Index: trunk/CHANGELOG =================================================================== --- trunk/CHANGELOG (revision 604) +++ trunk/CHANGELOG (revision 605) @@ -17,6 +17,9 @@ 26-Jan-2008 Matthias Gallas + Added keywords to files where they are missing 26-Jan-2008 Thomas Hornik +! fixed some issues with CAPTCHA and ASP. Adjusted baseline of '*' in supplyed fonts to meet + baseline of numbers. Added counter to ttf_image generation-loop. Removed now unneeded GD-lib verification. + Improved ASP in news-module. + module news: added publish_until field to control the visibility of a news-posting by date and time ! added strongly "condensed" fonts with many intersections for ttf-CAPTCHA as default fonts. It should be very difficult for spam-bots to recognize intersected characters. Index: trunk/wb/include/captcha/captchas/ttf_image.php =================================================================== --- trunk/wb/include/captcha/captchas/ttf_image.php (revision 604) +++ trunk/wb/include/captcha/captchas/ttf_image.php (revision 605) @@ -58,6 +58,7 @@ // create image $image_failed = true; +$i=0; do { $image = ImageCreateFromPNG($bg); // backgroundimage $grey = rand(0,50); @@ -76,6 +77,8 @@ ) { $image_failed = false; } + if(++$i > 5) // too many tries! Use the image + break; } while($image_failed); captcha_header(); Index: trunk/wb/include/captcha/fonts/LLBI_cond.ttf =================================================================== Cannot display: file marked as a binary type. svn:mime-type = application/octet-stream Index: trunk/wb/include/captcha/fonts/LLBd.ttf_ =================================================================== Cannot display: file marked as a binary type. svn:mime-type = application/octet-stream Index: trunk/wb/include/captcha/fonts/LLBd_cond.ttf =================================================================== Cannot display: file marked as a binary type. svn:mime-type = application/octet-stream Index: trunk/wb/include/captcha/fonts/LLBI.ttf_ =================================================================== Cannot display: file marked as a binary type. svn:mime-type = application/octet-stream Index: trunk/wb/modules/form/modify_settings.php =================================================================== --- trunk/wb/modules/form/modify_settings.php (revision 604) +++ trunk/wb/modules/form/modify_settings.php (revision 605) @@ -77,7 +77,6 @@ - : @@ -87,7 +86,6 @@ - : Index: trunk/wb/modules/form/save_settings.php =================================================================== --- trunk/wb/modules/form/save_settings.php (revision 604) +++ trunk/wb/modules/form/save_settings.php (revision 605) @@ -41,11 +41,7 @@ $field_loop = $admin->add_slashes($_POST['field_loop']); $footer = $admin->add_slashes($_POST['footer']); $email_to = $admin->add_slashes($_POST['email_to']); -if(extension_loaded('gd') AND function_exists('imageCreateFromJpeg')) { - $use_captcha = $_POST['use_captcha']; -} else { - $use_captcha = false; -} +$use_captcha = $_POST['use_captcha']; if($_POST['email_from_field'] == '') { $email_from = $admin->add_slashes($_POST['email_from']); } else { Index: trunk/wb/modules/form/add.php =================================================================== --- trunk/wb/modules/form/add.php (revision 604) +++ trunk/wb/modules/form/add.php (revision 605) @@ -48,11 +48,7 @@ $success_email_subject = 'You have submitted a form'; $max_submissions = 50; $stored_submissions = 50; -if(extension_loaded('gd') AND function_exists('imageCreateFromJpeg')) { /* Make's sure GD library is installed */ - $use_captcha = true; -} else { - $use_captcha = false; -} +$use_captcha = true; $database->query("INSERT INTO ".TABLE_PREFIX."mod_form_settings (page_id,section_id,header,field_loop,footer,email_to,email_from,email_subject,success_page,success_email_to,success_email_from,success_email_text,success_email_subject,max_submissions,stored_submissions,use_captcha) VALUES ('$page_id','$section_id','$header','$field_loop','$footer','$email_to','$email_from','$email_subject','$success_page','$success_email_to','$success_email_from','$success_email_text','$success_email_subject','$max_submissions','$stored_submissions','$use_captcha')"); ?> \ No newline at end of file Index: trunk/wb/modules/news/modify_settings.php =================================================================== --- trunk/wb/modules/news/modify_settings.php (revision 604) +++ trunk/wb/modules/news/modify_settings.php (revision 605) @@ -130,7 +130,6 @@ - : @@ -140,6 +139,7 @@ + : Index: trunk/wb/modules/news/view.php =================================================================== --- trunk/wb/modules/news/view.php (revision 604) +++ trunk/wb/modules/news/view.php (revision 605) @@ -341,13 +341,11 @@ // Print comments footer echo str_replace('[ADD_COMMENT_URL]', WB_URL.'/modules/news/comment.php?id='.POST_ID.'&sid='.$section_id, $setting_comments_footer); - - if(ENABLED_ASP) { - $_SESSION['comes_from_view'] = true; - $_SESSION['comes_from_view_time'] = time(); - } } - + if(ENABLED_ASP) { + $_SESSION['comes_from_view'] = POST_ID; + $_SESSION['comes_from_view_time'] = time(); + } } ?> \ No newline at end of file Index: trunk/wb/modules/news/save_settings.php =================================================================== --- trunk/wb/modules/news/save_settings.php (revision 604) +++ trunk/wb/modules/news/save_settings.php (revision 605) @@ -43,12 +43,11 @@ $comments_page = $admin->add_slashes(str_replace($friendly, $raw, $_POST['comments_page'])); $commenting = $_POST['commenting']; $posts_per_page = $_POST['posts_per_page']; +$use_captcha = $_POST['use_captcha']; if(extension_loaded('gd') AND function_exists('imageCreateFromJpeg')) { $resize = $_POST['resize']; - $use_captcha = $_POST['use_captcha']; } else { $resize = ''; - $use_captcha = false; } // Update settings Index: trunk/wb/modules/news/comment_page.php =================================================================== --- trunk/wb/modules/news/comment_page.php (revision 604) +++ trunk/wb/modules/news/comment_page.php (revision 605) @@ -31,6 +31,7 @@ require_once(WB_PATH.'/include/captcha/captcha.php'); require_once(WB_PATH.'/include/captcha/asp.php'); +if(isset($_SESSION['captcha_retry_news'])) unset($_SESSION['captcha_retry_news']); // Get comments page template details from db $query_settings = $database->query("SELECT comments_page,use_captcha,commenting FROM ".TABLE_PREFIX."mod_news_settings WHERE section_id = '".SECTION_ID."'"); @@ -57,6 +58,9 @@ URL:
+ Comment: + +

@@ -64,14 +68,17 @@
/>

- : + :
- +

'.$_SESSION['captcha_error'].'
