1058 } |
1058 } |
1059 else |
1059 else |
1060 { |
1060 { |
1061 // Stash it in a cookie |
1061 // Stash it in a cookie |
1062 // For now, make the cookie last forever, we can change this in 1.1.x |
1062 // For now, make the cookie last forever, we can change this in 1.1.x |
1063 setcookie( 'sid', $session_key, time()+315360000, scriptPath.'/', null, ( isset($_SERVER['HTTPS']) ) ); |
1063 setcookie( 'sid', $session_key, time()+315360000, scriptPath.'/', null, ( isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off' ) ); |
1064 $_COOKIE['sid'] = $session_key; |
1064 $_COOKIE['sid'] = $session_key; |
1065 } |
1065 } |
1066 // $keyhash is stored in the database, this is for compatibility with the older DB structure |
1066 // $keyhash is stored in the database, this is for compatibility with the older DB structure |
1067 $keyhash = md5($session_key); |
1067 $keyhash = md5($session_key); |
1068 // Record the user's IP |
1068 // Record the user's IP |
2630 * @return string A unique identifier assigned to the code. This hash should be passed to sessionManager::getCaptcha() to retrieve the code. |
2630 * @return string A unique identifier assigned to the code. This hash should be passed to sessionManager::getCaptcha() to retrieve the code. |
2631 */ |
2631 */ |
2632 |
2632 |
2633 function make_captcha($len = 7) |
2633 function make_captcha($len = 7) |
2634 { |
2634 { |
2635 $chars = array('A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', '1', '2', '3', '4', '5', '6', '7', '8', '9'); |
2635 $code = $this->generate_captcha_code($len); |
2636 $s = ''; |
|
2637 for($i=0;$i<$len;$i++) $s .= $chars[mt_rand(0, count($chars)-1)]; |
|
2638 $hash = md5(microtime() . mt_rand()); |
2636 $hash = md5(microtime() . mt_rand()); |
2639 $this->sql('INSERT INTO '.table_prefix.'session_keys(session_key,salt,auth_level,source_ip,user_id) VALUES(\''.$hash.'\', \''.$s.'\', -1, \''.ip2hex($_SERVER['REMOTE_ADDR']).'\', -2);'); |
2637 $this->sql('INSERT INTO '.table_prefix.'session_keys(session_key,salt,auth_level,source_ip,user_id) VALUES(\''.$hash.'\', \''.$s.'\', -1, \''.ip2hex($_SERVER['REMOTE_ADDR']).'\', -2);'); |
2640 return $hash; |
2638 return $hash; |
2641 } |
2639 } |
2642 |
2640 |
2643 /** |
2641 /** |
|
2642 * Generates the actual confirmation code text. |
|
2643 * @param int String length |
|
2644 * @return string |
|
2645 */ |
|
2646 |
|
2647 function generate_captcha_code($len = 7) |
|
2648 { |
|
2649 $chars = array('A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', '1', '2', '3', '4', '5', '6', '7', '8', '9'); |
|
2650 $s = ''; |
|
2651 for ( $i = 0; $i < $len; $i++ ) |
|
2652 { |
|
2653 $s .= $chars[mt_rand(0, count($chars)-1)]; |
|
2654 } |
|
2655 return $s; |
|
2656 } |
|
2657 |
|
2658 /** |
2644 * For the given code ID, returns the correct CAPTCHA code, or false on failure |
2659 * For the given code ID, returns the correct CAPTCHA code, or false on failure |
2645 * @param string $hash The unique ID assigned to the code |
2660 * @param string $hash The unique ID assigned to the code |
2646 * @return string The correct confirmation code |
2661 * @return string The correct confirmation code |
2647 */ |
2662 */ |
2648 |
2663 |
2649 function get_captcha($hash) |
2664 function get_captcha($hash) |
2650 { |
2665 { |
2651 global $db, $session, $paths, $template, $plugins; // Common objects |
2666 global $db, $session, $paths, $template, $plugins; // Common objects |
2652 $s = $this->sql('SELECT salt FROM '.table_prefix.'session_keys WHERE session_key=\''.$db->escape($hash).'\' AND source_ip=\''.ip2hex($_SERVER['REMOTE_ADDR']).'\';'); |
2667 $s = $this->sql('SELECT salt FROM '.table_prefix.'session_keys WHERE session_key=\''.$db->escape($hash).'\' AND source_ip=\''.ip2hex($_SERVER['REMOTE_ADDR']).'\';'); |
2653 if($db->numrows() < 1) return false; |
2668 if ( $db->numrows() < 1 ) |
|
2669 { |
|
2670 return false; |
|
2671 } |
2654 $r = $db->fetchrow(); |
2672 $r = $db->fetchrow(); |
|
2673 $db->free_result(); |
|
2674 $this->sql('DELETE FROM ' . table_prefix . 'session_keys WHERE salt=\'' . $db->escape($r['salt']) . '\';'); |
2655 return $r['salt']; |
2675 return $r['salt']; |
2656 } |
2676 } |
2657 |
2677 |
2658 /** |
2678 /** |
2659 * Deletes all CAPTCHA codes cached in the DB for this user. |
2679 * (AS OF 1.0.2: Deprecated. Captcha codes are now killed on first fetch for security.) Deletes all CAPTCHA codes cached in the DB for this user. |
2660 */ |
2680 */ |
2661 |
2681 |
2662 function kill_captcha() |
2682 function kill_captcha() |
2663 { |
2683 { |
2664 $this->sql('DELETE FROM '.table_prefix.'session_keys WHERE user_id=-2 AND source_ip=\''.ip2hex($_SERVER['REMOTE_ADDR']).'\';'); |
2684 // $this->sql('DELETE FROM '.table_prefix.'session_keys WHERE user_id=-2 AND source_ip=\''.ip2hex($_SERVER['REMOTE_ADDR']).'\';'); |
|
2685 return true; |
2665 } |
2686 } |
2666 |
2687 |
2667 /** |
2688 /** |
2668 * Generates a random password. |
2689 * Generates a random password. |
2669 * @param int $length Optional - length of password |
2690 * @param int $length Optional - length of password |