lkddi/nexusphp
1
0
Fork 0
mirror of https://github.com/lkddi/nexusphp.git synced 2026-04-24 12:07:23 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #384 from specialpointcentral/php8

Browse Source 
[RFC] Refine captcha configuration and drivers
This commit is contained in:
xiaomlove
2025-10-12 04:18:55 +07:00
committed by GitHub
parent 4f3a3a89a2 9033eff8ea
commit 0f172a94be
16 changed files with 734 additions and 100 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.env.example
+16
View File
@@ -96,6 +96,22 @@ CHANNEL_NAME_SETTING=channel_setting
CHANNEL_NAME_MODEL_EVENT=channel_model_event CHANNEL_NAME_MODEL_EVENT=channel_model_event
FORCE_SCHEME= FORCE_SCHEME=
# Captcha settings
# Available drivers: image, cloudflare_turnstile, google_recaptcha_v2
CAPTCHA_DRIVER=image
# Cloudflare Turnstile keys (used when CAPTCHA_DRIVER=cloudflare_turnstile)
TURNSTILE_SITE_KEY=
TURNSTILE_SECRET_KEY=
TURNSTILE_THEME=light
TURNSTILE_SIZE=flexible
# Google reCAPTCHA v2 keys (used when CAPTCHA_DRIVER=google_recaptcha_v2)
RECAPTCHA_SITE_KEY=
RECAPTCHA_SECRET_KEY=
RECAPTCHA_THEME=light
RECAPTCHA_SIZE=normal
CROWDIN_ACCESS_TOKEN= CROWDIN_ACCESS_TOKEN=
CROWDIN_PROJECT_ID= CROWDIN_PROJECT_ID=
app/Services/Captcha/CaptchaDriverInterface.php
+19
View File
@@ -0,0 +1,19 @@
<?php
namespace App\Services\Captcha;
interface CaptchaDriverInterface
{
public function isEnabled(): bool;
/**
* Render the captcha markup for HTML forms.
*/
public function render(array $context = []): string;
/**
* Verify the captcha response.
*/
public function verify(array $payload, array $context = []): bool;
}
app/Services/Captcha/CaptchaManager.php
+120
View File
@@ -0,0 +1,120 @@
<?php
namespace App\Services\Captcha;
use App\Services\Captcha\Exceptions\CaptchaValidationException;
use Illuminate\Support\Arr;
class CaptchaManager
{
/** @var array<string, CaptchaDriverInterface> */
protected array $drivers = [];
protected ?array $config = null;
public function driver(?string $name = null): CaptchaDriverInterface
{
$name = $name ?? $this->getDefaultDriver();
$driver = $this->getDriverInstance($name);
if ($name !== 'image' && !$driver->isEnabled()) {
return $this->driver('image');
}
return $driver;
}
public function render(array $context = []): string
{
return $this->driver()->render($context);
}
public function verify(array $payload, array $context = []): bool
{
try {
return $this->driver()->verify($payload, $context);
} catch (CaptchaValidationException $exception) {
throw $exception;
}
}
public function isEnabled(): bool
{
return $this->driver()->isEnabled();
}
protected function getDriverInstance(string $name): CaptchaDriverInterface
{
if (!isset($this->drivers[$name])) {
try {
$this->drivers[$name] = $this->resolveDriver($name);
} catch (\InvalidArgumentException $exception) {
if ($name !== 'image') {
return $this->getDriverInstance('image');
}
throw $exception;
}
}
return $this->drivers[$name];
}
protected function resolveDriver(string $name): CaptchaDriverInterface
{
$config = $this->getConfigValue("drivers.$name", []);
if (!is_array($config) || empty($config)) {
throw new \InvalidArgumentException("Captcha driver [$name] is not defined.");
}
$driverClass = Arr::get($config, 'class');
if (!$driverClass || !class_exists($driverClass)) {
throw new \InvalidArgumentException("Captcha driver class for [$name] is invalid.");
