Okay, that is pretty raw, but better to have it in place than trying to play catch-up. Introducing an early stage of CAPTCHA modules.

git-svn-id: file:///svn/phpbb/trunk@8889 89ea8834-ac86-4346-8a33-228a782c2dd0
2025-08-06 16:56:44 +02:00 · 2008-09-19 13:17:30 +00:00
parent 5349280538
commit 461be11e8d
23 changed files with 937 additions and 415 deletions
--- a/phpBB/includes/auth/auth_db.php
+++ b/phpBB/includes/auth/auth_db.php
@@ -81,42 +81,15 @@ function login_db(&$username, &$password)
 		}
 		else
 		{
-			global $user;
-
-			$sql = 'SELECT code
-				FROM ' . CONFIRM_TABLE . "
-				WHERE confirm_id = '" . $db->sql_escape($confirm_id) . "'
-					AND session_id = '" . $db->sql_escape($user->session_id) . "'
-					AND confirm_type = " . CONFIRM_LOGIN;
-			$result = $db->sql_query($sql);
-			$confirm_row = $db->sql_fetchrow($result);
-			$db->sql_freeresult($result);
-
-			if ($confirm_row)
-			{
-				if (strcasecmp($confirm_row['code'], $confirm_code) === 0)
-				{
-					$sql = 'DELETE FROM ' . CONFIRM_TABLE . "
-						WHERE confirm_id = '" . $db->sql_escape($confirm_id) . "'
-							AND session_id = '" . $db->sql_escape($user->session_id) . "'
-							AND confirm_type = " . CONFIRM_LOGIN;
-					$db->sql_query($sql);
-				}
-				else
-				{
-					return array(
-						'status'		=> LOGIN_ERROR_ATTEMPTS,
-						'error_msg'		=> 'CONFIRM_CODE_WRONG',
-						'user_row'		=> $row,
-					);
-				}
-			}
-			else
+			$captcha = phpbb_captcha_factory::get_instance($config['captcha_plugin']);
+			$captcha->init(CONFIRM_LOGIN);
+			$vc_response = $captcha->validate();
+			if ($vc_response)
 			{
 				return array(
-					'status'		=> LOGIN_ERROR_ATTEMPTS,
-					'error_msg'		=> 'CONFIRM_CODE_WRONG',
-					'user_row'		=> $row,
+						'status'		=> LOGIN_ERROR_ATTEMPTS,
+						'error_msg'		=> 'LOGIN_ERROR_ATTEMPTS',
+						'user_row'		=> $row,
 				);
 			}
 		}