public function Draw() { $jsession = JFactory::getSession(); $cid = $mid = 0; switch (JFactory::getApplication()->input->get("owner", NULL)) { case "component": $cid = JFactory::getApplication()->input->get("id", NULL); break; case "module": $mid = JFactory::getApplication()->input->get("id", NULL); } $fsession = new FSession($jsession->getId(), $cid, $mid); // Store the answer in the session if ($fsession->Save($this->Answer, "captcha_answer")) { $this->DebugLog->Write("Answer saved into session"); } else { $this->DebugLog->Write("Database query failed"); } // White background imagefill($this->Image['data'], 0, 0, $this->Colors['Background']); // Background grid $this->DrawGrid(); $len = strlen($this->Question); // Space available for one single char. It is based on image width and number of characters to display $space = $this->Image['width'] / $len; // Single disturb characters rendering. Doubles the characters and halves the space for ($p = 0; $p < 2 * $len; ++$p) { // render a random character from ascii 33 and ascii 126 $this->Render(chr(rand(33, 126)), $p, $space / 2, $this->Colors['Disturb']); } // Single characters rendering for ($p = 0; $p < $len; ++$p) { $this->Render($this->Question[$p], $p, $space, $this->Colors['Text']); } $this->DebugLog->Write("Render done"); // Debug with &noimage=1 if (JFactory::getApplication()->input->get("noimage", NULL)) { return; } // http://stackoverflow.com/questions/9884513/avoid-caching-of-the-http-responses // Must not be cached neither by client browsers or proxies $now = gmdate("D, d M Y H:i:s") . " GMT"; header("Expires: " . $now); header("Last-Modified: " . $now); // no-cache: cacheable, but mustn't use the response without first checking with the originating server // private: is intended for a single user and MUST NOT be cached by a shared cache // must-revalidate: MUST NOT use the entry after it becomes stale without first revalidating it with the origin server. In all circumstances an HTTP/1.1 cache MUST obey the must-revalidate directive; in particular, if the cache cannot reach the origin server for any reason, it MUST generate a 504 (Gateway Timeout) response. // max-age=0: The content is stale and should be validated before use. header("Cache-Control: no-cache, private, must-revalidate, max-age=0"); header("Pragma: no-cache"); header("Content-Type: image/jpeg"); header("Content-Disposition: inline; filename=\"foxcaptcha.jpg\""); // Send the stream to the client browser imagejpeg($this->Image['data']); imagedestroy($this->Image['data']); $this->DebugLog->Write("Image sent to client"); }
public function Draw() { $jsession = JFactory::getSession(); $fsession = new FSession($jsession->getId(), JRequest::getVar("cid", NULL, 'GET'), JRequest::getVar("mid", NULL, 'GET')); // Store the answer in the session if ($fsession->Save($this->Answer, "captcha_answer")) { $this->DebugLog->Write("Answer saved into session"); } else { $this->DebugLog->Write("Database query failed"); } // White background imagefill($this->Image['data'], 0, 0, $this->Colors['Background']); // Background grid $this->DrawGrid(); $len = strlen($this->Question); // Space available for one single char. It is based on image width and number of characters to display $space = $this->Image['width'] / $len; // Single disturb characters rendering. Doubles the characters and halves the space for ($p = 0; $p < 2 * $len; ++$p) { // render a random character from ascii 33 and ascii 126 $this->Render(chr(rand(33, 126)), $p, $space / 2, $this->Colors['Disturb']); } // Single characters rendering for ($p = 0; $p < $len; ++$p) { $this->Render($this->Question[$p], $p, $space, $this->Colors['Text']); } $this->DebugLog->Write("Render done"); // Debug with ?cid=xxx&noimage=1 if (JRequest::getVar("noimage", NULL, 'GET')) { return; } // Prepare some useful headers header("Expires: " . gmdate("D, d M Y H:i:s") . " GMT"); header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); // must not be cached by the client browser or any proxy header("Cache-Control: no-store, no-cache, must-revalidate"); header("Cache-Control: post-check=0, pre-check=0", false); header("Pragma: no-cache"); header("Content-type:image/jpeg"); header("Content-Disposition:inline ; filename=fcaptcha.jpg"); // Send the stream to the client browser imagejpeg($this->Image['data']); imagedestroy($this->Image['data']); $this->DebugLog->Write("Image sent to client"); }
protected function DoUpload() { //Retrieve file details from uploaded file, sent from upload form $file = JRequest::getVar('foxstdupload', NULL, 'files', 'array'); // $file is null when a browser with javascipt didn't send $_FILES at all // $file['error'] is UPLOAD_ERR_NO_FILE when a browser without javascipt sent $_FILES empty if (!$this->Submitted || !