/**
* Store a newly created resource in storage.
*
* @return Response
*/
public function store(Comment $result)
{
$attributes = $result->all();
$attributes['type_id'] = 0;
if (!captcha_check($attributes['captcha'])) {
Notification::error('验证码错误');
return redirect()->route('article.show', ['id' => $attributes['el_id'], '#commentList'])->withInput();
}
unset($attributes['captcha']);
if (Session::token() !== $attributes['_token']) {
Notification::error('token错误');
return redirect()->route('article.show', ['id' => $attributes['el_id'], '#commentList'])->withInput();
}
unset($attributes['_token']);
try {
$attributes['content'] = htmlspecialchars($attributes['content']);
CommentModel::create($attributes);
ArticleStatus::updateCommentNumber($attributes['el_id']);
Notification::success('评论成功');
return redirect()->route('article.show', ['id' => $attributes['el_id'], '#commentList']);
} catch (\Exception $e) {
Notification::error($e->getMessage());
return redirect()->route('article.show', ['id' => $attributes['el_id'], '#commentList'])->withInput();
}
}
public function checkCaptcha()
{
$captchaStore = new \App\Captcha\CaptchaStore();
$captchaStore->add(false, 'abc', \Carbon\Carbon::now()->subMinute(1));
$captchaStore->add(false, 'abc', \Carbon\Carbon::now()->addMinute(1));
$captchaStore->add(true, 'aBc', \Carbon\Carbon::now()->addMinute(1));
$serializedCaptchaStore = serialize($captchaStore);
$captchaStore = unserialize($serializedCaptchaStore);
dd(\Cache::get('captcha'), captcha_check(\Request::get('captcha')), \Cache::get('captcha'));
}
/**
* Boot the service provider.
*
* @return null
*/
public function boot()
{
// Publish configuration files
$this->publishes([__DIR__ . '/config/captcha.php' => config_path('captcha.php')], 'config');
// HTTP routing
$this->app['router']->get('captcha/{config?}', '\\App\\Captcha\\CaptchaController@getCaptcha');
// Validator extensions
$this->app['validator']->extend('captcha', function ($attribute, $value, $parameters) {
return captcha_check($value);
});
}
/**
* Boot the service provider.
*
* @return null
*/
public function boot()
{
// Publish configuration files
$this->publishes([__DIR__ . '/../config/captcha.php' => config_path('captcha.php')], 'config');
// HTTP routing
if (strpos($this->app->version(), 'Lumen') !== false) {
$this->app->get('captcha[/{config}]', 'Mews\\Captcha\\LumenCaptchaController@getCaptcha');
} else {
$this->app['router']->get('captcha/{config?}', '\\Mews\\Captcha\\CaptchaController@getCaptcha');
}
// Validator extensions
$this->app['validator']->extend('captcha', function ($attribute, $value, $parameters) {
return captcha_check($value);
});
}
public function boot()
{
//Route for controller
$this->app['router']->get('captcha/{width?}/{heigth?}', ['as' => 'captcha', 'uses' => '\\EltonFonseca\\Captcha\\CaptchaController@getCaptcha']);
// Validator extensions
$this->app['validator']->extend('captcha', function ($attribute, $value, $parameters) {
return captcha_check($value);
});
// validator message
$this->app['validator']->replacer('attribute', function ($message, $attribute, $rule, $parameters) {
if ($rule == 'validation.captcha') {
return 'Por favor, some os dois números';
}
return $message;
});
}
/**
* Boot the service provider.
