/** * XoopsCaptchaMethod::loadConfig() * * @param string $name * * @return array */ public function loadConfig($name = '') { if (!is_object($this->handler)) { $this->config = array(); } else { $this->config = empty($name) ? $this->handler->config : array_merge($this->handler->config, $this->handler->loadConfig($name)); } }
public function __construct() { $this->captchaHandler = XoopsCaptcha::getInstance(); $this->config = $this->loadConfig(); $this->plugin_List = $this->getPluginList(); $this->plugin_config = $this->loadConfigPlugin(); $this->xcaptcha_path_plugin = \XoopsBaseConfig::get('root-path') . '/modules/xcaptcha/plugins'; }
/** * @covers Xoops\Form\Captcha::setConfig */ public function testSetConfig() { $value = $this->object->setConfig('dummy_name', 'dummy_value'); $this->assertTrue($value); $handler = \XoopsCaptcha::getInstance(); $configs = $handler->config; $this->assertTrue(is_array($configs)); $this->assertSame('dummy_value', $configs['dummy_name']); }
/** * @covers XoopsCaptcha::readConfig */ public function testReadConfig() { $x = $this->object->readConfig('captcha.config'); $this->assertTrue(is_array($x)); $this->assertTrue(isset($x['disabled'])); $this->assertTrue(isset($x['mode'])); $this->assertTrue(isset($x['name'])); $this->assertTrue(isset($x['skipmember'])); $this->assertTrue(isset($x['maxattempts'])); }
/** * @param string $caption Caption of the form element, default value is defined in captcha/language/ * @param string $name Name for the input box * @param boolean $skipmember Skip CAPTCHA check for members * @param int $numchar Number of characters in image mode, and input box size for text mode * @param int $minfontsize Minimum font-size of characters in image mode * @param int $maxfontsize Maximum font-size of characters in image mode * @param int $backgroundtype Background type in image mode: 0 - bar; 1 - circle; 2 - line; 3 - rectangle; 4 - ellipse; 5 - polygon; 100 - generated from files * @param int $backgroundnum Number of background images in image mode * */ function XoopsFormCaptcha($caption = '', $name = 'xoopscaptcha', $skipmember = null, $numchar = null, $minfontsize = null, $maxfontsize = null, $backgroundtype = null, $backgroundnum = null) { if (!class_exists("XoopsCaptcaha")) { require_once SMARTOBJECT_ROOT_PATH . "/include/captcha/captcha.php"; } $this->_captchaHandler =& XoopsCaptcha::instance(); $this->_captchaHandler->init($name, $skipmember, $numchar, $minfontsize, $maxfontsize, $backgroundtype, $backgroundnum); if (!$this->_captchaHandler->active) { $this->setHidden(); } else { $caption = !empty($caption) ? $caption : $this->_captchaHandler->getCaption(); $this->setCaption($caption); } }
/** * * @param string $caption Caption of the form element, default value is defined in captcha/language/ * @param string $name Name for the input box * @param boolean $skipmember Skip CAPTCHA check for members */ function XoopsFormCaptcha($caption = '', $name = 'xoopscaptcha', $skipmember = true, $configs = array()) { xoops_load('XoopsCaptcha'); $this->captchaHandler =& XoopsCaptcha::getInstance(); $configs['name'] = $name; $configs['skipmember'] = $skipmember; $this->captchaHandler->setConfigs($configs); if (!$this->captchaHandler->isActive()) { $this->setHidden(); } else { $caption = !empty($caption) ? $caption : $this->captchaHandler->getCaption(); $this->setCaption($caption); $this->setName($name); } }
