[vhffs-dev] [1343] don't create temporary files for captcha anymore (yes, this mean guessable codes, anyway captchas are useless and going to be disabled soon, so who care ?)

[ Thread Index | Date Index | More vhffs.org/vhffs-dev Archives ]


Revision: 1343
Author:   gradator
Date:     2009-02-18 08:29:06 +0100 (Wed, 18 Feb 2009)

Log Message:
-----------
don't create temporary files for captcha anymore (yes, this mean guessable codes, anyway captchas are useless and going to be disabled soon, so who care ?)

Modified Paths:
--------------
    trunk/vhffs-backend/conf/vhffs.conf.dist.in
    trunk/vhffs-panel/show_code.pl
    trunk/vhffs-panel/subscribe.pl
    trunk/vhffs-panel/templates/user/create.tmpl


Modified: trunk/vhffs-backend/conf/vhffs.conf.dist.in
===================================================================
--- trunk/vhffs-backend/conf/vhffs.conf.dist.in	2009-02-18 05:40:16 UTC (rev 1342)
+++ trunk/vhffs-backend/conf/vhffs.conf.dist.in	2009-02-18 07:29:06 UTC (rev 1343)
@@ -75,9 +75,8 @@
 	# The default theme
 	default_theme		=	vhffs
 
-	# Directory used to store captcha files
-	# Should be readable and writable by webserver user but not accessible to end users.
-	captchadir      	=	/tmp
+	# Captcha key, 12 hexadecimal characters [0-9a-f]{12}
+	captchakey		=	a1b2c3d4e5f6
 
 	# Obfuscation technique for emails (none, swap, simple, entities or javascript)
 	mail_obfuscation	=	swap

Modified: trunk/vhffs-panel/show_code.pl
===================================================================
--- trunk/vhffs-panel/show_code.pl	2009-02-18 05:40:16 UTC (rev 1342)
+++ trunk/vhffs-panel/show_code.pl	2009-02-18 07:29:06 UTC (rev 1343)
@@ -34,27 +34,26 @@
 use CGI;
 use lib '%VHFFS_LIB_DIR%';
 use Vhffs::Main;
+use Vhffs::Panel::Captcha;
 
-#Get some basics informations with CGI
-my $cgi 		= new CGI;
+my $cgi = new CGI;
 $cgi->charset('utf-8');
-my $vhffs		= init Vhffs::Main;	
 
-my $code = $cgi->param("code");
+my $vhffs = init Vhffs::Main;	
+my $captchakey = $vhffs->get_config->get_panel->{'captchakey'};
 
-my $buffer;
+my $hex = $cgi->param('code');
+exit 0 unless ( defined $hex && $hex =~ /^[0-9a-f]{12}$/ );
 
-exit 0 unless ( defined $code && $code =~ /^[0-9a-fA-F]{32}$/ );
-exit 0 unless ( open(PNG, $vhffs->get_config()->get_panel->{'captchadir'}."/$code.png") );
+my $code = pack('H12', $hex);
+$code ^= pack('H12', $captchakey) if defined $captchakey;
 
-print CGI->header( -type=>"image/png" );
+print CGI->header( -type=>'image/png' );
 
 select((select(STDOUT), $| = 1)[0]);
 binmode STDOUT;
-binmode PNG;
 
-while( read(PNG, $buffer, 1024) ) {
-    print STDOUT $buffer;
-}
-close PNG;
+my $captcha = Vhffs::Panel::Captcha->new;
+my $png = $captcha->create_image_file( $code );
+print STDOUT ${$png};
 close STDOUT;

Modified: trunk/vhffs-panel/subscribe.pl
===================================================================
--- trunk/vhffs-panel/subscribe.pl	2009-02-18 05:40:16 UTC (rev 1342)
+++ trunk/vhffs-panel/subscribe.pl	2009-02-18 07:29:06 UTC (rev 1343)
@@ -60,27 +60,13 @@
 my $vhffs = $panel->{'vhffs'};
 my $templatedir = $panel->{'templatedir'};
 my $cgi = $panel->{'cgi'};
-my $uid;
 
 my $submitted = $cgi->param( 'CREATE_SUBMIT' );
-my $mail;
-my $username;
-my $firstname;
-my $lastname;
-my $city;
-my $zipcode;
-my $country;
-my $address;
-my $code;
-my $md5code;
 my @errors = ();
 my $template;
 my $message;
 
-my $dir = $vhffs->get_config->get_panel->{'captchadir'};
-my $captcha = Vhffs::Panel::Captcha->new(
-                                data_folder => $dir,
-                                output_folder => $dir);
+my $captchakey = $vhffs->get_config->get_panel->{'captchakey'};
 
 if( $vhffs->get_config->get_allow_subscribe == 0 )
 {
@@ -96,19 +82,21 @@
 if( defined $submitted ) {
 # don't check if form hasn't been submitted
 