*
* @return null
*/
public function boot()
{
// Publish configuration files
$this->publishes([__DIR__ . '/../config/captcha.php' => config_path('captcha.php')], 'config');
// HTTP routing
if (starts_with($this->app->version(), '5.2.') !== false) {
//Laravel 5.2.x
$this->app['router']->get('captcha/{config?}', '\\Heyanlong\\Captcha\\CaptchaController@getCaptcha')->middleware('web');
} else {
//Laravel 5.0.x ~ 5.1.x
$this->app['router']->get('captcha/{config?}', '\\Heyanlong\\Captcha\\CaptchaController@getCaptcha');
}
// Validator extensions
$this->app['validator']->extend('captcha', function ($attribute, $value, $parameters) {
$config = 'default';
if (isset($parameters[0])) {
$config = $parameters[0];
}
return captcha_check($value, $config);
});
}
function rsvp_save($event)
{
$ret = 0;
if (!captcha_check(trim($_REQUEST['captcha']))) {
return 3;
}
if (!strtolower(trim($email)) != strtolower(trim($email2))) {
return 4;
}
if (!check_email_address($email)) {
return 5;
}
$regrets = $_REQUEST['regrets'];
$regrets = is_null($regrets) ? 'FALSE' : 'TRUE';
$conn = mysql_connect('localhost', $db_user, $db_pass);
if ($conn) {
mysql_select_db($db_name);
$sql = sprintf("select count(*) from rsvps where email='%s' and event_id=1", mysql_real_escape_string($_REQUEST['email']));
$rs = mysql_query($sql);
if (mysql_result($rs, 0) == 0) {
$sql = sprintf("insert into rsvps (" + "event_id,email,firstname,lastname,adults,children" + ") values (" + "1, '%s', '%s', '%s', '%s', %d, %d, '%s'" + ")", mysql_real_escape_string($_REQUEST['email']), mysql_real_escape_string($_REQUEST['firstname']), mysql_real_escape_string($_REQUEST['lastname']), $regrets, $_REQUEST['adults'], $_REQUEST['children'], $_REQUEST['phone']);
mysql_query($sql);
$last_id = mysql_insert_id();
if ($last_id <= 0) {
$ret = 2;
}
} else {
$sql = sprintf("update rsvps set " + " firstname='%s' " + " ,lastname='%s' " + " ,regrets='%s' " + " ,adults=%d " + " ,children=%d " + " ,phone='%s' " + " ,updated=CURRENT_TIMESTAMP " + " WHERE email='%s' and event_id=1 ", mysql_real_escape_string($_REQUEST['firstname']), mysql_real_escape_string($_REQUEST['lastname']), $regrets, $_REQUEST['adults'], $_REQUEST['children'], mysql_real_escape_string($_REQUEST['phone']));
mysql_query($sql);
}
mysql_close($conn);
} else {
$ret = 1;
}
return $ret;
}
public function validateCaptcha($attribute, $value, $parameters)
{
return captcha_check($value);
}
public function onPageRequest(PageRequestEvent $event)
{
global $config, $page, $user;
// user info is shown on all pages
if ($user->is_anonymous()) {
$this->theme->display_login_block($page);
} else {
$ubbe = new UserBlockBuildingEvent();
send_event($ubbe);
ksort($ubbe->parts);
$this->theme->display_user_block($page, $user, $ubbe->parts);
}
if ($event->page_matches("user_admin")) {
if ($event->get_arg(0) == "login") {
if (isset($_POST['user']) && isset($_POST['pass'])) {
$this->login($page);
} else {
$this->theme->display_login_page($page);
}
} else {
if ($event->get_arg(0) == "recover") {
$user = User::by_name($_POST['username']);
if (is_null($user)) {
$this->theme->display_error(404, "Error", "There's no user with that name");
} else {
if (is_null($user->email)) {
$this->theme->display_error(400, "Error", "That user has no registered email address");
} else {
// send email
}
}
} else {
if ($event->get_arg(0) == "create") {
if (!$config->get_bool("login_signup_enabled")) {
$this->theme->display_signups_disabled($page);
} else {
if (!isset($_POST['name'])) {
$this->theme->display_signup_page($page);
} else {
if ($_POST['pass1'] != $_POST['pass2']) {
$this->theme->display_error(400, "Password Mismatch", "Passwords don't match");