}
$driver = new $driverClass($config);
if (!$driver instanceof CaptchaDriverInterface) {
throw new \InvalidArgumentException("Captcha driver [$name] must implement " . CaptchaDriverInterface::class);
}
return $driver;
}
protected function getDefaultDriver(): string
{
return (string) $this->getConfigValue('default', 'image');
}
protected function getConfigValue(string $key, $default = null)
{
if ($this->config === null) {
$config = null;
if (function_exists('app')) {
try {
$repository = app('config');
if ($repository) {
$config = $repository->get('captcha');
}
} catch (\Throwable $exception) {
$config = null;
}
}
if (!is_array($config) && function_exists('nexus_config')) {
$config = nexus_config('captcha', []);
}
if (!is_array($config)) {
$path = (defined('ROOT_PATH') ? ROOT_PATH : dirname(__DIR__, 3) . DIRECTORY_SEPARATOR) . 'config/captcha.php';
$config = is_file($path) ? require $path : [];
}
$this->config = is_array($config) ? $config : [];
}
return Arr::get($this->config, $key, $default);
}
}
app/Services/Captcha/Drivers/ImageCaptchaDriver.php
+156
View File
@@ -0,0 +1,156 @@
<?php
namespace App\Services\Captcha\Drivers;
use App\Services\Captcha\CaptchaDriverInterface;
use App\Services\Captcha\Exceptions\CaptchaValidationException;
class ImageCaptchaDriver implements CaptchaDriverInterface
{
protected array $config;
public function __construct(array $config = [])
{
$this->config = $config;
}
public function isEnabled(): bool
{
return true;
}
public function render(array $context = []): string
{
$labels = $context['labels'] ?? [];
$imageLabel = $labels['image'] ?? 'Security Image';
$codeLabel = $labels['code'] ?? 'Security Code';
$secret = $context['secret'] ?? '';
$imagehash = $this->issue();
$imageUrl = htmlspecialchars(sprintf('image.php?action=regimage&imagehash=%s&secret=%s', $imagehash, $secret ?? ''), ENT_QUOTES, 'UTF-8');
return implode("\n", [
sprintf('<tr><td class="rowhead">%s</td><td align="left"><img src="%s" border="0" alt="CAPTCHA" /></td></tr>', htmlspecialchars($imageLabel, ENT_QUOTES, 'UTF-8'), $imageUrl),
sprintf('<tr><td class="rowhead">%s</td><td align="left"><input type="text" autocomplete="off" style="width: 180px; border: 1px solid gray" name="imagestring" value="" /><input type="hidden" name="imagehash" value="%s" /></td></tr>', htmlspecialchars($codeLabel, ENT_QUOTES, 'UTF-8'), htmlspecialchars($imagehash, ENT_QUOTES, 'UTF-8')),
]);
}
public function verify(array $payload, array $context = []): bool
{
$imagehash = trim((string) ($payload['imagehash'] ?? ''));
$imagestring = trim((string) ($payload['imagestring'] ?? ''));
if ($imagehash === '' || $imagestring === '') {
throw new CaptchaValidationException('Missing captcha parameters.');
}
$query = sprintf(
"SELECT dateline FROM regimages WHERE imagehash='%s' AND imagestring='%s'",
mysql_real_escape_string($imagehash),
mysql_real_escape_string($imagestring)
);
$sql = sql_query($query);
$imgcheck = mysql_fetch_array($sql);
$this->deleteByHash($imagehash);
if (empty($imgcheck['dateline'])) {
throw new CaptchaValidationException('Invalid captcha response.');
}
return true;
}
public function issue(): string
{
$random = random_str();
$imagehash = md5($random);
$dateline = time();
$sql = sprintf(
"INSERT INTO `regimages` (`imagehash`, `imagestring`, `dateline`) VALUES ('%s', '%s', '%s')",
