1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
|
diff -Naur captcha-2.3.orig/captcha.php captcha-2.3.new/captcha.php
--- captcha-2.3.orig/captcha.php 2011-04-12 04:46:35.000000000 +0200
+++ captcha-2.3.new/captcha.php 2011-05-03 14:26:36.221434902 +0200
@@ -4,7 +4,7 @@
title: Easy_CAPTCHA
description: highly configurable, user-friendly and accessible CAPTCHA
version: 2.3
- author: milki
+ author: mario <xmilky@@gmail::com>
url: http://freshmeat.net/projects/captchaphp
config:
<const name="CAPTCHA_PERSISTENT" value="1" type="boolean" title="persistent cookie" description="sets a cookie after user successfully solved it, spares further captchas for a few days" />
@@ -99,9 +99,16 @@
@define("CAPTCHA_BASE_URL", (empty($_SERVER['HTTPS'])? "http": "https") . "://$_SERVER[SERVER_NAME]:$_SERVER[SERVER_PORT]/" . substr(realpath(__FILE__), strlen(realpath($_SERVER["DOCUMENT_ROOT"]))));
#-- texts
-@define("CAPTCHA_PROMPT_TEXT", 'please enter the letters you recognize in the CAPTCHA image to the left');
+@define("CAPTCHA_PROMPT_TEXT", 'Please enter the letters you recognize in the CAPTCHA image to the left.');
@define("CAPTCHA_WHATIS_TEXT", 'What is %s = ');
-@define("CAPTCHA_REDRAW_TEXT", 'click on image to redraw');
+@define("CAPTCHA_REDRAW_TEXT", 'Click on image to redraw.');
+# error messages (not usually seen by users)
+@define("CAPTCHA_ERROBJ_TEXT", 'Invalid object created.');
+@define("CAPTCHA_ERRSAVE_TEXT", 'Storing of captcha_id and session data was unsuccessful.');
+@define("CAPTCHA_ERRID_TEXT", 'No ->id present.');
+@define("CAPTCHA_ERRCREA_TEXT", 'No ->created timestamp.');
+@define("CAPTCHA_NOGD_TEXT", 'PHP setup lacks GD. No image drawing is possible, CAPTCHA won\'t function.');
+@define("CAPTCHA_ERRINVREQ_TEXT", 'captcha error: request invalid (wrong storage id) / or expired');
@@ -161,13 +168,14 @@
}
}
+
#-- create solutions
function generate() {
#-- init
srand(microtime() + time()/2 - 21017);
- if ($this->id) { $this->prev[] = $this->id; }
+ if (!empty($this->id)) { $this->prev[] = $this->id; }
$this->id = $this->new_id();
#-- meta informations
@@ -214,12 +222,12 @@
#-- examine if captcha data is fresh
function is_valid() {
- return isset($this->id) && ($this->created)
+ return isset($this->id) && !empty($this->created)
&& ($this->expires > time())
&& ($this->tries > 0)
&& ($this->failures < 500)
&& ($this->passed < $this->maxpasses)
- || $this->delete() || $this->log("is_valid", "EXPIRED", "and deleted") && false;
+ || $this->log("is_valid", "EXPIRED", "and deleted") && $this->delete() && false;
}
@@ -236,7 +244,7 @@
#-- failure
if ((0 >= $this->tries--) || !$this->is_valid()) {
// log, this is either a frustrated user or a bot knocking
- $this->log("::solved", "INVALID", "tries exhausted ($this->tries) or expired(?) captcha");
+ $this->log("::solved", "INVALID", "tries exhausted ({$this->tries}) or expired(?) captcha");
}
#-- test
@@ -292,13 +300,14 @@
#-- check for errors
$errors = array(
- "invalid object created" => !$this->is_valid(),
- "captcha_id storage could not be saved" => !$this->saved,
- "no ->id present" => empty($this->id),
- "no ->created timestamp" => empty($this->created),
+ CAPTCHA_ERROBJ_TEXT => !$this->is_valid(),
+ CAPTCHA_ERRSAVE_TEXT => !$this->saved,
+ CAPTCHA_ERRID_TEXT => empty($this->id),
+ CAPTCHA_ERRCREA_TEXT => empty($this->created),
+ CAPTCHA_NOGD_TEXT => !function_exists('imagecreatetruecolor'),
