From a34b84478af8de577afef1b762fc6861b2fd74e7 Mon Sep 17 00:00:00 2001 From: Calin-Andrei Burloiu Date: Fri, 4 Nov 2011 18:48:13 +0200 Subject: [PATCH] registration requires CAPTCHA --- application/config/captcha.php | 3 +- application/config/form_validation.php | 5 + application/controllers/user.php | 26 ++- .../language/english/form_validation_lang.php | 1 + application/language/english/ui_lang.php | 4 + application/libraries/Captcha.php | 54 +++-- application/views/user/profile_view.php | 8 + application/views/user/register_view.php | 29 ++- img/captcha/index.html | 10 + img/index.html | 10 + img/index.php | 204 ++++++++++++++++++ js/index.html | 10 + nbproject/netbeans_ci_code_completion.php | 2 + system/helpers/captcha_helper.php | 4 +- 14 files changed, 346 insertions(+), 24 deletions(-) create mode 100644 img/captcha/index.html create mode 100644 img/index.html create mode 100644 img/index.php create mode 100644 js/index.html diff --git a/application/config/captcha.php b/application/config/captcha.php index fe117d1..806d0dd 100644 --- a/application/config/captcha.php +++ b/application/config/captcha.php @@ -1,6 +1,7 @@ 900, 'img_path' => './img/captcha/', - 'img_url' => site_url('img/captcha/') + 'img_url' => site_url('img/captcha/') . '/' ); \ No newline at end of file diff --git a/application/config/form_validation.php b/application/config/form_validation.php index 042d5f7..67ed55c 100644 --- a/application/config/form_validation.php +++ b/application/config/form_validation.php @@ -83,6 +83,11 @@ $config = array( 'field'=>'locality', 'label'=>'lang:user_locality', 'rules'=>'trim|ucwords|xss_clean|prep_for_form' + ), + array( + 'field'=>'captcha', + 'label'=>'lang:captcha', + 'rules'=>'callback__required_by_register|callback__check_captcha' ) ), 'activate'=> array( diff --git a/application/controllers/user.php b/application/controllers/user.php index 810069d..fad3ddf 100644 --- a/application/controllers/user.php +++ b/application/controllers/user.php @@ -26,7 +26,7 @@ class User extends CI_Controller { public function test($user_id = 1) { -// echo ($this->users_model->get_userdata('calin.burloiu') ? 'd' : 'n'); + echo extension_loaded('gd') ? 'gd' : 'nu'; } // DEBUG @@ -45,6 +45,13 @@ class User extends CI_Controller { $this->session->sess_destroy(); } + + public function ajax_get_captcha() + { + $this->load->library('captcha'); + $captcha = $this->captcha->get_captcha(); + echo $captcha['image']; + } /** * Login a user and then redirect it to the last page which must be encoded @@ -215,6 +222,7 @@ class User extends CI_Controller { if (! $b_validation) { // Edit account data if logged in, otherwise register. + // ** ACCOUNT if ($user_id) { $userdata = $this->users_model->get_userdata(intval($user_id)); @@ -222,11 +230,18 @@ class User extends CI_Controller { $userdata['autogen_username'] = substr($userdata['username'], 8); $selected_menu = 'account'; + $captcha = FALSE; } + // ** REGISTER else { $userdata = FALSE; $selected_menu = 'register'; + + // CAPTCHA + $this->load->library('captcha'); + $captcha = $this->captcha->get_captcha(); + $captcha = $captcha['image']; } $params = array('title' => @@ -246,7 +261,7 @@ class User extends CI_Controller { $main_params['content'] = $this->load->view('user/register_view', array('userdata'=> $userdata, 'redirect'=> $redirect, - 'error_upload'=> $error_upload), + 'error_upload'=> $error_upload, 'captcha'=> $captcha), TRUE); $main_params['side'] = $this->load->view('side_default', NULL, TRUE); $this->load->view('main', $main_params); @@ -712,6 +727,13 @@ class User extends CI_Controller { return TRUE; } + public function _check_captcha($word) + { + $this->load->library('captcha'); + + return $this->captcha->check_captcha($word); + } + public function _internal_account($username) { $userdata = $this->users_model->get_userdata($username, 'auth_src'); diff --git a/application/language/english/form_validation_lang.php b/application/language/english/form_validation_lang.php index 59d8352..b8b6d29 100644 --- a/application/language/english/form_validation_lang.php +++ b/application/language/english/form_validation_lang.php @@ -12,6 +12,7 @@ $lang['_valid_date'] = 'Invalid %s! Use the specified format or leave the fie $lang['_valid_old_password'] = 'Wrong %s.'; $lang['_change_password_cond'] = 'If you want to change your password complete all three password related fields.'; $lang['_required_by_register'] = 'The %s field is required.'; +$lang['_check_captcha'] = 