bashclub/piler
1
0
Fork 0
mirror of https://bitbucket.org/jsuto/piler.git synced 2025-06-13 00:17:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

rewrote php session variables

Browse Source
This commit is contained in:
SJ
2013-11-18 19:24:33 +01:00
parent 0809b5a514
commit 881a2380e0
39 changed files with 302 additions and 609 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
webui/securimage/captcha.html
View File

@ -1,13 +0,0 @@
<!-- The following is example HTML that can be used on your form -->
<p>
<img id="siimage" style="border: 1px solid #000; margin-right: 15px" src="./securimage_show.php?sid=<?php echo md5(uniqid()) ?>" alt="CAPTCHA Image" align="left">
<object type="application/x-shockwave-flash" data="./securimage_play.swf?bgcol=#ffffff&amp;icon_file=./images/audio_icon.png&amp;audio_file=./securimage_play.php" height="32" width="32">
<param name="movie" value="./securimage_play.swf?bgcol=#ffffff&amp;icon_file=./images/audio_icon.png&amp;audio_file=./securimage_play.php" />
</object>
&nbsp;
<a tabindex="-1" style="border-style: none;" href="#" title="Refresh Image" onclick="document.getElementById('siimage').src = './securimage_show.php?sid=' + Math.random(); this.blur(); return false"><img src="./images/refresh.png" alt="Reload Image" onclick="this.blur()" align="bottom" border="0"></a><br />
<strong>Enter Code*:</strong><br />
<input type="text" name="ct_captcha" size="12" maxlength="16" />
</p>

207
webui/securimage/example_form.ajax.php
View File

@ -1,207 +0,0 @@
<?php
session_start(); // this MUST be called prior to any output including whitespaces and line breaks!
$GLOBALS['ct_recipient'] = 'YOU@EXAMPLE.COM'; // Change to your email address!
$GLOBALS['ct_msg_subject'] = 'Securimage Test Contact Form';
$GLOBALS['DEBUG_MODE'] = 1;
// CHANGE TO 0 TO TURN OFF DEBUG MODE
// IN DEBUG MODE, ONLY THE CAPTCHA CODE IS VALIDATED, AND NO EMAIL IS SENT
// Process the form, if it was submitted
process_si_contact_form();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-type" content="text/html;charset=UTF-8" />
<title>Securimage Example Form</title>
<style type="text/css">
<!--
#success_message { border: 1px solid #000; width: 550px; text-align: left; padding: 10px 7px; background: #33ff33; color: #000; font-weight; bold; font-size: 1.2em; border-radius: 4px; -moz-border-radius: 4px; -webkit-border-radius: 4px; }
fieldset { width: 90%; }
legend { font-size: 24px; }
.note { font-size: 18px; }
-->
</style>
</head>
<body>
<fieldset>
<legend>Example Form</legend>
<p class="note">
This is an example PHP form that processes user information, checks for errors, and validates the captcha code.<br />
This example form also demonstrates how to submit a form to itself to display error messages.
