king Posted June 19, 2008 Share Posted June 19, 2008 What's the code for this file: 'includes/security-image.inc.php' that you require() in your security-image.phpAlso, you DO have the GD library for PHP right?In your php.ini file, you removed the semicolon in front of:;extension=php_gd2.dllRight? Link to comment Share on other sites More sharing options...
unplugged_web Posted June 19, 2008 Author Share Posted June 19, 2008 What's the code for this file: 'includes/security-image.inc.php' that you require() in your security-image.phpAlso, you DO have the GD library for PHP right?In your php.ini file, you removed the semicolon in front of:;extension=php_gd2.dllRight?The includes/security-mage.inc.php file is:<?php class SecurityImage { var $oImage; var $iWidth; var $iHeight; var $iNumChars; var $iNumLines; var $iSpacing; var $sCode; function SecurityImage($iWidth = 150, $iHeight = 30, $iNumChars = 5, $iNumLines = 30) { // get parameters $this->iWidth = $iWidth; $this->iHeight = $iHeight; $this->iNumChars = $iNumChars; $this->iNumLines = $iNumLines; // create new image $this->oImage = imagecreate($iWidth, $iHeight); // allocate white background colour imagecolorallocate($this->oImage, 255, 255, 255); // calculate spacing between characters based on width of image $this->iSpacing = (int)($this->iWidth / $this->iNumChars); } function DrawLines() { for ($i = 0; $i < $this->iNumLines; $i++) { $iRandColour = rand(190, 250); $iLineColour = imagecolorallocate($this->oImage, $iRandColour, $iRandColour, $iRandColour); imageline($this->oImage, rand(0, $this->iWidth), rand(0, $this->iHeight), rand(0, $this->iWidth), rand(0, $this->iHeight), $iLineColour); } } function GenerateCode() { // reset code $this->sCode = ''; // loop through and generate the code letter by letter for ($i = 0; $i < $this->iNumChars; $i++) { // select random character and add to code string $this->sCode .= chr(rand(65, 90)); /********************************************/ /* alternatively replace the line above */ /* with the following code to enable */ /* support for arbitrary characters */ /********************************************/ // characters to use // $aChars = array('A', 'B', 'C', '3', 'g'); // get number of characters // $iTotal = count($aChars) - 1; // get random index // $iIndex = rand(0, $iTotal); // add selected character to code string // $this->sCode .= $aChars[$iIndex]; /********************************************/ /* End of optional code */ /********************************************/ } } function DrawCharacters() { // loop through and write out selected number of characters for ($i = 0; $i < strlen($this->sCode); $i++) { // select random font $iCurrentFont = rand(1, 5); $size = rand(12, 16); // select random greyscale colour $iRandColour = rand(0, 128); $iTextColour = imagecolorallocate($this->oImage, $iRandColour, $iRandColour, $iRandColour); // write text to image imagestring($this->oImage, $iCurrentFont, $this->iSpacing / 3 + $i * $this->iSpacing, ($this->iHeight - imagefontheight($iCurrentFont)) / 2, $this->sCode[$i], $iTextColour); } } function Create($sFilename = '') { // check for existance of GD GIF library if (!function_exists('imagegif')) { return false; } $this->DrawLines(); $this->GenerateCode(); $this->DrawCharacters(); // write out image to file or browser if ($sFilename != '') { // write stream to file imagegif($this->oImage, $sFilename); } else { // tell browser that data is gif header('Content-type: image/gif'); // write stream to browser imagegif($this->oImage); } // free memory used in creating image imagedestroy($this->oImage); return true; } function GetCode() { return $this->sCode; } }?> and yep, I've definately got the gd library installed. Link to comment Share on other sites More sharing options...