mysql_real_escape_string($imagehash),
mysql_real_escape_string($random),
mysql_real_escape_string((string) $dateline)
);
sql_query($sql);
return $imagehash;
}
public function outputImage(string $imagehash): void
{
$query = sprintf(
"SELECT imagestring FROM regimages WHERE imagehash=%s",
sqlesc($imagehash)
);
$sql = sql_query($query);
$regimage = mysql_fetch_array($sql);
$imagestring = $regimage['imagestring'] ?? '';
if ($imagestring === '') {
$this->renderFallback();
return;
}
$characters = implode(' ', str_split($imagestring));
if (!function_exists('imagecreatefrompng')) {
$this->renderFallback();
return;
}
$fontwidth = imageFontWidth(5);
$fontheight = imageFontHeight(5);
$textwidth = $fontwidth * strlen($characters);
$textheight = $fontheight;
$randimg = rand(1, 5);
$imagePath = ROOT_PATH . "public/pic/regimages/reg{$randimg}.png";
if (!is_file($imagePath)) {
$this->renderFallback();
return;
}
$im = imagecreatefrompng($imagePath);
$imgheight = imagesy($im);
$imgwidth = imagesx($im);
$textposh = (int) floor(($imgwidth - $textwidth) / 2);
$textposv = (int) floor(($imgheight - $textheight) / 2);
$dots = (int) floor($imgheight * $imgwidth / 35);
for ($i = 1; $i <= $dots; $i++) {
imagesetpixel($im, rand(0, $imgwidth - 1), rand(0, $imgheight - 1), imagecolorallocate($im, rand(0, 255), rand(0, 255), rand(0, 255)));
}
$textcolor = imagecolorallocate($im, 0, 0, 0);
imagestring($im, 5, $textposh, $textposv, $characters, $textcolor);
header('Content-type: image/png');
imagepng($im);
imagedestroy($im);
}
protected function deleteByHash(string $imagehash): void
{
if ($imagehash === '') {
return;
}
$delete = sprintf(
"DELETE FROM regimages WHERE imagehash='%s'",
mysql_real_escape_string($imagehash)
);
sql_query($delete);
}
protected function renderFallback(): void
{
http_response_code(404);
}
}
app/Services/Captcha/Drivers/RecaptchaV2CaptchaDriver.php
+134
View File
@@ -0,0 +1,134 @@
<?php
namespace App\Services\Captcha\Drivers;
use App\Services\Captcha\CaptchaDriverInterface;
use App\Services\Captcha\Exceptions\CaptchaValidationException;
class RecaptchaV2CaptchaDriver implements CaptchaDriverInterface
{
protected array $config;
public function __construct(array $config = [])
{
$this->config = $config;
}
public function isEnabled(): bool
{
return !empty($this->config['site_key']) && !empty($this->config['secret_key']);
}
public function render(array $context = []): string
{
if (!$this->isEnabled()) {
return '';
}
$labels = $context['labels'] ?? [];
$label = $labels['image'] ?? $labels['code'] ?? 'Security Check';
$theme = $this->config['theme'] ?? 'light';
$size = $this->config['size'] ?? 'normal';
$validSizes = ['compact', 'normal'];
if (!in_array($size, $validSizes, true)) {
$size = 'normal';
}
$attributes = sprintf(
'class="g-recaptcha" data-sitekey="%s" data-theme="%s" data-size="%s"',
htmlspecialchars($this->config['site_key'], ENT_QUOTES, 'UTF-8'),
htmlspecialchars($theme, ENT_QUOTES, 'UTF-8'),
htmlspecialchars($size, ENT_QUOTES, 'UTF-8')
);
return sprintf(
'<tr><td class="rowhead">%s</td><td align="left"><div %s></div>%s</td></tr>',
htmlspecialchars($label, ENT_QUOTES, 'UTF-8'),
$attributes,
'<script src="https://www.google.com/recaptcha/api.js" async defer></script>'
);
}
public function verify(array $payload, array $context = []): bool
{
