Jump to content

Form security image


unplugged_web
 Share

Recommended Posts

I have a form that I'm trying to add a CAPTCHA type security image to because some people are using robots to continually register on the site with. The image appears, but it doesn't seem to work. The form already has a JavaScript validator so that might have something to do with it. The form is:

 <form method="post" action="{url_main}join.php?cmd=login" id="login-f" class="clearfix">					<div id="join" style=" text-align: left; padding-bottom: 19px; padding-left: 10px; background-image: url({url_tmpl_main}images/login_bottom.jpg); background-repeat: no-repeat;"><br />					<label for="username">{l_username}:</label><input name="user" type="text" id="login" tabindex="1" /><br />					<label for="password">{l_password}: </label><input name="password" type="password" tabindex="2" /><br />					<p><input name="remember" type="checkbox" id="remember" class="chk" value="1" type="checkbox" style="width: 14px; margin-right: 5px; margin-left: 53px;"> <label for="remember">{l_remember_me}</label>| <a href="{url_main}forget_password.php?">{l_forgot_password}</a><input type="submit" value="" class="button-login" style="width: 29px; margin-left: 60px; padding-right: 5px; border: 0px; cursor: pointer; cursor: hand;" /></p>				  </div>				</form>			</td><td width="2%"> 			</td><td width="45%" align="right" valign="top">					<!-- begin_join --><?php	  // check for posted form	  if (isset($_POST['login'])) {		 // see if the code the user typed matched the generated code		 if (strtoupper($_POST['code']) == $_SESSION['code']) {			 header("location: jointest.php");		 } else {			echo 'You have entered the wrong code. Please <a href="index.php">try again</a>.';		 }	  } else {   ?>					  <form name="JoinForm" method="post" action="{url_main}join.php" onsubmit="return validateJoinForm();">						<div  class="signup_header_big" style="padding-top: 15px; padding-right: 14px; text-align: right; background-image: url({url_tmpl_main}images/join_top.jpg); background-repeat: no-repeat;">Sign up  for free! </div>						<div id="join" style="padding-bottom: 10px; padding-top: 5px; background-image: url({url_tmpl_main}images/join_content.jpg);">						<div style="color: #FF0000; font-weight: bold; font-size: 11px; padding-right: 10px;">{join_message}</div><br />						<label for="username">{l_username}:</label><input type="text" id="username" name="join_handle" value="{join_handle}" /><br />						<label for="create-password">{l_create_password}:</label><input type="password" id="create-password" name="join_password" value="{join_password}" /><br />						<label for="re-password">{l_reenter_password}:</label><input type="password" id="re-password" name="verify_password" value="{join_password}" /><br />						<label for="email">{l_email}:</label><input type="text" id="email" name="email" value="{email}" /><br />						<label for="re-email">{l_reemail}:</label><input type="text" id="re-email" name="verify_email" value="{email}" /><br />						<label for="iam">{l_i_am}:</label>							<select name="orientation" id="iam">								 {orientation_options}							</select>						<br />						<label for="from">{l_from}:</label>							<select name="country" id="from">								 <option value="-1" selected="selected">{l_country_select}</option>								 {country_options}							</select>						<br />						<label for="month">{l_born_on}:</label>							<select name="month" id="month" onchange="updateDay('month','JoinForm','year','month','day')">								{month_options}							</select>							<select name="day" id="day">								{day_options}							</select>							<select name="year" id="year" onchange="updateDay('year','JoinForm','year','month','day')">								{year_options}							</select>							<br />					  </div>						<div id="security"><img src="../../../Code/security-image.php?width=180" width="180" height="60" alt="Security Image" /></div>		 <label for="code">Security Image:</label><input type="text" name="code" id="code" value="" />						</div>						<div id="terms" style="padding-right: 10px; width: 352px; background-image: url({url_tmpl_main}images/join_content.jpg);"><input name="privacy_policy" type="checkbox" value="true" id="agree" checked> <label for="agree"> {l_i_agree} <a href="java script:winpop('{url_tmpl_main}popup/term_cond.html','960','600','yes');">{l_terms_and_conditions}</a> and <a href="java script:winpop('{url_tmpl_main}popup/priv_policy.html','960','600','yes');">{l_privacy_policy}</a> <br /></label></div><div id="terms" style="padding-right: 10px; height: 50px; width: 352px; background-image: url({url_tmpl_main}images/join_bottom.jpg); background-repeat: no-repeat;"><input type="button" value="" onclick="submitJoinForm();" class="button-join" style=" margin-right: 13px; margin-top: 5px; cursor: pointer; cursor: hand;" />					</form>

the JS validator is:

<script language="JavaScript" type="text/javascript">			  function onValidateJoinForm() {				var form = document.forms['JoinForm'];				if (!(validateRequiredField(form['join_handle'], '{l_username}'))) {				  return false;				}				if (!(validateMinLength(form['join_handle'], '{l_username}','4'))) {				  return false;				}				if (!(validateMaxLength(form['join_handle'], '{l_username}','20'))) {				  return false;				}				if (!(validateAlphaNumeric(form['join_handle'], '{l_username}'))) {				  return false;				}				if (!(validateRequiredField(form['join_handle'], '{l_username}'))) {				  return false;				}				if (!(validateMinLength(form['join_handle'], '{l_username}','4'))) {				  return false;				}				if (!(validateMaxLength(form['join_handle'], '{l_username}','20'))) {				  return false;				}				if (!(validateAlphaNumeric(form['join_handle'], '{l_username}'))) {				  return false;				}				if (!(validateRequiredField(form['join_password'], '{l_password}'))) {				  return false;				}				if (!(validateMinLength(form['join_password'], '{l_password}','6'))) {				  return false;				}				if (!(validateMaxLength(form['join_password'], '{l_password}','15'))) {				  return false;				}				if (!(validateAlphaNumeric(form['join_password'], '{l_password}'))) {				  return false;				}				if (!(validateRequiredField(form['join_password'], '{l_password}'))) {				  return false;				}				if (!(validateMinLength(form['join_password'], '{l_password}','6'))) {				  return false;				}				if (!(validateMaxLength(form['join_password'], '{l_password}','15'))) {				  return false;				}				if (!(validateAlphaNumeric(form['join_password'], '{l_password}'))) {				  return false;				}				if (!(validateNotTwoFields(form['join_password'],'{l_password}',form['join_handle'],'{l_username}'))) {				  return false;				}				if (!(validateTwoFields(form['verify_password'],'{l_verify_password}',form['join_password'],'{l_password}'))) {				  return false;				}				if (!(validateRequiredField(form['email'], '{l_email_address}'))) {				  return false;				}				if (!(validateMaxLength(form['email'], '{l_email_address}','100'))) {				  return false;				}				if (!(validateEmailField(form['email'], '{l_email_address}'))) {				  return false;				}				if (!(validateRequiredField(form['verify_email'], '{l_verify_email}'))) {				  return false;				}				if (!(validateMaxLength(form['verify_email'], '{l_verify_email}','100'))) {				  return false;				}				if (!(validateEmailField(form['verify_email'], '{l_verify_email}'))) {				  return false;				}				if (!(validateTwoFields(form['verify_email'],'{l_verify_email}',form['email'],'{l_email_address}'))) {				  return false;				}				if (!(validateRequiredSelect(form['orientation'],'{l_orientation}','00'))) {				  return false;				}				if (!(validateRequiredField(form['orientation'], '{l_orientation}', '00'))) {				  return false;				}				if (!(validateRequiredSelect(form['country'],'{l_country}','-1'))) {				  return false;				}				if (!(validateRequiredField(form['country'], '{l_country}', '-1'))) {				  return false;				}				if (!(validateRequiredField(form['month'], '{l_month}'))) {				  return false;				}				if (!(validateRequiredField(form['day'], '{l_day}'))) {				  return false;				}				if (!(validateRequiredField(form['year'], '{l_year}'))) {				  return false;				}				if (!(validateRequiredCheckbox(form['privacy_policy'],'','{l_agree_privete_policy}'))) {				  return false;				}				return true;			  }			  function validateJoinForm() {				blockSubmission = true;				 if (typeof beforeJoinFormValidation != 'undefined') {				   beforeJoinFormValidation();				}				var validated = onValidateJoinForm();				if (validated && (typeof uponSuccessfulJoinFormValidation != 'undefined')) {				  validated = uponSuccessfulJoinFormValidation();				}				else if (!validated && (typeof uponUnsuccessfulJoinFormValidation != 'undefined')) {				  uponUnsuccessfulJoinFormValidation();				}				if (!validated) {				}				return validated;			  }			  function submitJoinForm() {			   if (validateJoinForm()) document.JoinForm.submit();			   else return false;			  }			</script>

Link to comment
Share on other sites

the form is loaded into the page from another php file and the code for that page is:

<?php$area = "public";include("./_include/core/main_start.php");class CIndex extends CHtmlBlock{	var $message = "";	function action()	{		global $g;		global $l;		$cmd = get_param("cmd", "");		if ($cmd == "please_login")		{			$this->message = $l['join.php']['please_login'] . "<br>";		}		if ($cmd == "sent")		{			$this->message = $l['join.php']['was_sent'] . "<br>";		}		elseif ($cmd == "login")		{			$name = get_param("user", "");			$password = get_param("password", "");			$this->message = "";			$id = DB::result("SELECT user_id FROM user WHERE name=" . to_sql($name, "Text") . " and (password=" . to_sql($password, "Text") . " OR password=" . to_sql(md5($password), "Text") . ");");			if ($id == 0)			{				$this->message .= $l['join.php']['incorrect_username'] . "<br>";			}			if ($this->message == "")			{				set_session("user_id", $id);				set_session("user_id_verify", $id);				#print_r($_SESSION);				if (get_param("remember", "") != "")				{					set_cookie("c_user", $name, -1);					set_cookie("c_password", $password, -1);				}				else				{					set_cookie("c_user", "", -1);					set_cookie("c_password", "", -1);				}				DB::execute("UPDATE user SET last_ip=" . to_sql($_SERVER['REMOTE_ADDR'], "Text") . " WHERE user_id=" . $id . "");				redirect("home.php");			}		}		elseif (get_cookie("c_user") != "" and get_cookie("c_password") != "")		{			if (get_session("user_id") != "")			{				redirect("home.php");			}			$name = get_cookie("c_user");			$password = get_cookie("c_password");			$this->message = "";			$id = DB::result("SELECT user_id FROM user WHERE name=" . to_sql($name, "Text") . " and (password=" . to_sql($password, "Text") . " OR password=" . to_sql(md5($password), "Text") . ");");			if ($id == "")			{				$this->message .= $l['join.php']['incorrect_username'] . "<br>";			}			if ($this->message == "")			{				set_session("user_id", $id);				set_session("user_id_verify", $id);				DB::execute("UPDATE user SET last_ip='" . $_SERVER['REMOTE_ADDR'] . "' WHERE user_id=" . $id . "");				redirect("home.php");			}		}		if (get_session("user_id") != "")		{			redirect("home.php");		}		global $m;		$m = $this->message;	}	function parseBlock(&$html)	{		global $g_info;		foreach ($g_info as $k => $v) $html->setvar($k, $v);		$html->setvar("login_message", $this->message);		parent::parseBlock($html);	}}class CJoinForm extends CHtmlBlock{	var $message = "";	var $login = "";	function init()	{		global $g;		global $l;		global $gc;		$name = get_param("join_handle", "");		$pass = get_param("join_password", "");		$pass2 = get_param("verify_password", "");		$mail = get_param("email", "");		$mail2 = get_param("verify_email", "");		$this->message = "";		if (strlen($name) < 4 or strlen($name) > 20 or strpos($name, "'") !== false)		{			$this->message .= $l['join.php']['another_username'] . "<br>";		}		if ($mail != $mail2 or strlen($mail) > 100 or !preg_match("/^[a-zA-Z-_\.0-9]{1,100}@[a-zA-Z-_\.0-9]{1,100}\.[a-zA-Z-_\.0-9]{1,100}$/", $mail))		{			$this->message .= $l['join.php']['incorrect_email'] . "<br>";		}		if ($pass != $pass2 or strlen($pass) > 15 or strlen($pass) < 6 or strpos($pass, "'") !== false)		{			$this->message .= $l['join.php']['incorrect_password'] . "<br>";		}		if (DB::result("SELECT user_id FROM user WHERE name=" . to_sql($name, "Text") . ";") != "")		{			$this->message .= $l['join.php']['exists_username'] . "<br>";		}		if (DB::result("SELECT user_id FROM user WHERE mail=" . to_sql($mail, "Text") . ";") != "")		{			$this->message .= $l['join.php']['exists_email'] . "<br>";		}		$month = (int) get_param("month", 1);		$day = (int) get_param("day", 1);		$year = (int) get_param("year", 1980);		if ($month < 1 or $month > 12 or $day < 1 or $day > 31 or $year < 1906 or $year > date("Y") - $g['options']['users_age'] + 1)		{			$this->message .= $l['join.php']['incorrect_date'] . "<br>";		}		if ($this->message == "")		{			set_session("j_name", $name);			set_session("j_password", $pass);			set_session("j_mail", $mail);			set_session("j_month", $month);			set_session("j_day", $day);			set_session("j_year", $year);			set_session("j_country", get_param("country", 1));			set_session("j_orientation", get_param("orientation", 1));			if ($g['options']['fast_join'] == "N" and isset($gc) and $gc) redirect("join_space.php");			elseif ($g['options']['fast_join'] == "N") redirect("join2.php");			else			{				$this->add_user();				#echo get_session("user_id");				redirect("home.php");			}		}	}	function add_user()	{		$partner = (int) get_session("partner");		global $g;		DB::execute("			UPDATE partner SET			account=(account+" . to_sql($g['options']['partner_price_user'], "Number") . "),			summary=(summary+" . to_sql($g['options']['partner_price_user'], "Number") . "),			count_users=(count_users+1)			WHERE partner_id=" . $partner . "		");		$p_partner = DB::result("SELECT p_partner FROM partner WHERE partner_id=" . $partner . "");		$plus = ($g['options']['partner_percent_ref'] / 100) * $g['options']['partner_price_user'];		DB::execute("			UPDATE partner SET			account=(account+" . $plus . "),			summary=(summary+" . $plus . ")			WHERE partner_id='" . $p_partner . "'		");		$country = DB::result("SELECT country_title FROM geo_country