| [vhffs-dev] [1343] don't create temporary files for captcha anymore (yes, this mean guessable codes, anyway captchas are useless and going to be disabled soon, so who care ?) |
[ Thread Index |
Date Index
| More vhffs.org/vhffs-dev Archives
]
- To: vhffs-dev@xxxxxxxxx
- Subject: [vhffs-dev] [1343] don't create temporary files for captcha anymore (yes, this mean guessable codes, anyway captchas are useless and going to be disabled soon, so who care ?)
- From: subversion@xxxxxxxxxxxxx
- Date: Wed, 18 Feb 2009 08:29:06 +0100
Revision: 1343
Author: gradator
Date: 2009-02-18 08:29:06 +0100 (Wed, 18 Feb 2009)
Log Message:
-----------
don't create temporary files for captcha anymore (yes, this mean guessable codes, anyway captchas are useless and going to be disabled soon, so who care ?)
Modified Paths:
--------------
trunk/vhffs-backend/conf/vhffs.conf.dist.in
trunk/vhffs-panel/show_code.pl
trunk/vhffs-panel/subscribe.pl
trunk/vhffs-panel/templates/user/create.tmpl
Modified: trunk/vhffs-backend/conf/vhffs.conf.dist.in
===================================================================
--- trunk/vhffs-backend/conf/vhffs.conf.dist.in 2009-02-18 05:40:16 UTC (rev 1342)
+++ trunk/vhffs-backend/conf/vhffs.conf.dist.in 2009-02-18 07:29:06 UTC (rev 1343)
@@ -75,9 +75,8 @@
# The default theme
default_theme = vhffs
- # Directory used to store captcha files
- # Should be readable and writable by webserver user but not accessible to end users.
- captchadir = /tmp
+ # Captcha key, 12 hexadecimal characters [0-9a-f]{12}
+ captchakey = a1b2c3d4e5f6
# Obfuscation technique for emails (none, swap, simple, entities or javascript)
mail_obfuscation = swap
Modified: trunk/vhffs-panel/show_code.pl
===================================================================
--- trunk/vhffs-panel/show_code.pl 2009-02-18 05:40:16 UTC (rev 1342)
+++ trunk/vhffs-panel/show_code.pl 2009-02-18 07:29:06 UTC (rev 1343)
@@ -34,27 +34,26 @@
use CGI;
use lib '%VHFFS_LIB_DIR%';
use Vhffs::Main;
+use Vhffs::Panel::Captcha;
-#Get some basics informations with CGI
-my $cgi = new CGI;
+my $cgi = new CGI;
$cgi->charset('utf-8');
-my $vhffs = init Vhffs::Main;
-my $code = $cgi->param("code");
+my $vhffs = init Vhffs::Main;
+my $captchakey = $vhffs->get_config->get_panel->{'captchakey'};
-my $buffer;
+my $hex = $cgi->param('code');
+exit 0 unless ( defined $hex && $hex =~ /^[0-9a-f]{12}$/ );
-exit 0 unless ( defined $code && $code =~ /^[0-9a-fA-F]{32}$/ );
-exit 0 unless ( open(PNG, $vhffs->get_config()->get_panel->{'captchadir'}."/$code.png") );
+my $code = pack('H12', $hex);
+$code ^= pack('H12', $captchakey) if defined $captchakey;
-print CGI->header( -type=>"image/png" );
+print CGI->header( -type=>'image/png' );
select((select(STDOUT), $| = 1)[0]);
binmode STDOUT;
-binmode PNG;
-while( read(PNG, $buffer, 1024) ) {
- print STDOUT $buffer;
-}
-close PNG;
+my $captcha = Vhffs::Panel::Captcha->new;
+my $png = $captcha->create_image_file( $code );
+print STDOUT ${$png};
close STDOUT;
Modified: trunk/vhffs-panel/subscribe.pl
===================================================================
--- trunk/vhffs-panel/subscribe.pl 2009-02-18 05:40:16 UTC (rev 1342)
+++ trunk/vhffs-panel/subscribe.pl 2009-02-18 07:29:06 UTC (rev 1343)
@@ -60,27 +60,13 @@
my $vhffs = $panel->{'vhffs'};
my $templatedir = $panel->{'templatedir'};
my $cgi = $panel->{'cgi'};
-my $uid;
my $submitted = $cgi->param( 'CREATE_SUBMIT' );
-my $mail;
-my $username;
-my $firstname;
-my $lastname;
-my $city;
-my $zipcode;
-my $country;
-my $address;
-my $code;
-my $md5code;
my @errors = ();
my $template;
my $message;
-my $dir = $vhffs->get_config->get_panel->{'captchadir'};
-my $captcha = Vhffs::Panel::Captcha->new(
- data_folder => $dir,
- output_folder => $dir);
+my $captchakey = $vhffs->get_config->get_panel->{'captchakey'};
