Revision 605
Added by thorn almost 18 years ago
| trunk/CHANGELOG | ||
|---|---|---|
| 17 | 17 |
26-Jan-2008 Matthias Gallas |
| 18 | 18 |
+ Added keywords to files where they are missing |
| 19 | 19 |
26-Jan-2008 Thomas Hornik |
| 20 |
! fixed some issues with CAPTCHA and ASP. Adjusted baseline of '*' in supplyed fonts to meet |
|
| 21 |
baseline of numbers. Added counter to ttf_image generation-loop. Removed now unneeded GD-lib verification. |
|
| 22 |
Improved ASP in news-module. |
|
| 20 | 23 |
+ module news: added publish_until field to control the visibility of a news-posting by date and time |
| 21 | 24 |
! added strongly "condensed" fonts with many intersections for ttf-CAPTCHA as default fonts. |
| 22 | 25 |
It should be very difficult for spam-bots to recognize intersected characters. |
| trunk/wb/include/captcha/captchas/ttf_image.php | ||
|---|---|---|
| 58 | 58 |
|
| 59 | 59 |
// create image |
| 60 | 60 |
$image_failed = true; |
| 61 |
$i=0; |
|
| 61 | 62 |
do {
|
| 62 | 63 |
$image = ImageCreateFromPNG($bg); // backgroundimage |
| 63 | 64 |
$grey = rand(0,50); |
| ... | ... | |
| 76 | 77 |
) {
|
| 77 | 78 |
$image_failed = false; |
| 78 | 79 |
} |
| 80 |
if(++$i > 5) // too many tries! Use the image |
|
| 81 |
break; |
|
| 79 | 82 |
} while($image_failed); |
| 80 | 83 |
|
| 81 | 84 |
captcha_header(); |
| trunk/wb/modules/form/modify_settings.php | ||
|---|---|---|
| 77 | 77 |
<tr> |
| 78 | 78 |
<td colspan="2"><strong><?php echo $HEADING['GENERAL_SETTINGS']; ?></strong></td> |
| 79 | 79 |
</tr> |
| 80 |
<?php if(extension_loaded('gd') AND function_exists('imageCreateFromJpeg')) { /* Make's sure GD library is installed */ ?>
|
|
| 81 | 80 |
<tr> |
| 82 | 81 |
<td class="setting_name" width="30%"><?php echo $TEXT['CAPTCHA_VERIFICATION']; ?>:</td> |
| 83 | 82 |
<td> |
| ... | ... | |
| 87 | 86 |
<label for="use_captcha_false"><?php echo $TEXT['DISABLED']; ?></label> |
| 88 | 87 |
</td> |
| 89 | 88 |
</tr> |
| 90 |
<?php } ?> |
|
| 91 | 89 |
<tr> |
| 92 | 90 |
<td class="setting_name" width="30%"><?php echo $TEXT['MAX_SUBMISSIONS_PER_HOUR']; ?>:</td> |
| 93 | 91 |
<td class="setting_name"> |
| trunk/wb/modules/form/save_settings.php | ||
|---|---|---|
| 41 | 41 |
$field_loop = $admin->add_slashes($_POST['field_loop']); |
| 42 | 42 |
$footer = $admin->add_slashes($_POST['footer']); |
| 43 | 43 |
$email_to = $admin->add_slashes($_POST['email_to']); |
| 44 |
if(extension_loaded('gd') AND function_exists('imageCreateFromJpeg')) {
|
|
| 45 |
$use_captcha = $_POST['use_captcha']; |
|
| 46 |
} else {
|
|
| 47 |
$use_captcha = false; |
|
| 48 |
} |
|
| 44 |
$use_captcha = $_POST['use_captcha']; |
|
| 49 | 45 |
if($_POST['email_from_field'] == '') {
|
| 50 | 46 |
$email_from = $admin->add_slashes($_POST['email_from']); |
| 51 | 47 |
} else {
|
| trunk/wb/modules/form/add.php | ||
|---|---|---|
| 48 | 48 |
$success_email_subject = 'You have submitted a form'; |
| 49 | 49 |
$max_submissions = 50; |
| 50 | 50 |
$stored_submissions = 50; |
| 51 |
if(extension_loaded('gd') AND function_exists('imageCreateFromJpeg')) { /* Make's sure GD library is installed */
|
|
| 52 |
$use_captcha = true; |
|
| 53 |
} else {
|
