Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Captcha Security
Author Message
jane65
Regular
Regular


Joined: Feb 24, 2009
Posts: 81
Location: UK

PostPosted: Tue Jan 15, 2013 6:04 pm Reply with quote

On the account confirmation page near the end of the account registration process, if the security code is typed incorrectly, the User is taken to an Error page which says 'Security Code is incorrect, Please go back and type it exactly as given .... There was actually no active link in that sentence or on the page for the User to return to the security code to retype it, so I found the sentence in language/lang-english.php and put a link in using <a href="javascript:history.go(-1)">go back</a>in the sentence, but when the link is clicked it returns to an Internet Explorer Webpage Has Expired page instead.

I can get the account confirmation page back up but ONLY by refreshing the IE Expired page.

The modules/Your_Account/public/new_confirm.php is where the code is for this security code error page but I don't really have a clue what code to alter or add to fix this, so would appreciate if someone could point me in the right direction to fix it.

Thanks in advance for any help Smile
 
View user's profile Send private message
Guardian2003
Site Admin


Joined: Aug 28, 2003
Posts: 6793
Location: Ha Noi, Viet Nam

PostPosted: Wed Jan 16, 2013 5:05 pm Reply with quote

Which version of RavenNuke are you using? I have never seen this problem before.
 
View user's profile Send private message Send e-mail
hicuxunicorniobestbuildpc
Life Cycles Becoming CPU Cycles


Joined: Aug 13, 2009
Posts: 967
Location: Netherland

PostPosted: Wed Jan 16, 2013 6:12 pm Reply with quote

jane65, I think you were playing with this file class.php-captcha.php

Please upload the original and let us know.
 
View user's profile Send private message Visit poster's website
jane65
PostPosted: Thu Jan 17, 2013 4:46 am Reply with quote

Hi thanks for the replies. I have changed the modules/Your_Account/public/new_confirm.php page code a bit and other files in Your_Account/public/ to change the look of it as best as I could, and everything works ok apart from the Security Code IE error. I did upload the original new_confirm.php page that came with RN25 (which I'm using) to see what would happen with the original file in place, and still had the same problem. I don't think I've played with the class.php-captcha.php as far as I can remember.

Here's my new_confirm.php file

Code:



<?php
/**************************************************************************/
/* RN Your Account: Advanced User Management for RavenNuke
/* =======================================================================*/
/*
/* Copyright (c) 2008-2011, RavenPHPScripts.com   http://www.ravenphpscripts.com
/*
/* This program is free software. You can redistribute it and/or modify it
/* under the terms of the GNU General Public License as published by the
/* Free Software Foundation, version 2 of the license.
/*
/**************************************************************************/
/* RN Your Account is the based on:
/*  CNB Your Account http://www.phpnuke.org.br
/*  NSN Your Account by Bob Marion, http://www.nukescripts.net
/**************************************************************************/
if (!defined('RNYA')) {
   header('Location: ../../../index.php');
   die();
}
$errormsg = '';
include_once 'header.php';
$ya_username = check_html($ya_username, 'nohtml');
ya_userCheck($ya_username);
$stop = str_replace('<div class="text-center">', '', $stop);
$stop = str_replace('</div>', '', $stop);
$stop = str_replace('<br />', '', $stop);
$stop = str_replace('ERROR:', 'ERROR:', $stop);
if (!empty($stop)) {
   $errormsg .= $stop . '<br />';
}
if (!isset($user_viewemail)) $user_viewemail = '0';
$ya_user_email = strtolower(check_html($ya_user_email, 'nohtml'));
if ($ya_config['userealname'] < '2') {
   $ya_realname = '';
}
if ($ya_realname == '' && ($ya_config['userealname'] == 3 or $ya_config['userealname'] == '5')) {
   $errormsg .= _YA_NOREALNAME . '<br />';
}
if ($ya_config['doublecheckemail'] == 0) {
   $ya_user_email2 == $ya_user_email;
} else {
   $ya_user_email2 = strtolower($ya_user_email2);
   if ($ya_user_email != $ya_user_email2) {
      $errormsg .= _EMAILDIFFERENT . '<br />';
   }
}
ya_mailCheck($ya_user_email);
if ($bio == '' && ($ya_config['useextrainfo'] == '3' or $ya_config['useextrainfo'] == '5')) $errormsg .= _EXTRAINFO . ' ' . _REQUIRED . '<br />';
$stop = str_replace('<div class="text-center">', '', $stop);
$stop = str_replace('</div>', '', $stop);
$stop = str_replace('<br />', '', $stop);
$stop = str_replace('ERROR:', '', $stop);
if (!empty($stop)) {
   $errormsg .= $stop . '<br />';
}
$datekey = date('F j');
// fkelly 6/11/2008 took random num out and put check for gfx_chk being set in
// not sure where random num is supposed to be posted from and gfx check will throw an error if it is not set
$rcode = hexdec(md5($_SERVER['HTTP_USER_AGENT'] . $sitekey . $datekey));
// $rcode = hexdec(md5($_SERVER['HTTP_USER_AGENT'] . $sitekey . $_POST['random_num'] . $datekey));
$code = substr($rcode, 2, $ya_config['codesize']);
/*
 * montego - usegfxcheck is not configurable for RN and only the RN captcha security
 * code should be used.  Therefore, to avoid conflicts, following code is being commented out.
 *
if (isset($gfx_check)) {
   if (extension_loaded('gd') AND $code != $gfx_check AND ($ya_config['usegfxcheck'] == 1 OR $ya_config['usegfxcheck'] == 3)) {
      $errormsg .= _SECCODEINCOR . '';
   }
}
*/
if ($user_password == '' AND $user_password2 == '') {
   $user_password = YA_MakePass();
} elseif ($user_password != $user_password2) {
   $errormsg .= _PASSDIFFERENT . '';
} elseif ($user_password == $user_password2 AND (strlen($user_password) < $ya_config['pass_min'] OR strlen($user_password) > $ya_config['pass_max'])) {
   $errormsg .= _YA_PASSLENGTH . '';
}
$result = $db->sql_query('SELECT * FROM ' . $user_prefix . '_users_fields WHERE need = \'3\' ORDER BY pos');
while ($sqlvalue = $db->sql_fetchrow($result)) {
   $t = $sqlvalue['fid'];
   if (trim($nfield[$t]) == '') {
      $name_exit = ya_GetCustomFieldDesc($sqlvalue['name']);
      $errormsg .= _YA_FILEDNEED1 . $name_exit . _YA_FILEDNEED2 . '';
   }
}
if (empty($errormsg)) {
   if ($ya_config['requireadmin'] == 1) {
      $ncTitle = _USERAPPLOGIN;
      $ncNext = _USERAPPFINALSTEP;
      $ncNote = '<strong>' . _NOTE . '</strong> ' . _WAITAPPROVAL;
   } elseif ($ya_config['useactivate'] == 1) {
      $ncTitle = _USERREGLOGIN;
      $ncNext = _USERFINALSTEP;
      $ncNote = '<strong>' . _NOTE . '</strong> ' . _YOUWILLRECEIVE;
   } else {
      $ncTitle = _USERREGLOGIN;
      $ncNext = _USERFINALSTEP;
      $ncNote = '';
   }
   OpenTable();