WHERE country_id=" . to_sql(get_session("j_country"), "Number") . "");		DB::execute("INSERT INTO email SET mail=" . to_sql(get_session("j_mail"), "Text") . "");		DB::execute("			INSERT INTO user			SET			partner=" . $partner . ",			gold_days=0,			name=" . to_sql(get_session("j_name"), "Text") . ",			orientation=" . to_sql(get_session("j_orientation"), "Number") . ",			p_orientation=" . to_sql(DB::result("SELECT search FROM const_orientation WHERE id=" . to_sql(get_session("j_orientation"), "Number")), "Number") . ",			gender=" . to_sql(DB::result("SELECT gender FROM const_orientation WHERE id=" . to_sql(get_session("j_orientation"), "Number")), "Text") . ",			mail=" . to_sql(get_session("j_mail"), "Text") . ",			password=" . to_sql($g['options']['md5'] == "Y" ? md5(get_session("j_password")) : get_session("j_password"), "Text") . ",			country_id=" . to_sql(get_session("j_country"), "Number") . ",			country=" . to_sql($country, "Text") . ",			birth=" . to_sql(get_session("j_year") . "-" . get_session("j_month") . "-" .  get_session("j_day"), "Text") . ",			horoscope=" . to_sql(zodiac(get_session("j_year") . "-" . get_session("j_month") . "-" .  get_session("j_day")), "Number") . ",			p_horoscope=0,			active='Y',			active_code='',			hide_time='0',			register='" . date('Y-m-d H:i:s') . "',			last_visit='" . date('Y-m-d H:i:s') . "',			last_ip='',			set_email_mail='2',			set_email_interest='2' 		");		global $user_id;		$user_id = DB::insert_id();		DB::execute("			INSERT INTO userinfo			SET			user_id=" . $user_id . " 		");		DB::execute("			INSERT INTO userpartner			SET			user_id=" . $user_id . " 		");		DB::execute("DELETE FROM zforum_users WHERE id=".$user_id.";");		DB::execute("			INSERT INTO zforum_users			(id,username, group_id, password, email, email_setting, save_pass, registered)			VALUES(".			$user_id.",".			to_sql(get_session("j_name"), "Text").			", 4, ".			to_sql(get_session("j_password"), "Text").			", ".			to_sql(get_session("j_mail"), "Text").			", 1 , 1 ,1".			");"		);				ini_set("sendmail_from", " info@dateorchat.com ");		$subject = DB::result("SELECT subject FROM email_auto WHERE note='join'");		$text = DB::result("SELECT text FROM email_auto WHERE note='join'");		$subject = str_replace("{title}", $g['main']['title'], $subject);		$text = str_replace("{title}", $g['main']['title'], $text);		$text = str_replace("{name}", get_session("j_name"), $text);		$text = str_replace("{password}", get_session("j_password"), $text);		send_mail(			get_session("j_mail"),			$g['main']['info_mail'],			$subject,			$text		);		#session_unset();		set_session("user_id", $user_id);		set_session("user_id_verify", $user_id);	}	function parseBlock(&$html)	{		global $g;		global $g_info;		global $l;		foreach ($g_info as $k => $v) $html->setvar($k, $v);		$name = get_param("join_handle", "");		$pass = get_param("join_password", "");		$pass2 = get_param("verify_password", "");		$mail = get_param("email", "");		$mail2 = get_param("verify_email", "");		$html->setvar("join_handle", $name);		$html->setvar("join_password", $pass);		$html->setvar("verify_password", $pass2);		$html->setvar("email", $mail);		$html->setvar("verify_email", $mail2);		if ($name != "") $html->setvar("join_message", $this->message);		$m = array(			1 => isset($l['all']['january']) ? $l['all']['january'] : 'January',			2 => isset($l['all']['february']) ? $l['all']['february'] : 'February',			3 => isset($l['all']['march']) ? $l['all']['march'] : 'March',			4 => isset($l['all']['april']) ? $l['all']['april'] : 'April',			5 => isset($l['all']['may']) ? $l['all']['may'] : 'May',			6 => isset($l['all']['june']) ? $l['all']['june'] : 'June',			7 => isset($l['all']['july']) ? $l['all']['july'] : 'July',			8 => isset($l['all']['august']) ? $l['all']['august'] : 'August',			9 => isset($l['all']['september']) ? $l['all']['september'] : 'September',			10 => isset($l['all']['october']) ? $l['all']['october'] : 'October',			11 => isset($l['all']['november']) ? $l['all']['november'] : 'November',			12 => isset($l['all']['december']) ? $l['all']['december'] : 'December',		);		$html->setvar("month_options", h_options($m, get_param("month", 1)));		$html->setvar("day_options", n_options(1, 31, get_param("day", 1)));		$html->setvar("year_options", n_options(date("Y") - $g['options']['users_age_max'], date("Y") - $g['options']['users_age'] + 1, get_param("year", date("Y") - $g['options']['users_age'])));		$html->setvar("country_options", DB::db_options("SELECT country_id, country_title FROM geo_country WHERE country_id in (1,2,3)" , 3) . DB::db_options("SELECT country_id, country_title FROM geo_country ORDER BY country_title" , ""));		$html->setvar("orientation_options", DB::db_options("SELECT id, title FROM const_orientation", get_param("orientation", "")));		parent::parseBlock($html);	}}$page = new CIndex("", $g['tmpl']['dir_tmpl_main'] . "jointest.php");$header = new CHeader("header", $g['tmpl']['dir_tmpl_main'] . "_header.php");$page->add($header);$footer = new CFooter("footer", $g['tmpl']['dir_tmpl_main'] . "_footer.html");$page->add($footer);$register = new CJoinForm("join", null);$page->add($register);include("./_include/core/main_close.php");?>

