From d295a434c3c6cb0ac203bc41e67df847f83620f9 Mon Sep 17 00:00:00 2001 From: Cameron Date: Fri, 26 Feb 2016 11:54:57 -0800 Subject: [PATCH] Issue #1356 - Secure Image now using sessions and working with PHP 7.0.3 --- e107_admin/auth.php | 6 +- e107_handlers/secure_img_handler.php | 154 +++++++++++---------------- e107_images/secimg.php | 12 ++- 3 files changed, 78 insertions(+), 94 deletions(-) diff --git a/e107_admin/auth.php b/e107_admin/auth.php index 55925bbe8..70c6252e1 100644 --- a/e107_admin/auth.php +++ b/e107_admin/auth.php @@ -326,13 +326,13 @@ class auth
-
".LAN_ENTER_USRNAME_EMAIL."
+
".LAN_ENTER_USRNAME_EMAIL."
- -
".LAN_PWD_REQUIRED."
+ +
".LAN_PWD_REQUIRED."
"; if ($use_imagecode) diff --git a/e107_handlers/secure_img_handler.php b/e107_handlers/secure_img_handler.php index b04bd2e7e..c5e199b71 100644 --- a/e107_handlers/secure_img_handler.php +++ b/e107_handlers/secure_img_handler.php @@ -16,7 +16,6 @@ class secure_image protected $HANDLERS_DIRECTORY; protected $IMAGES_DIRECTORY; protected $FONTS_DIRECTORY; - protected $MYSQL_INFO; protected $THIS_DIR; protected $BASE_DIR; public $FONT_COLOR = "90,90,90"; @@ -32,74 +31,17 @@ class secure_image * */ list($usec, $sec) = explode(" ", microtime()); $this->random_number = str_replace(".", "", $sec.$usec); + $this->BASE_DIR = e_BASE; + $CORE_DIRECTORY = e107::getFolder('CORE'); + $this->HANDLERS_DIRECTORY = e107::getFolder('HANDLERS'); + $this->FONTS_DIRECTORY = !empty($CORE_DIRECTORY) ? $CORE_DIRECTORY."fonts/" : "e107_core/fonts/"; + $this->IMAGES_DIRECTORY = e107::getFolder('IMAGES'); - if(class_exists('e107')) - { - $this->BASE_DIR = e_BASE; - - $CORE_DIRECTORY = e107::getFolder('CORE'); - $this->HANDLERS_DIRECTORY = e107::getFolder('HANDLERS'); - $this->FONTS_DIRECTORY = !empty($CORE_DIRECTORY) ? $CORE_DIRECTORY."fonts/" : "e107_core/fonts/"; - // $this->IMAGES_DIRECTORY = str_replace('/', DIRECTORY_SEPARATOR, $IMAGES_DIRECTORY); - $this->IMAGES_DIRECTORY = e107::getFolder('IMAGES'); - $this->MYSQL_INFO = array( - 'mySQLdefaultdb' => e107::getMySQLConfig('defaultdb'), - 'mySQLserver' => e107::getMySQLConfig('server'), - 'mySQLuser' => e107::getMySQLConfig('user'), - 'mySQLpassword' => e107::getMySQLConfig('password'), - 'mySQLprefix' => e107::getMySQLConfig('prefix') - ); - - } - else - { - - - - $imgp = dirname(__FILE__); - if (substr($imgp,-1,1) != DIRECTORY_SEPARATOR) $imgp .= DIRECTORY_SEPARATOR; - $imgp = str_replace('/', DIRECTORY_SEPARATOR, $imgp); - - $HANDLERS_DIRECTORY = ''; - $IMAGES_DIRECTORY = ''; - $mySQLdefaultdb = ''; - $mySQLuser = ''; - $mySQLpassword = ''; - $mySQLprefix= ''; - - - @include($imgp.'..'.DIRECTORY_SEPARATOR.'e107_config.php'); - if(!isset($mySQLserver)) - { - if(defined('e_DEBUG')) - { - echo "FAILED TO LOAD e107_config.php in secure_img_handler.php"; - } - exit; - } - // FIX - new prefered configuration format - $E107_CONFIG - if(isset($E107_CONFIG)) - { - extract($E107_CONFIG); - } - - - $this->THIS_DIR = $imgp; - $this->BASE_DIR = realpath($imgp.'..'