   echo '<div style="width:670px; margin-right:10px; border:0px solid #bdbdbd;"><br /><br /><br /><table width="640" align="center" border="0"><tr><td align="left"><font face="verdana" size="4" color="#7B84BF"><strong>' . _USERREGLOGIN . ' cont . . .</strong></font><br /><br /><br /></td></tr></table><table width="600" align="center" border="0"><tr><td><br /><center><font size="4" color="#D778CF"><b>Account Registration Details</b></font><br /><br /><br /><font size="2" color="#47354A"><strong>' . $ya_username . ', please check the following information.</strong></font></center><br /></tr></td></table>';
   echo '<table align="center" border="0">';
   echo '<tr><td width="50%"><br /><font size="2" color="#751670"><b>' . _USERNAME . ':</b></font></td><td align="left"><br /><font size="2" color="#751670">' . $ya_username . '</font><br /></td></tr>';
   if ($ya_config['userealname'] > 1) echo '<tr><td width="50%"><font size="2" color="#751670"><b>' . _UREALNAME . ':</b></font><br /></td><td align="left"><font size="2" color="#751670">' . $ya_realname . '</font><br /></td></tr>';
   echo '<tr><td width="50%"><font size="2" color="#751670"><b>' . _EMAIL . ':</b></font></td><td align="left"><font size="2" color="#751670">' . $ya_user_email . '</font></td></tr>';
   echo '</table>';
   echo '<br /><br /><center>';
   echo '<div style="background-color:#352d3c; width:300px; align:center;" class="rounded"><form action="modules.php?name=' . $module_name . '" method="post"><br /><font color="#dbcddb">';
   echo security_code(array(3, 4, 6, 7) , 'stacked');
   if (isset($nfield)) {
      if (count($nfield) > 0) {
         foreach($nfield as $key => $var) {
            echo '<input type="hidden" name="nfield[' . $key . ']" value="' . $var . '" />';
         }
      }
   }
   echo '<input type="hidden" name="random_num" value="' . $random_num . '" />';
   echo '<input type="hidden" name="ya_username" value="' . $ya_username . '" />';
   echo '<input type="hidden" name="ya_realname" value="' . $ya_realname . '" />';
   echo '<input type="hidden" name="ya_user_email" value="' . $ya_user_email . '" />';
   echo '<input type="hidden" name="user_password" value="' . $user_password . '" />';
   if ($ya_config['requireadmin'] == 0 AND $ya_config['useactivate'] == 1) {
      if (isset($femail)) echo '<input type="hidden" name="femail" value="' . htmlspecialchars($femail, ENT_QUOTES) . '" />';
      if (isset($user_website)) echo '<input type="hidden" name="user_website" value="' . htmlspecialchars($user_website, ENT_QUOTES) . '" />';
      if (isset($user_icq)) echo '<input type="hidden" name="user_icq" value="' . htmlspecialchars($user_icq, ENT_QUOTES) . '" />';
      if (isset($user_aim)) echo '<input type="hidden" name="user_aim" value="' . htmlspecialchars($user_aim, ENT_QUOTES) . '" />';
      if (isset($user_yim)) echo '<input type="hidden" name="user_yim" value="' . htmlspecialchars($user_yim, ENT_QUOTES) . '" />';
      if (isset($user_msnm)) echo '<input type="hidden" name="user_msnm" value="' . htmlspecialchars($user_msnm, ENT_QUOTES) . '" />';
      if (isset($user_from)) echo '<input type="hidden" name="user_from" value="' . htmlspecialchars($user_from, ENT_QUOTES) . '" />';
      if (isset($user_occ)) echo '<input type="hidden" name="user_occ" value="' . htmlspecialchars($user_occ, ENT_QUOTES) . '" />';
      if (isset($user_interests)) echo '<input type="hidden" name="user_interests" value="' . htmlspecialchars($user_interests, ENT_QUOTES) . '" />';
      if (isset($newsletter)) echo '<input type="hidden" name="newsletter" value="' . intval($newsletter) . '" />';
      if (isset($user_viewemail)) echo '<input type="hidden" name="user_viewemail" value="' . htmlspecialchars($user_viewemail, ENT_QUOTES) . '" />';
      if (isset($user_allow_viewonline)) echo '<input type="hidden" name="user_allow_viewonline" value="' . intval($user_allow_viewonline) . '" />';
      if (isset($user_timezone)) echo '<input type="hidden" name="user_timezone" value="' . htmlspecialchars($user_timezone, ENT_QUOTES) . '" />';
      if (isset($user_dateformat)) echo '<input type="hidden" name="user_dateformat" value="' . htmlspecialchars($user_dateformat, ENT_QUOTES) . '" />';
      if (isset($user_sig)) echo '<input type="hidden" name="user_sig" value="' . htmlspecialchars($user_sig, ENT_QUOTES) . '" />';
      if (isset($bio)) echo '<input type="hidden" name="bio" value="' . htmlspecialchars($bio, ENT_QUOTES) . '" />';