/** * Create Code * * @return bool */ public function generateCode() { if ($this->invalid) { return false; } if ($this->mode === "bmp") { $this->config["num_chars"] = 4; $this->code = mt_rand(pow(10, $this->config["num_chars"] - 1), (int) str_pad("9", $this->config["num_chars"], "9")); } else { $raw_code = md5(uniqid(mt_rand(), 1)); if (!empty($this->config["skip_characters"])) { $valid_code = str_replace($this->config["skip_characters"], "", $raw_code); $this->code = substr($valid_code, 0, $this->config["num_chars"]); } else { $this->code = substr($raw_code, 0, $this->config["num_chars"]); } if (!$this->config["casesensitive"]) { $this->code = strtoupper($this->code); } } $this->captcha_handler->setCode($this->code); return true; }
/** * XoopsCaptchaRecaptcha2::verify() * * @param string|null $sessionName unused for recaptcha * * @return bool */ public function verify($sessionName = null) { $isValid = false; $recaptchaResponse = Request::getString('g-recaptcha-response', ''); $recaptchaVerifyURL = 'https://www.google.com/recaptcha/api/siteverify?secret=' . $this->config['secret_key'] . '&response=' . $recaptchaResponse . '&remoteip=' . IPAddress::fromRequest()->asReadable(); $usedCurl = false; if (function_exists('curl_init') && false !== ($curlHandle = curl_init())) { curl_setopt($curlHandle, CURLOPT_URL, $recaptchaVerifyURL); curl_setopt($curlHandle, CURLOPT_FAILONERROR, true); curl_setopt($curlHandle, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curlHandle, CURLOPT_CONNECTTIMEOUT, 5); $curlReturn = curl_exec($curlHandle); if (false === $curlReturn) { trigger_error(curl_error($curlHandle)); } else { $usedCurl = true; $recaptchaCheck = json_decode($curlReturn, true); } curl_close($curlHandle); } if (false === $usedCurl) { $recaptchaCheck = file_get_contents($recaptchaVerifyURL); $recaptchaCheck = json_decode($recaptchaCheck, true); } if (isset($recaptchaCheck['success']) && $recaptchaCheck['success'] === true) { $isValid = true; } else { /** @var \XoopsCaptcha $captchaInstance */ $captchaInstance = \XoopsCaptcha::getInstance(); /** @var array $recaptchaCheck */ foreach ($recaptchaCheck['error-codes'] as $msg) { $captchaInstance->message[] = $msg; } } return $isValid; }
echo "<input type='hidden' name='user_viewemail' value='" . $user_viewemail . "' />\n <input type='hidden' name='timezone_offset' value='" . (double) $timezone_offset . "' />\n <input type='hidden' name='url' value='" . $myts->htmlSpecialChars($url) . "' />\n <input type='hidden' name='pass' value='" . $myts->htmlSpecialChars($pass) . "' />\n <input type='hidden' name='vpass' value='" . $myts->htmlSpecialChars($vpass) . "' />\n <input type='hidden' name='user_mailok' value='" . $user_mailok . "' />\n <br /><br /><input type='hidden' name='op' value='finish' />" . $GLOBALS['xoopsSecurity']->getTokenHTML() . "<input type='submit' value='" . _US_FINISH . "' /></form>"; } else { echo "<span style='color:#ff0000;'>{$stop}</span>"; include 'include/registerform.php'; $reg_form->display(); } include 'footer.php'; break; case 'finish': include 'header.php'; $stop = XoopsUserUtility::validate($uname, $email, $pass, $vpass); if (!$GLOBALS['xoopsSecurity']->check()) { $stop .= implode('<br />', $GLOBALS['xoopsSecurity']->getErrors()) . "<br />"; } xoops_load("captcha"); $xoopsCaptcha = XoopsCaptcha::getInstance(); if (!$xoopsCaptcha->verify()) { $stop .= $xoopsCaptcha->getMessage() . "<br />"; } if (empty($stop)) { $member_handler =& xoops_gethandler('member'); $newuser =& $member_handler->createUser(); $newuser->setVar('user_viewemail', $user_viewemail, true); $newuser->setVar('uname', $uname, true); $newuser->setVar('email', $email, true); if ($url != '') { $newuser->setVar('url', formatURL($url), true); } $newuser->setVar('user_avatar', 'blank.gif', true); $actkey = substr(md5(uniqid(mt_rand(), 1)), 0, 8); $newuser->setVar('actkey', $actkey, true);