Thanks

Link to comment
Share on other sites

May I see the code for security-image.php?Where in your script are you checking if the user entered the correct security code or not?Also, on your login page, you should never store the user's password in a cookie.

Link to comment
Share on other sites

  • 2 weeks later...
May I see the code for security-image.php?Where in your script are you checking if the user entered the correct security code or not?Also, on your login page, you should never store the user's password in a cookie.
Sorry for the delay in replying my computer was playing up. I'm checking the input in the same file that the security image is in.The code for that is:
<?php$area = "public";include("./_include/core/main_start.php");class CIndex extends CHtmlBlock{	var $message = "";	function action()	{		global $g;		global $l;		$cmd = get_param("cmd", "");		if ($cmd == "please_login")		{			$this->message = $l['join.php']['please_login'] . "<br>";		}		if ($cmd == "sent")		{			$this->message = $l['join.php']['was_sent'] . "<br>";		}		elseif ($cmd == "login")		{			$name = get_param("user", "");			$password = get_param("password", "");			$this->message = "";			$id = DB::result("SELECT user_id FROM user WHERE name=" . to_sql($name, "Text") . " and (password=" . to_sql($password, "Text") . " OR password=" . to_sql(md5($password), "Text") . ");");			if ($id == 0)			{				$this->message .= $l['join.php']['incorrect_username'] . "<br>";			}			if ($this->message == "")			{				set_session("user_id", $id);				set_session("user_id_verify", $id);				#print_r($_SESSION);				if (get_param("remember", "") != "")				{					set_cookie("c_user", $name, -1);					set_cookie("c_password", $password, -1);				}				else				{					set_cookie("c_user", "", -1);					set_cookie("c_password", "", -1);				}				DB::execute("UPDATE user SET last_ip=" . to_sql($_SERVER['REMOTE_ADDR'], "Text") . " WHERE user_id=" . $id . "");				redirect("home.php");			}		}		elseif (get_cookie("c_user") != "" and get_cookie("c_password") != "")		{			if (get_session("user_id") != "")			{				redirect("home.php");			}			$name = get_cookie("c_user");			$password = get_cookie("c_password");			$this->message = "";			$id = DB::result("SELECT user_id FROM user WHERE name=" . to_sql($name, "Text") . " and (password=" . to_sql($password, "Text") . " OR password=" . to_sql(md5($password), "Text") . ");");			if ($id == "")			{				$this->message .= $l['join.php']['incorrect_username'] . "<br>";			}			if ($this->message == "")			{				set_session("user_id", $id);				set_session("user_id_verify", $id);				DB::execute("UPDATE user SET last_ip='" . $_SERVER['REMOTE_ADDR'] . "' WHERE user_id=" . $id . "");				redirect("home.php");			}		}		if (get_session("user_id") != "")		{			redirect("home.php");		}		global $m;		$m = $this->message;	}	function parseBlock(&$html)	{		global $g_info;		foreach ($g_info as $k => $v) $html->setvar($k, $v);		$html->setvar("login_message", $this->message);		parent::parseBlock($html);	}}class CJoinForm extends CHtmlBlock{	var $message = "";	var $login = "";	function init()	{		global $g;		global $l;		global $gc;		$name = get_param("join_handle", "");		$pass = get_param("join_password", "");		$pass2 = get_param("verify_password", "");		$mail = get_param("email", "");		$mail2 = get_param("verify_email", "");		$captcha = get_param("code", "");		$this->message = "";		if (strtoupper($captcha) != $_SESSION['code'])		{			$this->message .= $l['join.php']['incorrect_security_code'] . "<br>";		}		if (strlen($name) < 4 or strlen($name) > 20 or strpos($name, "'") !== false)		{			$this->message .= $l['join.php']['another_username'] . "<br>";		}		if ($mail != $mail2 or strlen($mail) > 100 or !preg_match("/^[a-zA-Z-_\.0-9]{1,100}@[a-zA-Z-_\.0-9]{1,100}\.