   }
   echo '<input type="hidden" name="op" value="new_finish" />';
   echo '</font><br /></div><font size="2" color="#000000">' . _USERCHECKDATA . '</font><br /><br /><br /><input type="image" src="/modules/Your_Account/images/submitrg.gif" value="Submit" /></p></form><br /><br /><br /><center>[ <a href="javascript:history.go(-1)"><u>Go Back</u></a> ]</center><br /><br /><br /><br />';
   } else {
   echo '<br /><div style="width:670px; margin-left:10px; margin-right:0px; border:0px solid #bdbdbd;"><form action="modules.php?name=' . $module_name . '&amp;op=new_user" method="post">';
   echo '<br /><br /><br /><div class="text-left title"><font color="red"><strong>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;' . _ERRORREG . ' . . .</font></strong></div><br /><br/><br /><br /><font color="red">' . $errormsg;
   $errormsg = htmlentities($errormsg);
       echo '</font><input type="hidden" name="errormsg" value="' . $errormsg . '" /><br />';
   echo '<input type="hidden" name="op" value="new_user" />';
}
echo '<input type="hidden" name="ya_username" value="' . $ya_username . '" />';
echo '<input type="hidden" name="ya_realname" value="' . $ya_realname . '" />';
echo '<input type="hidden" name="ya_user_email" value="' . $ya_user_email . '" />';
echo '<input type="hidden" name="ya_user_email2" value="' . $ya_user_email2 . '" />';
echo '<input type="hidden" name="user_password" value="' . $user_password . '" />';
echo '<input type="hidden" name="user_password2" value="' . $user_password2 . '" />';
if (isset($femail)) echo '<input type="hidden" name="femail" value="' . htmlspecialchars($femail, ENT_QUOTES, _CHARSET) . '" />';
if (isset($user_website)) echo '<input type="hidden" name="user_website" value="' . htmlspecialchars($user_website, ENT_QUOTES, _CHARSET) . '" />';
if (isset($user_icq)) echo '<input type="hidden" name="user_icq" value="' . htmlspecialchars($user_icq, ENT_QUOTES, _CHARSET) . '" />';
if (isset($user_aim)) echo '<input type="hidden" name="user_aim" value="' . htmlspecialchars($user_aim, ENT_QUOTES, _CHARSET) . '" />';
if (isset($user_yim)) echo '<input type="hidden" name="user_yim" value="' . htmlspecialchars($user_yim, ENT_QUOTES, _CHARSET) . '" />';
if (isset($user_msnm)) echo '<input type="hidden" name="user_msnm" value="' . htmlspecialchars($user_msnm, ENT_QUOTES, _CHARSET) . '" />';
if (isset($user_from)) echo '<input type="hidden" name="user_from" value="' . htmlspecialchars($user_from, ENT_QUOTES, _CHARSET) . '" />';
if (isset($user_occ)) echo '<input type="hidden" name="user_occ" value="' . htmlspecialchars($user_occ, ENT_QUOTES, _CHARSET) . '" />';
if (isset($user_interests)) echo '<input type="hidden" name="user_interests" value="' . htmlspecialchars($user_interests, ENT_QUOTES, _CHARSET) . '" />';
if (isset($newsletter)) echo '<input type="hidden" name="newsletter" value="' . intval($newsletter) . '" />';
if (isset($user_viewemail)) echo '<input type="hidden" name="user_viewemail" value="' . htmlspecialchars($user_viewemail, ENT_QUOTES, _CHARSET) . '" />';
if (isset($user_allow_viewonline)) echo '<input type="hidden" name="user_allow_viewonline" value="' . intval($user_allow_viewonline) . '" />';
if (isset($user_timezone)) echo '<input type="hidden" name="user_timezone" value="' . htmlspecialchars($user_timezone, ENT_QUOTES, _CHARSET) . '" />';
if (isset($user_dateformat)) echo '<input type="hidden" name="user_dateformat" value="' . htmlspecialchars($user_dateformat, ENT_QUOTES, _CHARSET) . '" />';
if (isset($nfield)) {
   if (count($nfield) > 0) {
      foreach($nfield as $key => $var) {
         echo '<input type="hidden" name="nfield[' . check_html($key, 'nohtml') . ']" value="' . check_html($var, 'nothml') . '" />';
      }
   }
}
if (isset($user_sig)) echo '<input type="hidden" name="user_sig" value="' . htmlspecialchars($user_sig, ENT_QUOTES, _CHARSET) . '" />';
if (isset($bio)) echo '<input type="hidden" name="bio" value="' . htmlspecialchars($bio, ENT_QUOTES, _CHARSET) . '" />';
if (empty($errormsg)) {
   echo '<input type="submit" value="' . _FINISH . '" /> &nbsp;&nbsp;' . _GOBACK . '</form></div>';
} else {
   echo '<div class="text-center"><input type="submit" name="submit" value="' . _YA_GOBACK . '" /></div>';
   echo '</form></div>';
}
CloseTable();
include_once 'footer.php';
?>