);
if (array_sum($errors)) {
- return '<div id="captcha" class="error">*' . implode("<br>*", array_keys(array_filter($errors))) . '</div>';
+ return '<div id="captcha" class="error">*' . implode("<br>*", array_filter(array_keys(array_filter($errors)), 'htmlentities')) . '</div>';
}
#-- prepare output vars
@@ -310,20 +319,18 @@
$alt_text = htmlentities($this->text->question);
$new_urls = CAPTCHA_NEW_URLS ? 0 : 1;
$onClick = CAPTCHA_ONCLICK_HIRES ? 'onClick="this.src += this.src.match(/hires/) ? \'.\' : \'hires=1&\';"' : 'onClick="this.src += \'.\';"';
- $onKeyDown = CAPTCHA_AJAX ? 'onKeyUp="captcha_check_solution()"' : '';
+ $onKeyUp = CAPTCHA_AJAX ? 'onKeyUp="captcha_check_solution()"' : '';
$javascript = CAPTCHA_AJAX ? '<script src="'.$base_url.'base.js&captcha_new_urls='.$new_urls.'" type="text/javascript" language="JavaScript" id="captcha_ajax_1"></script>' : '';
- $error = function_exists('imagecreatetruecolor') ? '' : '<div class="error">PHP setup lacks GD. No image drawing possible</div>';
#-- assemble
$HTML =
//'<script type="text/javascript" language="JavaScript">if (document.getElementById("captcha")) { document.getElementById("captcha").parentNode.removeChild(document.getElementById("captcha")); }</script>' . // workaround for double instantiations
'<div id="captcha" class="captcha">' .
- $error .
'<input type="hidden" id="'.$p_id.'" name="'.$p_id.'" value="'.$id.'" />' .
- '<img src="'.$img_url .'&" width="'.$this->image->width.'" height="'.$this->image->height.'" alt="'.$alt_text.'" align="middle" '.$onClick.' title="' . CAPTCHA_REDRAW_TEXT . '" />' .
+ '<img src="'.$img_url .'&" width="'.$this->image->width.'" height="'.$this->image->height.'" alt="'.$alt_text.'" align="middle" '.$onClick.' title="' . htmlentities(CAPTCHA_REDRAW_TEXT) . '" />' .
' ' .
$add_text .
- '<input title="' . CAPTCHA_PROMPT_TEXT . '" type="text" '.$onKeyDown.' id="'.$p_input.'" name="'.$p_input.'" value="'.(isset($_REQUEST[$p_input])?htmlentities($_REQUEST[$p_input]):"") .
+ '<input title="' . htmlentities(CAPTCHA_PROMPT_TEXT) . '" type="text" '.$onKeyUp.' id="'.$p_input.'" name="'.$p_input.'" value="'.(isset($_REQUEST[$p_input])?htmlentities($_REQUEST[$p_input]):"") .
'" size="8" style="'.CAPTCHA_INPUT_STYLE.'" />' .
$javascript .
'</div>';
@@ -337,9 +344,9 @@
function log($error, $category, $message) {
// append to text file
if (CAPTCHA_LOG) {
- file_put_contents(
+ @file_put_contents(
CAPTCHA_TEMP_DIR . "/captcha.log",
- "[$error] -$category- \"$message\" $_SERVER[REMOTE_ADDR] id={$this->id} tries={$this->tries} failures={$this->failures} created/time/expires=$this->created/".time()."/$this->expires \n",
+ "[$error] -$category- \"$message\" $_SERVER[REMOTE_ADDR] id={$this->id} tries={$this->tries} failures={$this->failures} created/time/expires={$this->created}/".time()."/{$this->expires} \n",
FILE_APPEND|LOCK_EX
);
}
@@ -357,7 +364,7 @@
}
}
else {
- $this->log("captcha file does not exist $fn");
+ $this->log("load", "INVALID", "captcha file does not exist $fn");
}
}
@@ -365,34 +372,36 @@
function save() {
$this->straighten_temp_dir();
if ($fn = $this->data_file()) {
- $this->saved = file_put_contents($fn, serialize($this), LOCK_EX);
+ $this->saved = @file_put_contents($fn, serialize($this), LOCK_EX);
}
}
#-- remove $this data file
function delete() {
// delete current and all previous data files