'; unset($_SESSION['captcha_error']); + $_SESSION['captcha_retry_news'] = true; } // Captcha if($settings['use_captcha']) { Index: trunk/wb/modules/news/comment.php =================================================================== --- trunk/wb/modules/news/comment.php (revision 604) +++ trunk/wb/modules/news/comment.php (revision 605) @@ -27,7 +27,7 @@ require('../../config.php'); // Check if there is a post id -if(!isset($_GET['id']) OR !is_numeric($_GET['id'])) { +if(!isset($_GET['id']) OR !is_numeric($_GET['id']) OR !isset($_GET['sid']) OR !is_numeric($_GET['sid'])) { header("Location: ".WB_URL.PAGES_DIRECTORY.""); exit(0); } @@ -64,8 +64,8 @@ exit(0); } - // don't allow commenting if ASP enabled and user doesn't comes from view.php - if(ENABLED_ASP && !isset($_SESSION['comes_from_view'])) { + // don't allow commenting if ASP enabled and user doesn't comes from the right view.php + if(ENABLED_ASP && (!isset($_SESSION['comes_from_view']) OR $_SESSION['comes_from_view']!=POST_ID)) { header("Location: ".WB_URL.PAGES_DIRECTORY.""); exit(0); } @@ -83,6 +83,6 @@ require(WB_PATH.'/index.php'); } } +var_dump($_SESSION); - ?> Index: trunk/wb/modules/news/submit_comment.php =================================================================== --- trunk/wb/modules/news/submit_comment.php (revision 604) +++ trunk/wb/modules/news/submit_comment.php (revision 605) @@ -30,7 +30,7 @@ $wb = new wb; // Check if we should show the form or add a comment -if(is_numeric($_GET['page_id']) AND is_numeric($_GET['section_id']) AND isset($_GET['post_id']) AND is_numeric($_GET['post_id']) AND isset($_POST['comment']) AND $_POST['comment'] != '') { +if(is_numeric($_GET['page_id']) AND is_numeric($_GET['section_id']) AND isset($_GET['post_id']) AND is_numeric($_GET['post_id']) AND isset($_POST['c0mment']) AND $_POST['c0mment'] != '') { // Check captcha $query_settings = $database->query("SELECT use_captcha FROM ".TABLE_PREFIX."mod_news_settings WHERE section_id = '".$_GET['section_id']."'"); @@ -45,9 +45,9 @@ (!isset($_SESSION['comes_from_view_time']) OR $_SESSION['comes_from_view_time'] > $t-ASP_VIEW_MIN_AGE) OR // user is too fast (!isset($_SESSION['submitted_when']) OR !isset($_POST['submitted_when'])) OR // faked form ($_SESSION['submitted_when'] != $_POST['submitted_when']) OR // faked form - ($_SESSION['submitted_when'] > $t-ASP_INPUT_MIN_AGE) OR // user too fast + ($_SESSION['submitted_when'] > $t-ASP_INPUT_MIN_AGE && !isset($_SESSION['captcha_retry_news'])) OR // user too fast ($_SESSION['submitted_when'] < $t-43200) OR // form older than 12h - ($_POST['email'] OR $_POST['url'] OR $_POST['homepage']) // honeypot-fields + ($_POST['email'] OR $_POST['url'] OR $_POST['homepage'] OR $_POST['comment']) // honeypot-fields )) { exit(header("Location: ".WB_URL.PAGES_DIRECTORY."")); } @@ -57,13 +57,13 @@ if(!isset($_POST['captcha']) OR !isset($_SESSION['captcha']) OR $_POST['captcha'] != $_SESSION['captcha']) { $_SESSION['captcha_error'] = $MESSAGE['MOD_FORM']['INCORRECT_CAPTCHA']; $_SESSION['comment_title'] = $_POST['title']; - $_SESSION['comment_body'] = $_POST['comment']; + $_SESSION['comment_body'] = $_POST['c0mment']; exit(header('Location: '.WB_URL."/modules/news/comment.php?id={$_GET['post_id']}&sid={$_GET['section_id']}")); } } else { $_SESSION['captcha_error'] = $MESSAGE['MOD_FORM']['INCORRECT_CAPTCHA']; $_SESSION['comment_title'] = $_POST['title']; - $_SESSION['comment_body'] = $_POST['comment']; + $_SESSION['comment_body'] = $_POST['c0mment']; exit(header('Location: '.WB_URL."/modules/news/comment.php?id={$_GET['post_id']}&sid={$_GET['section_id']}")); } } @@ -80,7 +80,7 @@ $section_id = $_GET['section_id']; $post_id = $_GET['post_id']; $title = $wb->add_slashes(strip_tags($_POST['title'])); - $comment = $wb->add_slashes(strip_tags($_POST['comment'])); + $comment = $wb->add_slashes(strip_tags($_POST['c0mment'])); $commented_when = mktime(); if($wb->is_authenticated() == true) { $commented_by = $wb->get_user_id();