Issue #1356 - Secure Image now using sessions and working with PHP 7.0.3

2025-08-02 20:57:26 +02:00 · 2016-02-26 11:54:57 -08:00
parent ffa8c41846
commit d295a434c3
3 changed files with 78 additions and 94 deletions
--- a/e107_admin/auth.php
+++ b/e107_admin/auth.php
@@ -326,13 +326,13 @@ class auth
 		    <div class='field'>
 		    	<label for='username'>".ADLAN_89."</label> 
 		    	<input class='tbox e-tip' type='text' autofocus required='required' name='authname' placeholder='".ADLAN_89."' id='username' size='30' value='' maxlength='".varset($pref['loginname_maxlength'], 30)."' />
-		    	<div class='field-help'>".LAN_ENTER_USRNAME_EMAIL."</div>
+		    	<div class='field-help' data-placement='right'>".LAN_ENTER_USRNAME_EMAIL."</div>
 		   	</div>			
 		    <div class='field'>
 		    	<label for='userpass'>".ADLAN_90."</label>
 		    	<input class='tbox e-tip'  type='password' required='required' name='authpass' placeholder='".ADLAN_90."' id='userpass' size='30' value='' maxlength='30' />
-		    	<div class='field-help'>".LAN_PWD_REQUIRED."</div>
+		    	<div class='field-help' data-placement='right'>".LAN_PWD_REQUIRED."</div>
 		    </div>";
 		if ($use_imagecode)
--- a/e107_handlers/secure_img_handler.php
+++ b/e107_handlers/secure_img_handler.php
@@ -16,7 +16,6 @@ class secure_image
 	protected $HANDLERS_DIRECTORY;
 	protected $IMAGES_DIRECTORY;
 	protected $FONTS_DIRECTORY;
 	protected $MYSQL_INFO;
 	protected $THIS_DIR;
 	protected $BASE_DIR;
 	public $FONT_COLOR = "90,90,90";
@@ -32,74 +31,17 @@ class secure_image
 * */
 		list($usec, $sec) = explode(" ", microtime());
 		$this->random_number = str_replace(".", "", $sec.$usec);
        if(class_exists('e107'))
        {
        $this->BASE_DIR             = e_BASE;
        $CORE_DIRECTORY             = e107::getFolder('CORE');
 		$this->HANDLERS_DIRECTORY 	= e107::getFolder('HANDLERS');
 		$this->FONTS_DIRECTORY 		= !empty($CORE_DIRECTORY) ? $CORE_DIRECTORY."fonts/" : "e107_core/fonts/";
 		//	$this->IMAGES_DIRECTORY 	= str_replace('/', DIRECTORY_SEPARATOR, $IMAGES_DIRECTORY);
 	    $this->IMAGES_DIRECTORY     =  e107::getFolder('IMAGES');
 			$this->MYSQL_INFO = array(
 				'mySQLdefaultdb' => e107::getMySQLConfig('defaultdb'),
 				'mySQLserver'    => e107::getMySQLConfig('server'),
 				'mySQLuser'      => e107::getMySQLConfig('user'),
 				'mySQLpassword'  => e107::getMySQLConfig('password'),
 				'mySQLprefix'    => e107::getMySQLConfig('prefix')
 			);
 	}
 		else
 		{
 			$imgp               = dirname(__FILE__);
 			if (substr($imgp,-1,1) != DIRECTORY_SEPARATOR) $imgp .= DIRECTORY_SEPARATOR;
 			$imgp = str_replace('/', DIRECTORY_SEPARATOR, $imgp);
 			$HANDLERS_DIRECTORY = '';
 			$IMAGES_DIRECTORY = '';
 			$mySQLdefaultdb = '';
 			$mySQLuser = '';
 			$mySQLpassword = '';
 			$mySQLprefix= '';
 			@include($imgp.'..'.DIRECTORY_SEPARATOR.'e107_config.php');
 			if(!isset($mySQLserver))
 			{
 				if(defined('e_DEBUG'))
 				{
 					echo "FAILED TO LOAD e107_config.php in secure_img_handler.php";
 				}
