| [vhffs-dev] [710] Fixed bug #197 (http://bugs.vhffs.org/view.php?id=197) by using Authen::Captcha module to generate captcha image. |
[ Thread Index |
Date Index
| More vhffs.org/vhffs-dev Archives
]
- To: vhffs-dev@xxxxxxxxx
- Subject: [vhffs-dev] [710] Fixed bug #197 (http://bugs.vhffs.org/view.php?id=197) by using Authen::Captcha module to generate captcha image.
- From: subversion@xxxxxxxxx
- Date: Wed, 11 Jul 2007 12:58:08 +0200
Revision: 710
Author: beuss
Date: 2007-07-11 10:58:06 +0000 (Wed, 11 Jul 2007)
Log Message:
-----------
Fixed bug #197 (http://bugs.vhffs.org/view.php?id=197) by using Authen::Captcha module to generate captcha image.
Modified Paths:
--------------
trunk/vhffs-api/src/Vhffs/Conf.pm
trunk/vhffs-backend/conf/vhffs.conf.dist.in
trunk/vhffs-backend/conf/vhffs.conf.in
trunk/vhffs-panel/show_code.pl
trunk/vhffs-panel/subscribe.pl
trunk/vhffs-panel/templates/user/create.tmpl
trunk/vhffs-test-dependencies.in
Removed Paths:
-------------
trunk/vhffs-api/src/Vhffs/Panel/Confirmation.pm
Modified: trunk/vhffs-api/src/Vhffs/Conf.pm
===================================================================
--- trunk/vhffs-api/src/Vhffs/Conf.pm 2007-07-11 08:50:34 UTC (rev 709)
+++ trunk/vhffs-api/src/Vhffs/Conf.pm 2007-07-11 10:58:06 UTC (rev 710)
@@ -553,13 +553,6 @@
return 0;
}
-sub get_panel_subscribe_code_encrypt_key
-{
- my $key = $Config{"global"}{"panel"}{"subscribe_code_encrypt_key"};
- return "" unless( defined $key && $key =~ /\w{8}/ );
- return $key;
-}
-
sub get_panel_avatar
{
if( $Config{"global"}{"panel"}{"use_avatar"} )
@@ -946,5 +939,9 @@
return 0;
}
+sub get_captcha_dir {
+ return $Config{'global'}{'captchadir'} if(defined $Config{'global'}{'captchadir'});
+ return '/tmp';
+}
1;
Deleted: trunk/vhffs-api/src/Vhffs/Panel/Confirmation.pm
===================================================================
--- trunk/vhffs-api/src/Vhffs/Panel/Confirmation.pm 2007-07-11 08:50:34 UTC (rev 709)
+++ trunk/vhffs-api/src/Vhffs/Panel/Confirmation.pm 2007-07-11 10:58:06 UTC (rev 710)
@@ -1,87 +0,0 @@
-#!%PERL%
-# Copyright (c) vhffs project and its contributors
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-#
-# 1. Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-#2. Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in
-# the documentation and/or other materials provided with the
-# distribution.
-#3. Neither the name of vhffs nor the names of its contributors
-# may be used to endorse or promote products derived from this
-# software without specific prior written permission.
-#
-#THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-#"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-#LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
-#FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-#COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-#INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
-#BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-#LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-#CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
-# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-# POSSIBILITY OF SUCH DAMAGE.
-
-
-# Vhffs::Confirmation Perl Module
-#
-# This module is used to check validity of data transmitting
-# It creates an confirmation code an an ID
-# The User must enter the confirmation code.
-
-
-use strict;
-use diagnostics;
-
-use Vhffs::Main;
-#use Digest::MD5;
-
-package Vhffs::Panel::Confirmation;
-
-
-# Create a confirmation code.