|
| 54 |
$use_captcha = false; |
|
| 55 |
} |
|
| 51 |
$use_captcha = true; |
|
| 56 | 52 |
$database->query("INSERT INTO ".TABLE_PREFIX."mod_form_settings (page_id,section_id,header,field_loop,footer,email_to,email_from,email_subject,success_page,success_email_to,success_email_from,success_email_text,success_email_subject,max_submissions,stored_submissions,use_captcha) VALUES ('$page_id','$section_id','$header','$field_loop','$footer','$email_to','$email_from','$email_subject','$success_page','$success_email_to','$success_email_from','$success_email_text','$success_email_subject','$max_submissions','$stored_submissions','$use_captcha')");
|
| 57 | 53 |
|
| 58 | 54 |
?> |
| trunk/wb/modules/news/modify_settings.php | ||
|---|---|---|
| 130 | 130 |
</select> |
| 131 | 131 |
</td> |
| 132 | 132 |
</tr> |
| 133 |
<?php if(extension_loaded('gd') AND function_exists('imageCreateFromJpeg')) { /* Make's sure GD library is installed */ ?>
|
|
| 134 | 133 |
<tr> |
| 135 | 134 |
<td class="setting_name"><?php echo $TEXT['CAPTCHA_VERIFICATION']; ?>:</td> |
| 136 | 135 |
<td> |
| ... | ... | |
| 140 | 139 |
<label for="use_captcha_false"><?php echo $TEXT['DISABLED']; ?></label> |
| 141 | 140 |
</td> |
| 142 | 141 |
</tr> |
| 142 |
<?php if(extension_loaded('gd') AND function_exists('imageCreateFromJpeg')) { /* Make's sure GD library is installed */ ?>
|
|
| 143 | 143 |
<tr> |
| 144 | 144 |
<td> |
| 145 | 145 |
<?php echo $TEXT['RESIZE_IMAGE_TO']; ?>: |
| trunk/wb/modules/news/view.php | ||
|---|---|---|
| 341 | 341 |
|
| 342 | 342 |
// Print comments footer |
| 343 | 343 |
echo str_replace('[ADD_COMMENT_URL]', WB_URL.'/modules/news/comment.php?id='.POST_ID.'&sid='.$section_id, $setting_comments_footer);
|
| 344 |
|
|
| 345 |
if(ENABLED_ASP) {
|
|
| 346 |
$_SESSION['comes_from_view'] = true; |
|
| 347 |
$_SESSION['comes_from_view_time'] = time(); |
|
| 348 |
} |
|
| 349 | 344 |
} |
| 350 |
|
|
| 345 |
if(ENABLED_ASP) {
|
|
| 346 |
$_SESSION['comes_from_view'] = POST_ID; |
|
| 347 |
$_SESSION['comes_from_view_time'] = time(); |
|
| 348 |
} |
|
| 351 | 349 |
} |
| 352 | 350 |
|
| 353 | 351 |
?> |
| trunk/wb/modules/news/save_settings.php | ||
|---|---|---|
| 43 | 43 |
$comments_page = $admin->add_slashes(str_replace($friendly, $raw, $_POST['comments_page'])); |
| 44 | 44 |
$commenting = $_POST['commenting']; |
| 45 | 45 |
$posts_per_page = $_POST['posts_per_page']; |
| 46 |
$use_captcha = $_POST['use_captcha']; |
|
| 46 | 47 |
if(extension_loaded('gd') AND function_exists('imageCreateFromJpeg')) {
|
| 47 | 48 |
$resize = $_POST['resize']; |
| 48 |
$use_captcha = $_POST['use_captcha']; |
|
| 49 | 49 |
} else {
|
| 50 | 50 |
$resize = ''; |
| 51 |
$use_captcha = false; |
|
| 52 | 51 |
} |
| 53 | 52 |
|
| 54 | 53 |
// Update settings |
| trunk/wb/modules/news/comment_page.php | ||
|---|---|---|
| 31 | 31 |
|
| 32 | 32 |
require_once(WB_PATH.'/include/captcha/captcha.php'); |
| 33 | 33 |
require_once(WB_PATH.'/include/captcha/asp.php'); |
| 34 |
if(isset($_SESSION['captcha_retry_news'])) unset($_SESSION['captcha_retry_news']); |
|
| 34 | 35 |
|
| 35 | 36 |
// Get comments page template details from db |
| 36 | 37 |