} else {
try {
if (!captcha_check()) {
throw new UserCreationException("Error in captcha");
}
$uce = new UserCreationEvent($_POST['name'], $_POST['pass1'], $_POST['email']);
send_event($uce);
$this->set_login_cookie($uce->username, $uce->password);
$page->set_mode("redirect");
$page->set_redirect(make_link("user"));
} catch (UserCreationException $ex) {
$this->theme->display_error(400, "User Creation Error", $ex->getMessage());
}
}
}
}
} else {
if ($event->get_arg(0) == "list") {
// select users.id,name,joindate,admin,
// (select count(*) from images where images.owner_id=users.id) as images,
// (select count(*) from comments where comments.owner_id=users.id) as comments from users;
// select users.id,name,joindate,admin,image_count,comment_count
// from users
// join (select owner_id,count(*) as image_count from images group by owner_id) as _images on _images.owner_id=users.id
// join (select owner_id,count(*) as comment_count from comments group by owner_id) as _comments on _comments.owner_id=users.id;
$this->theme->display_user_list($page, User::by_list(0), $user);
} else {
if ($event->get_arg(0) == "logout") {
set_prefixed_cookie("session", "", time() + 60 * 60 * 24 * $config->get_int('login_memory'), "/");
if (CACHE_HTTP || SPEED_HAX) {
# to keep as few versions of content as possible,
# make cookies all-or-nothing
set_prefixed_cookie("user", "", time() + 60 * 60 * 24 * $config->get_int('login_memory'), "/");
}
log_info("user", "Logged out");
$page->set_mode("redirect");
// Try forwarding to same page on logout unless user comes from registration page
if ($config->get_int("user_loginshowprofile", 0) == 0 && isset($_SERVER['HTTP_REFERER']) && strstr($_SERVER['HTTP_REFERER'], "post/")) {
$page->set_redirect($_SERVER['HTTP_REFERER']);
} else {
$page->set_redirect(make_link());
}
}
}
}
}
}
if (!$user->check_auth_token()) {
return;
} else {
if ($event->get_arg(0) == "change_pass") {
if (isset($_POST['id']) && isset($_POST['pass1']) && isset($_POST['pass2'])) {
$duser = User::by_id($_POST['id']);
if (!$duser instanceof User) {
throw new NullUserException("Error: the user id does not exist!");
}
$pass1 = $_POST['pass1'];
$pass2 = $_POST['pass2'];
$this->change_password_wrapper($duser, $pass1, $pass2);
}
} else {
if ($event->get_arg(0) == "change_email") {
if (isset($_POST['id']) && isset($_POST['address'])) {
$duser = User::by_id($_POST['id']);
if (!$duser instanceof User) {
throw new NullUserException("Error: the user id does not exist!");
}
$address = $_POST['address'];
$this->change_email_wrapper($duser, $address);
}
} else {
if ($event->get_arg(0) == "change_class") {
global $_user_classes;
if (isset($_POST['id']) && isset($_POST['class'])) {
$duser = User::by_id($_POST['id']);
if (!$duser instanceof User) {
throw new NullUserException("Error: the user id does not exist!");
}
$class = $_POST['class'];
if (!array_key_exists($class, $_user_classes)) {
throw Exception("Invalid user class: " . html_escape($class));
}
$this->change_class_wrapper($duser, $class);
}
} else {
if ($event->get_arg(0) == "delete_user") {
$this->delete_user($page, isset($_POST["with_images"]), isset($_POST["with_comments"]));
}
}
}
}
}
}
if ($event->page_matches("user")) {
$display_user = $event->count_args() == 0 ? $user : User::by_name($event->get_arg(0));
if ($event->count_args() == 0 && $user->is_anonymous()) {
$this->theme->display_error(401, "Not Logged In", "You aren't logged in. First do that, then you can see your stats.");
} else {
if (!is_null($display_user) && $display_user->id != $config->get_int("anon_id")) {
$e = new UserPageBuildingEvent($display_user);
send_event($e);
$this->display_stats($e);
} else {
