Verzeichnisstruktur phpBB-3.3.15
- Veröffentlicht
- 28.08.2024
So funktioniert es
|
|
Auf das letzte Element klicken. Dies geht jeweils ein Schritt zurück |
Auf das Icon klicken, dies öffnet das Verzeichnis. Nochmal klicken schließt das Verzeichnis. |
|
|
(Beispiel Datei-Icons)
|
Auf das Icon klicken um den Quellcode anzuzeigen |
captcha_abstract.php
001 <?php
002 /**
003 *
004 * This file is part of the phpBB Forum Software package.
005 *
006 * @copyright (c) phpBB Limited <https://www.phpbb.com>
007 * @license GNU General Public License, version 2 (GPL-2.0)
008 *
009 * For full copyright and license information, please see
010 * the docs/CREDITS.txt file.
011 *
012 */
013
014 namespace phpbb\captcha\plugins;
015
016 /**
017 * This class holds the code shared by the two default 3.0.x CAPTCHAs.
018 */
019 abstract class captcha_abstract
020 {
021 var $confirm_id;
022 var $confirm_code;
023 var $code;
024 var $seed;
025 var $attempts = 0;
026 var $type;
027 var $solved = 0;
028 var $captcha_vars = false;
029
030 /**
031 * @var string name of the service.
032 */
033 protected $service_name;
034
035 function init($type)
036 {
037 global $config, $request;
038
039 // read input
040 $this->confirm_id = $request->variable('confirm_id', '');
041 $this->confirm_code = $request->variable('confirm_code', '');
042 $refresh = $request->variable('refresh_vc', false) && $config['confirm_refresh'];
043
044 $this->type = (int) $type;
045
046 if (!strlen($this->confirm_id) || !$this->load_code())
047 {
048 // we have no confirm ID, better get ready to display something
049 $this->generate_code();
050 }
051 else if ($refresh)
052 {
053 $this->regenerate_code();
054 }
055 }
056
057 function execute_demo()
058 {
059 $this->code = gen_rand_string_friendly(mt_rand(CAPTCHA_MIN_CHARS, CAPTCHA_MAX_CHARS));
060 $this->seed = hexdec(substr(unique_id(), 4, 10));
061
062 // compute $seed % 0x7fffffff
063 $this->seed -= 0x7fffffff * floor($this->seed / 0x7fffffff);
064
065 $generator = $this->get_generator_class();
066 $captcha = new $generator();
067 define('IMAGE_OUTPUT', 1);
068 $captcha->execute($this->code, $this->seed);
069 }
070
071 function execute()
072 {
073 if (empty($this->code))
074 {
075 if (!$this->load_code())
076 {
077 // invalid request, bail out
078 return false;
079 }
080 }
081 $generator = $this->get_generator_class();
082 $captcha = new $generator();
083 define('IMAGE_OUTPUT', 1);
084 $captcha->execute($this->code, $this->seed);
085 }
086
087 function get_template()
088 {
089 global $config, $user, $template, $phpEx, $phpbb_root_path;
090
091 if ($this->is_solved())
092 {
093 return false;
094 }
095 else
096 {
097 $link = append_sid($phpbb_root_path . 'ucp.' . $phpEx, 'mode=confirm&confirm_id=' . $this->confirm_id . '&type=' . $this->type);
098 $contact_link = phpbb_get_board_contact_link($config, $phpbb_root_path, $phpEx);
099 $explain = $user->lang(($this->type != CONFIRM_POST) ? 'CONFIRM_EXPLAIN' : 'POST_CONFIRM_EXPLAIN', '<a href="' . $contact_link . '">', '</a>');
100
101 $template->assign_vars(array(
102 'CONFIRM_IMAGE_LINK' => $link,
103 'CONFIRM_IMAGE' => '<img src="' . $link . '" />',
104 'CONFIRM_IMG' => '<img src="' . $link . '" />',
105 'CONFIRM_ID' => $this->confirm_id,
106 'S_CONFIRM_CODE' => true,
107 'S_TYPE' => $this->type,
108 'S_CONFIRM_REFRESH' => ($config['enable_confirm'] && $config['confirm_refresh'] && $this->type == CONFIRM_REG) ? true : false,
109 'L_CONFIRM_EXPLAIN' => $explain,
110 ));
111
