unplugged_web Posted June 11, 2008 Share Posted June 11, 2008 I have a form that I'm trying to add a CAPTCHA type security image to because some people are using robots to continually register on the site with. The image appears, but it doesn't seem to work. The form already has a JavaScript validator so that might have something to do with it. The form is: <form method="post" action="{url_main}join.php?cmd=login" id="login-f" class="clearfix"> <div id="join" style=" text-align: left; padding-bottom: 19px; padding-left: 10px; background-image: url({url_tmpl_main}images/login_bottom.jpg); background-repeat: no-repeat;"><br /> <label for="username">{l_username}:</label><input name="user" type="text" id="login" tabindex="1" /><br /> <label for="password">{l_password}: </label><input name="password" type="password" tabindex="2" /><br /> <p><input name="remember" type="checkbox" id="remember" class="chk" value="1" type="checkbox" style="width: 14px; margin-right: 5px; margin-left: 53px;"> <label for="remember">{l_remember_me}</label>| <a href="{url_main}forget_password.php?">{l_forgot_password}</a><input type="submit" value="" class="button-login" style="width: 29px; margin-left: 60px; padding-right: 5px; border: 0px; cursor: pointer; cursor: hand;" /></p> </div> </form> </td><td width="2%"> </td><td width="45%" align="right" valign="top"> <!-- begin_join --><?php // check for posted form if (isset($_POST['login'])) { // see if the code the user typed matched the generated code if (strtoupper($_POST['code']) == $_SESSION['code']) { header("location: jointest.php"); } else { echo 'You have entered the wrong code. Please <a href="index.php">try again</a>.'; } } else { ?> <form name="JoinForm" method="post" action="{url_main}join.php" onsubmit="return validateJoinForm();"> <div class="signup_header_big" style="padding-top: 15px; padding-right: 14px; text-align: right; background-image: url({url_tmpl_main}images/join_top.jpg); background-repeat: no-repeat;">Sign up for free! </div> <div id="join" style="padding-bottom: 10px; padding-top: 5px; background-image: url({url_tmpl_main}images/join_content.jpg);"> <div style="color: #FF0000; font-weight: bold; font-size: 11px; padding-right: 10px;">{join_message}</div><br /> <label for="username">{l_username}:</label><input type="text" id="username" name="join_handle" value="{join_handle}" /><br /> <label for="create-password">{l_create_password}:</label><input type="password" id="create-password" name="join_password" value="{join_password}" /><br /> <label for="re-password">{l_reenter_password}:</label><input type="password" id="re-password" name="verify_password" value="{join_password}" /><br /> <label for="email">{l_email}:</label><input type="text" id="email" name="email" value="{email}" /><br /> <label for="re-email">{l_reemail}:</label><input type="text" id="re-email" name="verify_email" value="{email}" /><br /> <label for="iam">{l_i_am}:</label> <select name="orientation" id="iam"> {orientation_options} </select> <br /> <label for="from">{l_from}:</label> <select name="country" id="from"> <option value="-1" selected="selected">{l_country_select}</option> {country_options} </select> <br /> <label for="month">{l_born_on}:</label> <select name="month" id="month" onchange="updateDay('month','JoinForm','year','month','day')"> {month_options} </select> <select name="day" id="day"> {day_options} </select> <select name="year" id="year" onchange="updateDay('year','JoinForm','year','month','day')"> {year_options} </select> <br /> </div> <div id="security"><img src="../../../Code/security-image.php?width=180" width="180" height="60" alt="Security Image" /></div> <label for="code">Security Image:</label><input type="text" name="code" id="code" value="" /> </div> <div id="terms" style="padding-right: 10px; width: 352px; background-image: url({url_tmpl_main}images/join_content.jpg);"><input name="privacy_policy" type="checkbox" value="true" id="agree" checked> <label for="agree"> {l_i_agree} <a href="java script:winpop('{url_tmpl_main}popup/term_cond.html','960','600','yes');">{l_terms_and_conditions}</a> and <a href="java script:winpop('{url_tmpl_main}popup/priv_policy.html','960','600','yes');">{l_privacy_policy}</a> <br /></label></div><div id="terms" style="padding-right: 10px; height: 50px; width: 352px; background-image: url({url_tmpl_main}images/join_bottom.jpg); background-repeat: no-repeat;"><input type="button" value="" onclick="submitJoinForm();" class="button-join" style=" margin-right: 13px; margin-top: 5px; cursor: pointer; cursor: hand;" /> </form> the JS validator is: <script language="JavaScript" type="text/javascript"> function onValidateJoinForm() { var form = document.forms['JoinForm']; if (!