And here's the class.php-captcha.php

Code:
<?php

/***************************************************************/
/* PhpCaptcha - A visual and audio CAPTCHA generation library

Software License Agreement (BSD License)

Copyright (C) 2005-2006, Edward Eliot.
All rights reserved.

Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:

* Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
* Neither the name of Edward Eliot nor the names of its contributors
may be used to endorse or promote products derived from this software
without specific prior written permission of Edward Eliot.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDER AND CONTRIBUTORS "AS IS" AND ANY
EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY
DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Last Updated:  18th April 2006                               */
/***************************************************************/

/************************ Documentation ************************/
/*

Documentation is available at http://www.ejeliot.com/pages/2

*/
/************************ Default Options **********************/
if (realpath(__FILE__) == realpath($_SERVER['SCRIPT_FILENAME'])) {
   exit('Access Denied');
}
// start a PHP session - this class uses sessions to store the generated
// code. Comment out if you are calling already from your application
if (session_id()=='') session_start();

// class defaults - change to effect globally

define('CAPTCHA_SESSION_ID', 'php_captcha');
define('CAPTCHA_WIDTH', 250); // max 500
define('CAPTCHA_HEIGHT', 40); // max 200
define('CAPTCHA_NUM_CHARS', 5);
define('CAPTCHA_NUM_LINES', 70);
define('CAPTCHA_CHAR_SHADOW', false);
define('CAPTCHA_OWNER_TEXT', '');
define('CAPTCHA_CHAR_SET', ''); // defaults to A-Z
define('CAPTCHA_CASE_INSENSITIVE', false);
define('CAPTCHA_BACKGROUND_IMAGES', '');
define('CAPTCHA_MIN_FONT_SIZE', 12);
define('CAPTCHA_MAX_FONT_SIZE', 16);
define('CAPTCHA_USE_COLOUR', true);
define('CAPTCHA_FILE_TYPE', 'png');
define('CAPTCHA_FLITE_PATH', '/usr/bin/flite');
define('CAPTCHA_AUDIO_PATH', '/tmp/'); // must be writeable by PHP process

/************************ End Default Options **********************/

// don't edit below this line (unless you want to change the class!)

class PhpCaptcha {
   var $oImage;
   var $aFonts;
   var $iWidth;
   var $iHeight;
   var $iNumChars;
   var $iNumLines;
   var $iSpacing;
   var $bCharShadow;
   var $sOwnerText;
   var $aCharSet;
   var $bCaseInsensitive;
   var $vBackgroundImages;
   var $iMinFontSize;
   var $iMaxFontSize;
   var $bUseColour;
   var $sFileType;
   var $sCode = '';

   function PhpCaptcha(
      $aFonts, // array of TrueType fonts to use - specify full path
      $iWidth = CAPTCHA_WIDTH, // width of image
      $iHeight = CAPTCHA_HEIGHT // height of image
   ) {
      // get parameters
      $this->aFonts = $aFonts;
      $this->SetNumChars(CAPTCHA_NUM_CHARS);
      $this->SetNumLines(CAPTCHA_NUM_LINES);
      $this->DisplayShadow(CAPTCHA_CHAR_SHADOW);
      $this->SetOwnerText(CAPTCHA_OWNER_TEXT);
      $this->SetCharSet(CAPTCHA_CHAR_SET);
      $this->CaseInsensitive(CAPTCHA_CASE_INSENSITIVE);
      $this->SetBackgroundImages(CAPTCHA_BACKGROUND_IMAGES);
      $this->SetMinFontSize(CAPTCHA_MIN_FONT_SIZE);
      $this->SetMaxFontSize(CAPTCHA_MAX_FONT_SIZE);
      $this->UseColour(CAPTCHA_USE_COLOUR);
      $this->SetFileType(CAPTCHA_FILE_TYPE);
      $this->SetWidth($iWidth);
      $this->SetHeight($iHeight);
   }

   function CalculateSpacing() {
      $this->iSpacing = (int)($this->iWidth / $this->iNumChars);
   }

   function SetWidth($iWidth) {
      $this->iWidth = $iWidth;
      if ($this->iWidth > 500) $this->iWidth = 500; // to prevent perfomance impact
      $this->CalculateSpacing();
   }

   function SetHeight($iHeight) {
      $this->iHeight = $iHeight;
      if ($this->iHeight > 200) $this->iHeight = 200; // to prevent performance impact
   }

   function SetNumChars($iNumChars) {
      $this->iNumChars = $iNumChars;
      $this->CalculateSpacing();
   }

   function SetNumLines($iNumLines) {
      $this->iNumLines = $iNumLines;
   }

   function DisplayShadow($bCharShadow) {
      $this->bCharShadow = $bCharShadow;
   }

   function SetOwnerText($sOwnerText) {
      $this->sOwnerText = $sOwnerText;
   }

   function SetCharSet($vCharSet) {
      // check for input type
      if (is_array($vCharSet)) {
         $this->aCharSet = $vCharSet;
      } else {
         if ($vCharSet != '') {
            // split items on commas
            $aCharSet = explode(',', $vCharSet);