$this->theme->display_error(404, "No Such User", "If you typed the ID by hand, try again; if you came from a link on this " . "site, it might be bug report time...");
}
}
}
}
private function add_comment_wrapper($image_id, $user, $comment, $event)
{
global $database;
global $config;
// basic sanity checks
if (!$config->get_bool('comment_anon') && $user->is_anonymous()) {
throw new CommentPostingException("Anonymous posting has been disabled");
} else {
if (is_null(Image::by_id($image_id))) {
throw new CommentPostingException("The image does not exist");
} else {
if (trim($comment) == "") {
throw new CommentPostingException("Comments need text...");
} else {
if (strlen($comment) > 9000) {
throw new CommentPostingException("Comment too long~");
} else {
if (strlen($comment) / strlen(gzcompress($comment)) > 10) {
throw new CommentPostingException("Comment too repetitive~");
} else {
if ($user->is_anonymous() && !$this->hash_match()) {
throw new CommentPostingException("Comment submission form is out of date; refresh the " . "comment form to show you aren't a spammer~");
} else {
if ($this->is_comment_limit_hit()) {
throw new CommentPostingException("You've posted several comments recently; wait a minute and try again...");
} else {
if ($this->is_dupe($image_id, $comment)) {
throw new CommentPostingException("Someone already made that comment on that image -- try and be more original?");
} else {
if ($config->get_bool('comment_captcha') && !captcha_check()) {
throw new CommentPostingException("Error in captcha");
} else {
if ($user->is_anonymous() && $this->is_spam_akismet($comment)) {
throw new CommentPostingException("Akismet thinks that your comment is spam. Try rewriting the comment, or logging in.");
} else {
$database->Execute("INSERT INTO comments(image_id, owner_id, owner_ip, posted, comment) " . "VALUES(?, ?, ?, now(), ?)", array($image_id, $user->id, $_SERVER['REMOTE_ADDR'], $comment));
$cid = $database->db->Insert_ID();
log_info("comment", "Comment #{$cid} added to Image #{$image_id}");
}
}
}
}
}
}
}
}
}
}
}
/**
* @param int $image_id
* @param User $user
* @param string $comment
* @throws CommentPostingException
*/
private function comment_checks($image_id, User $user, $comment)
{
global $config, $page;
// basic sanity checks
if (!$user->can("create_comment")) {
throw new CommentPostingException("Anonymous posting has been disabled");
} else {
if (is_null(Image::by_id($image_id))) {
throw new CommentPostingException("The image does not exist");
} else {
if (trim($comment) == "") {
throw new CommentPostingException("Comments need text...");
} else {
if (strlen($comment) > 9000) {
throw new CommentPostingException("Comment too long~");
} else {
if (strlen($comment) / strlen(gzcompress($comment)) > 10) {
throw new CommentPostingException("Comment too repetitive~");
} else {
if ($user->is_anonymous() && !$this->hash_match()) {
$page->add_cookie("nocache", "Anonymous Commenter", time() + 60 * 60 * 24, "/");
throw new CommentPostingException("Comment submission form is out of date; refresh the " . "comment form to show you aren't a spammer~");
} else {
if ($this->is_comment_limit_hit()) {
throw new CommentPostingException("You've posted several comments recently; wait a minute and try again...");
} else {
if ($this->is_dupe($image_id, $comment)) {
throw new CommentPostingException("Someone already made that comment on that image -- try and be more original?");
} else {
if ($config->get_bool('comment_captcha') && !captcha_check()) {
throw new CommentPostingException("Error in captcha");
} else {
if ($user->is_anonymous() && $this->is_spam_akismet($comment)) {
