function display()
{
$this->type == 2 && !extension_loaded('ming') && ($this->type = 0);
$this->width = $this->width >= 100 && $this->width <= 200 ? $this->width : 150;
$this->height = $this->height >= 50 && $this->height <= 80 ? $this->height : 60;
seccodeconvert($this->code);
if ($this->type < 2 && function_exists('imagecreate') && function_exists('imagecolorset') && function_exists('imagecopyresized') && function_exists('imagecolorallocate') && function_exists('imagechar') && function_exists('imagecolorsforindex') && function_exists('imageline') && function_exists('imagecreatefromstring') && (function_exists('imagegif') || function_exists('imagepng') || function_exists('imagejpeg'))) {
$this->image();
} elseif ($this->type == 2 && extension_loaded('ming')) {
$this->flash();
} elseif ($this->type == 3) {
$this->audio();
} else {
$this->bitmap();
}
}
function submitcheck($var, $allowget = 0, $seccodecheck = 0, $secqaacheck = 0)
{
if (empty($GLOBALS[$var])) {
return FALSE;
} else {
global $_SERVER, $seclevel, $seccode, $seccodedata, $seccodeverify, $secanswer, $_DCACHE, $_DCOOKIE, $timestamp, $discuz_uid;
if ($allowget || $_SERVER['REQUEST_METHOD'] == 'POST' && $GLOBALS['formhash'] == formhash() && empty($_SERVER['HTTP_X_FLASH_VERSION']) && (empty($_SERVER['HTTP_REFERER']) || preg_replace("/https?:\\/\\/([^\\:\\/]+).*/i", "\\1", $_SERVER['HTTP_REFERER']) == preg_replace("/([^\\:]+).*/", "\\1", $_SERVER['HTTP_HOST']))) {
if ($seccodecheck) {
if (!$seclevel) {
$key = $seccodedata['type'] != 3 ? '' : $_DCACHE['settings']['authkey'] . date('Ymd');
list($seccode, $expiration, $seccodeuid) = explode("\t", authcode($_DCOOKIE['secc'], 'DECODE', $key));
if ($seccodeuid != $discuz_uid || $timestamp - $expiration > 600) {
showmessage('submit_seccode_invalid');
}
dsetcookie('secc', '');
} else {
$tmp = substr($seccode, 0, 1);
}
seccodeconvert($seccode);
if (strtoupper($seccodeverify) != $seccode) {
showmessage('submit_seccode_invalid');
}
$seclevel && ($seccode = random(6, 1) + $tmp * 1000000);
}
if ($secqaacheck) {
if (!$seclevel) {
list($seccode, $expiration, $seccodeuid) = explode("\t", authcode($_DCOOKIE['secq'], 'DECODE'));
if ($seccodeuid != $discuz_uid || $timestamp - $expiration > 600) {
showmessage('submit_secqaa_invalid');
}
dsetcookie('secq', '');
}
require_once DISCUZ_ROOT . './forumdata/cache/cache_secqaa.php';
if (md5($secanswer) != $_DCACHE['secqaa'][substr($seccode, 0, 1)]['answer']) {
showmessage('submit_secqaa_invalid');
}
$seclevel && ($seccode = random(1, 1) * 1000000 + substr($seccode, -6));
}
return TRUE;
} else {
showmessage('submit_invalid');
}
}
}
*/
define('CURSCRIPT', 'seccode');
define('NOROBOT', TRUE);
require_once './include/common.inc.php';
$refererhost = parse_url($_SERVER['HTTP_REFERER']);
$refererhost['host'] .= !empty($refererhost['port']) ? ':' . $refererhost['port'] : '';
if ($refererhost['host'] != $_SERVER['HTTP_HOST']) {
exit('Access Denied');
}
$seccodedata['width'] = $seccodedata['width'] >= 100 && $seccodedata['width'] <= 200 ? $seccodedata['width'] : 150;
$seccodedata['height'] = $seccodedata['height'] >= 50 && $seccodedata['height'] <= 80 ? $seccodedata['height'] : 60;
if ($update) {
$seccode = random(6, 1) + $seccode[0] * 1000000;
updatesession();
}
