PHP phpthumb_functions::PasswordStrength Exemples

Exemple #1

Fichier : phpThumb.php Projet : geekwright/XoopsCore25

        if (substr($key, -2) == '[]') {
            $array_key_name = substr($key, 0, -2);
            $_GET[$array_key_name][] = $value;
            $phpThumb->DebugMessage('PATH_INFO."' . $array_key_name . '[]" = "' . $value . '"', __FILE__, __LINE__);
        } else {
            $_GET[$key] = $value;
            $phpThumb->DebugMessage('PATH_INFO."' . $key . '" = "' . $value . '"', __FILE__, __LINE__);
        }
    }
}
if (!empty($phpThumb->config_high_security_enabled)) {
    if (empty($_GET['hash'])) {
        $phpThumb->config_disable_debug = false;
        // otherwise error message won't print
        $phpThumb->ErrorImage('ERROR: missing hash');
    } elseif (phpthumb_functions::PasswordStrength($phpThumb->config_high_security_password) < 20) {
        $phpThumb->config_disable_debug = false;
        // otherwise error message won't print
        $phpThumb->ErrorImage('ERROR: $PHPTHUMB_CONFIG[high_security_password] is not complex enough');
    } elseif ($_GET['hash'] != md5(str_replace($phpThumb->config_high_security_url_separator . 'hash=' . $_GET['hash'], '', $_SERVER['QUERY_STRING']) . $phpThumb->config_high_security_password)) {
        header('HTTP/1.0 403 Forbidden');
        sleep(10);
        // deliberate delay to discourage password-guessing
        $phpThumb->ErrorImage('ERROR: invalid hash');
    }
}
////////////////////////////////////////////////////////////////
// Debug output, to try and help me diagnose problems
$phpThumb->DebugTimingMessage('phpThumbDebug[0]', __FILE__, __LINE__);
if (isset($_GET['phpThumbDebug']) && $_GET['phpThumbDebug'] == '0') {
    $phpThumb->phpThumbDebug();

Exemple #2

Fichier : phpThumb.demo.check.php Projet : exside/phpThumb

} elseif (file_exists('../phpThumb.config.php') && file_exists('../phpThumb.config.php.default')) {
    echo 'yellow;">"phpThumb.config.php" and "phpThumb.config.php.default" both exist';
} elseif (!file_exists('../phpThumb.config.php') && file_exists('../phpThumb.config.php.default')) {
    echo 'red;">rename "phpThumb.config.php.default" to "phpThumb.config.php"';
} else {
    echo 'red;">"phpThumb.config.php" not found';
}
echo '</th><td>"phpThumb.config.php.default" that comes in the distribution must be renamed to "phpThumb.config.php" before phpThumb.php can be used. Avoid having both files present to minimize confusion.</td></tr>';
echo '<tr><th>phpThumb.config.php<br>[disable_debug]</th>';
echo '<th colspan="2" style="background-color: ' . ($PHPTHUMB_CONFIG['disable_debug'] ? 'lime' : 'red') . '">' . ($PHPTHUMB_CONFIG['disable_debug'] ? 'true' : 'false') . '</th>';
echo '<td>DO NOT DISABLE THIS ON ANY PUBLIC-ACCESSIBLE SERVER. Prevents phpThumb from displaying any information about your system. If true, phpThumbDebug and error messages will be disabled. If set to false (debug messages enabled) then debug mode will be FORCED -- ONLY debug output will be presented, no actual thumbnail (to avoid accidentally leaving debug mode enabled on a production server).</td></tr>';
echo '<tr><th>phpThumb.config.php<br>[high_security_enabled]</th>';
echo '<th colspan="2" style="background-color: ' . ($PHPTHUMB_CONFIG['high_security_enabled'] ? 'lime' : 'red') . '">' . ($PHPTHUMB_CONFIG['high_security_enabled'] ? 'true' : 'false') . '</th>';
echo '<td>DO NOT DISABLE THIS ON ANY PUBLIC-ACCESSIBLE SERVER. If disabled, your server is more vulnerable to hacking attempts, both on your server and via your server to other servers. When enabled, requires "high_security_password" set to be set and requires the use of phpThumbURL() function (at the bottom of phpThumb.config.php) to generate hashed URLs.</td></tr>';
echo '<tr><th>phpThumb.config.php<br>[high_security_password]</th>';
$password_complexity = phpthumb_functions::PasswordStrength($PHPTHUMB_CONFIG['high_security_password']);
echo '<th colspan="2" style="background-color: ' . ($password_complexity >= 20 ? 'lime' : (strlen($PHPTHUMB_CONFIG['high_security_password']) > 0 ? 'orange' : 'red')) . '">' . ($password_complexity >= 20 ? 'sufficiently complex' : (strlen($PHPTHUMB_CONFIG['high_security_password']) > 0 ? 'not complex enough' : 'not set')) . '</th>';
echo '<td>DO NOT DISABLE THIS ON ANY PUBLIC-ACCESSIBLE SERVER. If disabled, your server is more vulnerable to hacking attempts, both on your server and via your server to other servers. When enabled, requires "high_security_password" set to be set and requires the use of phpThumbURL() function (at the bottom of phpThumb.config.php) to generate hashed URLs.</td></tr>';
echo '<tr><th>cache directory:</th><th colspan="2">';
$orig_config_cache_directory = $phpThumb->config_cache_directory;
$phpThumb->setCacheDirectory();
echo '<div style="background-color: ' . (is_dir($phpThumb->config_cache_directory) ? 'lime;">exists' : 'red;">does NOT exist') . '</div>';
echo '<div style="background-color: ' . (is_readable($phpThumb->config_cache_directory) ? 'lime;">readable' : 'red;">NOT readable') . '</div>';
echo '<div style="background-color: ' . (is_writable($phpThumb->config_cache_directory) ? 'lime;">writable' : 'red;">NOT writable') . '</div>';
echo '</th><td>Original: "' . htmlspecialchars($orig_config_cache_directory) . '"<br>Resolved: "' . htmlspecialchars($phpThumb->config_cache_directory) . '"<br>Must exist and be both readable and writable by PHP.</td></tr>';
echo '<tr><th>cache write test:</th><th colspan="2">';
$phpThumb->rawImageData = 'phpThumb.demo.check.php_cachetest';
$phpThumb->SetCacheFilename();
echo '<div>' . htmlspecialchars($phpThumb->cache_filename ? implode(' / ', preg_split('#[/\\\\]#', $phpThumb->cache_filename)) : 'NO CACHE FILENAME RESOLVED') . '</div>';
echo '<div>directory ' . (is_dir(dirname($phpThumb->cache_filename)) ? 'exists' : 'does NOT exist') . ' (before EnsureDirectoryExists())</div>';
phpthumb_functions::EnsureDirectoryExists(dirname($phpThumb->cache_filename));