644 --- a/e107_languages/English/English.php +++ b/e107_languages/English/English.php @@ -55,4 +55,8 @@ define('LAN_OK', 'OK'); define('LAN_CONTINUE', 'Continue'); define('LAN_ENTER', 'Enter'); define('LAN_HOOKS', 'Hooks'); +define('LAN_ENTER_CODE', "Enter code"); +define('LAN_INVALID_CODE', "Incorrect code entered."); + + diff --git a/e107_themes/templates/signup_template.php b/e107_themes/templates/signup_template.php index 4666f6f83..7f7387c31 100755 --- a/e107_themes/templates/signup_template.php +++ b/e107_themes/templates/signup_template.php @@ -146,7 +146,7 @@ $sc_style['SIGNUP_IMAGES']['post'] = " $sc_style['SIGNUP_IMAGECODE']['pre'] = " - ".LAN_SIGNUP_95.req(2)." + ".e107::getSecureImg()->renderLabel().req(2)." "; $sc_style['SIGNUP_IMAGECODE']['post'] = " diff --git a/signup.php b/signup.php index fdddf8fdb..bebfaebf6 100644 --- a/signup.php +++ b/signup.php @@ -2,7 +2,7 @@ /* * e107 website system * - * Copyright (C) 2008-2011 e107 Inc (e107.org) + * Copyright (C) 2008-2012 e107 Inc (e107.org) * Released under the terms and conditions of the * GNU General Public License (http://www.gnu.org/licenses/gpl.txt) * @@ -208,6 +208,45 @@ if(!$_POST) $signature = ''; } + + +if(e_QUERY == 'thirdparty') +{ + $config = array( + "base_url" => "http://godoholics.org/e107_handlers/hybridauth/", + "providers" => array + ( + "Facebook" => array + ( + "enabled" => true, + "keys" => array ( "id" => "341715689232729", "secret" => "001c35bdb735ace858317eba40b2ed15" ), + "scope" => "email, user_about_me, user_birthday, user_hometown", + "display" => "popup", + ) + ), + "debug_mode" => true , + "debug_file" => e_HANDLER."hybridauth/hybridauth.log" + ); + + + require_once(e_HANDLER."hybridauth/Hybrid/Auth.php"); + + + $hybridauth = new Hybrid_Auth( $config ); + + $adapter = $hybridauth->authenticate( "Facebook" ); + $user_profile = $adapter->getUserProfile(); + + print_a($user_profile); + +} + + + + + + + if(ADMIN && (e_QUERY == 'preview' || e_QUERY == 'test' || e_QUERY == 'preview.aftersignup')) { if(e_QUERY == "preview.aftersignup") @@ -366,15 +405,17 @@ if (e_QUERY) //---------------------------------------- // Initial signup (registration) //---------------------------------------- + if (isset($_POST['register'])) -{ +{ $e107cache->clear("online_menu_totals"); require_once(e_HANDLER."message_handler.php"); if (isset($_POST['rand_num']) && $signup_imagecode) - { - if (!$sec_img->verify_code($_POST['rand_num'], $_POST['code_verify'])) + { + if ($badCodeMsg = e107::getSecureImg()->invalidCode($_POST['rand_num'], $_POST['code_verify'])) // better: allows class to return the error. { - $extraErrors[] = LAN_SIGNUP_3."\\n"; + //$extraErrors[] = LAN_SIGNUP_3."\\n"; + $extraErrors[] = $badCodeMsg."\\n"; $error = TRUE; } } @@ -385,7 +426,6 @@ if (isset($_POST['register'])) $error = TRUE; } - if (!$error) { if (varsettrue($pref['predefinedLoginName'])) @@ -478,7 +518,7 @@ if (isset($_POST['register'])) $error = ((isset($allData['errors']) && count($allData['errors'])) || (isset($eufVals['errors']) && count($eufVals['errors'])) || count($extraErrors)); // All validated here - handle any errors - if ($error) + if ($error) //FIXME - this ignores the errors caused by invalid image-code. { require_once(e_HANDLER."message_handler.php"); $temp = array(); @@ -498,7 +538,10 @@ if (isset($_POST['register'])) message_handler('P_ALERT', implode('
', $temp)); } } // End of data validation - + else + { + message_handler('P_ALERT', implode('
', $extraErrors)); // Workaround for image-code errors. + } // ========== End of verification.. ==============