            // initialise array
            $this->aCharSet = array();

            // loop through items
            foreach ($aCharSet as $sCurrentItem) {
               // a range should have 3 characters, otherwise is normal character
               if (strlen($sCurrentItem) == 3) {
                  // split on range character
                  $aRange = explode('-', $sCurrentItem);

                  // check for valid range
                  if (count($aRange) == 2 && $aRange[0] < $aRange[1]) {
                     // create array of characters from range
                     $aRange = range($aRange[0], $aRange[1]);

                     // add to charset array
                     $this->aCharSet = array_merge($this->aCharSet, $aRange);
                  }
               } else {
                  $this->aCharSet[] = $sCurrentItem;
               }
            }
         }
      }
   }

   function CaseInsensitive($bCaseInsensitive) {
      $this->bCaseInsensitive = $bCaseInsensitive;
   }

   function SetBackgroundImages($vBackgroundImages) {
      $this->vBackgroundImages = $vBackgroundImages;
   }

   function SetMinFontSize($iMinFontSize) {
      $this->iMinFontSize = $iMinFontSize;
   }

   function SetMaxFontSize($iMaxFontSize) {
      $this->iMaxFontSize = $iMaxFontSize;
   }

   function UseColour($bUseColour) {
      $this->bUseColour = $bUseColour;
   }

   function SetFileType($sFileType) {
      // check for valid file type
      if (in_array($sFileType, array('gif', 'png', 'jpeg'))) {
         $this->sFileType = $sFileType;
      } else {
         $this->sFileType = 'jpeg';
      }
   }

   function DrawLines() {
      for ($i = 0; $i < $this->iNumLines; $i++) {
         // allocate colour
         if ($this->bUseColour) {
            $iLineColour = imagecolorallocate($this->oImage, rand(100, 250), rand(100, 250), rand(100, 250));
         } else {
            $iRandColour = rand(100, 250);
            $iLineColour = imagecolorallocate($this->oImage, $iRandColour, $iRandColour, $iRandColour);
         }

         // draw line
         imageline($this->oImage, rand(0, $this->iWidth), rand(0, $this->iHeight), rand(0, $this->iWidth), rand(0, $this->iHeight), $iLineColour);
      }
   }

   function DrawOwnerText() {
      // allocate owner text colour
      $iBlack = imagecolorallocate($this->oImage, 0, 0, 0);
      // get height of selected font
      $iOwnerTextHeight = imagefontheight(2);
      // calculate overall height
      $iLineHeight = $this->iHeight - $iOwnerTextHeight - 4;

      // draw line above text to separate from CAPTCHA
      imageline($this->oImage, 0, $iLineHeight, $this->iWidth, $iLineHeight, $iBlack);

      // write owner text
      imagestring($this->oImage, 2, 3, $this->iHeight - $iOwnerTextHeight - 3, $this->sOwnerText, $iBlack);

      // reduce available height for drawing CAPTCHA
      $this->iHeight = $this->iHeight - $iOwnerTextHeight - 5;
   }

   function GenerateCode() {
      // reset code
      $this->sCode = '';

      // loop through and generate the code letter by letter
      for ($i = 0; $i < $this->iNumChars; $i++) {
         if (count($this->aCharSet) > 0) {
            // select random character and add to code string
            $this->sCode .= $this->aCharSet[array_rand($this->aCharSet)];
         } else {
            // select random character and add to code string
            $this->sCode .= chr(rand(65, 90));
         }
      }

      // save code in session variable
      if ($this->bCaseInsensitive) {
         $_SESSION[CAPTCHA_SESSION_ID] = strtoupper($this->sCode);
      } else {
         $_SESSION[CAPTCHA_SESSION_ID] = $this->sCode;
      }
   }

   function DrawCharacters() {
      // loop through and write out selected number of characters
      for ($i = 0; $i < strlen($this->sCode); $i++) {
         // select random font
         $sCurrentFont = $this->aFonts[array_rand($this->aFonts)];