(validateRequiredField(form['join_handle'], '{l_username}'))) { return false; } if (!(validateMinLength(form['join_handle'], '{l_username}','4'))) { return false; } if (!(validateMaxLength(form['join_handle'], '{l_username}','20'))) { return false; } if (!(validateAlphaNumeric(form['join_handle'], '{l_username}'))) { return false; } if (!(validateRequiredField(form['join_handle'], '{l_username}'))) { return false; } if (!(validateMinLength(form['join_handle'], '{l_username}','4'))) { return false; } if (!(validateMaxLength(form['join_handle'], '{l_username}','20'))) { return false; } if (!(validateAlphaNumeric(form['join_handle'], '{l_username}'))) { return false; } if (!(validateRequiredField(form['join_password'], '{l_password}'))) { return false; } if (!(validateMinLength(form['join_password'], '{l_password}','6'))) { return false; } if (!(validateMaxLength(form['join_password'], '{l_password}','15'))) { return false; } if (!(validateAlphaNumeric(form['join_password'], '{l_password}'))) { return false; } if (!(validateRequiredField(form['join_password'], '{l_password}'))) { return false; } if (!(validateMinLength(form['join_password'], '{l_password}','6'))) { return false; } if (!(validateMaxLength(form['join_password'], '{l_password}','15'))) { return false; } if (!(validateAlphaNumeric(form['join_password'], '{l_password}'))) { return false; } if (!(validateNotTwoFields(form['join_password'],'{l_password}',form['join_handle'],'{l_username}'))) { return false; } if (!(validateTwoFields(form['verify_password'],'{l_verify_password}',form['join_password'],'{l_password}'))) { return false; } if (!(validateRequiredField(form['email'], '{l_email_address}'))) { return false; } if (!(validateMaxLength(form['email'], '{l_email_address}','100'))) { return false; } if (!(validateEmailField(form['email'], '{l_email_address}'))) { return false; } if (!(validateRequiredField(form['verify_email'], '{l_verify_email}'))) { return false; } if (!(validateMaxLength(form['verify_email'], '{l_verify_email}','100'))) { return false; } if (!(validateEmailField(form['verify_email'], '{l_verify_email}'))) { return false; } if (!(validateTwoFields(form['verify_email'],'{l_verify_email}',form['email'],'{l_email_address}'))) { return false; } if (!(validateRequiredSelect(form['orientation'],'{l_orientation}','00'))) { return false; } if (!(validateRequiredField(form['orientation'], '{l_orientation}', '00'))) { return false; } if (!(validateRequiredSelect(form['country'],'{l_country}','-1'))) { return false; } if (!(validateRequiredField(form['country'], '{l_country}', '-1'))) { return false; } if (!(validateRequiredField(form['month'], '{l_month}'))) { return false; } if (!(validateRequiredField(form['day'], '{l_day}'))) { return false; } if (!(validateRequiredField(form['year'], '{l_year}'))) { return false; } if (!(validateRequiredCheckbox(form['privacy_policy'],'','{l_agree_privete_policy}'))) { return false; } return true; } function validateJoinForm() { blockSubmission = true; if (typeof beforeJoinFormValidation != 'undefined') { beforeJoinFormValidation(); } var validated = onValidateJoinForm(); if (validated && (typeof uponSuccessfulJoinFormValidation != 'undefined')) { validated = uponSuccessfulJoinFormValidation(); } else if (!validated && (typeof uponUnsuccessfulJoinFormValidation != 'undefined')) { uponUnsuccessfulJoinFormValidation(); } if (!validated) { } return validated; } function submitJoinForm() { if (validateJoinForm()) document.JoinForm.submit(); else return false; } </script> Link to comment Share on other sites More sharing options...