- $this->prev[] = $this->id;
+ if (!empty($this->id)) {
+ $this->prev[] = $this->id;
+ }
if (isset($this->prev)) {
- foreach ($this->prev as $id) {
+ foreach ((array)$this->prev as $id) {
@unlink($this->data_file($id));
}
}
// clean object
foreach ((array)$this as $name=>$val) {
- unset($this->{$name});
+ $this->{$name} = false;
}
- return(FALSE); // far if-chaining in ->is_valid()
+ return(FALSE); // for if-chaining in ->is_valid()
}
#-- clean-up or init temporary directory
function straighten_temp_dir() {
// create dir
if (!file_exists($dir=CAPTCHA_TEMP_DIR)) {
- mkdir($dir);
+ @mkdir($dir);
}
// clean up old files
- if ((rand(0,100) <= 5) && ($dh = opendir($dir))) {
+ if ((rand(0,100) <= 5) && ($dh = @opendir($dir))) {
$t_kill = time() - CAPTCHA_TIMEOUT * 1.2;
while($fn = readdir($dh)) if ($fn[0] != ".") {
if (filemtime("$dir/$fn") < $t_kill) {
@@ -1013,10 +1022,11 @@
#-- determine usable temp directory
function tmp() {
+ $DIR = dirname(__FILE__);
return current(
- array_filter( // filter by writability
+ @array_filter( // filter by writability
array_filter( // filter empty entries
- @array(
+ array(
$_SERVER['TMPDIR'],
$_SERVER['REDIRECT_TMPDIR'],
$_SERVER['TEMP'],
@@ -1024,7 +1034,8 @@
$_SERVER['TMP'],
$_SERVER['TEMPDIR'],
function_exists("sys_get_temp_dir") ? sys_get_temp_dir() : "",
- '/tmp'
+ '/tmp', '/temp',
+ "$DIR/tmp", "$DIR/../tmp", "$DIR/../../tmp",
)
),
"is_writable"
@@ -1053,7 +1064,7 @@
#-- check
if ($expired || empty($c->image)) {
- die(easy_captcha_utility::js_header('alert("captcha error: request invalid (wrong storage id) / or expired");'));
+ die(easy_captcha_utility::js_header('alert("' . addslashes(CAPTCHA_ERRINVREQ_TEXT) . '");'));
}
if (0 >= $c->ajax_tries--) {
$c->log("::API", "JS-RPC", "ajax_tries exhausted ($c->ajax_tries)");
@@ -1258,4 +1269,4 @@
-?>
\ No newline at end of file
+?>
diff -Naur captcha-2.3.orig/index.php captcha-2.3.new/index.php
--- captcha-2.3.orig/index.php 2010-05-20 20:18:31.000000000 +0200
+++ captcha-2.3.new/index.php 2011-04-13 14:54:13.000000000 +0200
@@ -3,7 +3,7 @@
// load library and preset a few options
define("CAPTCHA_INVERSE", 1); // black background
define("CAPTCHA_NEW_URLS", 0); // no auto-disabling/hiding for the demo
- include("captcha.php");
+ include("captchaphp/captcha.php");
?>
<html>
@@ -109,7 +109,7 @@
-<form action="index.php" method="GET" x-enctype="multipart/form-data" accept-encoding="UTF-8">
+<form action="<?php echo htmlspecialchars(basename($_SERVER['SCRIPT_NAME'])); ?>" method="GET" x-enctype="multipart/form-data" accept-encoding="UTF-8">
<textarea name="texta1" cols="40" rows="5">...</textarea>
<?php
// output CAPTCHA img + input box
@@ -126,7 +126,7 @@
<div>
- <a href="http://www.freshmeat.net/p/captchaphp">get updates (freshmeat.net)</a>
+ <a href="http://www.freshmeat.net/projects/captchaphp">get updates (freshmeat.net)</a>
|
<a href="captcha.tgz">download</a>
|
diff -Naur captcha-2.3.orig/README captcha-2.3.new/README
--- captcha-2.3.orig/README 2011-04-12 04:46:29.000000000 +0200
+++ captcha-2.3.new/README 2011-04-13 16:33:41.000000000 +0200
@@ -399,7 +399,7 @@
- alternatives for finding temporary directory from env / php.ini
2.2
- - Many many many patches from Patrick Monerat, downstream Fedora
+ - Many many many patches from Patrick Monnerat, downstream Fedora
- different font distributed alongside
2.1 (unreleased)
|