         // select random colour
         if ($this->bUseColour) {
            $iTextColour = imagecolorallocate($this->oImage, rand(0, 100), rand(0, 100), rand(0, 100));

            if ($this->bCharShadow) {
               // shadow colour
               $iShadowColour = imagecolorallocate($this->oImage, rand(0, 100), rand(0, 100), rand(0, 100));
            }
         } else {
            $iRandColour = rand(0, 100);
            $iTextColour = imagecolorallocate($this->oImage, $iRandColour, $iRandColour, $iRandColour);

            if ($this->bCharShadow) {
               // shadow colour
               $iRandColour = rand(0, 100);
               $iShadowColour = imagecolorallocate($this->oImage, $iRandColour, $iRandColour, $iRandColour);
            }
         }

         // select random font size
         $iFontSize = rand($this->iMinFontSize, $this->iMaxFontSize);

         // select random angle
         $iAngle = rand(-30, 30);

         // get dimensions of character in selected font and text size
         $aCharDetails = imageftbbox($iFontSize, $iAngle, $sCurrentFont, $this->sCode[$i], array());

         // calculate character starting coordinates
         $iX = $this->iSpacing / 4 + $i * $this->iSpacing;
         $iCharHeight = $aCharDetails[2] - $aCharDetails[5];
         $iY = $this->iHeight / 2 + $iCharHeight / 4;

         // write text to image
         imagefttext($this->oImage, $iFontSize, $iAngle, $iX, $iY, $iTextColour, $sCurrentFont, $this->sCode[$i], array());

         if ($this->bCharShadow) {
            $iOffsetAngle = rand(-30, 30);

            $iRandOffsetX = rand(-5, 5);
            $iRandOffsetY = rand(-5, 5);

            imagefttext($this->oImage, $iFontSize, $iOffsetAngle, $iX + $iRandOffsetX, $iY + $iRandOffsetY, $iShadowColour, $sCurrentFont, $this->sCode[$i], array());
         }
      }
   }

   function WriteFile($sFilename) {
      if ($sFilename == '') {
         // tell browser that data is whatever the sFileType is set too.
         header("Content-type: image/$this->sFileType");
         // montego - not sure if this will work with search engines or not, but hopefully try and not cache the images
         // TODO: investigate further if this even works and/or how else to not have these cached
         header("Expires: Sat, 26 Jul 1997 05:00:00 GMT");
         header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
         header("Cache-Control: no-store, no-cache, must-revalidate");
         header("Cache-Control: post-check=0, pre-check=0", false);
         header("Pragma: no-cache");
      }

      switch ($this->sFileType) {
         case 'gif':
            $sFilename != '' ? imagegif($this->oImage, $sFilename) : imagegif($this->oImage);
            break;
         case 'png':
            $sFilename != '' ? imagepng($this->oImage, $sFilename) : imagepng($this->oImage);
            break;
         default:
            $sFilename != '' ? imagejpeg($this->oImage, $sFilename) : imagejpeg($this->oImage);
      }
   }

   function Create($sFilename = '') {
      // check for required gd functions
      if (!function_exists('imagecreate') || !function_exists("image$this->sFileType") || ($this->vBackgroundImages != '' && !function_exists('imagecreatetruecolor'))) {
         return false;
      }

      // get background image if specified and copy to CAPTCHA
      if (is_array($this->vBackgroundImages) || $this->vBackgroundImages != '') {
         // create new image
         $this->oImage = imagecreatetruecolor($this->iWidth, $this->iHeight);

         // create background image
         if (is_array($this->vBackgroundImages)) {
            $iRandImage = array_rand($this->vBackgroundImages);
            $oBackgroundImage = imagecreatefromjpeg($this->vBackgroundImages[$iRandImage]);
         } else {
            $oBackgroundImage = imagecreatefromjpeg($this->vBackgroundImages);
         }

         // copy background image
         imagecopy($this->oImage, $oBackgroundImage, 0, 0, 0, 0, $this->iWidth, $this->iHeight);

         // free memory used to create background image
         imagedestroy($oBackgroundImage);
      } else {
         // create new image
         $this->oImage = imagecreate($this->iWidth, $this->iHeight);
      }

      // allocate white background colour
      imagecolorallocate($this->oImage, 255, 255, 255);