if( $vhffs->get_config->get_allow_subscribe == 0 )
{
@@ -96,19 +82,21 @@
if( defined $submitted ) {
# don't check if form hasn't been submitted
- # get filled in parameters
- $mail = $cgi->param( "MAIL" );
- $username = $cgi->param( "USERNAME" );
- $firstname = Encode::decode_utf8( $cgi->param( "FIRSTNAME") );
- $lastname = Encode::decode_utf8( $cgi->param( "LASTNAME" ) );
- $city = Encode::decode_utf8( $cgi->param("CITY") );
- $zipcode = Encode::decode_utf8( $cgi->param("ZIPCODE") );
- $country = Encode::decode_utf8( $cgi->param("COUNTRY") );
- $address = Encode::decode_utf8( $cgi->param("ADDRESS") );
- $code = $cgi->param("CONFIRMATION");
- $md5code = $cgi->param("MD5_CODE");
+ # get filled in parameters
+ my $mail = $cgi->param( "MAIL" );
+ my $username = $cgi->param( "USERNAME" );
+ my $firstname = Encode::decode_utf8( $cgi->param( "FIRSTNAME") );
+ my $lastname = Encode::decode_utf8( $cgi->param( "LASTNAME" ) );
+ my $city = Encode::decode_utf8( $cgi->param("CITY") );
+ my $zipcode = Encode::decode_utf8( $cgi->param("ZIPCODE") );
+ my $country = Encode::decode_utf8( $cgi->param("COUNTRY") );
+ my $address = Encode::decode_utf8( $cgi->param("ADDRESS") );
+ my $codeuser = $cgi->param('CONFIRMATION');
+ my $hexcode = $cgi->param('CODE');
+ my $code = pack('H12', $hexcode);
+ $code ^= pack('H12', $captchakey) if defined $captchakey;
- if( ( ! defined $code ) || ( $captcha->check_code($code, $md5code) != 1 ) )
+ if( ( ! defined $code ) || ( $codeuser ne $code ) )
{
push(@errors, {error => gettext("Codes do not match")});
}
@@ -237,17 +225,12 @@
$template->param( SEND => gettext("Subscribe") );
$template->param( BACK => gettext("Back to Login") );
- my $md5;
- my $chars;
- my $espeak_chars;
- ($md5,$chars) = $captcha->generate_code( 6 );
- my $captcha_file = $dir.'/'.$md5.'.wav';
- $espeak_chars = join(': ', split(//,$chars));
- system("find $dir -iname '*.wav'".' -mmin +5 -exec rm {} \;');
- system("echo $espeak_chars | espeak -s 80 -w $captcha_file");
+ my $captcha = Vhffs::Panel::Captcha->new;
+ my $code = $captcha->generate_random_string( 6 );
+ $code ^= pack('H12', $captchakey) if defined $captchakey;
+ my $hex = unpack('H12', $code);
+ $template->param( CODE => $hex );
- $template->param( MD5_CODE => $md5 );
-
$template->param( CONFIRMATION_TEXT => gettext('Code confirmation') );
$template->param( REPEAT_CONFIRMATION_TEXT => gettext('Recopy the code') );
$template->param( CONFIRMATION_ALT => gettext('Confirmation code, contact administrator team if you can\'t read it') );
Modified: trunk/vhffs-panel/templates/user/create.tmpl
===================================================================
--- trunk/vhffs-panel/templates/user/create.tmpl 2009-02-18 05:40:16 UTC (rev 1342)
+++ trunk/vhffs-panel/templates/user/create.tmpl 2009-02-18 07:29:06 UTC (rev 1343)
@@ -64,7 +64,7 @@
<label for="CONFIRMATION">
<TMPL_VAR ESCAPE=1 NAME="CONFIRMATION_TEXT">
</label>
- <img src="show_code.pl?code=<TMPL_VAR ESCAPE=1 NAME="MD5_CODE">" alt="<TMPL_VAR ESCAPE=1 NAME="CONFIRMATION_ALT">"/> <a href="play_code.pl?code=<TMPL_VAR ESCAPE=1 NAME="MD5_CODE">"><TMPL_VAR ESCAPE=1 NAME="CONFIRMATION_SOUND_TEXT"></a>
+ <img src="show_code.pl?code=<TMPL_VAR ESCAPE=1 NAME="CODE">" alt="<TMPL_VAR ESCAPE=1 NAME="CONFIRMATION_ALT">"/> <a href="play_code.pl?code=<TMPL_VAR ESCAPE=1 NAME="CODE">"><TMPL_VAR ESCAPE=1 NAME="CONFIRMATION_SOUND_TEXT"></a>
</p>
<p>
<label for="CONFIRMATION">
@@ -72,7 +72,7 @@
</label>
<input type="text" name="CONFIRMATION" id="CONFIRMATION" maxlength="16"/>
</p>
- <input type="hidden" name="MD5_CODE" id="MD5_CODE" value="<TMPL_VAR ESCAPE=1 NAME="MD5_CODE">"/>
+ <input type="hidden" name="CODE" id="CODE" value="<TMPL_VAR ESCAPE=1 NAME="CODE">"/>
<p class="button">
<input type="submit" value="<TMPL_VAR ESCAPE=1 NAME="SEND">" name="CREATE_SUBMIT"/>
</p>