$form->display(); echo "<div>" . _AM_WARN . "</div>"; } else { echo "<table class='outer' width='100%'><th><center><font size='4'>" . $title . "</font></center></th></table><div style='color: red; font-weight: bold; text-decoration: blink; font-size: x-large; text-align:center'>" . _AM_NOELE . "</div>"; } include_once XOOPS_ROOT_PATH . '/footer.php'; } else { // SecurityImage by DuGris include_once XOOPS_ROOT_PATH . "/class/xoopsformloader.php"; if (defined('SECURITYIMAGE_INCLUDED') && !SecurityImage::CheckSecurityImage()) { $redirect = XOOPS_URL . "/modules/" . $modversion["dirname"] . "/formulaire.php?id=" . $_GET['id'] . "&qcm=" . $_GET['qcm']; redirect_header($redirect, 2, _SECURITYIMAGE_ERROR); exit; } elseif (!empty($framework)) { include_once XOOPS_ROOT_PATH . '/Frameworks/captcha/captcha.php'; $security = new XoopsCaptcha(); if (!$security->verify(true)) { if (!empty($_POST['pical_eventid'])) { $redirect = XOOPS_URL . "/modules/piCal/?event_id=" . intval($_POST['pical_eventid']); } else { $redirect = XOOPS_URL . "/modules/" . $modversion["dirname"] . "/formulaire.php?id=" . $_GET['id'] . "&qcm=" . $_GET['qcm']; } redirect_header($redirect, 2, XOOPS_CAPTCHA_INVALID_CODE); exit; } } // SecurityImage by DuGris if ($qcm == '1') { $h = 0; $tabtemp = $myts->makeTboxData4Save($_POST["tab"]); $tabval = array();
public function displayPost() { $xoops = Xoops::getInstance(); if (Request::getMethod() !== 'POST') { $xoops->redirect(\XoopsBaseConfig::get('url'), 1, XoopsLocale::E_NO_ACCESS_PERMISSION); } $id = Request::getInt('com_id'); $modid = Request::getInt('com_modid'); if (empty($modid)) { $xoops->redirect(\XoopsBaseConfig::get('url'), 1, XoopsLocale::E_NO_ACCESS_PERMISSION); } /* @var $comment CommentsComment */ $comment = $this->getHandlerComment()->get($id); if (!is_object($comment)) { $xoops->redirect(\XoopsBaseConfig::get('url'), 1, XoopsLocale::E_NO_ACCESS_PERMISSION); } if (!$comment->isNew()) { $modid = $comment->getVar('modid'); } else { $comment->setVar('modid', $modid); } $module = $xoops->getModuleById($modid); if (!is_object($module)) { $xoops->redirect(\XoopsBaseConfig::get('url'), 1, XoopsLocale::E_NO_ACCESS_PERMISSION); } $moddir = $module->getVar('dirname'); if ($xoops->isAdminSide) { if (empty($id)) { $xoops->redirect(\XoopsBaseConfig::get('url'), 1, XoopsLocale::E_NO_ACCESS_PERMISSION); } $redirect_page = $this->url('admin/main.php?com_modid=' . $modid . '&com_itemid'); } else { if (COMMENTS_APPROVENONE == $xoops->getModuleConfig('com_rule', $module->getVar('dirname'))) { $xoops->redirect(\XoopsBaseConfig::get('url'), 1, XoopsLocale::E_NO_ACCESS_PERMISSION); } $redirect_page = ''; } /* @var $plugin CommentsPluginInterface */ if ($plugin = \Xoops\Module\Plugin::getPlugin($moddir, 'comments')) { if (!$xoops->isAdminSide) { $redirect_page = $xoops->url('modules/' . $moddir . '/' . $plugin->pageName() . '?'); if (is_array($extraParams = $plugin->extraParams())) { $extra_params = ''; foreach ($extraParams as $extra_param) { $extra_params .