$query_settings = $database->query("SELECT comments_page,use_captcha,commenting FROM ".TABLE_PREFIX."mod_news_settings WHERE section_id = '".SECTION_ID."'");
|
| ... | ... | |
| 57 | 58 |
URL: |
| 58 | 59 |
<label for="url">Don't write anything in this url field:</label> |
| 59 | 60 |
<input id="url" name="url" size="60" value="" /><br /> |
| 61 |
Comment: |
|
| 62 |
<label for="comment">Leave not your comment here:</label> |
|
| 63 |
<input id="comment" name="comment" size="60" value="" /><br /> |
|
| 60 | 64 |
</p> |
| 61 | 65 |
<?php } |
| 62 | 66 |
?> |
| ... | ... | |
| 64 | 68 |
<br /> |
| 65 | 69 |
<input type="text" name="title" maxlength="255" style="width: 90%;"<?php if(isset($_SESSION['comment_title'])) { echo ' value="'.$_SESSION['comment_title'].'"'; unset($_SESSION['comment_title']); } ?> />
|
| 66 | 70 |
<br /><br /> |
| 67 |
<?php echo $TEXT['COMMENT']; ?>: |
|
| 71 |
<?php echo $TEXT['COMMENT']; |
|
| 72 |
// naming this field c0mment is part of ASP |
|
| 73 |
?>: |
|
| 68 | 74 |
<br /> |
| 69 |
<textarea name="comment" style="width: 90%; height: 150px;"><?php if(isset($_SESSION['comment_body'])) { echo $_SESSION['comment_body']; unset($_SESSION['comment_body']); } ?></textarea>
|
|
| 75 |
<textarea name="c0mment" style="width: 90%; height: 150px;"><?php if(isset($_SESSION['comment_body'])) { echo $_SESSION['comment_body']; unset($_SESSION['comment_body']); } ?></textarea>
|
|
| 70 | 76 |
<br /><br /> |
| 71 | 77 |
<?php |
| 72 | 78 |
if(isset($_SESSION['captcha_error'])) {
|
| 73 | 79 |
echo '<font color="#FF0000">'.$_SESSION['captcha_error'].'</font><br />'; |
| 74 | 80 |
unset($_SESSION['captcha_error']); |
| 81 |
$_SESSION['captcha_retry_news'] = true; |
|
| 75 | 82 |
} |
| 76 | 83 |
// Captcha |
| 77 | 84 |
if($settings['use_captcha']) {
|
| trunk/wb/modules/news/comment.php | ||
|---|---|---|
| 27 | 27 |
require('../../config.php');
|
| 28 | 28 |
|
| 29 | 29 |
// Check if there is a post id |
| 30 |
if(!isset($_GET['id']) OR !is_numeric($_GET['id'])) {
|
|
| 30 |
if(!isset($_GET['id']) OR !is_numeric($_GET['id']) OR !isset($_GET['sid']) OR !is_numeric($_GET['sid'])) {
|
|
| 31 | 31 |
header("Location: ".WB_URL.PAGES_DIRECTORY."");
|
| 32 | 32 |
exit(0); |
| 33 | 33 |
} |
| ... | ... | |
| 64 | 64 |
exit(0); |
| 65 | 65 |
} |
| 66 | 66 |
|
| 67 |
// don't allow commenting if ASP enabled and user doesn't comes from view.php |
|
| 68 |
if(ENABLED_ASP && !isset($_SESSION['comes_from_view'])) {
|
|
| 67 |
// don't allow commenting if ASP enabled and user doesn't comes from the right view.php
|
|
| 68 |
if(ENABLED_ASP && (!isset($_SESSION['comes_from_view']) OR $_SESSION['comes_from_view']!=POST_ID)) {
|
|
| 69 | 69 |
header("Location: ".WB_URL.PAGES_DIRECTORY."");
|
| 70 | 70 |
exit(0); |
| 71 | 71 |
} |
| ... | ... | |
| 83 | 83 |
require(WB_PATH.'/index.php'); |
| 84 | 84 |
} |
| 85 | 85 |
} |
| 86 |
var_dump($_SESSION); |
|
| 86 | 87 |
|
| 87 |
|
|
| 88 | 88 |
?> |
| trunk/wb/modules/news/submit_comment.php | ||
|---|---|---|
| 30 | 30 |
$wb = new wb; |
| 31 | 31 |
|
| 32 | 32 |
// Check if we should show the form or add a comment |
| 33 |