king Posted June 19, 2008 Share Posted June 19, 2008 <?php // include security image class require('includes/security-image.inc.php'); // start PHP session session_start(); // get parameters isset($_GET['width']) ? $iWidth = (int)$_GET['width'] : $iWidth = 180; isset($_GET['height']) ? $iHeight = (int)$_GET['height'] : $iHeight = 60; // create new image $oSecurityImage = new SecurityImage($iWidth, $iHeight); $oSecurityImage->Create(); // Whoops, forgot this line! // assign corresponding code to session variable // for checking against user entered value $_SESSION['code'] = $oSecurityImage->GetCode();?> Try that. Link to comment Share on other sites More sharing options...
unplugged_web Posted June 19, 2008 Author Share Posted June 19, 2008 Okay done that, but I'm afraid we're back to the original error: Error: E_NOTICEURL: http://www.xxxxxx.com/jointest.phpFile: /home/default/xxxxxx.com/user/htdocs/jointest.phpLine: 128Message: Undefined index: code Line 128 is: if (strtoupper($captcha) != $_SESSION['code']) Also the gd extension in the php.ini file is: ; Tell the jpeg decode to libjpeg warnings and try to create; a gd image. The warning will then be displayed as notices; disabled by default;gd.jpeg_ignore_warning = 0; Enable gd extension moduleextension=gd.so Link to comment Share on other sites More sharing options...
king Posted June 20, 2008 Share Posted June 20, 2008 Okay done that, but I'm afraid we're back to the original error:Error: E_NOTICEURL: http://www.xxxxxx.com/jointest.phpFile: /home/default/xxxxxx.com/user/htdocs/jointest.phpLine: 128Message: Undefined index: code Line 128 is: if (strtoupper($captcha) != $_SESSION['code']) Also the gd extension in the php.ini file is: ; Tell the jpeg decode to libjpeg warnings and try to create; a gd image. The warning will then be displayed as notices; disabled by default;gd.jpeg_ignore_warning = 0; Enable gd extension moduleextension=gd.so Go to function: DrawCharacters() in the scurity-image.inc.php function DrawCharacters() { // loop through and write out selected number of characters $_SESSION['code'] = $this->sCode; for ($i = 0; $i < strlen($this->sCode); $i++) { // select random font $iCurrentFont = rand(1, 5); $size = rand(12, 16); // select random greyscale colour $iRandColour = rand(0, 128); $iTextColour = imagecolorallocate($this->oImage, $iRandColour, $iRandColour, $iRandColour); // write text to image imagestring($this->oImage, $iCurrentFont, $this->iSpacing / 3 + $i * $this->iSpacing, ($this->iHeight - imagefontheight($iCurrentFont)) / 2, $this->sCode[$i], $iTextColour); } } Try that.Edit: Also go to function create(); function Create($sFilename = '') { // check for existance of GD PNG library if (!function_exists('imagepng')) { return false; } $this->DrawLines(); $this->GenerateCode(); $this->DrawCharacters(); // write out image to file or browser if ($sFilename != '') { // write stream to file imagepng($this->oImage, $sFilename); } else { // tell browser that data is png header('Content-type: image/png'); // write stream to browser imagepng($this->oImage); } // free memory used in creating image imagedestroy($this->oImage); return true; } Let's try imagepng(); Your GD version may have problems with the GIF format... Link to comment Share on other sites More sharing options...
unplugged_web Posted June 20, 2008 Author Share Posted June 20, 2008 Go to function: DrawCharacters() in the scurity-image.inc.php function DrawCharacters() { // loop through and write out selected number of characters $_SESSION['code'] = $this->sCode; for ($i = 0; $i < strlen($this->sCode); $i++) { // select random font $iCurrentFont = rand(1, 5); $size = rand(12, 16); // select random greyscale colour $iRandColour = rand(0, 128); $iTextColour = imagecolorallocate($this->oImage, $iRandColour, $iRandColour, $iRandColour); // write text to image imagestring($this->oImage, $iCurrentFont, $this->iSpacing / 3 + $i * $this->iSpacing, ($this->iHeight - imagefontheight($iCurrentFont)) / 2, $this->sCode[$i], $iTextColour); } } Try that.Edit: Also go to function create(); function Create($sFilename = '') { // check for existance of GD PNG library if (!function_exists('imagepng')) { return false; } $this->DrawLines(); $this->GenerateCode(); $this->DrawCharacters(); // write out image to file or browser if ($sFilename != '') { // write stream to file imagepng($this->oImage, $sFilename); } else { // tell browser that data is png header('Content-type: image/png'); // write stream to browser imagepng($this->oImage); } // free memory used in creating image imagedestroy($this->oImage); return true; } Let's try imagepng(); Your GD version may have problems with the GIF format... Nope sorry I'm still getting the same error. If I don't try and get the php to validate it then the image shows up, but as soon as I try to validate it via php I just get the error saying 'Undefined index' The problem is that without checking the characters somebody has entered it's just an image and not a security deterrent. Link to comment Share on other sites More sharing options...