 				exit;
 			}
 			// FIX - new prefered configuration format - $E107_CONFIG
 			if(isset($E107_CONFIG))
 			{
 				extract($E107_CONFIG);
 			}
 			$this->THIS_DIR 	= $imgp;
 			$this->BASE_DIR 	= realpath($imgp.'..'.DIRECTORY_SEPARATOR).DIRECTORY_SEPARATOR;
 			$this->HANDLERS_DIRECTORY 	= $HANDLERS_DIRECTORY;
 			$this->FONTS_DIRECTORY 		= isset($CORE_DIRECTORY) ? $CORE_DIRECTORY."fonts/" : "e107_core/fonts/";
 		//	$this->IMAGES_DIRECTORY 	= str_replace('/', DIRECTORY_SEPARATOR, $IMAGES_DIRECTORY);
 	        $this->IMAGES_DIRECTORY     =  $IMAGES_DIRECTORY;
 			$this->MYSQL_INFO = array(
 				'mySQLdefaultdb' => $mySQLdefaultdb,
 				'mySQLserver'   => $mySQLserver,
 				'mySQLuser'     => $mySQLuser,
 				'mySQLpassword' => $mySQLpassword,
 				'mySQLprefix'    => $mySQLprefix);
 		}
 	}
 	function create_code()
 	{
 		if ($user_func = e107::getOverride()->check($this,'create_code'))
@@ -108,7 +50,7 @@ class secure_image
 		}
 		$pref = e107::getPref();
-		$sql = e107::getDb();
+	//	$sql = e107::getDb();
 		mt_srand ((double)microtime() * 1000000);
 		$maxran = 1000000;
@@ -117,24 +59,37 @@ class secure_image
 		$rcode = hexdec(md5($_SERVER['HTTP_USER_AGENT'] . serialize($pref). $rand_num . $datekey));
 		$code = substr($rcode, 2, 6);
 		$recnum = $this->random_number;
-		$del_time = time()+1200;
+	//	$del_time = time()+1200;
-		$sql->insert("tmp", "'{$recnum}',{$del_time},'{$code}'");
+	//	$sql->insert("tmp", "'{$recnum}',{$del_time},'{$code}'");
 		$_SESSION['secure_img'][$recnum] = $code;
 		return $recnum;
 	}
 	/* Return TRUE if code is valid, otherwise return FALSE 
 	 * 
 	 */
-	function verify_code($rec_num, $checkstr)
+	function verify_code($recnum, $checkstr)
 	{
 		if ($user_func = e107::getOverride()->check($this,'verify_code'))
 		{
-	 		return call_user_func($user_func,$rec_num,$checkstr);
+	 		return call_user_func($user_func,$recnum,$checkstr);
 		}
-		$sql = e107::getDb();
+	//	$sql = e107::getDb();
-		$tp = e107::getParser();
+	//	$tp = e107::getParser();
 		if(!empty($_SESSION['secure_img'][$recnum]) && (intval($_SESSION['secure_img'][$recnum]) == $checkstr))
 		{
 			unset($_SESSION['secure_img']);
 			return true;
 		}
 		else
 		{
 			return false;
 		}
 /*
 		if ($sql->select("tmp", "tmp_info", "tmp_ip = '".$tp -> toDB($rec_num)."'")) {
 			$row = $sql->fetch();
 			$sql->delete("tmp", "tmp_ip = '".$tp -> toDB($rec_num)."'");
@@ -142,13 +97,18 @@ class secure_image
 			$code = intval($row['tmp_info']);
 			return ($checkstr == $code);
 		}
-		return FALSE;
+		return FALSE;*/
 	}
 	// Return an Error message (true) if check fails, otherwise return false. 
-	function invalidCode($rec_num,$checkstr)
+	/**
 	 * @param $rec_num
 	 * @param $checkstr
 	 * @return bool|mixed|string
 	 */
 	function invalidCode($rec_num, $checkstr)
 	{
 		if ($user_func = e107::getOverride()->check($this,'invalidCode'))
 		{
@@ -169,6 +129,9 @@ class secure_image
 	//XXX Discuss - Add more posibilities for themers? e_CAPTCHA_BGIMAGE, e_CAPTCH_WIDTH, e_CAPTCHA_HEIGHT?