$token = trim((string) ($payload['request']['g-recaptcha-response'] ?? ''));
if ($token === '') {
throw new CaptchaValidationException('Captcha verification token is missing.');
}
$secret = $this->config['secret_key'] ?? '';
if ($secret === '') {
throw new CaptchaValidationException('Captcha secret key is not configured.');
}
$data = [
'secret' => $secret,
'response' => $token,
];
$remoteIp = $context['ip'] ?? null;
if (!empty($remoteIp)) {
$data['remoteip'] = $remoteIp;
}
$result = $this->sendVerificationRequest('https://www.google.com/recaptcha/api/siteverify', $data);
if (!($result['success'] ?? false)) {
throw new CaptchaValidationException('Captcha verification failed.');
}
return true;
}
protected function sendVerificationRequest(string $url, array $data): array
{
$payload = http_build_query($data);
if (function_exists('curl_init')) {
$ch = curl_init($url);
curl_setopt_array($ch, [
CURLOPT_RETURNTRANSFER => true,
CURLOPT_POST => true,
CURLOPT_POSTFIELDS => $payload,
CURLOPT_TIMEOUT => 10,
CURLOPT_SSL_VERIFYPEER => true,
]);
$response = curl_exec($ch);
if ($response === false) {
$error = curl_error($ch);
curl_close($ch);
throw new CaptchaValidationException('Captcha verification request failed: ' . $error);
}
curl_close($ch);
} else {
$context = stream_context_create([
'http' => [
'method' => 'POST',
'header' => "Content-type: application/x-www-form-urlencoded\r\n",
'content' => $payload,
'timeout' => 10,
],
]);
$response = file_get_contents($url, false, $context);
if ($response === false) {
throw new CaptchaValidationException('Captcha verification request failed.');
}
}
$decoded = json_decode($response, true);
if (!is_array($decoded)) {
throw new CaptchaValidationException('Unexpected captcha verification response.');
}
return $decoded;
}
}
app/Services/Captcha/Drivers/TurnstileCaptchaDriver.php
+143
View File
@@ -0,0 +1,143 @@
<?php
namespace App\Services\Captcha\Drivers;
use App\Services\Captcha\CaptchaDriverInterface;
use App\Services\Captcha\Exceptions\CaptchaValidationException;
class TurnstileCaptchaDriver implements CaptchaDriverInterface
{
protected static bool $scriptInjected = false;
protected array $config;
public function __construct(array $config = [])
{
$this->config = $config;
}
public function isEnabled(): bool
{
return !empty($this->config['site_key']) && !empty($this->config['secret_key']);
}
public function render(array $context = []): string
{
if (!$this->isEnabled()) {
return '';
}
$labels = $context['labels'] ?? [];
$label = $labels['image'] ?? $labels['code'] ?? 'Security Check';
$theme = $this->config['theme'] ?? 'light';
$size = $this->config['size'] ?? 'auto';
if (is_string($size)) {
$size = strtolower($size);
}
$validSizes = ['compact', 'normal', 'flexible'];
if (!in_array($size, $validSizes, true)) {
$size = 'auto';
}
$attributes = sprintf(
'class="cf-turnstile" data-sitekey="%s" data-theme="%s"%s',
htmlspecialchars($this->config['site_key'], ENT_QUOTES, 'UTF-8'),
htmlspecialchars($theme, ENT_QUOTES, 'UTF-8'),
$size === 'auto' ? '' : sprintf(' data-size="%s"', htmlspecialchars($size, ENT_QUOTES, 'UTF-8'))
);
$markup = sprintf(
'<tr><td class="rowhead">%s</td><td align="left"><div %s></div>%s</td></tr>',
htmlspecialchars($label, ENT_QUOTES, 'UTF-8'),
$attributes,
self::$scriptInjected ? '' : '<script src="https://challenges.cloudflare.com/turnstile/v0/api.js" async defer></script>'