'The text entered does not match the text from the previous image. Try again with this image.'; // Account Activation $lang['_valid_activation_code'] = 'Invalid activation code. You must provide 16 hexa characters.'; diff --git a/application/language/english/ui_lang.php b/application/language/english/ui_lang.php index bd290ad..4d6d3dc 100644 --- a/application/language/english/ui_lang.php +++ b/application/language/english/ui_lang.php @@ -65,5 +65,9 @@ $lang['ui_msg_repeated_action_restriction'] = 'You can only perform this action $lang['ui_chars_left'] = 'characters left'; +$lang['ui_captcha'] = 'CAPTCHA'; +$lang['ui_captcha_instructions'] = 'Please insert the text from the image below in order to demonstrate that you are a human:'; +$lang['ui_change_captcha'] = 'Change CAPTCHA image'; + /* End of file ui_lang.php */ /* Location: ./application/language/english/ui_lang.php */ \ No newline at end of file diff --git a/application/libraries/Captcha.php b/application/libraries/Captcha.php index fc41471..6950a9c 100644 --- a/application/libraries/Captcha.php +++ b/application/libraries/Captcha.php @@ -1,67 +1,95 @@ ci =& get_instance(); $this->ci->config->load('captcha'); $this->ci->load->library('Singleton_db'); $this->db = $this->ci->singleton_db->connect(); - $this->params = $this->ci->config->item('captcha_params'); + // Configuration parameters. + if (!$params) + { + $this->params = $this->ci->config->item('captcha_params'); + } + else + $this->params = $params; if (!$this->params) die('Cannot load CAPTCHA config file.'); } + public function get_params() + { + return $this->params; + } + + public function set_params($params) + { + $this->params = $params; + } + /** - * Generates a CAPTCHA image and returns an HTML image tag for it. + * Generates a CAPTCHA image and returns an array of associative data + * about the image. * * @param string $word - * @return string + * @return array */ - public function get_captcha_tag($word = NULL) + public function get_captcha($word = NULL) { - $this->load->helper('captcha'); + $this->ci->load->helper('captcha'); if ($word) - $this->params['word'] = $word; + $this->params['captcha_params']['word'] = $word; - $cap = create_captcha($this->params); + // Creating the CAPTCHA. + $cap = create_captcha($this->params['captcha_params']); $data = array( 'captcha_time' => $cap['time'], - 'ip_address' => $this->input->ip_address(), + 'ip_address' => $this->ci->input->ip_address(), 'word' => $cap['word'] ); + // Remember in DB the CAPTCHA - user mapping. $str_query = $this->db->insert_string('captcha', $data); $this->db->query($str_query); - return $cap['image']; + return $cap; } /** * Check againt the DB if the word(s) entered by the user ($word) matches * the CAPTCHA and if the CAPTCHA did not expired. + * + * @param string $word + * @return boolean */ public function check_captcha($word) { // First, delete old captchas - $expiration_limit = (!$this->params['expiration'] - ? 7200 : $this->params['expiration']); + $expiration_limit = (!$this->params['captcha_params']['expiration'] + ? 7200 : $this->params['captcha_params']['expiration']); $expiration = time() - $expiration_limit; // Two hour limit $this->db->query("DELETE FROM captcha WHERE captcha_time < ".$expiration); // TODO also delete the CAPTCHA image file // Then see if a captcha exists: $sql = "SELECT COUNT(*) AS count FROM captcha WHERE word = ? AND ip_address = ? AND captcha_time > ?"; - $binds = array($word, $this->input->ip_address(), $expiration); + $binds = array($word, $this->ci->input->ip_address(), $expiration); $query = $this->db->query($sql, $binds); $row = $query->row(); diff --git a/application/views/user/profile_view.php b/application/views/user/profile_view.php index d831658..1382317 100644 --- a/application/views/user/profile_view.php +++ b/application/views/user/profile_view.php @@ -45,6 +45,14 @@ lang->line('user_last_name'). ': ' ?> + + + lang->line('user_sex'). ': ' ?> + lang->line('user_sex_female') + : $this->lang->line('user_sex_male') ) ?> + lang->line('user_birth_date'). ': ' ?> diff --git a/application/views/user/register_view.php b/application/views/user/register_view.php index e038dfc..aeb6dc5 100644 --- a/application/views/user/register_view.php +++ b/application/views/user/register_view.php @@ -17,11 +17,6 @@ else echo form_open_multipart("user/account/$redirect"); ?> - - @@ -44,7 +39,6 @@ else @@ -201,6 +195,23 @@ else + + + + + + + + + +
lang->line('user_username'). ' : ' ?>   -
 