.DIRECTORY_SEPARATOR).DIRECTORY_SEPARATOR; - $this->HANDLERS_DIRECTORY = $HANDLERS_DIRECTORY; - $this->FONTS_DIRECTORY = isset($CORE_DIRECTORY) ? $CORE_DIRECTORY."fonts/" : "e107_core/fonts/"; - // $this->IMAGES_DIRECTORY = str_replace('/', DIRECTORY_SEPARATOR, $IMAGES_DIRECTORY); - $this->IMAGES_DIRECTORY = $IMAGES_DIRECTORY; - $this->MYSQL_INFO = array( - 'mySQLdefaultdb' => $mySQLdefaultdb, - 'mySQLserver' => $mySQLserver, - 'mySQLuser' => $mySQLuser, - 'mySQLpassword' => $mySQLpassword, - 'mySQLprefix' => $mySQLprefix); - } } + + function create_code() { if ($user_func = e107::getOverride()->check($this,'create_code')) @@ -108,7 +50,7 @@ class secure_image } $pref = e107::getPref(); - $sql = e107::getDb(); + // $sql = e107::getDb(); mt_srand ((double)microtime() * 1000000); $maxran = 1000000; @@ -117,24 +59,37 @@ class secure_image $rcode = hexdec(md5($_SERVER['HTTP_USER_AGENT'] . serialize($pref). $rand_num . $datekey)); $code = substr($rcode, 2, 6); $recnum = $this->random_number; - $del_time = time()+1200; - $sql->insert("tmp", "'{$recnum}',{$del_time},'{$code}'"); + // $del_time = time()+1200; + // $sql->insert("tmp", "'{$recnum}',{$del_time},'{$code}'"); + + $_SESSION['secure_img'][$recnum] = $code; + return $recnum; } /* Return TRUE if code is valid, otherwise return FALSE * */ - function verify_code($rec_num, $checkstr) + function verify_code($recnum, $checkstr) { if ($user_func = e107::getOverride()->check($this,'verify_code')) { - return call_user_func($user_func,$rec_num,$checkstr); + return call_user_func($user_func,$recnum,$checkstr); } - $sql = e107::getDb(); - $tp = e107::getParser(); + // $sql = e107::getDb(); + // $tp = e107::getParser(); + if(!empty($_SESSION['secure_img'][$recnum]) && (intval($_SESSION['secure_img'][$recnum]) == $checkstr)) + { + unset($_SESSION['secure_img']); + return true; + } + else + { + return false; + } +/* if ($sql->select("tmp", "tmp_info", "tmp_ip = '".$tp -> toDB($rec_num)."'")) { $row = $sql->fetch(); $sql->delete("tmp", "tmp_ip = '".$tp -> toDB($rec_num)."'"); @@ -142,13 +97,18 @@ class secure_image $code = intval($row['tmp_info']); return ($checkstr == $code); } - return FALSE; + return FALSE;*/ } // Return an Error message (true) if check fails, otherwise return false. - function invalidCode($rec_num,$checkstr) + /** + * @param $rec_num + * @param $checkstr + * @return bool|mixed|string + */ + function invalidCode($rec_num, $checkstr) { if ($user_func = e107::getOverride()->check($this,'invalidCode')) { @@ -169,6 +129,9 @@ class secure_image //XXX Discuss - Add more posibilities for themers? e_CAPTCHA_BGIMAGE, e_CAPTCH_WIDTH, e_CAPTCHA_HEIGHT? + /** + * @return mixed|string + */ function r_image() { if ($user_func = e107::getOverride()->check($this,'r_image')) @@ -186,7 +149,7 @@ class secure_image } $code = $this->create_code(); - return "Missing Code"; + return "Missing Code"; } @@ -219,10 +182,11 @@ class secure_image return implode(",", $rgb); } - - - + + /** + * @return mixed|string + */ function renderInput() { if ($user_func = e107::getOverride()->check($this,'renderInput')) @@ -231,9 +195,11 @@ class secure_image } $frm = e107::getForm(); - return $frm->hidden("rand_num", $this->random_number).