);
self::$scriptInjected = true;
return $markup;
}
public function verify(array $payload, array $context = []): bool
{
$token = trim((string) ($payload['request']['cf-turnstile-response'] ?? ''));
if ($token === '') {
throw new CaptchaValidationException('Captcha verification token is missing.');
}
$secret = $this->config['secret_key'] ?? '';
if ($secret === '') {
throw new CaptchaValidationException('Captcha secret key is not configured.');
}
$data = [
'secret' => $secret,
'response' => $token,
];
$remoteIp = $context['ip'] ?? null;
if (!empty($remoteIp)) {
$data['remoteip'] = $remoteIp;
}
$result = $this->sendVerificationRequest('https://challenges.cloudflare.com/turnstile/v0/siteverify', $data);
if (!($result['success'] ?? false)) {
throw new CaptchaValidationException('Captcha verification failed.');
}
return true;
}
protected function sendVerificationRequest(string $url, array $data): array
{
$payload = http_build_query($data);
if (function_exists('curl_init')) {
$ch = curl_init($url);
curl_setopt_array($ch, [
CURLOPT_RETURNTRANSFER => true,
CURLOPT_POST => true,
CURLOPT_POSTFIELDS => $payload,
CURLOPT_TIMEOUT => 10,
CURLOPT_SSL_VERIFYPEER => true,
]);
$response = curl_exec($ch);
if ($response === false) {
$error = curl_error($ch);
curl_close($ch);
throw new CaptchaValidationException('Captcha verification request failed: ' . $error);
}
curl_close($ch);
} else {
$context = stream_context_create([
'http' => [
'method' => 'POST',
'header' => "Content-type: application/x-www-form-urlencoded\r\n",
'content' => $payload,
'timeout' => 10,
],
]);
$response = file_get_contents($url, false, $context);
if ($response === false) {
throw new CaptchaValidationException('Captcha verification request failed.');
}
}
$decoded = json_decode($response, true);
if (!is_array($decoded)) {
throw new CaptchaValidationException('Unexpected captcha verification response.');
}
return $decoded;
}
}
app/Services/Captcha/Exceptions/CaptchaValidationException.php
+10
View File
@@ -0,0 +1,10 @@
<?php
namespace App\Services\Captcha\Exceptions;
use RuntimeException;
class CaptchaValidationException extends RuntimeException
{
}
config/captcha.php
+27
View File
@@ -0,0 +1,27 @@
<?php
return [
'default' => nexus_env('CAPTCHA_DRIVER', 'image'),
'drivers' => [
'image' => [
'class' => \App\Services\Captcha\Drivers\ImageCaptchaDriver::class,
],
'cloudflare_turnstile' => [
'class' => \App\Services\Captcha\Drivers\TurnstileCaptchaDriver::class,
'site_key' => nexus_env('TURNSTILE_SITE_KEY'),
'secret_key' => nexus_env('TURNSTILE_SECRET_KEY'),
'theme' => nexus_env('TURNSTILE_THEME', 'auto'),
'size' => nexus_env('TURNSTILE_SIZE', 'auto'),
],
'google_recaptcha_v2' => [
'class' => \App\Services\Captcha\Drivers\RecaptchaV2CaptchaDriver::class,
'site_key' => nexus_env('RECAPTCHA_SITE_KEY'),
'secret_key' => nexus_env('RECAPTCHA_SECRET_KEY'),
'theme' => nexus_env('RECAPTCHA_THEME', 'light'),
'size' => nexus_env('RECAPTCHA_SIZE', 'normal'),
],
],
];
include/functions.php
+88 -42
View File
@@ -1767,56 +1767,102 @@ function random_str($length="6")
} }
return $str; return $str;
} }
function image_code () { function captcha_manager(): \App\Services\Captcha\CaptchaManager
$randomstr = random_str(); {
$imagehash = md5($randomstr); static $manager;
$dateline = time();