</p>
<div id="success_message" style="display: none">Your message has been sent!<br />We will contact you as soon as possible.</div>
<form method="post" action="" id="contact_form" onsubmit="return processForm()">
<input type="hidden" name="do" value="contact" />
<p>
<strong>Name*:</strong><br />
<input type="text" name="ct_name" size="35" value="" />
</p>
<p>
<strong>Email*:</strong><br />
<input type="text" name="ct_email" size="35" value="" />
</p>
<p>
<strong>URL:</strong><br />
<input type="text" name="ct_URL" size="35" value="" />
</p>
<p>
<strong>Message*:</strong><br />
<textarea name="ct_message" rows="12" cols="60"></textarea>
</p>
<p>
<img id="siimage" style="border: 1px solid #000; margin-right: 15px" src="./securimage_show.php?sid=<?php echo md5(uniqid()) ?>" alt="CAPTCHA Image" align="left" />
<object type="application/x-shockwave-flash" data="./securimage_play.swf?bgcol=#ffffff&amp;icon_file=./images/audio_icon.png&amp;audio_file=./securimage_play.php" height="32" width="32">
<param name="movie" value="./securimage_play.swf?bgcol=#ffffff&amp;icon_file=./images/audio_icon.png&amp;audio_file=./securimage_play.php" />
</object>
&nbsp;
<a tabindex="-1" style="border-style: none;" href="#" title="Refresh Image" onclick="document.getElementById('siimage').src = './securimage_show.php?sid=' + Math.random(); this.blur(); return false"><img src="./images/refresh.png" alt="Reload Image" height="32" width="32" onclick="this.blur()" align="bottom" border="0" /></a><br />
<strong>Enter Code*:</strong><br />
<input type="text" name="ct_captcha" size="12" maxlength="8" />
</p>
<p>
<br />
<input type="submit" value="Submit Message" />
</p>
</form>
</fieldset>
<script src="http://code.jquery.com/jquery-1.10.1.min.js"></script>
<script type="text/javascript">
$.noConflict();
function reloadCaptcha()
{
jQuery('#siimage').src = './securimage_show.php?sid=' + Math.random();
}
function processForm()
{
jQuery.ajax({
url: '<?php echo $_SERVER['PHP_SELF'] ?>',
type: 'POST',
data: jQuery('#contact_form').serialize(),
dataType: 'json',
}).done(function(data) {
if (data.error === 0) {
jQuery('#success_message').show();
jQuery('#contact_form')[0].reset();
reloadCaptcha();
setTimeout("jQuery('#success_message').fadeOut()", 30000);
} else {
alert("There was an error with your submission.\n\n" + data.message);
}
});
return false;
}
</script>
</body>
</html>
<?php
// The form processor PHP code
function process_si_contact_form()
{
if ($_SERVER['REQUEST_METHOD'] == 'POST' && @$_POST['do'] == 'contact') {
// if the form has been submitted
foreach($_POST as $key => $value) {
if (!is_array($key)) {
// sanitize the input data
if ($key != 'ct_message') $value = strip_tags($value);
$_POST[$key] = htmlspecialchars(stripslashes(trim($value)));
}
}
$name = @$_POST['ct_name']; // name from the form
$email = @$_POST['ct_email']; // email from the form
$URL = @$_POST['ct_URL']; // url from the form
$message = @$_POST['ct_message']; // the message from the form
$captcha = @$_POST['ct_captcha']; // the user's entry for the captcha code
$name = substr($name, 0, 64); // limit name to 64 characters
$errors = array(); // initialize empty error array
if (isset($GLOBALS['DEBUG_MODE']) && $GLOBALS['DEBUG_MODE'] == false) {
// only check for errors if the form is not in debug mode
if (strlen($name) < 3) {
// name too short, add error
$errors['name_error'] = 'Your name is required';
}
if (strlen($email) == 0) {
// no email address given
$errors['email_error'] = 'Email address is required';
} else if ( !preg_match('/^(?:[\w\d]+\.?)+@(?:(?:[\w\d]\-?)+\.)+\w{2,4}$/i', $email)) {
// invalid email format