-    # get filled in parameters
-    $mail       = $cgi->param( "MAIL" );
-    $username   = $cgi->param( "USERNAME" );
-    $firstname  = Encode::decode_utf8( $cgi->param( "FIRSTNAME") );
-    $lastname   = Encode::decode_utf8( $cgi->param( "LASTNAME" ) );
-    $city       = Encode::decode_utf8( $cgi->param("CITY") );
-    $zipcode    = Encode::decode_utf8( $cgi->param("ZIPCODE") );
-    $country    = Encode::decode_utf8( $cgi->param("COUNTRY") );
-    $address    = Encode::decode_utf8( $cgi->param("ADDRESS") );
-    $code       = $cgi->param("CONFIRMATION");
-    $md5code    = $cgi->param("MD5_CODE");
+	# get filled in parameters
+	my $mail       = $cgi->param( "MAIL" );
+	my $username   = $cgi->param( "USERNAME" );
+	my $firstname  = Encode::decode_utf8( $cgi->param( "FIRSTNAME") );
+	my $lastname   = Encode::decode_utf8( $cgi->param( "LASTNAME" ) );
+	my $city       = Encode::decode_utf8( $cgi->param("CITY") );
+	my $zipcode    = Encode::decode_utf8( $cgi->param("ZIPCODE") );
+	my $country    = Encode::decode_utf8( $cgi->param("COUNTRY") );
+	my $address    = Encode::decode_utf8( $cgi->param("ADDRESS") );
+    	my $codeuser   = $cgi->param('CONFIRMATION');
+	my $hexcode    = $cgi->param('CODE');
+	my $code = pack('H12', $hexcode);
+	$code ^= pack('H12', $captchakey) if defined $captchakey;
 
-	if( ( ! defined $code ) || ( $captcha->check_code($code, $md5code) != 1 ) )
+	if( ( ! defined $code ) || ( $codeuser ne $code ) )
 	{
 		push(@errors, {error => gettext("Codes do not match")});
 	}
@@ -237,17 +225,12 @@
     $template->param( SEND                  => gettext("Subscribe") );
     $template->param( BACK                  => gettext("Back to Login") );
 
-    my $md5;
-    my $chars;
-    my $espeak_chars;
-    ($md5,$chars) = $captcha->generate_code( 6 );
-    my $captcha_file = $dir.'/'.$md5.'.wav';
-    $espeak_chars = join(': ', split(//,$chars));
-    system("find $dir -iname '*.wav'".' -mmin +5 -exec rm {} \;');
-    system("echo $espeak_chars | espeak -s 80 -w $captcha_file");
+	my $captcha = Vhffs::Panel::Captcha->new;
+	my $code = $captcha->generate_random_string( 6 );
+	$code ^= pack('H12', $captchakey) if defined $captchakey;
+	my $hex = unpack('H12', $code);
+	$template->param( CODE   => $hex );
 
-    $template->param( MD5_CODE   => $md5 );
-
     $template->param( CONFIRMATION_TEXT             => gettext('Code confirmation') );
     $template->param( REPEAT_CONFIRMATION_TEXT      => gettext('Recopy the code') );
     $template->param( CONFIRMATION_ALT              => gettext('Confirmation code, contact administrator team if you can\'t read it') );

Modified: trunk/vhffs-panel/templates/user/create.tmpl
===================================================================
--- trunk/vhffs-panel/templates/user/create.tmpl	2009-02-18 05:40:16 UTC (rev 1342)
+++ trunk/vhffs-panel/templates/user/create.tmpl	2009-02-18 07:29:06 UTC (rev 1343)
@@ -64,7 +64,7 @@
 					<label for="CONFIRMATION">
 						<TMPL_VAR ESCAPE=1 NAME="CONFIRMATION_TEXT">
 					</label>
-						<img src="show_code.pl?code=<TMPL_VAR ESCAPE=1 NAME="MD5_CODE">" alt="<TMPL_VAR ESCAPE=1 NAME="CONFIRMATION_ALT">"/> <a href="play_code.pl?code=<TMPL_VAR ESCAPE=1 NAME="MD5_CODE">"><TMPL_VAR ESCAPE=1 NAME="CONFIRMATION_SOUND_TEXT"></a>
+						<img src="show_code.pl?code=<TMPL_VAR ESCAPE=1 NAME="CODE">" alt="<TMPL_VAR ESCAPE=1 NAME="CONFIRMATION_ALT">"/> <a href="play_code.pl?code=<TMPL_VAR ESCAPE=1 NAME="CODE">"><TMPL_VAR ESCAPE=1 NAME="CONFIRMATION_SOUND_TEXT"></a>
 				</p>
 				<p>
 					<label for="CONFIRMATION">
@@ -72,7 +72,7 @@
 					</label>
 					<input type="text" name="CONFIRMATION"  id="CONFIRMATION" maxlength="16"/>
 				</p>
-					<input type="hidden" name="MD5_CODE" id="MD5_CODE" value="<TMPL_VAR ESCAPE=1 NAME="MD5_CODE">"/>
+					<input type="hidden" name="CODE" id="CODE" value="<TMPL_VAR ESCAPE=1 NAME="CODE">"/>
 				<p class="button">
 					<input type="submit" value="<TMPL_VAR ESCAPE=1 NAME="SEND">" name="CREATE_SUBMIT"/>
 				</p>


Mail converted by MHonArc 2.6.19+ http://listengine.tuxfamily.org/