-# Returns the clear text confirmation code used for display
-# and an hash used to verify correctness of the user's
-# provided code with check_code
-sub generate_code($) {
- my $vhffs = shift;
- my $ret = {};
-
- my $code = '';
- for (0 .. 7) { $code .= ('a'..'z', 'A'..'Z', '0'..'9')[int rand 62] ; }
- $ret->{clear} = $code;
-# $ret->{hash} = Digest::MD5::md5_hex($code);
-
- my $key = $vhffs->get_config->get_panel_subscribe_code_encrypt_key;
- $ret->{key} = $key;
-
- my $crypted = $code ^ $key;
- $ret->{crypted} = $crypted;
- $ret->{cryptedhexa} = unpack("H*", $crypted);
-
- return $ret;
-}
-
-sub decrypt_code($$) {
- my $vhffs = shift;
- my $code = shift;
-
- $code = pack("H*", $code);
- $code = $code ^ $vhffs->get_config->get_panel_subscribe_code_encrypt_key;
- return $code;
-}
-
-sub check_code($$$) {
- my ( $vhffs, $clear1, $crypt) = @_;
- my $clear2 = decrypt_code( $vhffs, $crypt );
- return ( $clear1 eq $clear2 );
-}
-
-1;
Modified: trunk/vhffs-backend/conf/vhffs.conf.dist.in
===================================================================
--- trunk/vhffs-backend/conf/vhffs.conf.dist.in 2007-07-11 08:50:34 UTC (rev 709)
+++ trunk/vhffs-backend/conf/vhffs.conf.dist.in 2007-07-11 10:58:06 UTC (rev 710)
@@ -26,6 +26,10 @@
#Directory which contains internationalisation stuff
intldir = @INTLDIR@/
+ # Directory used to store captcha files
+ # Should be readable for webserver user but not accessible
+ # to end users.
+ captchadir = /tmp
#The default language
default_language = en_US
@@ -88,9 +92,6 @@
#Is the panel open or not ?
open = yes
- #Key to crypt the confirmation code, it must be 8 characters long
- subscribe_code_encrypt_key = AbCdEfGh
-
#Use the public section of VHFFS
use_public = yes
Modified: trunk/vhffs-backend/conf/vhffs.conf.in
===================================================================
--- trunk/vhffs-backend/conf/vhffs.conf.in 2007-07-11 08:50:34 UTC (rev 709)
+++ trunk/vhffs-backend/conf/vhffs.conf.in 2007-07-11 10:58:06 UTC (rev 710)
@@ -26,6 +26,11 @@
#Directory which contains internationalisation stuff
intldir = @INTLDIR@/
+ # Directory used to store captcha files
+ # Should be readable for webserver user but not accessible
+ # to end users.
+ captchadir = /tmp
+
#The default language
default_language = en_US
@@ -88,9 +93,6 @@
#Is the panel open or not ?
open = yes
- #Key to crypt the confirmation code, it must be 8 characters long
- subscribe_code_encrypt_key = AbCdEfGh
-
#Use the public section of VHFFS
use_public = yes
Modified: trunk/vhffs-panel/show_code.pl
===================================================================
--- trunk/vhffs-panel/show_code.pl 2007-07-11 08:50:34 UTC (rev 709)
+++ trunk/vhffs-panel/show_code.pl 2007-07-11 10:58:06 UTC (rev 710)
@@ -31,63 +31,28 @@
use CGI;
-use GD;
-use GD::Text::Wrap;
use lib '%VHFFS_LIB_DIR%';
use Vhffs::Main;
-use Vhffs::Panel::Confirmation;
#Get some basics informations with CGI
-my $cgi;
-my $cid;
-my $code;
-my $vhffs;
-my $gd;
-my $wp;
-my $black;
-my $white;
-my $blue;
+my $cgi = new CGI;
+my $vhffs = init Vhffs::Main;
-$cgi = new CGI;
-$vhffs = init Vhffs::Main;
+my $code = $cgi->param("code");