[a-zA-Z-_\.0-9]{1,100}$/", $mail))		{			$this->message .= $l['join.php']['incorrect_email'] . "<br>";		}		if ($pass != $pass2 or strlen($pass) > 15 or strlen($pass) < 6 or strpos($pass, "'") !== false)		{			$this->message .= $l['join.php']['incorrect_password'] . "<br>";		}		if (DB::result("SELECT user_id FROM user WHERE name=" . to_sql($name, "Text") . ";") != "")		{			$this->message .= $l['join.php']['exists_username'] . "<br>";		}		if (DB::result("SELECT user_id FROM user WHERE mail=" . to_sql($mail, "Text") . ";") != "")		{			$this->message .= $l['join.php']['exists_email'] . "<br>";		}		$month = (int) get_param("month", 1);		$day = (int) get_param("day", 1);		$year = (int) get_param("year", 1980);		if ($month < 1 or $month > 12 or $day < 1 or $day > 31 or $year < 1906 or $year > date("Y") - $g['options']['users_age'] + 1)		{			$this->message .= $l['join.php']['incorrect_date'] . "<br>";		}		if ($this->message == "")		{			set_session("j_name", $name);			set_session("j_password", $pass);			set_session("j_mail", $mail);			set_session("j_month", $month);			set_session("j_day", $day);			set_session("j_year", $year);			set_session("j_country", get_param("country", 1));			set_session("j_orientation", get_param("orientation", 1));			if ($g['options']['fast_join'] == "N" and isset($gc) and $gc) redirect("join_space.php");			elseif ($g['options']['fast_join'] == "N") redirect("join2.php");			else			{				$this->add_user();				#echo get_session("user_id");				redirect("home.php");			}		}	}	function add_user()	{		$partner = (int) get_session("partner");		global $g;		DB::execute("			UPDATE partner SET			account=(account+" . to_sql($g['options']['partner_price_user'], "Number") . "),			summary=(summary+" . to_sql($g['options']['partner_price_user'], "Number") . "),			count_users=(count_users+1)			WHERE partner_id=" . $partner . "		");		$p_partner = DB::result("SELECT p_partner FROM partner WHERE partner_id=" . $partner . "");		$plus = ($g['options']['partner_percent_ref'] / 100) * $g['options']['partner_price_user'];		DB::execute("			UPDATE partner SET			account=(account+" . $plus . "),			summary=(summary+" . $plus . ")			WHERE partner_id='" . $p_partner . "'		");		$country = DB::result("SELECT country_title FROM geo_country WHERE country_id=" . to_sql(get_session("j_country"), "Number") . "");		DB::execute("INSERT INTO email SET mail=" . to_sql(get_session("j_mail"), "Text") . "");		DB::execute("			INSERT INTO user			SET			partner=" . $partner . ",			gold_days=0,			name=" . to_sql(get_session("j_name"), "Text") . ",			orientation=" . to_sql(get_session("j_orientation"), "Number") . ",			p_orientation=" . to_sql(DB::result("SELECT search FROM const_orientation WHERE id=" . to_sql(get_session("j_orientation"), "Number")), "Number") . ",			gender=" . to_sql(DB::result("SELECT gender FROM const_orientation WHERE id=" . to_sql(get_session("j_orientation"), "Number")), "Text") . ",			mail=" . to_sql(get_session("j_mail"), "Text") . ",			password=" . to_sql($g['options']['md5'] == "Y" ? md5(get_session("j_password")) : get_session("j_password"), "Text") . ",			country_id=" . to_sql(get_session("j_country"), "Number") . ",			country=" . to_sql($country, "Text") . ",			birth=" . to_sql(get_session("j_year") . "-" . get_session("j_month") . "-" .  get_session("j_day"), "Text") . ",			horoscope=" . to_sql(zodiac(get_session("j_year") . "-" . get_session("j_month") . "-" .  get_session("j_day")), "Number") . ",			p_horoscope=0,			active='Y',			active_code='',			hide_time='0',			register='" . date('Y-m-d H:i:s') . "',			last_visit='" . date('Y-m-d H:i:s') . "',			last_ip='',			set_email_mail='2',			set_email_interest='2' 		");		global $user_id;		$user_id = DB::insert_id();		DB::execute("			INSERT INTO userinfo			SET			user_id=" . $user_id . " 		");		DB::execute("			INSERT INTO userpartner			SET			user_id=" . $user_id . " 		");		DB::execute("DELETE FROM zforum_users WHERE id=".