= isset($_POST[$extra_param]) ? $extra_param . '=' . htmlspecialchars($_POST[$extra_param]) . '&' : $extra_param . '=amp;'; } $redirect_page .= $extra_params; } $redirect_page .= $plugin->itemName(); } $comment_url = $redirect_page; $op = Request::getBool('com_dopost') ? 'post' : ''; $op = Request::getBool('com_dopreview') ? 'preview' : $op; $op = Request::getBool('com_dodelete') ? 'delete' : $op; if ($op === 'preview' || $op === 'post') { if (!$xoops->security()->check()) { $op = ''; } } if ($op === 'post' && !$xoops->isUser()) { $xoopsCaptcha = XoopsCaptcha::getInstance(); if (!$xoopsCaptcha->verify()) { $captcha_message = $xoopsCaptcha->getMessage(); $op = 'preview'; } } $title = XoopsLocale::trim(Request::getString('com_title')); $text = XoopsLocale::trim(Request::getString('com_text')); $mode = XoopsLocale::trim(Request::getString('com_mode', 'flat')); $order = XoopsLocale::trim(Request::getString('com_order', COMMENTS_OLD1ST)); $itemid = Request::getInt('com_itemid'); $pid = Request::getInt('com_pid'); $rootid = Request::getInt('com_rootid'); $status = Request::getInt('com_status'); $dosmiley = Request::getBool('com_dosmiley'); $doxcode = Request::getBool('com_doxcode'); $dobr = Request::getBool('com_dobr'); $dohtml = Request::getBool('com_html'); $doimage = Request::getBool('com_doimage'); $icon = XoopsLocale::trim(Request::getString('com_icon')); $comment->setVar('title', $title); $comment->setVar('text', $text); $comment->setVar('itemid', $itemid); $comment->setVar('pid', $pid); $comment->setVar('rootid', $rootid); $comment->setVar('status', $status); $comment->setVar('dosmiley', $dosmiley); $comment->setVar('doxcode', $doxcode); $comment->setVar('dobr', $dobr); $comment->setVar('dohtml', $dohtml); $comment->setVar('doimage', $doimage); $comment->setVar('icon', $icon); switch ($op) { case "delete": $this->displayDelete(); break; case "preview": $comment->setVar('doimage', 1); if ($comment->getVar('dohtml') != 0) { if ($xoops->isUser()) { if (!$xoops->user->isAdmin($comment->getVar('modid'))) { $comment->setVar('dohtml', 0); } } else { $comment->setVar('dohtml', 0); } } $xoops->header(); if (!$xoops->isAdminSide && !empty($captcha_message)) { echo $xoops->alert('error', $captcha_message); } echo $this->renderHeader($comment->getVar('title', 'p'), $comment->getVar('text', 'p'), false, time()); $this->displayCommentForm($comment); $xoops->footer(); break; case "post": $comment->setVar('doimage', 1); $comment_handler = $this->getHandlerComment(); $add_userpost = false; $call_approvefunc = false; $call_updatefunc = false; // RMV-NOTIFY - this can be set to 'comment' or 'comment_submit' $notify_event = false; if (!empty($id)) { $accesserror = false; if ($xoops->isUser()) { if ($xoops->user->isAdmin($comment->getVar('modid'))) { if (!empty($status) && $status != COMMENTS_PENDING) { $old_status = $comment->getVar('status'); $comment->setVar('status', $status); // if changing status from pending state, increment user post if (COMMENTS_PENDING == $old_status) { $add_userpost = true; if (COMMENTS_ACTIVE == $status) { $call_updatefunc = true; $call_approvefunc = true; // RMV-NOTIFY $notify_event = 'comment'; } } else { if (COMMENTS_HIDDEN == $old_status && COMMENTS_ACTIVE == $status) { $call_updatefunc = true; // Comments can not be directly posted hidden, // no need to send notification here } else { if (COMMENTS_ACTIVE == $old_status && COMMENTS_HIDDEN == $status) { $call_updatefunc = true; } } } } } else { $comment->setVar('dohtml', 