$errors['email_error'] = 'Email address entered is invalid';
}
if (strlen($message) < 20) {
// message length too short
$errors['message_error'] = 'Please enter a message';
}
}
// Only try to validate the captcha if the form has no errors
// This is especially important for ajax calls
if (sizeof($errors) == 0) {
require_once dirname(__FILE__) . '/securimage.php';
$securimage = new Securimage();
if ($securimage->check($captcha) == false) {
$errors['captcha_error'] = 'Incorrect security code entered';
}
}
if (sizeof($errors) == 0) {
// no errors, send the form
$time = date('r');
$message = "A message was submitted from the contact form. The following information was provided.<br /><br />"
. "Name: $name<br />"
. "Email: $email<br />"
. "URL: $URL<br />"
. "Message:<br />"
. "<pre>$message</pre>"
. "<br /><br />IP Address: {$_SERVER['REMOTE_ADDR']}<br />"
. "Time: $time<br />"
. "Browser: {$_SERVER['HTTP_USER_AGENT']}<br />";
if (isset($GLOBALS['DEBUG_MODE']) && $GLOBALS['DEBUG_MODE'] == false) {
// send the message with mail()
mail($GLOBALS['ct_recipient'], $GLOBALS['ct_msg_subject'], $message, "From: {$GLOBALS['ct_recipient']}\r\nReply-To: {$email}\r\nContent-type: text/html; charset=ISO-8859-1\r\nMIME-Version: 1.0");
}
$return = array('error' => 0, 'message' => 'OK');
die(json_encode($return));
} else {
$errmsg = '';
foreach($errors as $key => $error) {
// set up error messages to display with each field
$errmsg .= " - {$error}\n";
}
$return = array('error' => 1, 'message' => $errmsg);
die(json_encode($return));
}
} // POST
} // function process_si_contact_form()

192
webui/securimage/example_form.php
View File

@ -1,192 +0,0 @@
<?php
session_start(); // this MUST be called prior to any output including whitespaces and line breaks!
$GLOBALS['DEBUG_MODE'] = 1;
// CHANGE TO 0 TO TURN OFF DEBUG MODE
// IN DEBUG MODE, ONLY THE CAPTCHA CODE IS VALIDATED, AND NO EMAIL IS SENT
$GLOBALS['ct_recipient'] = 'YOU@EXAMPLE.COM'; // Change to your email address!
$GLOBALS['ct_msg_subject'] = 'Securimage Test Contact Form';
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-type" content="text/html;charset=UTF-8" />
<title>Securimage Example Form</title>
<style type="text/css">
<!--
.error { color: #f00; font-weight: bold; font-size: 1.2em; }
.success { color: #00f; font-weight: bold; font-size: 1.2em; }
fieldset { width: 90%; }
legend { font-size: 24px; }
.note { font-size: 18px;
-->
</style>
</head>
<body>
<fieldset>
<legend>Example Form</legend>
<p class="note">
This is an example PHP form that processes user information, checks for errors, and validates the captcha code.<br />
This example form also demonstrates how to submit a form to itself to display error messages.
</p>
<?php
process_si_contact_form(); // Process the form, if it was submitted
if (isset($_SESSION['ctform']['error']) && $_SESSION['ctform']['error'] == true): /* The last form submission had 1 or more errors */ ?>
<span class="error">There was a problem with your submission. Errors are displayed below in red.</span><br /><br />
<?php elseif (isset($_SESSION['ctform']['success']) && $_SESSION['ctform']['success'] == true): /* form was processed successfully */ ?>
<span class="success">The captcha was correct and the message has been sent!</span><br /><br />
<?php endif; ?>
<form method="post" action="<?php echo htmlspecialchars($_SERVER['REQUEST_URI'] . $_SERVER['QUERY_STRING']) ?>" id="contact_form">
<input type="hidden" name="do" value="contact" />
<p>
<strong>Name*:</strong>&nbsp; &nbsp;<?php echo @$_SESSION['ctform']['name_error'] ?><br />