unplugged_web Posted June 20, 2008 Author Share Posted June 20, 2008 Nope sorry I'm still getting the same error. If I don't try and get the php to validate it then the image shows up, but as soon as I try to validate it via php I just get the error saying 'Undefined index' The problem is that without checking the characters somebody has entered it's just an image and not a security deterrent.Okay, I changed something on the php page and now the image is displaying , but it still isn't checking what somebody has added in to the field. The function is now:function init() { global $g; global $l; global $gc; $name = get_param("join_handle", ""); $pass = get_param("join_password", ""); $pass2 = get_param("verify_password", ""); $mail = get_param("email", ""); $mail2 = get_param("verify_email", ""); $captcha = get_param("code", ""); $this->message = ""; if (strtoupper($captcha) != $_SESSION['code']) { $this->message .= $l['join.php']['incorrect_security_code'] . "<br>"; } if (strlen($name) < 4 or strlen($name) > 20 or strpos($name, "'") !== false) { $this->message .= $l['join.php']['another_username'] . "<br>"; } if ($mail != $mail2 or strlen($mail) > 100 or !preg_match("/^[a-zA-Z-_\.0-9]{1,100}@[a-zA-Z-_\.0-9]{1,100}\.[a-zA-Z-_\.0-9]{1,100}$/", $mail)) { $this->message .= $l['join.php']['incorrect_email'] . "<br>"; } if ($pass != $pass2 or strlen($pass) > 15 or strlen($pass) < 6 or strpos($pass, "'") !== false) { $this->message .= $l['join.php']['incorrect_password'] . "<br>"; } if (DB::result("SELECT user_id FROM user WHERE name=" . to_sql($name, "Text") . ";") != "") { $this->message .= $l['join.php']['exists_username'] . "<br>"; } if (DB::result("SELECT user_id FROM user WHERE mail=" . to_sql($mail, "Text") . ";") != "") { $this->message .= $l['join.php']['exists_email'] . "<br>"; } $month = (int) get_param("month", 1); $day = (int) get_param("day", 1); $year = (int) get_param("year", 1980); if ($month < 1 or $month > 12 or $day < 1 or $day > 31 or $year < 1906 or $year > date("Y") - $g['options']['users_age'] + 1) { $this->message .= $l['join.php']['incorrect_date'] . "<br>"; } if ($this->message == "") { set_session("j_name", $name); set_session("j_password", $pass); set_session("j_mail", $mail); set_session("j_month", $month); set_session("j_day", $day); set_session("j_year", $year); set_session("j_country", get_param("country", 1)); set_session("j_orientation", get_param("orientation", 1)); if ($g['options']['fast_join'] == "N" and isset($gc) and $gc) redirect("join_space.php"); elseif ($g['options']['fast_join'] == "N") redirect("join2.php"); else { $this->add_user(); #echo get_session("user_id"); redirect("home.php"); } } } but $captcha = get_param("code", ""); $this->message = ""; if (strtoupper($captcha) != $_SESSION['code']) { $this->message .= $l['join.php']['incorrect_security_code'] . "<br>"; } is the bit that doesn't seem to be workingThank you for helping me to get this working Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.