unplugged_web Posted June 11, 2008 Author Share Posted June 11, 2008 the form is loaded into the page from another php file and the code for that page is: <?php$area = "public";include("./_include/core/main_start.php");class CIndex extends CHtmlBlock{ var $message = ""; function action() { global $g; global $l; $cmd = get_param("cmd", ""); if ($cmd == "please_login") { $this->message = $l['join.php']['please_login'] . "<br>"; } if ($cmd == "sent") { $this->message = $l['join.php']['was_sent'] . "<br>"; } elseif ($cmd == "login") { $name = get_param("user", ""); $password = get_param("password", ""); $this->message = ""; $id = DB::result("SELECT user_id FROM user WHERE name=" . to_sql($name, "Text") . " and (password=" . to_sql($password, "Text") . " OR password=" . to_sql(md5($password), "Text") . ");"); if ($id == 0) { $this->message .= $l['join.php']['incorrect_username'] . "<br>"; } if ($this->message == "") { set_session("user_id", $id); set_session("user_id_verify", $id); #print_r($_SESSION); if (get_param("remember", "") != "") { set_cookie("c_user", $name, -1); set_cookie("c_password", $password, -1); } else { set_cookie("c_user", "", -1); set_cookie("c_password", "", -1); } DB::execute("UPDATE user SET last_ip=" . to_sql($_SERVER['REMOTE_ADDR'], "Text") . " WHERE user_id=" . $id . ""); redirect("home.php"); } } elseif (get_cookie("c_user") != "" and get_cookie("c_password") != "") { if (get_session("user_id") != "") { redirect("home.php"); } $name = get_cookie("c_user"); $password = get_cookie("c_password"); $this->message = ""; $id = DB::result("SELECT user_id FROM user WHERE name=" . to_sql($name, "Text") . " and (password=" . to_sql($password, "Text") . " OR password=" . to_sql(md5($password), "Text") . ");"); if ($id == "") { $this->message .= $l['join.php']['incorrect_username'] . "<br>"; } if ($this->message == "") { set_session("user_id", $id); set_session("user_id_verify", $id); DB::execute("UPDATE user SET last_ip='" . $_SERVER['REMOTE_ADDR'] . "' WHERE user_id=" . $id . ""); redirect("home.php"); } } if (get_session("user_id") != "") { redirect("home.php"); } global $m; $m = $this->message; } function parseBlock(&$html) { global $g_info; foreach ($g_info as $k => $v) $html->setvar($k, $v); $html->setvar("login_message", $this->message); parent::parseBlock($html); }}class CJoinForm extends CHtmlBlock{ var $message = ""; var $login = ""; function init() { global $g; global $l; global $gc; $name = get_param("join_handle", ""); $pass = get_param("join_password", ""); $pass2 = get_param("verify_password", ""); $mail = get_param("email", ""); $mail2 = get_param("verify_email", ""); $this->message = ""; if (strlen($name) < 4 or strlen($name) > 20 or strpos($name, "'") !== false) { $this->message .= $l['join.php']['another_username'] . "<br>"; } if ($mail != $mail2 or strlen($mail) > 100 or !preg_match("/^[a-zA-Z-_\.0-9]{1,100}@[a-zA-Z-_\.0-9]{1,100}\.[a-zA-Z-_\.0-9]{1,100}$/", $mail)) { $this->message .= $l['join.php']['incorrect_email'] . "<br>"; } if ($pass != $pass2 or strlen($pass) > 15 or strlen($pass) < 6 or strpos($pass, "'") !== false) { $this->message .= $l['join.php']['incorrect_password'] . "<br>"; } if (DB::result("SELECT user_id FROM user WHERE name=" . to_sql($name, "Text") . ";") != "") { $this->message .= $l['join.php']['exists_username'] . "<br>"; } if (DB::result("SELECT user_id FROM user WHERE mail=" . to_sql($mail, "Text") . ";") != "") { $this->message .= $l['join.php']['exists_email'] . "<br>"; } $month = (int) get_param("month", 1); $day = (int) get_param("day", 1); $year = (int) get_param("year", 1980); if ($month < 1 or $month > 12 or $day < 1 or $day > 31 or $year < 1906 or $year > date("Y") - $g['options']['users_age'] + 1) { $this->message .