throw new CommentPostingException("Akismet thinks that your comment is spam. Try rewriting the comment, or logging in.");
}
}
}
}
}
}
}
}
}
}
}
function captcha_register_check_errors(&$vars)
{
global $main_smarty, $the_template, $captcha_checked;
if ($captcha_checked) {
return;
}
$captcha_checked = true;
$captcha = get_misc_data('captcha_method');
if ($captcha == '') {
$captcha = 'recaptcha';
}
$username = $vars['username'];
$email = $vars['email'];
$password = $vars['password'];
$main_smarty->assign('username', $username);
$main_smarty->assign('email', $email);
$main_smarty->assign('password', $password);
include_once captcha_captchas_path . '/' . $captcha . '/main.php';
if (captcha_check($vars, 2)) {
} else {
$vars['error'] = true;
}
}
<?php
//session_start();
require_once 'securimage/securimage.php';
if (@$_POST['ask'] == "check") {
echo captcha_check();
}
function captcha_check($code = "", $auto = true)
{
session_start();
if ($code == "") {
$code = @$_POST['captcha'];
}
$securimage = new Securimage();
if ($securimage->check($code) == false) {
if ($auto) {
echo '-44';
exit;
} else {
return -1;
}
} else {
return 0;
}
}
function newlend()
{
captcha_check();
$res = checkuser();
$username = $res[0];
if ($username == "") {
echo '-15';
exit;
}
$sex = mysql_real_escape_string(@$_POST['sex']);
$phone = mysql_real_escape_string(@$_POST['phone']);
$length = mysql_real_escape_string(@$_POST['length']);
$hint = mysql_real_escape_string(@$_POST['hint']);
$bike = mysql_real_escape_string(@$_POST['bike']);
$condition = mysql_real_escape_string(@$_POST['condition']);
$time = time();
dbconnect();
$statement = "insert into capubbs.borrow values (null,0,'{$username}','{$sex}','{$phone}',null,'{$bike}','{$condition}','{$length}','{$hint}',{$time},0)";
mysql_query($statement);
echo mysql_errno();
exit;
}
public function onPageRequest(Event $event)
{
global $config, $database, $page, $user;
// user info is shown on all pages
if ($user->is_anonymous()) {
$this->theme->display_login_block($page);
} else {
$ubbe = new UserBlockBuildingEvent();
send_event($ubbe);
ksort($ubbe->parts);
$this->theme->display_user_block($page, $user, $ubbe->parts);
}
if ($event->page_matches("user_admin")) {
if ($event->get_arg(0) == "login") {
if (isset($_POST['user']) && isset($_POST['pass'])) {
$this->login($page);
} else {
$this->theme->display_login_page($page);
}
} else {
if ($event->get_arg(0) == "logout") {
set_prefixed_cookie("session", "", time() + 60 * 60 * 24 * $config->get_int('login_memory'), "/");
if (CACHE_HTTP) {
# to keep as few versions of content as possible,
# make cookies all-or-nothing
set_prefixed_cookie("user", "", time() + 60 * 60 * 24 * $config->get_int('login_memory'), "/");
}
log_info("user", "Logged out");
$page->set_mode("redirect");
$page->set_redirect(make_link());
} else {
if ($event->get_arg(0) == "change_pass") {
$this->change_password_wrapper($page);
} else {
if ($event->get_arg(0) == "change_email") {
$this->change_email_wrapper($page);
} else {
if ($event->get_arg(0) == "recover") {
$user = User::by_name($_POST['username']);
if (is_null($user)) {
$this->theme->display_error($page, "Error", "There's no user with that name");
}
if (is_null($user->email)) {
//
}
} else {
if ($event->get_arg(0) == "create") {
if (!$config->get_bool("login_signup_enabled")) {
$this->theme->display_signups_disabled($page);
} else {
if (!isset($_POST['name'])) {
$this->theme->display_signup_page($page);
} else {
if ($_POST['pass1'] != $_POST['pass2']) {
$this->theme->display_error($page, "Password Mismatch", "Passwords don't match");
} else {
try {
if (!captcha_check()) {
throw new UserCreationException("Error in captcha");
}