$user_id.";");		DB::execute("			INSERT INTO zforum_users			(id,username, group_id, password, email, email_setting, save_pass, registered)			VALUES(".			$user_id.",".			to_sql(get_session("j_name"), "Text").			", 4, ".			to_sql(get_session("j_password"), "Text").			", ".			to_sql(get_session("j_mail"), "Text").			", 1 , 1 ,1".			");"		);				ini_set("sendmail_from", " info@dateorchat.com ");		$subject = DB::result("SELECT subject FROM email_auto WHERE note='join'");		$text = DB::result("SELECT text FROM email_auto WHERE note='join'");		$subject = str_replace("{title}", $g['main']['title'], $subject);		$text = str_replace("{title}", $g['main']['title'], $text);		$text = str_replace("{name}", get_session("j_name"), $text);		$text = str_replace("{password}", get_session("j_password"), $text);		send_mail(			get_session("j_mail"),			$g['main']['info_mail'],			$subject,			$text		);		#session_unset();		set_session("user_id", $user_id);		set_session("user_id_verify", $user_id);	}	function parseBlock(&$html)	{		global $g;		global $g_info;		global $l;		foreach ($g_info as $k => $v) $html->setvar($k, $v);		$name = get_param("join_handle", "");		$pass = get_param("join_password", "");		$pass2 = get_param("verify_password", "");		$mail = get_param("email", "");		$mail2 = get_param("verify_email", "");		$captcha = get_param("code", "");		$html->setvar("join_handle", $name);		$html->setvar("join_password", $pass);		$html->setvar("verify_password", $pass2);		$html->setvar("email", $mail);		$html->setvar("verify_email", $mail2);		$html->setvar("code", $captcha);		if ($name != "") $html->setvar("join_message", $this->message);		$m = array(			1 => isset($l['all']['january']) ? $l['all']['january'] : 'January',			2 => isset($l['all']['february']) ? $l['all']['february'] : 'February',			3 => isset($l['all']['march']) ? $l['all']['march'] : 'March',			4 => isset($l['all']['april']) ? $l['all']['april'] : 'April',			5 => isset($l['all']['may']) ? $l['all']['may'] : 'May',			6 => isset($l['all']['june']) ? $l['all']['june'] : 'June',			7 => isset($l['all']['july']) ? $l['all']['july'] : 'July',			8 => isset($l['all']['august']) ? $l['all']['august'] : 'August',			9 => isset($l['all']['september']) ? $l['all']['september'] : 'September',			10 => isset($l['all']['october']) ? $l['all']['october'] : 'October',			11 => isset($l['all']['november']) ? $l['all']['november'] : 'November',			12 => isset($l['all']['december']) ? $l['all']['december'] : 'December',		);		$html->setvar("month_options", h_options($m, get_param("month", 1)));		$html->setvar("day_options", n_options(1, 31, get_param("day", 1)));		$html->setvar("year_options", n_options(date("Y") - $g['options']['users_age_max'], date("Y") - $g['options']['users_age'] + 1, get_param("year", date("Y") - $g['options']['users_age'])));		$html->setvar("country_options", DB::db_options("SELECT country_id, country_title FROM geo_country WHERE country_id in (1,2,3)" , 3) . DB::db_options("SELECT country_id, country_title FROM geo_country ORDER BY country_title" , ""));		$html->setvar("orientation_options", DB::db_options("SELECT id, title FROM const_orientation", get_param("orientation", "")));		parent::parseBlock($html);	}}$page = new CIndex("", $g['tmpl']['dir_tmpl_main'] . "jointest.html");$header = new CHeader("header", $g['tmpl']['dir_tmpl_main'] . "_header_join.html");$page->add($header);$footer = new CFooter("footer", $g['tmpl']['dir_tmpl_main'] . "_footer.html");$page->add($footer);$register = new CJoinForm("join", null);$page->add($register);include("./_include/core/main_close.php");?>