0); if ($comment->getVar('uid') != $xoops->user->getVar('uid')) { $accesserror = true; } } } else { $comment->setVar('dohtml', 0); $accesserror = true; } if (false != $accesserror) { $xoops->redirect($redirect_page . '=' . $comment->getVar('itemid') . '&com_id=' . $comment->getVar('id') . '&com_mode=' . $mode . '&com_order=' . $order, 1, XoopsLocale::E_NO_ACCESS_PERMISSION); } } else { $comment->setVar('created', time()); $comment->setVar('ip', $xoops->getEnv('REMOTE_ADDR')); if ($xoops->isUser()) { if ($xoops->user->isAdmin($comment->getVar('modid'))) { $comment->setVar('status', COMMENTS_ACTIVE); $add_userpost = true; $call_approvefunc = true; $call_updatefunc = true; // RMV-NOTIFY $notify_event = 'comment'; } else { $comment->setVar('dohtml', 0); switch ($xoops->getModuleConfig('com_rule')) { case COMMENTS_APPROVEALL: case COMMENTS_APPROVEUSER: $comment->setVar('status', COMMENTS_ACTIVE); $add_userpost = true; $call_approvefunc = true; $call_updatefunc = true; // RMV-NOTIFY $notify_event = 'comment'; break; case COMMENTS_APPROVEADMIN: default: $comment->setVar('status', COMMENTS_PENDING); $notify_event = 'comment_submit'; break; } } if ($xoops->getModuleConfig('com_anonpost', $module->getVar('dirname')) && $comment->getVar('noname')) { $comment->setVar('uid', 0); } else { $comment->setVar('uid', $xoops->user->getVar('uid')); } } else { $comment->setVar('dohtml', 0); $comment->setVar('uid', 0); if ($xoops->getModuleConfig('com_anonpost', $module->getVar('dirname')) != 1) { $xoops->redirect($redirect_page . '=' . $comment->getVar('itemid') . '&com_id=' . $comment->getVar('id') . '&com_mode=' . $mode . '&com_order=' . $order, 1, XoopsLocale::E_NO_ACCESS_PERMISSION); } } if ($comment->getVar('uid') == 0) { switch ($xoops->getModuleConfig('com_rule')) { case COMMENTS_APPROVEALL: $comment->setVar('status', COMMENTS_ACTIVE); $add_userpost = true; $call_approvefunc = true; $call_updatefunc = true; // RMV-NOTIFY $notify_event = 'comment'; break; case COMMENTS_APPROVEADMIN: case COMMENTS_APPROVEUSER: default: $comment->setVar('status', COMMENTS_PENDING); // RMV-NOTIFY $notify_event = 'comment_submit'; break; } } } if ($comment->getVar('title') == '') { $comment->setVar('title', XoopsLocale::NO_TITLE); } $comment->setVar('modified', time()); if (isset($extra_params)) { $comment->setVar('exparams', $extra_params); } if (false != $comment_handler->insert($comment)) { $newcid = $comment->getVar('id'); // set own id as root id if this is a top comment if ($comment->getVar('rootid') == 0) { $comment->setVar('rootid', $newcid); if (!$comment_handler->updateByField($comment, 'rootid', $comment->getVar('rootid'))) { $comment_handler->delete($comment); $xoops->header(); echo $xoops->alert('error', $comment->getHtmlErrors()); $xoops->footer(); } } // call custom approve function if any if (false != $call_approvefunc) { $plugin->approve($comment); } if (false != $call_updatefunc) { $criteria = new CriteriaCompo(new Criteria('modid', $comment->getVar('modid'))); $criteria->add(new Criteria('itemid', $comment->getVar('itemid'))); $criteria->add(new Criteria('status', COMMENTS_ACTIVE)); $comment_count = $comment_handler->getCount($criteria); $plugin->update($comment->getVar('itemid'), $comment_count); } // increment user post if needed $uid = $comment->getVar('uid'); if ($uid > 0 && false != $add_userpost) { $member_handler = $xoops->getHandlerMember(); $poster = $member_handler->getUser($uid); if ($poster