lang->line('ui_captcha'). ' * : ' ?> +
lang->line('ui_captcha_instructions') ?>
+
+ +
+

+
 
@@ -225,5 +236,11 @@ else buttonImage: "", buttonImageOnly: true }); + + $('#button-change-captcha') + .click(function() { + $('#container-captcha') + .load(''); + }); }); \ No newline at end of file diff --git a/img/captcha/index.html b/img/captcha/index.html new file mode 100644 index 0000000..c942a79 --- /dev/null +++ b/img/captcha/index.html @@ -0,0 +1,10 @@ + + + 403 Forbidden + + + +

Directory access is forbidden.

+ + + \ No newline at end of file diff --git a/img/index.html b/img/index.html new file mode 100644 index 0000000..c942a79 --- /dev/null +++ b/img/index.html @@ -0,0 +1,10 @@ + + + 403 Forbidden + + + +

Directory access is forbidden.

+ + + \ No newline at end of file diff --git a/img/index.php b/img/index.php new file mode 100644 index 0000000..6e67c2d --- /dev/null +++ b/img/index.php @@ -0,0 +1,204 @@ + + + 403 Forbidden + + + +

Directory access is forbidden.

+ + + \ No newline at end of file diff --git a/nbproject/netbeans_ci_code_completion.php b/nbproject/netbeans_ci_code_completion.php index fbdf075..c667c58 100644 --- a/nbproject/netbeans_ci_code_completion.php +++ b/nbproject/netbeans_ci_code_completion.php @@ -38,6 +38,7 @@ * @property CI_Zip $zip * * + * @property Captcha $captcha * @property Html_head_params $html_head_params * @property Image $image * @property Openid $openid @@ -89,6 +90,7 @@ class CI_Model * @property CI_Zip $zip * * + * @property Captcha $captcha * @property Html_head_params $html_head_params * @property Image $image * @property Openid $openid diff --git a/system/helpers/captcha_helper.php b/system/helpers/captcha_helper.php index 19ec0c7..deacdb4 100644 --- a/system/helpers/captcha_helper.php +++ b/system/helpers/captcha_helper.php @@ -77,7 +77,7 @@ if ( ! function_exists('create_captcha')) { return FALSE; } - + // ----------------------------------- // Remove old images // ----------------------------------- @@ -235,7 +235,7 @@ if ( ! function_exists('create_captcha')) $img = "\""; ImageDestroy($im); - + return array('word' => $word, 'time' => $now, 'image' => $img); } } -- 2.20.1