seccodeconvert($seccode);
if (!$nocacheheaders) {
@dheader("Expires: -1");
@dheader("Cache-Control: no-store, private, post-check=0, pre-check=0, max-age=0", FALSE);
@dheader("Pragma: no-cache");
}
if ($seccodedata['type'] < 2 && function_exists('imagecreate') && function_exists('imagecolorset') && function_exists('imagecopyresized') && function_exists('imagecolorallocate') && function_exists('imagechar') && function_exists('imagecolorsforindex') && function_exists('imageline') && function_exists('imagecreatefromstring') && (function_exists('imagegif') || function_exists('imagepng') || function_exists('imagejpeg'))) {
$bgcontent = seccode_background();
if ($seccodedata['animator'] == 1 && function_exists('imagegif')) {
include_once './include/gifmerge.class.php';
$trueframe = mt_rand(1, 9);
for ($i = 0; $i <= 9; $i++) {
$im = imagecreatefromstring($bgcontent);
$x[$i] = $y[$i] = 0;
$seccodedata['adulterate'] && seccode_adulterate();
if ($i == $trueframe) {
} else {
$message = '<img onclick="updateseccode' . $secchecktype . '()" width="' . $seccodedata['width'] . '" height="' . $seccodedata['height'] . '" src="seccode.php?update=' . $rand . '" class="absmiddle" alt="" />';
}
}
showmessage($message);
} elseif ($action == 'checkseccode') {
if ($seclevel) {
$tmp = $seccode;
} else {
$key = $seccodedata['type'] != 3 ? '' : $_DCACHE['settings']['authkey'] . date('Ymd');
list($tmp, $expiration, $seccodeuid) = explode("\t", authcode($_DCOOKIE['secc'], 'DECODE', $key));
if ($seccodeuid != $discuz_uid || $timestamp - $expiration > 600) {
showmessage('submit_seccode_invalid');
}
}
seccodeconvert($tmp);
strtoupper($seccodeverify) != $tmp && showmessage('submit_seccode_invalid');
showmessage('succeed');
} elseif ($action == 'checksecanswer') {
if ($seclevel) {
$tmp = $seccode;
} else {
list($tmp, $expiration, $seccodeuid) = explode("\t", authcode($_DCOOKIE['secq'], 'DECODE'));
if ($seccodeuid != $discuz_uid || $timestamp - $expiration > 600) {
showmessage('submit_secqaa_invalid');
}
}
require_once DISCUZ_ROOT . './forumdata/cache/cache_secqaa.php';
!$headercharset && @dheader('Content-Type: text/html; charset=' . $charset);
if (md5($secanswer) != $_DCACHE['secqaa'][substr($tmp, 0, 1)]['answer']) {
showmessage('submit_secqaa_invalid');
function submitcheck($var, $allowget = 0, $seccodecheck = 0, $secqaacheck = 0)
{
if (empty($GLOBALS[$var])) {
return FALSE;
} else {
global $_SERVER, $seccode, $seccodeverify, $secanswer, $_DCACHE;
if ($allowget || $_SERVER['REQUEST_METHOD'] == 'POST' && $GLOBALS['formhash'] == formhash() && (empty($_SERVER['HTTP_REFERER']) || preg_replace("/https?:\\/\\/([^\\:\\/]+).*/i", "\\1", $_SERVER['HTTP_REFERER']) == preg_replace("/([^\\:]+).*/", "\\1", $_SERVER['HTTP_HOST']))) {
if ($seccodecheck) {
$tmp = $seccode[0];
seccodeconvert($seccode);
if (strtoupper($seccodeverify) != $seccode) {
showmessage('submit_seccode_invalid');
}
$seccode = random(6, 1) + $tmp * 1000000;
}
if ($secqaacheck) {
require_once DISCUZ_ROOT . './forumdata/cache/cache_secqaa.php';
if (md5($secanswer) != $_DCACHE['secqaa'][substr($seccode, 0, 1)]['answer']) {
showmessage('submit_secqaa_invalid');
}
$seccode = random(1, 1) * 1000000 + substr($seccode, -6);
}
return TRUE;
} else {
showmessage('submit_invalid');
}
}
}