instanceof XoopsUser) { $member_handler->updateUserByField($poster, 'posts', $poster->getVar('posts') + 1); } } // RMV-NOTIFY // trigger notification event if necessary if ($notify_event && $xoops->isActiveModule('notifications')) { $notifications = Notifications::getInstance(); $not_modid = $comment->getVar('modid'); $not_catinfo = $notifications->getCommentsCategory($module->getVar('dirname')); $not_category = $not_catinfo['name']; $not_itemid = $comment->getVar('itemid'); $not_event = $notify_event; // Build an ABSOLUTE URL to view the comment. Make sure we // point to a viewable page (i.e. not the system administration // module). $comment_tags = array(); $comment_tags['X_COMMENT_URL'] = $comment_url . '=' . $comment->getVar('itemid') . '&com_id=' . $comment->getVar('id') . '&com_rootid=' . $comment->getVar('rootid') . '&com_mode=' . $mode . '&com_order=' . $order . '#comment' . $comment->getVar('id'); if ($xoops->isActiveModule('notifications')) { Notifications::getInstance()->getHandlerNotification()->triggerEvent($not_category, $not_itemid, $not_event, $comment_tags, false, $not_modid); } } if (!isset($comment_post_results)) { // if the comment is active, redirect to posted comment if ($comment->getVar('status') == COMMENTS_ACTIVE) { $xoops->redirect($redirect_page . '=' . $comment->getVar('itemid') . '&com_id=' . $comment->getVar('id') . '&com_rootid=' . $comment->getVar('rootid') . '&com_mode=' . $mode . '&com_order=' . $order . '#comment' . $comment->getVar('id'), 1, _MD_COMMENTS_THANKSPOST); } else { // not active, so redirect to top comment page $xoops->redirect($redirect_page . '=' . $comment->getVar('itemid') . '&com_mode=' . $mode . '&com_order=' . $order . '#comment' . $comment->getVar('id'), 1, _MD_COMMENTS_THANKSPOST); } } } else { if (!isset($purge_comment_post_results)) { $xoops->header(); echo $xoops->alert('error', $comment->getHtmlErrors()); $xoops->footer(); } else { $comment_post_results = $comment->getErrors(); } } break; default: $xoops->redirect(\XoopsBaseConfig::get('url') . '/', 1, implode('<br />', $xoops->security()->getErrors())); break; } } }
function __construct() { xoops_load('XoopsCaptcha'); $this->captcha_handler = XoopsCaptcha::getInstance(); $this->config = $this->captcha_handler->loadConfig("image"); }
/** * renderValidationJS * * @return string */ public function renderValidationJS() { return $this->captchaHandler->renderValidationJS(); }
$_SESSION['xoopsUserGroups'] = $user->getGroups(); if ($xoopsConfig['use_mysession'] && $xoopsConfig['session_name'] != '') { setcookie($xoopsConfig['session_name'], session_id(), time() + 60 * $xoopsConfig['session_expire'], '/', '', 0); } $user_theme = $user->getVar('theme'); if (in_array($user_theme, $xoopsConfig['theme_set_allowed'])) { $_SESSION['xoopsUserTheme'] = $user_theme; } } $xoopsUser =& $user; $xoopsUserIsAdmin = $xoopsUser->isAdmin($xoopsModule->getVar('mid')); } } if (!is_object($xoopsUser)) { xoops_load("captcha"); $xoopsCaptcha = XoopsCaptcha::instance(); if (!$xoopsCaptcha->verify()) { $captcha_invalid = true; $error_message[] = $xoopsCaptcha->getMessage(); } } $isadmin = newbb_isAdmin($forum_obj); $time_valid = true; if (!$isadmin && !empty($xoopsModuleConfig['post_timelimit'])) { $last_post = newbb_getsession('LP'); if (time() - $last_post < $xoopsModuleConfig['post_timelimit']) { $time_valid = false; } } if ($captcha_invalid || !$token_valid || !$time_valid) { $_POST['contents_preview'] = 1;