112 return 'captcha_default.html';
113 }
114 }
115
116 function get_demo_template($id)
117 {
118 global $config, $template, $request, $phpbb_admin_path, $phpEx;
119
120 $variables = '';
121
122 if (is_array($this->captcha_vars))
123 {
124 foreach ($this->captcha_vars as $captcha_var => $template_var)
125 {
126 $variables .= '&' . rawurlencode($captcha_var) . '=' . $request->variable($captcha_var, (int) $config[$captcha_var]);
127 }
128 }
129
130 // acp_captcha has a delivery function; let's use it
131 $template->assign_vars(array(
132 'CONFIRM_IMAGE' => append_sid($phpbb_admin_path . 'index.' . $phpEx, 'captcha_demo=1&mode=visual&i=' . $id . '&select_captcha=' . $this->get_service_name()) . $variables,
133 'CONFIRM_ID' => $this->confirm_id,
134 ));
135
136 return 'captcha_default_acp_demo.html';
137 }
138
139 function get_hidden_fields()
140 {
141 $hidden_fields = array();
142
143 // this is required for posting.php - otherwise we would forget about the captcha being already solved
144 if ($this->solved)
145 {
146 $hidden_fields['confirm_code'] = $this->confirm_code;
147 }
148 $hidden_fields['confirm_id'] = $this->confirm_id;
149 return $hidden_fields;
150 }
151
152 function garbage_collect($type)
153 {
154 global $db;
155
156 $sql = 'SELECT DISTINCT c.session_id
157 FROM ' . CONFIRM_TABLE . ' c
158 LEFT JOIN ' . SESSIONS_TABLE . ' s ON (c.session_id = s.session_id)
159 WHERE s.session_id IS NULL' .
160 ((empty($type)) ? '' : ' AND c.confirm_type = ' . (int) $type);
161 $result = $db->sql_query($sql);
162
163 if ($row = $db->sql_fetchrow($result))
164 {
165 $sql_in = array();
166 do
167 {
168 $sql_in[] = (string) $row['session_id'];
169 }
170 while ($row = $db->sql_fetchrow($result));
171
172 if (count($sql_in))
173 {
174 $sql = 'DELETE FROM ' . CONFIRM_TABLE . '
175 WHERE ' . $db->sql_in_set('session_id', $sql_in);
176 $db->sql_query($sql);
177 }
178 }
179 $db->sql_freeresult($result);
180 }
181
182 function uninstall()
183 {
184 $this->garbage_collect(0);
185 }
186
187 function install()
188 {
189 return;
190 }
191
192 function validate()
193 {
194 global $user;
195
196 if (!$user->is_setup())
197 {
198 $user->setup();
199 }
200
201 $error = '';
202 if (!$this->confirm_id)
203 {
204 $error = $user->lang['CONFIRM_CODE_WRONG'];
205 }
206 else
207 {
208 if ($this->check_code())
209 {
210 $this->solved = true;
211 }
212 else
213 {
214 $error = $user->lang['CONFIRM_CODE_WRONG'];
215 }
216 }
217
218 if (strlen($error))
219 {
220 // okay, incorrect answer. Let's ask a new question.
221 $this->new_attempt();
222 return $error;
223 }
224 else
225 {
226 return false;
227 }
228 }
229
230 /**
231 * The old way to generate code, suitable for GD and non-GD. Resets the internal state.
232 */
233 function generate_code()
234 {
235 global $db, $user;
236
237 $this->code = gen_rand_string_friendly(mt_rand(CAPTCHA_MIN_CHARS, CAPTCHA_MAX_CHARS));
238 $this->confirm_id = md5(unique_id($user->ip));
239 $this->seed = hexdec(substr(unique_id(), 4, 10));
240 $this->solved = 0;
241 // compute $seed % 0x7fffffff
242 $this->seed -= 0x7fffffff * floor($this->seed / 0x7fffffff);
243
244 $sql = 'INSERT INTO ' . CONFIRM_TABLE . ' ' . $db->sql_build_array('INSERT', array(
245 'confirm_id' => (string) $this->confirm_id,
246 'session_id' => (string) $user->session_id,
247 'confirm_type' => (int) $this->type,
248 'code' => (string) $this->code,
249 'seed' => (int) $this->seed)
250 );
251 $db->sql_query($sql);
252 }
253
254 /**
255 * New Question, if desired.
