Jump to content

Security image not working..... :(


unplugged_web
 Share

Recommended Posts

I wonder if somebody could help me please. I'm trying to get a security image to work on a form, but the form is being sent without the image being checked. I think that it's got something to do with:

class CJoinForm extends CHtmlBlock{	var $message = "";	var $login = "";	function init()	{		global $g;		global $l;		global $gc;		$name = get_param("join_handle", "");		$pass = get_param("join_password", "");		$pass2 = get_param("verify_password", "");		$mail = get_param("email", "");		$mail2 = get_param("verify_email", "");		$captcha = get_param("code", "");		$this->message = "";		if (strtoupper($captcha) != $_SESSION['code'])		{			$this->message .= $l['join.php']['incorrect_security_code'] . "<br>";		}		if (strlen($name) < 4 or strlen($name) > 20 or strpos($name, "'") !== false)		{			$this->message .= $l['join.php']['another_username'] . "<br>";		}		if ($mail != $mail2 or strlen($mail) > 100 or !preg_match("/^[a-zA-Z-_\.0-9]{1,100}@[a-zA-Z-_\.0-9]{1,100}\.[a-zA-Z-_\.0-9]{1,100}$/", $mail))		{			$this->message .= $l['join.php']['incorrect_email'] . "<br>";		}		if ($pass != $pass2 or strlen($pass) > 15 or strlen($pass) < 6 or strpos($pass, "'") !== false)		{			$this->message .= $l['join.php']['incorrect_password'] . "<br>";		}		if (DB::result("SELECT user_id FROM user WHERE name=" . to_sql($name, "Text") . ";") != "")		{			$this->message .= $l['join.php']['exists_username'] . "<br>";		}		if (DB::result("SELECT user_id FROM user WHERE mail=" . to_sql($mail, "Text") . ";") != "")		{			$this->message .= $l['join.php']['exists_email'] . "<br>";		}		$month = (int) get_param("month", 1);		$day = (int) get_param("day", 1);		$year = (int) get_param("year", 1980);		if ($month < 1 or $month > 12 or $day < 1 or $day > 31 or $year < 1906 or $year > date("Y") - $g['options']['users_age'] + 1)		{			$this->message .= $l['join.php']['incorrect_date'] . "<br>";		}		if ($this->message == "")		{			set_session("j_name", $name);			set_session("j_password", $pass);			set_session("j_mail", $mail);			set_session("j_month", $month);			set_session("j_day", $day);			set_session("j_year", $year);			set_session("j_country", get_param("country", 1));			set_session("j_orientation", get_param("orientation", 1));			if ($g['options']['fast_join'] == "N" and isset($gc) and $gc) redirect("join_space.php");			elseif ($g['options']['fast_join'] == "N") redirect("join2.php");			else			{				$this->add_user();				#echo get_session("user_id");				redirect("profile.php");			}		}	}	function add_user()	{		$partner = (int) get_session("partner");		global $g;		DB::execute("			UPDATE partner SET			account=(account+" . to_sql($g['options']['partner_price_user'], "Number") . "),			summary=(summary+" . to_sql($g['options']['partner_price_user'], "Number") . "),			count_users=(count_users+1)			WHERE partner_id=" . $partner . "		");		$p_partner = DB::result("SELECT p_partner FROM partner WHERE partner_id=" . $partner . "");		$plus = ($g['options']['partner_percent_ref'] / 100) * $g['options']['partner_price_user'];		DB::execute("			UPDATE partner SET			account=(account+" . $plus . "),			summary=(summary+" . $plus . ")			WHERE partner_id='" . $p_partner . "'		");		$country = DB::result("SELECT country_title FROM geo_country WHERE country_id=" . to_sql(get_session("j_country"), "Number") . "");		DB::execute("INSERT INTO email SET mail=" . to_sql(get_session("j_mail"), "Text") . "");		DB::execute("			INSERT INTO user			SET			partner=" . $partner . ",			gold_days=30,			name=" . to_sql(get_session("j_name"), "Text") . ",			orientation=" . to_sql(get_session("j_orientation"), "Number") . ",			p_orientation=" . to_sql(DB::result("SELECT search FROM const_orientation WHERE id=" . to_sql(get_session("j_orientation"), "Number")), "Number") . ",			gender=" . to_sql(DB::result("SELECT gender FROM const_orientation WHERE id=" . to_sql(get_session("j_orientation"), "Number")), "Text") . ",			mail=" . to_sql(get_session("j_mail"), "Text") . ",			password=" . to_sql($g['options']['md5'] == "Y" ? md5(get_session("j_password")) : get_session("j_password"), "Text") . ",			country_id=" . to_sql(get_session("j_country"), "Number") . ",			country=" . to_sql($country, "Text") . ",			birth=" . to_sql(get_session("j_year") . "-" . get_session("j_month") . "-" .  