$uce = new UserCreationEvent($_POST['name'], $_POST['pass1'], $_POST['email']);
send_event($uce);
$this->set_login_cookie($uce->username, $uce->password);
$page->set_mode("redirect");
$page->set_redirect(make_link("user"));
} catch (UserCreationException $ex) {
$this->theme->display_error($page, "User Creation Error", $ex->getMessage());
}
}
}
}
} else {
if ($event->get_arg(0) == "set_more") {
$this->set_more_wrapper($page);
} else {
if ($event->get_arg(0) == "list") {
// select users.id,name,joindate,admin,
// (select count(*) from images where images.owner_id=users.id) as images,
// (select count(*) from comments where comments.owner_id=users.id) as comments from users;
// select users.id,name,joindate,admin,image_count,comment_count
// from users
// join (select owner_id,count(*) as image_count from images group by owner_id) as _images on _images.owner_id=users.id
// join (select owner_id,count(*) as comment_count from comments group by owner_id) as _comments on _comments.owner_id=users.id;
$this->theme->display_user_list($page, User::by_list(0), $user);
}
}
}
}
}
}
}
}
}
if ($event instanceof PageRequestEvent && $event->page_matches("user")) {
$display_user = $event->count_args() == 0 ? $user : User::by_name($event->get_arg(0));
if ($event->count_args() == 0 && $user->is_anonymous()) {
$this->theme->display_error($page, "Not Logged In", "You aren't logged in. First do that, then you can see your stats.");
} else {
if (!is_null($display_user)) {
send_event(new UserPageBuildingEvent($display_user));
} else {
$this->theme->display_error($page, "No Such User", "If you typed the ID by hand, try again; if you came from a link on this " . "site, it might be bug report time...");
}
}
}
}
<?php
include "../lib/mainfunc.php";
include "../../assets/api/captcha.php";
date_default_timezone_set("Asia/Shanghai");
captcha_check();
$username = $_POST['username'];
$password = $_POST['password1'];
$sex = $_POST['sex'];
$qq = $_POST['qq'];
$icon = $_POST['icon'];
$ip = $_SERVER['REMOTE_ADDR'];
$mail = $_POST['email'];
$intro = $_POST['intro'];
$hobby = $_POST['hobby'];
$place = $_POST['place'];
$sig1 = $_POST['sig1'];
$sig2 = $_POST['sig2'];
$sig3 = $_POST['sig3'];
//$code=@$_POST['code'];
$result = mainfunc(array("ask" => "register", "username" => $username, "password" => $password, "sex" => $sex, "ip" => $ip, "qq" => $qq, "icon" => $icon, "mail" => $mail, "intro" => $intro, "hobby" => $hobby, "place" => $place, "sig1" => $sig1, "sig2" => $sig2, "sig3" => $sig3, "onlinetype" => "web", "browser" => @$_SERVER['HTTP_USER_AGENT']));
$result = $result[0];
#echo(json_encode($result));
header('Content-type:text/html;charset=utf-8');
if (intval($result['code']) == 0) {
$time = time() + 999999;
$date = date("D, d M Y H:i:s", $time) . " GMT";
header('Set-cookie: token=' . $result['token'] . '; expires=' . $date . '; path=/' . "\n");
echo 0;
exit;
} else {
private function page_create()
{
global $config, $page;
if (!$config->get_bool("login_signup_enabled")) {
$this->theme->display_signups_disabled($page);
} else {
if (!isset($_POST['name'])) {
$this->theme->display_signup_page($page);
} else {
if ($_POST['pass1'] != $_POST['pass2']) {
$this->theme->display_error(400, "Password Mismatch", "Passwords don't match");
} else {
try {
if (!captcha_check()) {
throw new UserCreationException("Error in captcha");
}
$uce = new UserCreationEvent($_POST['name'], $_POST['pass1'], $_POST['email']);
send_event($uce);
$this->set_login_cookie($uce->username, $uce->password);
$page->set_mode("redirect");
$page->set_redirect(make_link("user"));
} catch (UserCreationException $ex) {
$this->theme->display_error(400, "User Creation Error", $ex->getMessage());
}
}
}
}
}