 	/**
 	 * @return mixed|string
 	 */
 	function r_image()
 	{
 		if ($user_func = e107::getOverride()->check($this,'r_image'))
@@ -186,7 +149,7 @@ class secure_image
 		}
 		$code = $this->create_code();
-		return "<img src='".e_HTTP.$this->IMAGES_DIRECTORY."secimg.php?id={$code}&amp;clr={$color}' class='icon secure-image' alt='Missing Code' style='max-width:100%' />";
+		return "<img src='".e_IMAGE_ABS."secimg.php?id={$code}&amp;clr={$color}' class='icon secure-image' alt='Missing Code' style='max-width:100%' />";
 	}
@@ -221,8 +184,9 @@ class secure_image
 	}
-	
+	/**
-
+	 * @return mixed|string
 	 */
 	function renderInput()
 	{
 		if ($user_func = e107::getOverride()->check($this,'renderInput'))
@@ -231,9 +195,11 @@ class secure_image
 		}
 		$frm = e107::getForm();	
-		return $frm->hidden("rand_num", $this->random_number).$frm->text("code_verify", "", 20, array("size"=>20,"title"=> LAN_ENTER_CODE,'required'=>1, 'placeholder'=>LAN_ENTER_CODE));
+		return $frm->hidden("rand_num", $this->random_number).$frm->text("code_verify", "", 20, array( "size"=>20, 'required'=>1, 'placeholder'=>LAN_ENTER_CODE));
 	}
 	/**
 	 * @return mixed|string
 	 */
@@ -262,9 +228,7 @@ class secure_image
 		}
 	//	echo "COLOR: ".$this->FONT_COLOR;
-		
+		$over = e107::getOverride();
 		require_once($this->BASE_DIR.$this->HANDLERS_DIRECTORY."override_class.php");
 		$over = new override;
 		if ($user_func = $over->check($this,'render'))
 		{
@@ -280,18 +244,30 @@ class secure_image
 		/** @FIXME - needs to use mysql class. */
-		@mysql_connect($this->MYSQL_INFO['mySQLserver'], $this->MYSQL_INFO['mySQLuser'],  $this->MYSQL_INFO['mySQLpassword']) || die('db connection failed');
+	//	@mysql_connect($this->MYSQL_INFO['mySQLserver'], $this->MYSQL_INFO['mySQLuser'],  $this->MYSQL_INFO['mySQLpassword']) || die('db connection failed');
-		@mysql_select_db($this->MYSQL_INFO['mySQLdefaultdb']);
+	//	@mysql_select_db($this->MYSQL_INFO['mySQLdefaultdb']);
-		$result = mysql_query("SELECT tmp_info FROM {$this->MYSQL_INFO['mySQLprefix']}tmp WHERE tmp_ip = '{$recnum}'");
+	//	$result = mysql_query("SELECT tmp_info FROM {$this->MYSQL_INFO['mySQLprefix']}tmp WHERE tmp_ip = '{$recnum}'");
-		if(!$result || !($row = mysql_fetch_array($result, MYSQL_ASSOC)))
+	//	if(!$result || !($row = mysql_fetch_array($result, MYSQL_ASSOC)))
 		{
 			// echo "Render Failed";
 			// echo "SELECT tmp_info FROM {$this->MYSQL_INFO['prefix']}tmp WHERE tmp_ip = '{$recnum}'";
 	//		exit;
 		}
 	//	$code = intval($row['tmp_info']); // new value
 		if(isset($_SESSION['secure_img'][$recnum]))
 		{
 			$code = $_SESSION['secure_img'][$recnum];
 		}
 		else
 		{
 			echo "Render Failed";
 			exit;
 		}
 		$code = intval($row['tmp_info']); // new value
 		$type = "none";
@@ -305,7 +281,7 @@ class secure_image
 			}
 		}
-		$path 		= $this->BASE_DIR.$this->IMAGES_DIRECTORY;
+		$path 		= e_IMAGE;
 		$fontpath 	= $this->BASE_DIR.$this->IMAGES_DIRECTORY;
 		$secureimg 	= array();
--- a/e107_images/secimg.php
+++ b/e107_images/secimg.php
@@ -22,8 +22,13 @@
 	 ?>
 */
 // error_reporting(E_ALL);
-define('e107_INIT', true);
+// define('e107_INIT', true);
 $_E107['no_online'] = true;
 $_E107['no_forceuserupdate'] = true;
 $_E107['no_menus'] = true;
 require_once("../class2.php");
 /*
 define('e_BASE',realpath("..".DIRECTORY_SEPARATOR).DIRECTORY_SEPARATOR);
@include(e_BASE.'e107_config.php');
 if(!isset($mySQLserver))
@@ -33,11 +38,13 @@ if(!isset($mySQLserver))
          echo "FAILED TO LOAD ".e_BASE."e107_config.php in secimg.php";
    }
    exit;
-}
+}*/
 require_once(realpath(e_BASE.$HANDLERS_DIRECTORY.DIRECTORY_SEPARATOR."secure_img_handler.php"));
 require_once(e_HANDLER."secure_img_handler.php");
 $sim = new secure_image();
 if(!isset($_GET['id']))
@@ -56,6 +63,7 @@ else
 	$color = "cccccc";		
 }
 $sim->render($code,$color);
 exit;