= $l['join.php']['incorrect_date'] . "<br>"; } if ($this->message == "") { set_session("j_name", $name); set_session("j_password", $pass); set_session("j_mail", $mail); set_session("j_month", $month); set_session("j_day", $day); set_session("j_year", $year); set_session("j_country", get_param("country", 1)); set_session("j_orientation", get_param("orientation", 1)); if ($g['options']['fast_join'] == "N" and isset($gc) and $gc) redirect("join_space.php"); elseif ($g['options']['fast_join'] == "N") redirect("join2.php"); else { $this->add_user(); #echo get_session("user_id"); redirect("home.php"); } } } function add_user() { $partner = (int) get_session("partner"); global $g; DB::execute(" UPDATE partner SET account=(account+" . to_sql($g['options']['partner_price_user'], "Number") . "), summary=(summary+" . to_sql($g['options']['partner_price_user'], "Number") . "), count_users=(count_users+1) WHERE partner_id=" . $partner . " "); $p_partner = DB::result("SELECT p_partner FROM partner WHERE partner_id=" . $partner . ""); $plus = ($g['options']['partner_percent_ref'] / 100) * $g['options']['partner_price_user']; DB::execute(" UPDATE partner SET account=(account+" . $plus . "), summary=(summary+" . $plus . ") WHERE partner_id='" . $p_partner . "' "); $country = DB::result("SELECT country_title FROM geo_country WHERE country_id=" . to_sql(get_session("j_country"), "Number") . ""); DB::execute("INSERT INTO email SET mail=" . to_sql(get_session("j_mail"), "Text") . ""); DB::execute(" INSERT INTO user SET partner=" . $partner . ", gold_days=0, name=" . to_sql(get_session("j_name"), "Text") . ", orientation=" . to_sql(get_session("j_orientation"), "Number") . ", p_orientation=" . to_sql(DB::result("SELECT search FROM const_orientation WHERE id=" . to_sql(get_session("j_orientation"), "Number")), "Number") . ", gender=" . to_sql(DB::result("SELECT gender FROM const_orientation WHERE id=" . to_sql(get_session("j_orientation"), "Number")), "Text") . ", mail=" . to_sql(get_session("j_mail"), "Text") . ", password=" . to_sql($g['options']['md5'] == "Y" ? md5(get_session("j_password")) : get_session("j_password"), "Text") . ", country_id=" . to_sql(get_session("j_country"), "Number") . ", country=" . to_sql($country, "Text") . ", birth=" . to_sql(get_session("j_year") . "-" . get_session("j_month") . "-" . get_session("j_day"), "Text") . ", horoscope=" . to_sql(zodiac(get_session("j_year") . "-" . get_session("j_month") . "-" . get_session("j_day")), "Number") . ", p_horoscope=0, active='Y', active_code='', hide_time='0', register='" . date('Y-m-d H:i:s') . "', last_visit='" . date('Y-m-d H:i:s') . "', last_ip='', set_email_mail='2', set_email_interest='2' "); global $user_id; $user_id = DB::insert_id(); DB::execute(" INSERT INTO userinfo SET user_id=" . $user_id . " "); DB::execute(" INSERT INTO userpartner SET user_id=" . $user_id . " "); DB::execute("DELETE FROM zforum_users WHERE id=".$user_id.";"); DB::execute(" INSERT INTO zforum_users (id,username, group_id, password, email, email_setting, save_pass, registered) VALUES(". $user_id.",". to_sql(get_session("j_name"), "Text"). ", 4, ". to_sql(get_session("j_password"), "Text"). ", ". to_sql(get_session("j_mail"), "Text"). ", 1 , 1 ,1". ");" ); ini_set("sendmail_from", " info@dateorchat.com "); $subject = DB::result("SELECT subject FROM email_auto WHERE note='join'"); $text = DB::result("SELECT text FROM email_auto WHERE note='join'"); $subject = str_replace("{title}", $g['main']['title'], $subject); $text = str_replace("{title}", $g['main']['title'], $text); $text = str_replace("{name}", get_session("j_name"), $text); $text = str_replace("{password}", get_session("j_password"), $text); send_mail( get_session("j_mail"), $g['main']['info_mail'], $subject, $text ); #session_unset(); set_session("user_id", $user_id); set_session("user_id_verify", $user_id); } function parseBlock(&$html) { global $g; global $g_info; global $l; foreach ($g_info as $k => $v) $html->setvar($k, $v); $name = get_param("join_handle", ""); $pass = get_param("join_password", ""); $pass2 = get_param("verify_password", ""); $mail = get_param("email", ""); $mail2 = get_param("verify_email", ""); $html->setvar("join_handle", $name); $html->setvar("join_password", $pass); $html->setvar("verify_password", $pass2); $html->setvar("email", $mail); $html->setvar("verify_email", $mail2); if ($name != "") $html->setvar("join_message", $this->message); $m = array( 1 => isset($l['all']['january']) ? $l['all']['january'] : 'January', 2 => isset($l['all']['february']) ? $l['all']['february'] : 'February', 3 => isset($l['all']['march']) ? $l['all']['march'] : 'March', 4 => isset($l['all']['april']) ? $l['all']['april'] : 'April', 5 => isset($l['all']['may']) ? $l['all']['may'] : 'May', 6 => isset($l['all']['june']) ? $l['all']['june'] : 'June', 7 => isset($l['all']['july']) ? $l['all']['july'] : 'July', 8 => isset($l['all']['august']) ? $l['all']['august'] : 'August', 9 => isset($l['all']['september']) ? $l['all']['september'] : 'September', 10 => isset($l['all']['october']) ? $l['all']['october'] : 'October', 11 => isset($l['all']['november']) ? $l['all']['november'] : 'November', 12 => isset($l['all']['december']) ? $l['all']['december'] : 'December', ); $html->setvar("month_options", h_options($m, get_param("month", 1))); $html->setvar("day_options", n_options(1, 31, get_param("day", 1))); $html->setvar("year_options", n_options(date("Y") - $g['options']['users_age_max'], date("Y") - $g['options']['users_age'] + 1, get_param("year", date("Y") - $g['options']['users_age']))); $html->setvar("country_options", DB::db_options("SELECT country_id, country_title FROM geo_country WHERE country_id in (1,2,3)" , 3) . DB::db_options("SELECT country_id, country_title FROM geo_country ORDER BY country_title" , "")); $html->setvar("orientation_options", DB::db_options("SELECT id, title FROM const_orientation", get_param("orientation", ""))); parent::parseBlock($html); }}$page = new CIndex("", $g['tmpl']['dir_tmpl_main'] . "jointest.php");$header = new CHeader("header", $g['tmpl']['dir_tmpl_main'] . "_header.php");$page->add($header);$footer = new CFooter("footer", $g['tmpl']['dir_tmpl_main'] . "_footer.html");$page->add($footer);$register = new CJoinForm("join", null);$page->add($register);include("./_include/core/main_close.php");?> Thanks Link to comment Share on other sites More sharing options...
king Posted June 12, 2008 Share Posted June 12, 2008 May I see the code for security-image.php?Where in your script are you checking if the user entered the correct security code or not?Also, on your login page, you should never store the user's password in a cookie. Link to comment Share on other sites More sharing options...
unplugged_web Posted June 26, 2008 Author Share Posted June 26, 2008 May I see the code for security-image.php?Where in your script are you checking if the user entered the correct security code or not?Also, on your login page, you should never store the user's password in a cookie.Sorry for the delay in replying my computer was playing up. I'm checking the input in the same file that the security image is in.The code for that is:<?php$area = "public";include("./_include/core/main_start.php");class CIndex extends CHtmlBlock{ var $message = ""; function action() { global $g; global $l; $cmd = get_param("cmd", ""); if ($cmd == "please_login") { $this->message = $l['join.php']['please_login'] . "<br>"; } if ($cmd == "sent") { $this->message = $l['join.php']['was_sent'] . "<br>"; } elseif ($cmd == "login") { $name = get_param("user", ""); $password = get_param("password", ""); $this->message = ""; $id = DB::result("SELECT user_id FROM user WHERE name=" . to_sql($name, "Text") . " and (password=" . to_sql($password, "Text") . " OR password=" . to_sql(md5($password), "Text") . ");"); if ($id == 0) { $this->message .= $l['join.php']['incorrect_username'] . "<br>"; } if ($this->message == "") { set_session("user_id", $id); set_session("user_id_verify", $id); #print_r($_SESSION); if (get_param("remember", "") != "") { set_cookie("c_user", $name, -1); set_cookie("c_password", $password, -1); } else { set_cookie("c_user", "", -1); set_cookie("c_password", "", -1); } DB::execute("UPDATE user SET last_ip=" . to_sql($_SERVER['REMOTE_ADDR'], "Text") . " WHERE user_id=" . $id . ""); redirect("home.php"); } } elseif (get_cookie("c_user") != "" and get_cookie("c_password") != "") { if (get_session("user_id") != "") { redirect("home.php"); } $name = get_cookie("c_user"); $password = get_cookie("c_password"); $this->message = ""; $id = DB::result("SELECT user_id FROM user WHERE name=" . to_sql($name, "Text") . " and (password=" . to_sql($password, "Text") . " OR password=" . to_sql(md5($password), "Text") . ");"); if ($id == "") { $this->message .