256 */
257 function regenerate_code()
258 {
259 global $db, $user;
260
261 $this->code = gen_rand_string_friendly(mt_rand(CAPTCHA_MIN_CHARS, CAPTCHA_MAX_CHARS));
262 $this->seed = hexdec(substr(unique_id(), 4, 10));
263 $this->solved = 0;
264 // compute $seed % 0x7fffffff
265 $this->seed -= 0x7fffffff * floor($this->seed / 0x7fffffff);
266
267 $sql = 'UPDATE ' . CONFIRM_TABLE . ' SET ' . $db->sql_build_array('UPDATE', array(
268 'code' => (string) $this->code,
269 'seed' => (int) $this->seed)) . '
270 WHERE
271 confirm_id = \'' . $db->sql_escape($this->confirm_id) . '\'
272 AND session_id = \'' . $db->sql_escape($user->session_id) . '\'';
273 $db->sql_query($sql);
274 }
275
276 /**
277 * New Question, if desired.
278 */
279 function new_attempt()
280 {
281 global $db, $user;
282
283 $this->code = gen_rand_string_friendly(mt_rand(CAPTCHA_MIN_CHARS, CAPTCHA_MAX_CHARS));
284 $this->seed = hexdec(substr(unique_id(), 4, 10));
285 $this->solved = 0;
286 // compute $seed % 0x7fffffff
287 $this->seed -= 0x7fffffff * floor($this->seed / 0x7fffffff);
288
289 $sql = 'UPDATE ' . CONFIRM_TABLE . ' SET ' . $db->sql_build_array('UPDATE', array(
290 'code' => (string) $this->code,
291 'seed' => (int) $this->seed)) . '
292 , attempts = attempts + 1
293 WHERE
294 confirm_id = \'' . $db->sql_escape($this->confirm_id) . '\'
295 AND session_id = \'' . $db->sql_escape($user->session_id) . '\'';
296 $db->sql_query($sql);
297 }
298
299 /**
300 * Look up everything we need for painting&checking.
301 */
302 function load_code()
303 {
304 global $db, $user;
305
306 $sql = 'SELECT code, seed, attempts
307 FROM ' . CONFIRM_TABLE . "
308 WHERE confirm_id = '" . $db->sql_escape($this->confirm_id) . "'
309 AND session_id = '" . $db->sql_escape($user->session_id) . "'
310 AND confirm_type = " . $this->type;
311 $result = $db->sql_query($sql);
312 $row = $db->sql_fetchrow($result);
313 $db->sql_freeresult($result);
314
315 if ($row)
316 {
317 $this->code = $row['code'];
318 $this->seed = $row['seed'];
319 $this->attempts = $row['attempts'];
320 return true;
321 }
322
323 return false;
324 }
325
326 function check_code()
327 {
328 return (strcasecmp($this->code, $this->confirm_code) === 0);
329 }
330
331 function get_attempt_count()
332 {
333 return $this->attempts;
334 }
335
336 function reset()
337 {
338 global $db, $user;
339
340 $sql = 'DELETE FROM ' . CONFIRM_TABLE . "
341 WHERE session_id = '" . $db->sql_escape($user->session_id) . "'
342 AND confirm_type = " . (int) $this->type;
343 $db->sql_query($sql);
344
345 // we leave the class usable by generating a new question
346 $this->generate_code();
347 }
348
349 function is_solved()
350 {
351 global $request;
352
353 if ($request->variable('confirm_code', false) && $this->solved === 0)
354 {
355 $this->validate();
356 }
357 return (bool) $this->solved;
358 }
359
360 /**
361 * API function
362 */
363 function has_config()
364 {
365 return false;
366 }
367
368 /**
369 * @return string the name of the service corresponding to the plugin
370 */
371 function get_service_name()
372 {
373 return $this->service_name;
374 }
375
376 /**
377 * Set the name of the plugin
378 *
379 * @param string $name
380 */
381 public function set_name($name)
382 {
383 $this->service_name = $name;
384 }
385
386 /**
387 * @return string the name of the class used to generate the captcha
388 */
389 abstract function get_generator_class();
390
391 /**
392 * Get language variable for error message when CAPTCHA is being shown due
393 * to exceeding the maximum number of login attempts
394 *
395 * @return string
396 */
397 public function get_login_error_attempts(): string
398 {
399 return 'LOGIN_ERROR_ATTEMPTS';
400 }
401 }
402