<input type="text" name="ct_name" size="35" value="<?php echo htmlspecialchars(@$_SESSION['ctform']['ct_name']) ?>" />
</p>
<p>
<strong>Email*:</strong>&nbsp; &nbsp;<?php echo @$_SESSION['ctform']['email_error'] ?><br />
<input type="text" name="ct_email" size="35" value="<?php echo htmlspecialchars(@$_SESSION['ctform']['ct_email']) ?>" />
</p>
<p>
<strong>URL:</strong>&nbsp; &nbsp;<?php echo @$_SESSION['ctform']['URL_error'] ?><br />
<input type="text" name="ct_URL" size="35" value="<?php echo htmlspecialchars(@$_SESSION['ctform']['ct_URL']) ?>" />
</p>
<p>
<strong>Message*:</strong>&nbsp; &nbsp;<?php echo @$_SESSION['ctform']['message_error'] ?><br />
<textarea name="ct_message" rows="12" cols="60"><?php echo htmlspecialchars(@$_SESSION['ctform']['ct_message']) ?></textarea>
</p>
<p>
<img id="siimage" style="border: 1px solid #000; margin-right: 15px" src="./securimage_show.php?sid=<?php echo md5(uniqid()) ?>" alt="CAPTCHA Image" align="left" />
<object type="application/x-shockwave-flash" data="./securimage_play.swf?bgcol=#ffffff&amp;icon_file=./images/audio_icon.png&amp;audio_file=./securimage_play.php" height="32" width="32">
<param name="movie" value="./securimage_play.swf?bgcol=#ffffff&amp;icon_file=./images/audio_icon.png&amp;audio_file=./securimage_play.php" />
</object>
&nbsp;
<a tabindex="-1" style="border-style: none;" href="#" title="Refresh Image" onclick="document.getElementById('siimage').src = './securimage_show.php?sid=' + Math.random(); this.blur(); return false"><img src="./images/refresh.png" alt="Reload Image" height="32" width="32" onclick="this.blur()" align="bottom" border="0" /></a><br />
<strong>Enter Code*:</strong><br />
<?php echo @$_SESSION['ctform']['captcha_error'] ?>
<input type="text" name="ct_captcha" size="12" maxlength="16" />
</p>
<p>
<br />
<input type="submit" value="Submit Message" />
</p>
</form>
</fieldset>
</body>
</html>
<?php
// The form processor PHP code
function process_si_contact_form()
{
$_SESSION['ctform'] = array(); // re-initialize the form session data
if ($_SERVER['REQUEST_METHOD'] == 'POST' && @$_POST['do'] == 'contact') {
// if the form has been submitted
foreach($_POST as $key => $value) {
if (!is_array($key)) {
// sanitize the input data
if ($key != 'ct_message') $value = strip_tags($value);
$_POST[$key] = htmlspecialchars(stripslashes(trim($value)));
}
}
$name = @$_POST['ct_name']; // name from the form
$email = @$_POST['ct_email']; // email from the form
$URL = @$_POST['ct_URL']; // url from the form
$message = @$_POST['ct_message']; // the message from the form
$captcha = @$_POST['ct_captcha']; // the user's entry for the captcha code
$name = substr($name, 0, 64); // limit name to 64 characters
$errors = array(); // initialize empty error array
if (isset($GLOBALS['DEBUG_MODE']) && $GLOBALS['DEBUG_MODE'] == false) {
// only check for errors if the form is not in debug mode
if (strlen($name) < 3) {
// name too short, add error
$errors['name_error'] = 'Your name is required';
}
if (strlen($email) == 0) {
// no email address given
$errors['email_error'] = 'Email address is required';
} else if ( !preg_match('/^(?:[\w\d]+\.?)+@(?:(?:[\w\d]\-?)+\.)+\w{2,4}$/i', $email)) {
// invalid email format
$errors['email_error'] = 'Email address entered is invalid';
}
if (strlen($message) < 20) {
// message length too short
$errors['message_error'] = 'Please enter a message';
}
}
// Only try to validate the captcha if the form has no errors
// This is especially important for ajax calls
if (sizeof($errors) == 0) {
require_once dirname(__FILE__) . '/securimage.php';
$securimage = new Securimage();
if ($securimage->check($captcha) == false) {