$file || $file['error'] == UPLOAD_ERR_NO_FILE) { return true; } $upload_directory = JPATH_SITE . "/components/" . $GLOBALS["com_name"] . "/uploads/"; if (!is_writable($upload_directory)) { $this->MessageBoard->Add(JText::_($GLOBALS["COM_NAME"] . '_ERR_DIR_NOT_WRITABLE'), FoxMessageBoard::error); return false; } // Check for http $_FILES upload errors if ($file['error']) { // case 1 UPLOAD_ERR_INI_SIZE: 'The uploaded file exceeds the upload_max_filesize directive in php.ini'; // case 2 UPLOAD_ERR_FORM_SIZE: 'The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form'; // case 3 UPLOAD_ERR_PARTIAL: 'The uploaded file was only partially uploaded'; // case 4 UPLOAD_ERR_NO_FILE: 'No file was uploaded'; // case 6 UPLOAD_ERR_NO_TMP_DIR: 'Missing a temporary folder'; // case 7 UPLOAD_ERR_CANT_WRITE: 'Failed to write file to disk'; // case 8 UPLOAD_ERR_EXTENSION: 'File upload stopped by extension'; $this->MessageBoard->Add(JText::sprintf($GLOBALS["COM_NAME"] . '_ERR_UPLOAD', $file['error']), FoxMessageBoard::error); return false; } // Check file size $size = $file['size']; if ($size == 0) { $this->MessageBoard->Add(JText::_($GLOBALS["COM_NAME"] . '_ERR_FILE_EMPTY'), FoxMessageBoard::error); return false; } $max_filesize = intval($this->Params->get("uploadmax_file_size", "0")) * KB; if ($size > $max_filesize) { $this->MessageBoard->Add(JText::_($GLOBALS["COM_NAME"] . '_ERR_FILE_TOO_LARGE'), FoxMessageBoard::error); return false; } $mimetype = new FMimeType(); if (!$mimetype->Check($file['tmp_name'], $this->Params)) { // Noo need to delete the file uploaded //unlink($file['tmp_name']); $this->MessageBoard->Add(JText::_($GLOBALS["COM_NAME"] . '_ERR_MIME') . " [" . $mimetype->Mimetype . "]", FoxMessageBoard::error); return false; } //Import filesystem libraries. Perhaps not necessary, but does not hurt jimport('joomla.filesystem.file'); //Clean up filename to get rid of strange characters like spaces and others $filename = JFile::makeSafe($file['name']); // Assign a random unique id to the file name, to avoid that lamers can force the server to execute their uploaded shit $filename = uniqid() . "-" . $filename; $dest = $upload_directory . $filename; // Todo: This attempt doesn't intercept the exception /* try { JFile::upload($file['tmp_name'], $dest); } catch (Exception $e) { //$e->getMessage() return false; } */ if (!JFile::upload($file['tmp_name'], $dest)) { return false; } // Upload successful. Add an element to the uploads list $jsession =& JFactory::getSession(); $fsession = new FSession($jsession->getId(), $this->Application->cid, $this->Application->mid); // session_id, cid, mid // Store the answer in the session $data = $fsession->Load('filelist'); // Read the list from the session if ($data) { $filelist = explode("|", $data); } else { $filelist = array(); } $filelist[] = $filename; // Append this file to the list $data = implode("|", $filelist); $fsession->Save($data, "filelist"); return true; }
public function HandleUpload($uploadDirectory) { $this->DebugLog->Write("HandleUpload() started"); if (!is_writable($uploadDirectory)) { $this->DebugLog->Write("Directory " . $uploadDirectory . " is not writable"); return array('error' => JFactory::getLanguage()->_($GLOBALS["COM_NAME"] . '_ERR_DIR_NOT_WRITABLE')); } $this->DebugLog->Write("Directory " . $uploadDirectory . " is ok"); // Check file size $size = $this->get_file_size(); if ($size == 0) { $this->DebugLog->Write("File size is 0"); return array('error' => JFactory::getLanguage()->_($GLOBALS["COM_NAME"] . '_ERR_FILE_EMPTY')); } $this->DebugLog->Write("File size is > 0"); // uploadmax_file_size defaults to 0 to prevent hack attempts $max = $this->Params->get("uploadmax_file_size", 0) * KB; // and < max limit if ($size > $max) { $this->DebugLog->Write("File size too large ({$size} > {$max})"); return array('error' => JFactory::getLanguage()->_($GLOBALS["COM_NAME"] . '_ERR_FILE_TOO_LARGE')); } $this->DebugLog->Write("File size ({$size} / {$max}) is ok"); // Clean file name $filename = preg_replace("/[^\\w\\.-_]/", "_", $this->get_file_name()); // Assign a random unique id to the file name, to avoid that lamers can force the server to execute their uploaded shit $filename = uniqid() . "-" . $filename; $full_filename = $uploadDirectory . $filename; if (!$this->save_file($full_filename)) { $this->DebugLog->Write("Error saving file"); return array('error' => JFactory::getLanguage()->_($GLOBALS["COM_NAME"] . '_ERR_SAVE_FILE')); } $this->DebugLog->Write("File saved"); $mimetype = new FMimeType(); if (!$mimetype->Check($full_filename, $this->Params)) { // Delete the file uploaded unlink($full_filename); $this->DebugLog->Write("File type [" . $mimetype->Mimetype . "] is not allowed. Allowed types are:" . PHP_EOL . print_r($mimetype->Allowed, true)); return array('error' => JFactory::getLanguage()->_($GLOBALS["COM_NAME"] . '_ERR_MIME') . " [" . $mimetype->Mimetype . "]"); } $this->DebugLog->Write("File type [" . $mimetype->Mimetype . "] is allowed"); $cid = JFactory::getApplication()->input->get("cid", NULL); $mid = JFactory::getApplication()->input->get("mid", NULL); $owner = JFactory::getApplication()->input->get("owner", NULL); $id = JFactory::getApplication()->input->get("id", NULL); $jsession = JFactory::getSession(); $fsession = new FSession($jsession->getId(), $cid, $mid); // Store the answer in the session $data = $fsession->Load('filelist'); // Read the list from the session if ($data) { $filelist = explode("|", $data); } else { $filelist = array(); } $filelist[] = $filename; // Append this file to the list $data = implode("|", $filelist); $fsession->Save($data, "filelist"); $this->Log->Write("File " . $filename . " uploaded succesful."); $this->DebugLog->Write("File uploaded succesful."); return array("success" => true); }