if(is_numeric($_GET['page_id']) AND is_numeric($_GET['section_id']) AND isset($_GET['post_id']) AND is_numeric($_GET['post_id']) AND isset($_POST['comment']) AND $_POST['comment'] != '') {
|
|
| 33 |
if(is_numeric($_GET['page_id']) AND is_numeric($_GET['section_id']) AND isset($_GET['post_id']) AND is_numeric($_GET['post_id']) AND isset($_POST['c0mment']) AND $_POST['c0mment'] != '') {
|
|
| 34 | 34 |
|
| 35 | 35 |
// Check captcha |
| 36 | 36 |
$query_settings = $database->query("SELECT use_captcha FROM ".TABLE_PREFIX."mod_news_settings WHERE section_id = '".$_GET['section_id']."'");
|
| ... | ... | |
| 45 | 45 |
(!isset($_SESSION['comes_from_view_time']) OR $_SESSION['comes_from_view_time'] > $t-ASP_VIEW_MIN_AGE) OR // user is too fast |
| 46 | 46 |
(!isset($_SESSION['submitted_when']) OR !isset($_POST['submitted_when'])) OR // faked form |
| 47 | 47 |
($_SESSION['submitted_when'] != $_POST['submitted_when']) OR // faked form |
| 48 |
($_SESSION['submitted_when'] > $t-ASP_INPUT_MIN_AGE) OR // user too fast |
|
| 48 |
($_SESSION['submitted_when'] > $t-ASP_INPUT_MIN_AGE && !isset($_SESSION['captcha_retry_news'])) OR // user too fast
|
|
| 49 | 49 |
($_SESSION['submitted_when'] < $t-43200) OR // form older than 12h |
| 50 |
($_POST['email'] OR $_POST['url'] OR $_POST['homepage']) // honeypot-fields |
|
| 50 |
($_POST['email'] OR $_POST['url'] OR $_POST['homepage'] OR $_POST['comment']) // honeypot-fields
|
|
| 51 | 51 |
)) {
|
| 52 | 52 |
exit(header("Location: ".WB_URL.PAGES_DIRECTORY.""));
|
| 53 | 53 |
} |
| ... | ... | |
| 57 | 57 |
if(!isset($_POST['captcha']) OR !isset($_SESSION['captcha']) OR $_POST['captcha'] != $_SESSION['captcha']) {
|
| 58 | 58 |
$_SESSION['captcha_error'] = $MESSAGE['MOD_FORM']['INCORRECT_CAPTCHA']; |
| 59 | 59 |
$_SESSION['comment_title'] = $_POST['title']; |
| 60 |
$_SESSION['comment_body'] = $_POST['comment'];
|
|
| 60 |
$_SESSION['comment_body'] = $_POST['c0mment'];
|
|
| 61 | 61 |
exit(header('Location: '.WB_URL."/modules/news/comment.php?id={$_GET['post_id']}&sid={$_GET['section_id']}"));
|
| 62 | 62 |
} |
| 63 | 63 |
} else {
|
| 64 | 64 |
$_SESSION['captcha_error'] = $MESSAGE['MOD_FORM']['INCORRECT_CAPTCHA']; |
| 65 | 65 |
$_SESSION['comment_title'] = $_POST['title']; |
| 66 |
$_SESSION['comment_body'] = $_POST['comment'];
|
|
| 66 |
$_SESSION['comment_body'] = $_POST['c0mment'];
|
|
| 67 | 67 |
exit(header('Location: '.WB_URL."/modules/news/comment.php?id={$_GET['post_id']}&sid={$_GET['section_id']}"));
|
| 68 | 68 |
} |
| 69 | 69 |
} |
| ... | ... | |
| 80 | 80 |
$section_id = $_GET['section_id']; |
| 81 | 81 |
$post_id = $_GET['post_id']; |
| 82 | 82 |
$title = $wb->add_slashes(strip_tags($_POST['title'])); |
| 83 |
$comment = $wb->add_slashes(strip_tags($_POST['comment']));
|
|
| 83 |
$comment = $wb->add_slashes(strip_tags($_POST['c0mment']));
|
|
| 84 | 84 |
$commented_when = mktime(); |
| 85 | 85 |
if($wb->is_authenticated() == true) {
|
| 86 | 86 |
$commented_by = $wb->get_user_id(); |
Also available in: Unified diff
fixed some issues with CAPTCHA and ASP: Adjusted baseline of '*' in supplyed fonts to meet baseline of numbers. Added counter to ttf_image generation-loop. Removed now unneeded GD-lib checks. Improved ASP in news-module.