-$code = $cgi->param("code");
-exit 0 unless ( defined $code && $code =~ /[0-9a-fA-F]{16}/ );
+my $buffer;
-#if(( ! ( defined $code ) ) || ( ! ( defined $cid ) ) )
-#{
-# print CGI->header( -type=>"text/html", -charset=>"utf-8" );
-# print "cid error";
-# exit 1;
-#}
+exit 0 unless ( defined $code && $code =~ /^[0-9a-fA-F]{32}$/ );
+exit 0 unless ( open(PNG, $vhffs->get_config()->get_captcha_dir()."/$code.png") );
-$gd = GD::Image->new(70,30);
-$white = $gd->colorAllocate(255,255,255);
-$black = $gd->colorAllocate( 0, 0, 0);
-$blue = $gd->colorAllocate(127,127,255);
-
-#print "No colours: $black ", $gd->colorsTotal, "\n";
-
-
-$wp = GD::Text::Wrap->new($gd,
- width => 70,
- line_space => 0,
- color => $black,
-# text => $code->{clear},
- text => Vhffs::Panel::Confirmation::decrypt_code( $vhffs , $code ),
-);
-$wp->set_font(gdLargeFont, 14);
-$wp->set(align => 'center');
-$wp->draw(0,5);
-$wp->set(para_space => 10, preserve_nl => 0);
-# Assume the user has set FONT_PATH or TTF_FONT_PATH
-#$wp->font_path('/usr/share/fonts/ttfonts');
-
-#my $cookie = CGI->cookie( CODE_HASH => $code->{hash} );
-#print CGI->header( -type=>"image/png", -cookie => $cookie );
print CGI->header( -type=>"image/png" );
select((select(STDOUT), $| = 1)[0]);
binmode STDOUT;
-print STDOUT $gd->png();
+binmode PNG;
+
+while( read(PNG, $buffer, 1024) ) {
+ print STDOUT $buffer;
+}
+close PNG;
close STDOUT;
Modified: trunk/vhffs-panel/subscribe.pl
===================================================================
--- trunk/vhffs-panel/subscribe.pl 2007-07-11 08:50:34 UTC (rev 709)
+++ trunk/vhffs-panel/subscribe.pl 2007-07-11 10:58:06 UTC (rev 710)
@@ -43,6 +43,7 @@
use strict;
use Locale::gettext;
use HTML::Template;
+use Authen::Captcha;
use lib '%VHFFS_LIB_DIR%';
use Vhffs::User;
@@ -50,7 +51,6 @@
use Vhffs::Functions;
use Vhffs::Constants;
use Vhffs::Panel::Main;
-use Vhffs::Panel::Confirmation;
my $panel = new_light Vhffs::Panel::Main();
my $vhffs = $panel->{'vhffs'};
@@ -58,29 +58,47 @@
my $cgi = $panel->{'cgi'};
my $uid;
-my $submitted = $cgi->param( "CREATE_SUBMIT" );
-my $mail = $cgi->param( "MAIL" );
-my $username = $cgi->param( "USERNAME" );
-my $firstname = $cgi->param( "FIRSTNAME");
-my $lastname = $cgi->param( "LASTNAME" );
-my $city = $cgi->param("CITY");
-my $zipcode = $cgi->param("ZIPCODE");
-my $country = $cgi->param("COUNTRY");
-my $address = $cgi->param("ADDRESS");
-my $code = $cgi->param("CONFIRMATION");
-my $cryptcode = $cgi->param("CRYPTED_CODE");
+my $submitted = $cgi->param( "CREATE_SUBMIT" );
+my $mail;
+my $username;
+my $firstname;
+my $lastname;
+my $city;
+my $zipcode;
+my $country;
+my $address;
+my $code;
+my $md5code;
my @errors = ();
my $template;
my $message;
+my $dir = $vhffs->get_config->get_captcha_dir;
+my $captcha = Authen::Captcha->new(
+ data_folder => $dir,
+ output_folder => $dir);
+
if( $vhffs->get_config->get_allow_subscribe == 0 )
{
-# Subscribe isn't allow, inform user
+# Subscribe isn't allowed, inform user
$template = new HTML::Template( filename => $templatedir."/misc/simplemsg.tmpl");
$template->param( MESSAGE => gettext("You cannot subscribe to VHFFS") );
} elsif( defined $submitted ) {