get_session("j_day"), "Text") . ",			horoscope=" . to_sql(zodiac(get_session("j_year") . "-" . get_session("j_month") . "-" .  get_session("j_day")), "Number") . ",			p_horoscope=0,			active='Y',			active_code='',			hide_time='0',			register='" . date('Y-m-d H:i:s') . "',			last_visit='" . date('Y-m-d H:i:s') . "',			last_ip='',			set_email_mail='2',			set_email_interest='2' 		");		global $user_id;		$user_id = DB::insert_id();		DB::execute("			INSERT INTO userinfo			SET			user_id=" . $user_id . " 		");		DB::execute("			INSERT INTO userpartner			SET			user_id=" . $user_id . " 		");		DB::execute("DELETE FROM zforum_users WHERE id=".$user_id.";");		DB::execute("			INSERT INTO zforum_users			(id,username, group_id, password, email, email_setting, save_pass, registered)			VALUES(".			$user_id.",".			to_sql(get_session("j_name"), "Text").			", 4, ".			to_sql(get_session("j_password"), "Text").			", ".			to_sql(get_session("j_mail"), "Text").			", 1 , 1 ,1".			");"		);				ini_set("sendmail_from", " info@dateorchat.com ");		$subject = DB::result("SELECT subject FROM email_auto WHERE note='join'");		$text = DB::result("SELECT text FROM email_auto WHERE note='join'");		$subject = str_replace("{title}", $g['main']['title'], $subject);		$text = str_replace("{title}", $g['main']['title'], $text);		$text = str_replace("{name}", get_session("j_name"), $text);		$text = str_replace("{password}", get_session("j_password"), $text);		send_mail(			get_session("j_mail"),			$g['main']['info_mail'],			$subject,			$text		);		#session_unset();		set_session("user_id", $user_id);		set_session("user_id_verify", $user_id);	}	function parseBlock(&$html)	{		global $g;		global $g_info;		global $l;		foreach ($g_info as $k => $v) $html->setvar($k, $v);		$name = get_param("join_handle", "");		$pass = get_param("join_password", "");		$pass2 = get_param("verify_password", "");		$mail = get_param("email", "");		$mail2 = get_param("verify_email", "");		$captcha = get_param("code", "");		$html->setvar("join_handle", $name);		$html->setvar("join_password", $pass);		$html->setvar("verify_password", $pass2);		$html->setvar("email", $mail);		$html->setvar("verify_email", $mail2);		$html->setvar("code", $captcha);		if ($name != "") $html->setvar("join_message", $this->message);		$m = array(			1 => isset($l['all']['january']) ? $l['all']['january'] : 'January',			2 => isset($l['all']['february']) ? $l['all']['february'] : 'February',			3 => isset($l['all']['march']) ? $l['all']['march'] : 'March',			4 => isset($l['all']['april']) ? $l['all']['april'] : 'April',			5 => isset($l['all']['may']) ? $l['all']['may'] : 'May',			6 => isset($l['all']['june']) ? $l['all']['june'] : 'June',			7 => isset($l['all']['july']) ? $l['all']['july'] : 'July',			8 => isset($l['all']['august']) ? $l['all']['august'] : 'August',			9 => isset($l['all']['september']) ? $l['all']['september'] : 'September',			10 => isset($l['all']['october']) ? $l['all']['october'] : 'October',			11 => isset($l['all']['november']) ? $l['all']['november'] : 'November',			12 => isset($l['all']['december']) ? $l['all']['december'] : 'December',		);		$html->setvar("month_options", h_options($m, get_param("month", 1)));		$html->setvar("day_options", n_options(1, 31, get_param("day", 1)));		$html->setvar("year_options", n_options(date("Y") - $g['options']['users_age_max'], date("Y") - $g['options']['users_age'] + 1, get_param("year", date("Y") - $g['options']['users_age'])));		$html->setvar("country_options", DB::db_options("SELECT country_id, country_title FROM geo_country WHERE country_id in (1,2,3)" , 3) . DB::db_options("SELECT country_id, country_title FROM geo_country ORDER BY country_title" , ""));		$html->setvar("orientation_options", DB::db_options("SELECT id, title FROM const_orientation", get_param("orientation", "")));		parent::parseBlock($html);	}}