$errors['captcha_error'] = 'Incorrect security code entered<br />';
}
}
if (sizeof($errors) == 0) {
// no errors, send the form
$time = date('r');
$message = "A message was submitted from the contact form. The following information was provided.<br /><br />"
. "Name: $name<br />"
. "Email: $email<br />"
. "URL: $URL<br />"
. "Message:<br />"
. "<pre>$message</pre>"
. "<br /><br />IP Address: {$_SERVER['REMOTE_ADDR']}<br />"
. "Time: $time<br />"
. "Browser: {$_SERVER['HTTP_USER_AGENT']}<br />";
$message = wordwrap($message, 70);
if (isset($GLOBALS['DEBUG_MODE']) && $GLOBALS['DEBUG_MODE'] == false) {
// send the message with mail()
mail($GLOBALS['ct_recipient'], $GLOBALS['ct_msg_subject'], $message, "From: {$GLOBALS['ct_recipient']}\r\nReply-To: {$email}\r\nContent-type: text/html; charset=ISO-8859-1\r\nMIME-Version: 1.0");
}
$_SESSION['ctform']['error'] = false; // no error with form
$_SESSION['ctform']['success'] = true; // message sent
} else {
// save the entries, this is to re-populate the form
$_SESSION['ctform']['ct_name'] = $name; // save name from the form submission
$_SESSION['ctform']['ct_email'] = $email; // save email
$_SESSION['ctform']['ct_URL'] = $URL; // save URL
$_SESSION['ctform']['ct_message'] = $message; // save message
foreach($errors as $key => $error) {
// set up error messages to display with each field
$_SESSION['ctform'][$key] = "<span style=\"font-weight: bold; color: #f00\">$error</span>";
}
$_SESSION['ctform']['error'] = true; // set error floag
}
} // POST
}
$_SESSION['ctform']['success'] = false; // clear success value after running

130
webui/securimage/securimage.php
View File

@ -853,13 +853,13 @@ class Securimage
try {
$audio = $this->getAudibleCode();
} catch (Exception $ex) {
if (($fp = @fopen(dirname(__FILE__) . '/si.error_log', 'a+')) !== false) {
fwrite($fp, date('Y-m-d H:i:s') . ': Securimage audio error "' . $ex->getMessage() . '"' . "\n");
fclose($fp);
if (($fp = @fopen(dirname(__FILE__) . '/si.error_log', 'a+')) !== false) {
fwrite($fp, date('Y-m-d H:i:s') . ': Securimage audio error "' . $ex->getMessage() . '"' . "\n");
fclose($fp);
}
$audio = $this->audioError();
}
}
if ($this->canSendHeaders() || $this->send_headers == false) {
if ($this->send_headers) {
@ -890,15 +890,15 @@ class Securimage
if (!$this->no_exit) exit;
}
/**
* Return the code from the session or sqlite database if used. If none exists yet, an empty string is returned
*
* @param $array bool True to receive an array containing the code and properties
* @return array|string Array if $array = true, otherwise a string containing the code
*/
public function getCode($array = false, $returnExisting = false)
{
$code = '';
/**
* Return the code from the session or sqlite database if used. If none exists yet, an empty string is returned
*
* @param $array bool True to receive an array containing the code and properties
* @return array|string Array if $array = true, otherwise a string containing the code
*/
public function getCode($array = false, $returnExisting = false)
{
$code = '';
$time = 0;
$disp = 'error';
@ -911,31 +911,31 @@ class Securimage
} else {
return $this->code;
}
}
}
if ($this->no_session != true) {
if (isset($_SESSION['securimage_code_value'][$this->namespace]) &&
trim($_SESSION['securimage_code_value'][$this->namespace]) != '') {
if ($this->isCodeExpired(
$_SESSION['securimage_code_ctime'][$this->namespace]) == false) {
$code = $_SESSION['securimage_code_value'][$this->namespace];
$time = $_SESSION['securimage_code_ctime'][$this->namespace];
$disp = $_SESSION['securimage_code_disp'] [$this->namespace];
}
if ($this->no_session != true) {