      // check for owner text
      if ($this->sOwnerText != '') {
         $this->DrawOwnerText();
      }

      // check for background image before drawing lines
      if (!is_array($this->vBackgroundImages) && $this->vBackgroundImages == '') {
         $this->DrawLines();
      }

      $this->GenerateCode();
      $this->DrawCharacters();

      // write out image to file or browser
      $this->WriteFile($sFilename);

      // free memory used in creating image
      imagedestroy($this->oImage);

      return true;
   }

   // call this method statically
   function Validate($sUserCode, $bCaseInsensitive = true) {
      if ($bCaseInsensitive) {
         $sUserCode = strtoupper($sUserCode);
      }

      if (!empty($_SESSION[CAPTCHA_SESSION_ID]) && $sUserCode == $_SESSION[CAPTCHA_SESSION_ID]) {
         // clear to prevent re-use
         unset($_SESSION[CAPTCHA_SESSION_ID]);

         return true;
      }

      return false;
   }
}

// this class will only work correctly if a visual CAPTCHA has been created first using PhpCaptcha
class AudioPhpCaptcha {
   var $sFlitePath;
   var $sAudioPath;
   var $sCode;

   function AudioPhpCaptcha(
   $sFlitePath = CAPTCHA_FLITE_PATH, // path to flite binary
   $sAudioPath = CAPTCHA_AUDIO_PATH // the location to temporarily store the generated audio CAPTCHA
   ) {
      $this->SetFlitePath($sFlitePath);
      $this->SetAudioPath($sAudioPath);

      // retrieve code if already set by previous instance of visual PhpCaptcha
      if (isset($_SESSION[CAPTCHA_SESSION_ID])) {
         $this->sCode = $_SESSION[CAPTCHA_SESSION_ID];
      }
   }

   function SetFlitePath($sFlitePath) {
      $this->sFlitePath = $sFlitePath;
   }

   function SetAudioPath($sAudioPath) {
      $this->sAudioPath = $sAudioPath;
   }

   function Mask($sText) {
      $iLength = strlen($sText);

      // loop through characters in code and format
      $sFormattedText = '';
      for ($i = 0; $i < $iLength; $i++) {
         // comma separate all but first and last characters
         if ($i > 0 && $i < $iLength - 1) {
            $sFormattedText .= ', ';
         } elseif ($i == $iLength - 1) { // precede last character with "and"
            $sFormattedText .= ' and ';
         }
         $sFormattedText .= $sText[$i];
      }

      $aPhrases = array(
         "The %1\$s characters are as follows: %2\$s",
         "%2\$s, are the %1\$s letters",
         "Here are the %1\$s characters: %2\$s",
         "%1\$s characters are: %2\$s",
         "%1\$s letters: %2\$s"
      );

      $iPhrase = array_rand($aPhrases);

      return sprintf($aPhrases[$iPhrase], $iLength, $sFormattedText);
   }

   function Create() {
      $sText = $this->Mask($this->sCode);
      $sFile = md5($this->sCode.time());

      // create file with flite
      shell_exec("$this->sFlitePath -t \"$sText\" -o $this->sAudioPath$sFile.wav");

      // set headers
      header('Content-type: audio/x-wav');
      header("Content-Disposition: attachment;filename=$sFile.wav");

      // output to browser
      echo file_get_contents("$this->sAudioPath$sFile.wav");

      // delete temporary file
      @unlink("$this->sAudioPath$sFile.wav");
   }
}

// example sub class
class PhpCaptchaColour extends PhpCaptcha {
   function PhpCaptchaColour($aFonts, $iWidth = CAPTCHA_WIDTH, $iHeight = CAPTCHA_HEIGHT) {
      // call parent constructor
      parent::PhpCaptcha($aFonts, $iWidth, $iHeight);

      // set options
      $this->UseColour(true);
   }
}
?>
 
neralex
The Mouse Is Extension Of Arm


Joined: Aug 22, 2007
Posts: 1325
Location: Germany

PostPosted: Thu Jan 17, 2013 4:47 am Reply with quote

Its an security thing of all current browsers and not a problem with the class file. Was the request send with POST and you will try back with javascript:history.go(-1), then you get the same message with firefox and all other browsers.

If one makes changes to a file and runs on errors, should be the first approach to replay the original files. But i think you get the same result.
 
View user's profile Send private message
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Captcha Security

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©