$sql = 'INSERT INTO `regimages` (`imagehash`, `imagestring`, `dateline`) VALUES (\''.$imagehash.'\', \''.$randomstr.'\', \''.$dateline.'\');'; if (!$manager) {
sql_query($sql); $manager = new \App\Services\Captcha\CaptchaManager();
return $imagehash; }
return $manager;
} }
function check_code ($imagehash, $imagestring, $where = 'signup.php',$maxattemptlog=false,$head=true) { function image_code () {
global $lang_functions; $driver = captcha_manager()->driver('image');
if (!method_exists($driver, 'issue')) {
throw new \RuntimeException('Image captcha driver is unavailable.');
}
return $driver->issue();
}
function check_code ($imagehash, $imagestring, $where = 'signup.php', $maxattemptlog = false, $head = true) {
global $lang_functions;
global $iv; global $iv;
if ($iv !== 'yes') { if ($iv !== 'yes') {
return true; return true;
} }
$query = sprintf("SELECT * FROM regimages WHERE imagehash='%s' AND imagestring='%s'",
mysql_real_escape_string((string)$imagehash), $manager = captcha_manager();
mysql_real_escape_string((string)$imagestring)
); if (!$manager->isEnabled()) {
$sql = sql_query($query); return true;
$imgcheck = mysql_fetch_array($sql); }
if(!$imgcheck['dateline']) {
$delete = sprintf("DELETE FROM regimages WHERE imagehash='%s'", $payload = [
mysql_real_escape_string((string)$imagehash) 'imagehash' => $imagehash,
); 'imagestring' => $imagestring,
sql_query($delete); 'request' => array_merge($_POST ?? [], $_GET ?? []),
if (!$maxattemptlog) ];
stderr('Error',$lang_functions['std_invalid_image_code']."<a href=\"".htmlspecialchars($where)."\">".$lang_functions['std_here_to_request_new'], false);
else $context = [
failedlogins($lang_functions['std_invalid_image_code']."<a href=\"".htmlspecialchars($where)."\">".$lang_functions['std_here_to_request_new'],true,$head); 'where' => $where,
}else{ 'maxattemptlog' => $maxattemptlog,
$delete = sprintf("DELETE FROM regimages WHERE imagehash='%s'", 'head' => $head,
mysql_real_escape_string((string)$imagehash) 'ip' => getip(),
); ];
sql_query($delete);
return true; try {
} if ($manager->verify($payload, $context)) {
return true;
}
} catch (\App\Services\Captcha\Exceptions\CaptchaValidationException $exception) {
$message = $exception->getMessage();
$defaultMessage = $lang_functions['std_invalid_image_code'] . "<a href=\"" . htmlspecialchars($where) . "\">" . $lang_functions['std_here_to_request_new'];
if ($message === '' || $message === 'Invalid captcha response.' || $message === 'Missing captcha parameters.') {
$message = $defaultMessage;
}
if (!$maxattemptlog) {
stderr('Error', $message, false);
} else {
failedlogins($message, true, $head);
}
}
return false;
} }
function show_image_code () { function show_image_code () {
global $lang_functions; global $lang_functions;
global $iv; global $iv;
if ($iv == "yes") {
unset($imagehash); if ($iv !== 'yes') {
$imagehash = image_code () ; return;
print ("<tr><td class=\"rowhead\">".$lang_functions['row_security_image']."</td>"); }
print ("<td align=\"left\"><img src=\"".htmlspecialchars("image.php?action=regimage&imagehash=".$imagehash."&secret=".($_GET['secret'] ?? ''))."\" border=\"0\" alt=\"CAPTCHA\" /></td></tr>");
print ("<tr><td class=\"rowhead\">".$lang_functions['row_security_code']."</td><td align=\"left\">"); $manager = captcha_manager();
