2736 } |
2736 } |
2737 |
2737 |
2738 /** |
2738 /** |
2739 * Makes a CAPTCHA code and caches the code in the database |
2739 * Makes a CAPTCHA code and caches the code in the database |
2740 * @param int $len The length of the code, in bytes |
2740 * @param int $len The length of the code, in bytes |
|
2741 * @param string Optional, the hash to reuse |
2741 * @return string A unique identifier assigned to the code. This hash should be passed to sessionManager::getCaptcha() to retrieve the code. |
2742 * @return string A unique identifier assigned to the code. This hash should be passed to sessionManager::getCaptcha() to retrieve the code. |
2742 */ |
2743 */ |
2743 |
2744 |
2744 function make_captcha($len = 7) |
2745 function make_captcha($len = 7, $hash = '') |
2745 { |
2746 { |
2746 global $db, $session, $paths, $template, $plugins; // Common objects |
2747 global $db, $session, $paths, $template, $plugins; // Common objects |
2747 $code = $this->generate_captcha_code($len); |
2748 $code = $this->generate_captcha_code($len); |
2748 $hash = md5(microtime() . mt_rand()); |
2749 if ( !preg_match('/^[a-f0-9]{32}([a-z0-9]{8})?$/', $hash) ) |
|
2750 $hash = md5(microtime() . mt_rand()); |
2749 $session_data = $db->escape(serialize(array())); |
2751 $session_data = $db->escape(serialize(array())); |
2750 |
2752 |
2751 // sanity check |
2753 // sanity check |
2752 if ( !is_valid_ip(@$_SERVER['REMOTE_ADDR']) || !is_int($this->user_id) ) |
2754 if ( !is_valid_ip(@$_SERVER['REMOTE_ADDR']) || !is_int($this->user_id) ) |
2753 return false; |
2755 return false; |
2754 |
2756 |
2755 $this->sql('INSERT INTO '.table_prefix.'captcha(session_id, code, session_data, source_ip, user_id)' . " VALUES('$hash', '$code', '$session_data', '{$_SERVER['REMOTE_ADDR']}', {$this->user_id});"); |
2757 $this->sql('DELETE FROM ' . table_prefix . "captcha WHERE session_id = '$hash';"); |
|
2758 $this->sql('INSERT INTO ' . table_prefix . 'captcha(session_id, code, session_data, source_ip, user_id)' . " VALUES('$hash', '$code', '$session_data', '{$_SERVER['REMOTE_ADDR']}', {$this->user_id});"); |
2756 return $hash; |
2759 return $hash; |
2757 } |
2760 } |
2758 |
2761 |
2759 /** |
2762 /** |
2760 * Generates a "pronouncable" or "human-friendly" word using various phonics rules |
2763 * Generates a "pronouncable" or "human-friendly" word using various phonics rules |
2827 if ( !preg_match('/^[a-f0-9]{32}([a-z0-9]{8})?$/', $hash) ) |
2830 if ( !preg_match('/^[a-f0-9]{32}([a-z0-9]{8})?$/', $hash) ) |
2828 { |
2831 { |
2829 return false; |
2832 return false; |
2830 } |
2833 } |
2831 |
2834 |
2832 $q = $this->sql('SELECT code_id, code FROM ' . table_prefix . "captcha WHERE session_id = '$hash';"); |
2835 // sanity check |
|
2836 if ( !is_valid_ip(@$_SERVER['REMOTE_ADDR']) || !is_int($this->user_id) ) |
|
2837 return false; |
|
2838 |
|
2839 $q = $this->sql('SELECT code_id, code FROM ' . table_prefix . "captcha WHERE session_id = '$hash' AND source_ip = '{$_SERVER['REMOTE_ADDR']};"); |
2833 if ( $db->numrows() < 1 ) |
2840 if ( $db->numrows() < 1 ) |
2834 return false; |
2841 return false; |
2835 |
2842 |
2836 list($code_id, $code) = $db->fetchrow_num(); |
2843 list($code_id, $code) = $db->fetchrow_num(); |
2837 $db->free_result(); |
2844 $db->free_result(); |