= $l['join.php']['incorrect_username'] . "<br>"; } if ($this->message == "") { set_session("user_id", $id); set_session("user_id_verify", $id); DB::execute("UPDATE user SET last_ip='" . $_SERVER['REMOTE_ADDR'] . "' WHERE user_id=" . $id . ""); redirect("home.php"); } } if (get_session("user_id") != "") { redirect("home.php"); } global $m; $m = $this->message; } function parseBlock(&$html) { global $g_info; foreach ($g_info as $k => $v) $html->setvar($k, $v); $html->setvar("login_message", $this->message); parent::parseBlock($html); }}class CJoinForm extends CHtmlBlock{ var $message = ""; var $login = ""; function init() { global $g; global $l; global $gc; $name = get_param("join_handle", ""); $pass = get_param("join_password", ""); $pass2 = get_param("verify_password", ""); $mail = get_param("email", ""); $mail2 = get_param("verify_email", ""); $captcha = get_param("code", ""); $this->message = ""; if (strtoupper($captcha) != $_SESSION['code']) { $this->message .= $l['join.php']['incorrect_security_code'] . "<br>"; } if (strlen($name) < 4 or strlen($name) > 20 or strpos($name, "'") !== false) { $this->message .= $l['join.php']['another_username'] . "<br>"; } if ($mail != $mail2 or strlen($mail) > 100 or !preg_match("/^[a-zA-Z-_\.0-9]{1,100}@[a-zA-Z-_\.0-9]{1,100}\.[a-zA-Z-_\.0-9]{1,100}$/", $mail)) { $this->message .= $l['join.php']['incorrect_email'] . "<br>"; } if ($pass != $pass2 or strlen($pass) > 15 or strlen($pass) < 6 or strpos($pass, "'") !== false) { $this->message .= $l['join.php']['incorrect_password'] . "<br>"; } if (DB::result("SELECT user_id FROM user WHERE name=" . to_sql($name, "Text") . ";") != "") { $this->message .= $l['join.php']['exists_username'] . "<br>"; } if (DB::result("SELECT user_id FROM user WHERE mail=" . to_sql($mail, "Text") . ";") != "") { $this->message .= $l['join.php']['exists_email'] . "<br>"; } $month = (int) get_param("month", 1); $day = (int) get_param("day", 1); $year = (int) get_param("year", 1980); if ($month < 1 or $month > 12 or $day < 1 or $day > 31 or $year < 1906 or $year > date("Y") - $g['options']['users_age'] + 1) { $this->message .= $l['join.php']['incorrect_date'] . "<br>"; } if ($this->message == "") { set_session("j_name", $name); set_session("j_password", $pass); set_session("j_mail", $mail); set_session("j_month", $month); set_session("j_day", $day); set_session("j_year", $year); set_session("j_country", get_param("country", 1)); set_session("j_orientation", get_param("orientation", 1)); if ($g['options']['fast_join'] == "N" and isset($gc) and $gc) redirect("join_space.php"); elseif ($g['options']['fast_join'] == "N") redirect("join2.php"); else { $this->add_user(); #echo get_session("user_id"); redirect("home.php"); } } } function add_user() { $partner = (int) get_session("partner"); global $g; DB::execute(" UPDATE partner SET account=(account+" . to_sql($g['options']['partner_price_user'], "Number") . "), summary=(summary+" . to_sql($g['options']['partner_price_user'], "Number") . "), count_users=(count_users+1) WHERE partner_id=" . $partner . " "); $p_partner = DB::result("SELECT p_partner FROM partner WHERE partner_id=" . $partner . ""); $plus = ($g['options']['partner_percent_ref'] / 100) * $g['options']['partner_price_user']; DB::execute(" UPDATE partner SET account=(account+" . $plus . "), summary=(summary+" . $plus . ") WHERE partner_id='" . $p_partner . "' "); $country = DB::result("SELECT country_title FROM geo_country WHERE country_id=" . to_sql(get_session("j_country"), "Number") . ""); DB::execute("INSERT INTO email SET mail=" . to_sql(get_session("j_mail"), "Text") . ""); DB::execute(" INSERT INTO user SET partner=" . $partner . ", gold_days=0, name=" . to_sql(get_session("j_name"), "Text") . ", orientation=" . to_sql(get_session("j_orientation"), "Number") . ", p_orientation=" . to_sql(DB::result("SELECT search FROM const_orientation WHERE id=" . to_sql(get_session("j_orientation"), "Number")), "Number") . ", gender=" . to_sql(DB::result("SELECT