$frm->text("code_verify", "", 20, array("size"=>20,"title"=> LAN_ENTER_CODE,'required'=>1, 'placeholder'=>LAN_ENTER_CODE)); + return $frm->hidden("rand_num", $this->random_number).$frm->text("code_verify", "", 20, array( "size"=>20, 'required'=>1, 'placeholder'=>LAN_ENTER_CODE)); } + + /** * @return mixed|string */ @@ -262,10 +228,8 @@ class secure_image } // echo "COLOR: ".$this->FONT_COLOR; - - require_once($this->BASE_DIR.$this->HANDLERS_DIRECTORY."override_class.php"); - $over = new override; - + $over = e107::getOverride(); + if ($user_func = $over->check($this,'render')) { @@ -280,18 +244,30 @@ class secure_image /** @FIXME - needs to use mysql class. */ - @mysql_connect($this->MYSQL_INFO['mySQLserver'], $this->MYSQL_INFO['mySQLuser'], $this->MYSQL_INFO['mySQLpassword']) || die('db connection failed'); - @mysql_select_db($this->MYSQL_INFO['mySQLdefaultdb']); + // @mysql_connect($this->MYSQL_INFO['mySQLserver'], $this->MYSQL_INFO['mySQLuser'], $this->MYSQL_INFO['mySQLpassword']) || die('db connection failed'); + // @mysql_select_db($this->MYSQL_INFO['mySQLdefaultdb']); - $result = mysql_query("SELECT tmp_info FROM {$this->MYSQL_INFO['mySQLprefix']}tmp WHERE tmp_ip = '{$recnum}'"); - if(!$result || !($row = mysql_fetch_array($result, MYSQL_ASSOC))) + // $result = mysql_query("SELECT tmp_info FROM {$this->MYSQL_INFO['mySQLprefix']}tmp WHERE tmp_ip = '{$recnum}'"); + // if(!$result || !($row = mysql_fetch_array($result, MYSQL_ASSOC))) { // echo "Render Failed"; // echo "SELECT tmp_info FROM {$this->MYSQL_INFO['prefix']}tmp WHERE tmp_ip = '{$recnum}'"; + // exit; + } + + // $code = intval($row['tmp_info']); // new value + + + if(isset($_SESSION['secure_img'][$recnum])) + { + $code = $_SESSION['secure_img'][$recnum]; + } + else + { + echo "Render Failed"; exit; } - $code = intval($row['tmp_info']); // new value $type = "none"; @@ -305,7 +281,7 @@ class secure_image } } - $path = $this->BASE_DIR.$this->IMAGES_DIRECTORY; + $path = e_IMAGE; $fontpath = $this->BASE_DIR.$this->IMAGES_DIRECTORY; $secureimg = array(); diff --git a/e107_images/secimg.php b/e107_images/secimg.php index 2f58494e9..1e5cfbc8c 100644 --- a/e107_images/secimg.php +++ b/e107_images/secimg.php @@ -22,8 +22,13 @@ ?> */ // error_reporting(E_ALL); -define('e107_INIT', true); +// define('e107_INIT', true); +$_E107['no_online'] = true; +$_E107['no_forceuserupdate'] = true; +$_E107['no_menus'] = true; +require_once("../class2.php"); +/* define('e_BASE',realpath("..".DIRECTORY_SEPARATOR).DIRECTORY_SEPARATOR); @include(e_BASE.'e107_config.php'); if(!isset($mySQLserver)) @@ -33,11 +38,13 @@ if(!isset($mySQLserver)) echo "FAILED TO LOAD ".e_BASE."e107_config.php in secimg.php"; } exit; -} +}*/ require_once(realpath(e_BASE.$HANDLERS_DIRECTORY.DIRECTORY_SEPARATOR."secure_img_handler.php")); +require_once(e_HANDLER."secure_img_handler.php"); + $sim = new secure_image(); if(!isset($_GET['id'])) @@ -56,6 +63,7 @@ else $color = "cccccc"; } + $sim->render($code,$color); exit;