print("<input type=\"text\" autocomplete=\"off\" style=\"width: 180px; border: 1px solid gray\" name=\"imagestring\" value=\"\" />");
print("<input type=\"hidden\" name=\"imagehash\" value=\"$imagehash\" /></td></tr>"); if (!$manager->isEnabled()) {
} return;
}
$markup = $manager->render([
'labels' => [
'image' => $lang_functions['row_security_image'],
'code' => $lang_functions['row_security_code'],
],
'secret' => $_GET['secret'] ?? '',
]);
if ($markup !== '') {
echo $markup;
}
} }
function get_ip_location($ip) function get_ip_location($ip)
include/globalfunctions.php
+1
View File
@@ -307,6 +307,7 @@ function nexus_config($key, $default = null)
$files = [ $files = [
ROOT_PATH . 'config/nexus.php', ROOT_PATH . 'config/nexus.php',
ROOT_PATH . 'config/emoji.php', ROOT_PATH . 'config/emoji.php',
ROOT_PATH . 'config/captcha.php',
]; ];
foreach ($files as $file) { foreach ($files as $file) {
$basename = basename($file); $basename = basename($file);
public/complains.php
+1 -1
View File
@@ -18,7 +18,7 @@ if($_SERVER['REQUEST_METHOD'] === 'POST'){
switch($action = filter_input(INPUT_POST, 'action', FILTER_SANITIZE_FULL_SPECIAL_CHARS)){ switch($action = filter_input(INPUT_POST, 'action', FILTER_SANITIZE_FULL_SPECIAL_CHARS)){
case 'new': case 'new':
cur_user_check(); cur_user_check();
check_code ($_POST['imagehash'], $_POST['imagestring'],'complains.php'); check_code ($_POST['imagehash'] ?? null, $_POST['imagestring'] ?? null,'complains.php');
\Nexus\Database\NexusLock::lockOrFail("complains:lock:" . getip(), 10); \Nexus\Database\NexusLock::lockOrFail("complains:lock:" . getip(), 10);
$email = filter_input(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL); $email = filter_input(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL);
\Nexus\Database\NexusLock::lockOrFail("complains:lock:" . $email, 600); \Nexus\Database\NexusLock::lockOrFail("complains:lock:" . $email, 600);
public/confirm_resend.php
+1 -1
View File
@@ -29,7 +29,7 @@ bark($lang_confirm_resend['std_need_admin_verification']);
if ($_SERVER["REQUEST_METHOD"] == "POST") if ($_SERVER["REQUEST_METHOD"] == "POST")
{ {
if ($iv == "yes") if ($iv == "yes")
check_code ($_POST['imagehash'], $_POST['imagestring'],"confirm_resend.php",true); check_code ($_POST['imagehash'] ?? null, $_POST['imagestring'] ?? null,"confirm_resend.php",true);
$email = unesc(htmlspecialchars(trim($_POST["email"] ?? ''))); $email = unesc(htmlspecialchars(trim($_POST["email"] ?? '')));
$wantpassword = unesc(htmlspecialchars(trim($_POST["wantpassword"]))); $wantpassword = unesc(htmlspecialchars(trim($_POST["wantpassword"])));
$passagain = unesc(htmlspecialchars(trim($_POST["passagain"]))); $passagain = unesc(htmlspecialchars(trim($_POST["passagain"])));
public/image.php
+14 -52
View File
@@ -1,60 +1,22 @@
<?php <?php
require_once("../include/bittorrent.php"); require_once("../include/bittorrent.php");
dbconn(); dbconn();
$action = $_GET['action'];
$imagehash = $_GET['imagehash'];
if($action == "regimage")
{
$query = "SELECT * FROM regimages WHERE imagehash= ".sqlesc($imagehash);
$sql = sql_query($query);
$regimage = mysql_fetch_array($sql);
$imagestring = $regimage['imagestring'];
$space = $newstring = '';
for($i=0;$i<strlen($imagestring);$i++)
{
$newstring .= $space.$imagestring[$i];
$space = " ";
}
$imagestring = $newstring;
if(function_exists("imagecreatefrompng")) $action = $_GET['action'] ?? '';