gender FROM const_orientation WHERE id=" . to_sql(get_session("j_orientation"), "Number")), "Text") . ", mail=" . to_sql(get_session("j_mail"), "Text") . ", password=" . to_sql($g['options']['md5'] == "Y" ? md5(get_session("j_password")) : get_session("j_password"), "Text") . ", country_id=" . to_sql(get_session("j_country"), "Number") . ", country=" . to_sql($country, "Text") . ", birth=" . to_sql(get_session("j_year") . "-" . get_session("j_month") . "-" . get_session("j_day"), "Text") . ", horoscope=" . to_sql(zodiac(get_session("j_year") . "-" . get_session("j_month") . "-" . get_session("j_day")), "Number") . ", p_horoscope=0, active='Y', active_code='', hide_time='0', register='" . date('Y-m-d H:i:s') . "', last_visit='" . date('Y-m-d H:i:s') . "', last_ip='', set_email_mail='2', set_email_interest='2' "); global $user_id; $user_id = DB::insert_id(); DB::execute(" INSERT INTO userinfo SET user_id=" . $user_id . " "); DB::execute(" INSERT INTO userpartner SET user_id=" . $user_id . " "); DB::execute("DELETE FROM zforum_users WHERE id=".$user_id.";"); DB::execute(" INSERT INTO zforum_users (id,username, group_id, password, email, email_setting, save_pass, registered) VALUES(". $user_id.",". to_sql(get_session("j_name"), "Text"). ", 4, ". to_sql(get_session("j_password"), "Text"). ", ". to_sql(get_session("j_mail"), "Text"). ", 1 , 1 ,1". ");" ); ini_set("sendmail_from", " info@dateorchat.com "); $subject = DB::result("SELECT subject FROM email_auto WHERE note='join'"); $text = DB::result("SELECT text FROM email_auto WHERE note='join'"); $subject = str_replace("{title}", $g['main']['title'], $subject); $text = str_replace("{title}", $g['main']['title'], $text); $text = str_replace("{name}", get_session("j_name"), $text); $text = str_replace("{password}", get_session("j_password"), $text); send_mail( get_session("j_mail"), $g['main']['info_mail'], $subject, $text ); #session_unset(); set_session("user_id", $user_id); set_session("user_id_verify", $user_id); } function parseBlock(&$html) { global $g; global $g_info; global $l; foreach ($g_info as $k => $v) $html->setvar($k, $v); $name = get_param("join_handle", ""); $pass = get_param("join_password", ""); $pass2 = get_param("verify_password", ""); $mail = get_param("email", ""); $mail2 = get_param("verify_email", ""); $captcha = get_param("code", ""); $html->setvar("join_handle", $name); $html->setvar("join_password", $pass); $html->setvar("verify_password", $pass2); $html->setvar("email", $mail); $html->setvar("verify_email", $mail2); $html->setvar("code", $captcha); if ($name != "") $html->setvar("join_message", $this->message); $m = array( 1 => isset($l['all']['january']) ? $l['all']['january'] : 'January', 2 => isset($l['all']['february']) ? $l['all']['february'] : 'February', 3 => isset($l['all']['march']) ? $l['all']['march'] : 'March', 4 => isset($l['all']['april']) ? $l['all']['april'] : 'April', 5 => isset($l['all']['may']) ? $l['all']['may'] : 'May', 6 => isset($l['all']['june']) ? $l['all']['june'] : 'June', 7 => isset($l['all']['july']) ? $l['all']['july'] : 'July', 8 => isset($l['all']['august']) ? $l['all']['august'] : 'August', 9 => isset($l['all']['september']) ? $l['all']['september'] : 'September', 10 => isset($l['all']['october']) ? $l['all']['october'] : 'October', 11 => isset($l['all']['november']) ? $l['all']['november'] : 'November', 12 => isset($l['all']['december']) ? $l['all']['december'] : 'December', ); $html->setvar("month_options", h_options($m, get_param("month", 1))); $html->setvar("day_options", n_options(1, 31, get_param("day", 1))); $html->setvar("year_options", n_options(date("Y") - $g['options']['users_age_max'], date("Y") - $g['options']['users_age'] + 1, get_param("year", date("Y") - $g['options']['users_age']))); $html->setvar("country_options", DB::db_options("SELECT country_id, country_title FROM geo_country WHERE country_id in (1,2,3)" , 3) . DB::db_options("SELECT country_id, country_title FROM geo_country ORDER BY country_title" , "")); $html->setvar("orientation_options", DB::db_options("SELECT id, title FROM const_orientation", get_param("orientation", ""))); parent::parseBlock($html); }}$page = new CIndex("", $g['tmpl']['dir_tmpl_main'] . "jointest.html");$header = new CHeader("header", $g['tmpl']['dir_tmpl_main'] . "_header_join.html");$page->add($header);$footer = new CFooter("footer", $g['tmpl']['dir_tmpl_main'] . "_footer.html");$page->add($footer);$register = new CJoinForm("join", null);$page->add($register);include("./_include/core/main_close.php");?