if (isset($_SESSION['securimage_code_value'][$this->namespace]) &&
trim($_SESSION['securimage_code_value'][$this->namespace]) != '') {
if ($this->isCodeExpired(
$_SESSION['securimage_code_ctime'][$this->namespace]) == false) {
$code = $_SESSION['securimage_code_value'][$this->namespace];
$time = $_SESSION['securimage_code_ctime'][$this->namespace];
$disp = $_SESSION['securimage_code_disp'] [$this->namespace];
}
}
}
if (empty($code) && $this->use_database) {
// no code in session - may mean user has cookies turned off
$this->openDatabase();
$code = $this->getCodeFromDatabase();
} else { /* no code stored in session or sqlite database, validation will fail */ }
if ($array == true) {
return array('code' => $code, 'ctime' => $time, 'display' => $disp);
} else {
return $code;
}
if (empty($code) && $this->use_database) {
// no code in session - may mean user has cookies turned off
$this->openDatabase();
$code = $this->getCodeFromDatabase();
} else { /* no code stored in session or sqlite database, validation will fail */ }
if ($array == true) {
return array('code' => $code, 'ctime' => $time, 'display' => $disp);
} else {
return $code;
}
}
/**
@ -1378,24 +1378,24 @@ class Securimage
header("Pragma: no-cache");
}
switch ($this->image_type) {
case self::SI_IMAGE_JPEG:
if ($this->send_headers) header("Content-Type: image/jpeg");
imagejpeg($this->im, null, 90);
break;
case self::SI_IMAGE_GIF:
if ($this->send_headers) header("Content-Type: image/gif");
imagegif($this->im);
break;
default:
if ($this->send_headers) header("Content-Type: image/png");
imagepng($this->im);
break;
switch ($this->image_type) {
case self::SI_IMAGE_JPEG:
if ($this->send_headers) header("Content-Type: image/jpeg");
imagejpeg($this->im, null, 90);
break;
case self::SI_IMAGE_GIF:
if ($this->send_headers) header("Content-Type: image/gif");
imagegif($this->im);
break;
default:
if ($this->send_headers) header("Content-Type: image/png");
imagepng($this->im);
break;
}
} else {
echo '<hr /><strong>'
.'Failed to generate captcha image, content has already been '
.'output.<br />This is most likely due to misconfiguration or '
} else {
echo '<hr /><strong>'
.'Failed to generate captcha image, content has already been '
.'output.<br />This is most likely due to misconfiguration or '
.'a PHP error was sent to the browser.</strong>';
}
@ -1943,10 +1943,10 @@ class Securimage
if ($this->audio_gap_max > 0 && $this->audio_gap_max > $this->audio_gap_min) {
$wavCaptcha->insertSilence( mt_rand($this->audio_gap_min, $this->audio_gap_max) / 1000.0 );
}
} catch (Exception $ex) {
} catch (Exception $ex) {
// failed to open file, or the wav file is broken or not supported
// 2 wav files were not compatible, different # channels, bits/sample, or sample rate
throw $ex;
throw $ex;
}
}
@ -2038,18 +2038,18 @@ class Securimage
*
* @return bool true if headers haven't been sent and no output/errors will break audio/images, false if unsafe
*/
protected function canSendHeaders()
{
if (headers_sent()) {
// output has been flushed and headers have already been sent
return false;
} else if (strlen((string)ob_get_contents()) > 0) {
// headers haven't been sent, but there is data in the buffer that will break image and audio data
return false;
}
return true;
}
protected function canSendHeaders()
{
if (headers_sent()) {
// output has been flushed and headers have already been sent
return false;
} else if (strlen((string)ob_get_contents()) > 0) {
// headers haven't been sent, but there is data in the buffer that will break image and audio data
return false;
}
return true;
}
/**
* Return a random float between 0 and 0.9999