{ $imagehash = $_GET['imagehash'] ?? '';
$fontwidth = imageFontWidth(5);
$fontheight = imageFontHeight(5);
$textwidth = $fontwidth*strlen($imagestring);
$textheight = $fontheight;
$randimg = rand(1, 5); if ($action !== 'regimage') {
$im = imagecreatefrompng("pic/regimages/reg".$randimg.".png"); http_response_code(404);
exit('Invalid captcha action');
$imgheight = 40;
$imgwidth = 150;
$textposh = floor(($imgwidth-$textwidth)/2);
$textposv = floor(($imgheight-$textheight)/2);
$dots = $imgheight*$imgwidth/35;
$gd = imagecreatetruecolor($imgwidth, $imgheight);
for($i=1;$i<=$dots;$i++)
{
imagesetpixel($im, rand(0, $imgwidth), rand(0, $imgheight), imagecolorallocate($gd, rand(0, 255), rand(0, 255), rand(0, 255)));
}
$textcolor = imagecolorallocate($im, 0, 0, 0);
imagestring($im, 5, $textposh, $textposv, $imagestring, $textcolor);
// output the image
header("Content-type: image/png");
imagepng($im);
imagedestroy($im);
exit;
}
else
{
header("Location: pic/clear.gif");
}
} }
else
{ $driver = captcha_manager()->driver('image');
die('invalid action');
if (!method_exists($driver, 'outputImage')) {
http_response_code(404);
exit('Captcha driver does not support image rendering');
} }
$driver->outputImage($imagehash);
?> ?>
public/recover.php
+1 -1
View File
@@ -28,7 +28,7 @@ $mailTwoFour = sprintf($lang_recover['mail_two_four'], $siteName);
if ($_SERVER["REQUEST_METHOD"] == "POST") if ($_SERVER["REQUEST_METHOD"] == "POST")
{ {
if ($iv == "yes") if ($iv == "yes")
check_code ($_POST['imagehash'], $_POST['imagestring'],"recover.php",true); check_code ($_POST['imagehash'] ?? null, $_POST['imagestring'] ?? null,"recover.php",true);
$email = unesc(htmlspecialchars(trim($_POST["email"] ?? ''))); $email = unesc(htmlspecialchars(trim($_POST["email"] ?? '')));
$email = safe_email($email); $email = safe_email($email);
if (!$email) if (!$email)
public/takelogin.php
+1 -1
View File
@@ -15,7 +15,7 @@ function bark($text = "")
stderr($lang_takelogin['std_login_fail'], $text,false); stderr($lang_takelogin['std_login_fail'], $text,false);
} }
if ($iv == "yes") { if ($iv == "yes") {
check_code ($_POST['imagehash'], $_POST['imagestring'],'login.php',true); check_code($_POST['imagehash'] ?? null, $_POST['imagestring'] ?? null, 'login.php', true);
} }
//同时支持新旧两种登录方式 //同时支持新旧两种登录方式
$useChallengeResponse = \App\Models\Setting::getIsUseChallengeResponseAuthentication(); $useChallengeResponse = \App\Models\Setting::getIsUseChallengeResponseAuthentication();
public/takesignup.php
+2 -2
View File
@@ -21,13 +21,13 @@ if ($type == 'invite'){
registration_check(); registration_check();
failedloginscheck ("Invite Signup"); failedloginscheck ("Invite Signup");
if ($iv == "yes") if ($iv == "yes")
check_code ($_POST['imagehash'], $_POST['imagestring'],'signup.php?type=invite&invitenumber='.htmlspecialchars($_POST['hash'])); check_code ($_POST['imagehash'] ?? null, $_POST['imagestring'] ?? null,'signup.php?type=invite&invitenumber='.htmlspecialchars($_POST['hash']));
} }
else{ else{
registration_check("normal"); registration_check("normal");
failedloginscheck ("Signup"); failedloginscheck ("Signup");
if ($iv == "yes") if ($iv == "yes")
check_code ($_POST['imagehash'], $_POST['imagestring']); check_code ($_POST['imagehash'] ?? null, $_POST['imagestring'] ?? null);
} }
function isportopen($port) function isportopen($port)
{ {