Mercurial Mercurial > repos > enano-1.0 / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
includes/sessions.php
changeset 212 d57af0b0302e
parent 208 7fab1804a49e
child 215 58477ab3937f
equal deleted inserted replaced
211:596945fa6e56 212:d57af0b0302e 
  2423    * @return string A unique identifier assigned to the code. This hash should be passed to sessionManager::getCaptcha() to retrieve the code.
 
  2423    * @return string A unique identifier assigned to the code. This hash should be passed to sessionManager::getCaptcha() to retrieve the code.
 
  2424    */
 
  2424    */
 
  2425   
  2425   
  2426   function make_captcha($len = 7)
 
  2426   function make_captcha($len = 7)
 
  2427   {
 
  2427   {
 
  2428     $chars = array('A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', '1', '2', '3', '4', '5', '6', '7', '8', '9');
 
  2428     $code = $this->generate_captcha_code($len);
 
  2429     $s = '';
 
       
  2430     for($i=0;$i<$len;$i++) $s .= $chars[mt_rand(0, count($chars)-1)];
 
       
  2431     $hash = md5(microtime() . mt_rand());
 
  2429     $hash = md5(microtime() . mt_rand());
 
  2432     $this->sql('INSERT INTO '.table_prefix.'session_keys(session_key,salt,auth_level,source_ip,user_id) VALUES(\''.$hash.'\', \''.$s.'\', -1, \''.ip2hex($_SERVER['REMOTE_ADDR']).'\', -2);');
 
  2430     $this->sql('INSERT INTO '.table_prefix.'session_keys(session_key,salt,auth_level,source_ip,user_id) VALUES(\''.$hash.'\', \''.$s.'\', -1, \''.ip2hex($_SERVER['REMOTE_ADDR']).'\', -2);');
 
  2433     return $hash;
 
  2431     return $hash;
 
  2434   }
 
  2432   }
 
  2435   
  2433   
  2436   /**
 
  2434   /**
 
       
  2435    * Generates the actual confirmation code text.
 
       
  2436    * @param int String length
 
       
  2437    * @return string
 
       
  2438    */
 
       
  2439   
       
  2440   function generate_captcha_code($len = 7)
 
       
  2441   {
 
       
  2442     $chars = array('A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', '1', '2', '3', '4', '5', '6', '7', '8', '9');
 
       
  2443     $s = '';
 
       
  2444     for ( $i = 0; $i < $len; $i++ )
 
       
  2445     {
 
       
  2446       $s .= $chars[mt_rand(0, count($chars)-1)];
 
       
  2447     }
 
       
  2448     return $s;
 
       
  2449   }
 
       
  2450   
       
  2451   /**
 
  2437    * For the given code ID, returns the correct CAPTCHA code, or false on failure
 
  2452    * For the given code ID, returns the correct CAPTCHA code, or false on failure
 
  2438    * @param string $hash The unique ID assigned to the code
 
  2453    * @param string $hash The unique ID assigned to the code
 
  2439    * @return string The correct confirmation code
 
  2454    * @return string The correct confirmation code
 
  2440    */
 
  2455    */
 
  2441   
  2456   
  2442   function get_captcha($hash)
 
  2457   function get_captcha($hash)
 
  2443   {
 
  2458   {
 
  2444     global $db, $session, $paths, $template, $plugins; // Common objects
 
  2459     global $db, $session, $paths, $template, $plugins; // Common objects
 
  2445     $s = $this->sql('SELECT salt FROM '.table_prefix.'session_keys WHERE session_key=\''.$db->escape($hash).'\' AND source_ip=\''.ip2hex($_SERVER['REMOTE_ADDR']).'\';');
 
  2460     $s = $this->sql('SELECT salt FROM '.table_prefix.'session_keys WHERE session_key=\''.$db->escape($hash).'\' AND source_ip=\''.ip2hex($_SERVER['REMOTE_ADDR']).'\';');
 
  2446     if($db->numrows() < 1) return false;
 
  2461     if ( $db->numrows() < 1 )
 
       
  2462     {
 
       
  2463       return false;
 
       
  2464     }
 
  2447     $r = $db->fetchrow();
 
  2465     $r = $db->fetchrow();
 
       
  2466     $db->free_result();
 
       
  2467     $this->sql('DELETE FROM ' . table_prefix . 'session_keys WHERE salt=\'' . $db->escape($r['salt']) . '\';');
 
  2448     return $r['salt'];
 
  2468     return $r['salt'];
 
  2449   }
 
  2469   }
 
  2450   
  2470   
  2451   /**
 
  2471   /**
 
  2452    * Deletes all CAPTCHA codes cached in the DB for this user.
 
  2472    * (AS OF 1.0.2: Deprecated. Captcha codes are now killed on first fetch for security.) Deletes all CAPTCHA codes cached in the DB for this user.
 
  2453    */
 
  2473    */
 
  2454   
  2474   
  2455   function kill_captcha()
 
  2475   function kill_captcha()
 
  2456   {
 
  2476   {
 
  2457     $this->sql('DELETE FROM '.table_prefix.'session_keys WHERE user_id=-2 AND source_ip=\''.ip2hex($_SERVER['REMOTE_ADDR']).'\';');
 
  2477     // $this->sql('DELETE FROM '.table_prefix.'session_keys WHERE user_id=-2 AND source_ip=\''.ip2hex($_SERVER['REMOTE_ADDR']).'\';');
 
       
  2478     return true;
 
  2458   }
 
  2479   }
 
  2459   
  2480   
  2460   /**
 
  2481   /**
 
  2461    * Generates a random password.
 
  2482    * Generates a random password.
 
  2462    * @param int $length Optional - length of password
 
  2483    * @param int $length Optional - length of password
Enano CMS (1.0.x)