> and the security image code is: <?php // include security image class require('includes/security-image.inc.php'); // start PHP session session_start(); // get parameters isset($_GET['width']) ? $iWidth = (int)$_GET['width'] : $iWidth = 180; isset($_GET['height']) ? $iHeight = (int)$_GET['height'] : $iHeight = 60; // create new image $oSecurityImage = new SecurityImage($iWidth, $iHeight); $oSecurityImage->Create(); // Whoops, forgot this line! // assign corresponding code to session variable // for checking against user entered value $_SESSION['code'] = $oSecurityImage->GetCode();?> and the security-image.inc.php code is: <?php class SecurityImage { var $oImage; var $iWidth; var $iHeight; var $iNumChars; var $iNumLines; var $iSpacing; var $sCode; function SecurityImage($iWidth = 150, $iHeight = 30, $iNumChars = 5, $iNumLines = 30) { // get parameters $this->iWidth = $iWidth; $this->iHeight = $iHeight; $this->iNumChars = $iNumChars; $this->iNumLines = $iNumLines; // create new image $this->oImage = imagecreate($iWidth, $iHeight); // allocate white background colour imagecolorallocate($this->oImage, 255, 255, 255); // calculate spacing between characters based on width of image $this->iSpacing = (int)($this->iWidth / $this->iNumChars); } function DrawLines() { for ($i = 0; $i < $this->iNumLines; $i++) { $iRandColour = rand(190, 250); $iLineColour = imagecolorallocate($this->oImage, $iRandColour, $iRandColour, $iRandColour); imageline($this->oImage, rand(0, $this->iWidth), rand(0, $this->iHeight), rand(0, $this->iWidth), rand(0, $this->iHeight), $iLineColour); } } function GenerateCode() { // reset code $this->sCode = ''; // loop through and generate the code letter by letter for ($i = 0; $i < $this->iNumChars; $i++) { // select random character and add to code string $this->sCode .= chr(rand(65, 90)); /********************************************/ /* alternatively replace the line above */ /* with the following code to enable */ /* support for arbitrary characters */ /********************************************/ // characters to use // $aChars = array('A', 'B', 'C', '3', 'g'); // get number of characters // $iTotal = count($aChars) - 1; // get random index // $iIndex = rand(0, $iTotal); // add selected character to code string // $this->sCode .= $aChars[$iIndex]; /********************************************/ /* End of optional code */ /********************************************/ } } function DrawCharacters() { // loop through and write out selected number of characters $_SESSION['code'] = $this->sCode; for ($i = 0; $i < strlen($this->sCode); $i++) { // select random font $iCurrentFont = rand(1, 5); $size = rand(12, 16); // select random greyscale colour $iRandColour = rand(0, 128); $iTextColour = imagecolorallocate($this->oImage, $iRandColour, $iRandColour, $iRandColour); // write text to image imagestring($this->oImage, $iCurrentFont, $this->iSpacing / 3 + $i * $this->iSpacing, ($this->iHeight - imagefontheight($iCurrentFont)) / 2, $this->sCode[$i], $iTextColour); } } function Create($sFilename = '') { // check for existance of GD PNG library if (!function_exists('imagepng')) { return false; } $this->DrawLines(); $this->GenerateCode(); $this->DrawCharacters(); // write out image to file or browser if ($sFilename != '') { // write stream to file imagepng($this->oImage, $sFilename); } else { // tell browser that data is png header('Content-type: image/png'); // write stream to browser imagepng($this->oImage); } // free memory used in creating image imagedestroy($this->oImage); return true; } function GetCode() { return $this->sCode; } }?> Thanks for helping Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.