# don't check if form hasn't been submitted
- if( ( ! defined $code ) || ( ! Vhffs::Panel::Confirmation::check_code( $vhffs, $code, $cryptcode ) ) )
+
+ # get filled in parameters
+ $mail = $cgi->param( "MAIL" );
+ $username = $cgi->param( "USERNAME" );
+ $firstname = $cgi->param( "FIRSTNAME");
+ $lastname = $cgi->param( "LASTNAME" );
+ $city = $cgi->param("CITY");
+ $zipcode = $cgi->param("ZIPCODE");
+ $country = $cgi->param("COUNTRY");
+ $address = $cgi->param("ADDRESS");
+ $code = $cgi->param("CONFIRMATION");
+ $md5code = $cgi->param("MD5_CODE");
+
+ if( ( ! defined $code ) || ( $captcha->check_code($code, $md5code) != 1 ) )
{
push(@errors, {error => gettext("Codes do not match")});
}
@@ -207,9 +225,10 @@
$template->param( BACK => gettext("Back to Login") );
$template->param( HOME_TEXT => gettext('Home') );
- my $code = Vhffs::Panel::Confirmation::generate_code( $vhffs );
- $template->param( CRYPTED_CODE => $code->{'cryptedhexa'} );
+ my $md5 = $captcha->generate_code( 6 );
+ $template->param( MD5_CODE => $md5 );
+
$template->param( CONFIRMATION_TEXT => gettext('Code confirmation') );
$template->param( REPEAT_CONFIRMATION_TEXT => gettext('Recopy the code') );
$template->param( CONFIRMATION_ALT => gettext('Confirmation code, contact administrator team if you can\'t read it') );
Modified: trunk/vhffs-panel/templates/user/create.tmpl
===================================================================
--- trunk/vhffs-panel/templates/user/create.tmpl 2007-07-11 08:50:34 UTC (rev 709)
+++ trunk/vhffs-panel/templates/user/create.tmpl 2007-07-11 10:58:06 UTC (rev 710)
@@ -78,7 +78,7 @@
<label for="CONFIRMATION">
<TMPL_VAR NAME="CONFIRMATION_TEXT">
</label>
- <img src="show_code.pl?code=<TMPL_VAR NAME="CRYPTED_CODE">" alt="<tmpl_var name="CONFIRMATION_ALT">"/>
+ <img src="show_code.pl?code=<TMPL_VAR NAME="MD5_CODE">" alt="<tmpl_var name="CONFIRMATION_ALT">"/>
</p>
<p>
<label for="CONFIRMATION">
@@ -86,7 +86,7 @@
</label>
<input type="text" name="CONFIRMATION" id="CONFIRMATION" maxlength="16"/>
</p>
- <input type="hidden" name="CRYPTED_CODE" id="CRYPTED_CODE" value="<TMPL_VAR NAME="CRYPTED_CODE">"/>
+ <input type="hidden" name="MD5_CODE" id="MD5_CODE" value="<TMPL_VAR NAME="MD5_CODE">"/>
<p class="button">
<input type="submit" value="<TMPL_VAR NAME="SEND">" name="CREATE_SUBMIT"/>
</p>
Modified: trunk/vhffs-test-dependencies.in
===================================================================
--- trunk/vhffs-test-dependencies.in 2007-07-11 08:50:34 UTC (rev 709)
+++ trunk/vhffs-test-dependencies.in 2007-07-11 10:58:06 UTC (rev 710)
@@ -39,7 +39,8 @@
$dep{'panel'} = [
('GD', ''),
- ('GD::Text::Wrap', ''),
+ ('Digest::MD5', ''),
+ ('Authen::Captcha', ''),
('HTML::Template::Expr', '')];
$dep{'robots'} = [
@@ -135,7 +136,7 @@
--install Will install missing dependencies (*not recommmended*)
--install-cmd Specify a command for installing perl modules (see below)
--verbose Print all perl modules checked, not only the missings.
- --verify A list of vhffs component to verify deps
+ --verify A comma separated list of vhffs component to verify deps
Supported vhffs components are :
. api (default)