and the security image code is:

<?php   // include security image class   require('includes/security-image.inc.php');     // start PHP session   session_start();     // get parameters   isset($_GET['width']) ? $iWidth = (int)$_GET['width'] : $iWidth = 180;   isset($_GET['height']) ? $iHeight = (int)$_GET['height'] : $iHeight = 60;     // create new image   $oSecurityImage = new SecurityImage($iWidth, $iHeight);   $oSecurityImage->Create(); // Whoops, forgot this line!	  // assign corresponding code to session variable	  // for checking against user entered value	  $_SESSION['code'] = $oSecurityImage->GetCode();?>

and the security-image.inc.php code is:

<?php   class SecurityImage {	  var $oImage;	  var $iWidth;	  var $iHeight;	  var $iNumChars;	  var $iNumLines;	  var $iSpacing;	  var $sCode;	  	  function SecurityImage($iWidth = 150, $iHeight = 30, $iNumChars = 5, $iNumLines = 30) {		 // get parameters		 $this->iWidth = $iWidth;		 $this->iHeight = $iHeight;		 $this->iNumChars = $iNumChars;		 $this->iNumLines = $iNumLines;		 		 // create new image		 $this->oImage = imagecreate($iWidth, $iHeight);		 		 // allocate white background colour		 imagecolorallocate($this->oImage, 255, 255, 255);		 		 // calculate spacing between characters based on width of image		 $this->iSpacing = (int)($this->iWidth / $this->iNumChars);	  }	  	  function DrawLines() {		 for ($i = 0; $i < $this->iNumLines; $i++) {			$iRandColour = rand(190, 250);			$iLineColour = imagecolorallocate($this->oImage, $iRandColour, $iRandColour, $iRandColour);			imageline($this->oImage, rand(0, $this->iWidth), rand(0, $this->iHeight), rand(0, $this->iWidth), rand(0, $this->iHeight), $iLineColour);		 }	  }	  	  function GenerateCode() {		 // reset code		 $this->sCode = '';		 		 // loop through and generate the code letter by letter		 for ($i = 0; $i < $this->iNumChars; $i++) {			// select random character and add to code string			$this->sCode .= chr(rand(65, 90));						/********************************************/			/* alternatively replace the line above	 */			/* with the following code to enable		*/			/* support for arbitrary characters		 */			/********************************************/						// characters to use			// $aChars = array('A', 'B', 'C', '3', 'g');						// get number of characters			// $iTotal = count($aChars) - 1;			// get random index			// $iIndex = rand(0, $iTotal);			// add selected character to code string			// $this->sCode .= $aChars[$iIndex];						/********************************************/			/* End of optional code					 */			/********************************************/		 }	  }	  	  function DrawCharacters() {		 // loop through and write out selected number of characters		 $_SESSION['code'] = $this->sCode;		 for ($i = 0; $i < strlen($this->sCode); $i++) {			// select random font			$iCurrentFont = rand(1, 5);			$size = rand(12, 16);						// select random greyscale colour			$iRandColour = rand(0, 128);			$iTextColour = imagecolorallocate($this->oImage, $iRandColour, $iRandColour, $iRandColour);						// write text to image			imagestring($this->oImage, $iCurrentFont, $this->iSpacing / 3 + $i * $this->iSpacing, ($this->iHeight - imagefontheight($iCurrentFont)) / 2, $this->sCode[$i], $iTextColour);		 }	  }	  	  function Create($sFilename = '') {		 // check for existance of GD PNG library		 if (!function_exists('imagepng')) {			return false;		 }				 $this->DrawLines();		 $this->GenerateCode();		 $this->DrawCharacters();				 // write out image to file or browser		 if ($sFilename != '') {			// write stream to file			imagepng($this->oImage, $sFilename);		 } else {			// tell browser that data is png			header('Content-type: image/png');						// write stream to browser			imagepng($this->oImage);		 }				 // free memory used in creating image		 imagedestroy($this->oImage);				 return true;	  }	  	  function GetCode() {		 return $this->sCode;	  }   }?>

Thanks for helping

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...