but

if (strtoupper($captcha) != $_SESSION['code'])		{			$this->message .= $l['join.php']['incorrect_security_code'] . "<br>";		}

in particular.If I suppress the E_NOTICE errors then the page loads otherwise I just get an error saying the 'code' is an undefined index. I've searched through the site and can't find a get_param functionThis is at the bottom of the page:

$page = new CIndex("", $g['tmpl']['dir_tmpl_main'] . "jointest.html");$header = new CHeader("header", $g['tmpl']['dir_tmpl_main'] . "_header.php");$page->add($header);$footer = new CFooter("footer", $g['tmpl']['dir_tmpl_main'] . "_footer.php");$page->add($footer);$register = new CJoinForm("join", null);$page->add($register);

I know what $header and $footer refer to but am not sure about $register. Thanks

Link to comment
Share on other sites

If $_SESSION['code'] is not set (if that's the line the notice is complaining about) then it sounds like the captcha isn't being saved when it's being printed on the form. I don't see in the code there where it's creating the captcha code, adding the image to the form, and saving the code in the session. That's probably somewhere else.

Link to comment
Share on other sites

If $_SESSION['code'] is not set (if that's the line the notice is complaining about) then it sounds like the captcha isn't being saved when it's being printed on the form. I don't see in the code there where it's creating the captcha code, adding the image to the form, and saving the code in the session. That's probably somewhere else.
The actual form itself is:
<form name="JoinForm" method="post" action="{url_main}join.php" onsubmit="return validateJoinForm();">						<div  class="signup_header_big" style="padding-top: 15px; padding-right: 14px; text-align: right; background-image: url({url_tmpl_main}images/join_top.jpg); background-repeat: no-repeat;">Sign up  for free! </div>						<div id="join" style="padding-bottom: 10px; padding-top: 5px; background-image: url({url_tmpl_main}images/join_content.jpg);">						<div style="color: #FF0000; font-weight: bold; font-size: 11px; padding-right: 10px;">{join_message}</div><br />						<label for="username">{l_username}:</label><input type="text" id="username" name="join_handle" value="{join_handle}" /><br />						<label for="create-password">{l_create_password}:</label><input type="password" id="create-password" name="join_password" value="{join_password}" /><br />						<label for="re-password">{l_reenter_password}:</label><input type="password" id="re-password" name="verify_password" value="{join_password}" /><br />						<label for="email">{l_email}:</label><input type="text" id="email" name="email" value="{email}" /><br />						<label for="re-email">{l_reemail}:</label><input type="text" id="re-email" name="verify_email" value="{email}" /><br />						<label for="iam">{l_i_am}:</label>							<select name="orientation" id="iam">								 {orientation_options}							</select>						<br />						<label for="from">{l_from}:</label>							<select name="country" id="from">								 <option value="-1" selected="selected">{l_country_select}</option>								 {country_options}							</select>						<br />						<label for="month">{l_born_on}:</label>							<select name="month" id="month" onchange="updateDay('month','JoinForm','year','month','day')">								{month_options}							</select>							<select name="day" id="day">								{day_options}							</select>							<select name="year" id="year" onchange="updateDay('year','JoinForm','year','month','day')">								{year_options}							</select>							<br />						</div>						<div id="terms" style="padding-right: 10px; width: 352px; background-image: url({url_tmpl_main}images/join_content.jpg);"><input name="privacy_policy" type="checkbox" value="true" id="agree" checked> <label for="agree"> {l_i_agree} <a href="java script:winpop('{url_tmpl_main}popup/term_cond.html','960','600','yes');">{l_terms_and_conditions}</a> and <a href="java script:winpop('{url_tmpl_main}popup/priv_policy.html','960','600','yes');">{l_privacy_policy}</a> <br /></label><div id="security" style="padding: 5px 0 5px 0;"><img src="../../../Code/security-image.php?width=180" width="180" height="60" alt="Security Image" /></div>		 <label for="code">Enter the characters shown above: </label><input type="text" name="code" id="code" value="{code}" /></div><div id="terms" style="padding-right: 10px; height: 50px; width: 352px; background-image: url({url_tmpl_main}images/join_bottom.jpg); background-repeat: no-repeat;"><input type="button" value="" onclick="submitJoinForm();" class="button-join" style=" margin-right: 13px; margin-top: 5px; cursor: pointer; cursor: hand;" /></div>					</form>

It has a JavaScript validator which is:

			<script language="JavaScript" type="text/javascript">			  function onValidateJoinForm() {				var form = document.forms['JoinForm'];				if (!(validateRequiredField(form['join_handle'], '{l_username}'))) {				  return false;				}				if (!(validateMinLength(form['join_handle'], '{l_username}','4'))) {				  return false;				}				if (!(validateMaxLength(form['join_handle'], '{l_username}','20'))) {				  return false;				}				if (!(validateAlphaNumeric(form['join_handle'], '{l_username}'))) {				  return false;				}				if (!(validateRequiredField(form['join_handle'], '{l_username}'))) {				  return false;				}				if (!(validateMinLength(form['join_handle'], '{l_username}','4'))) {				  return false;				}				if (!(validateMaxLength(form['join_handle'], '{l_username}','20'))) {				  return false;				}				if (!(validateAlphaNumeric(form['join_handle'], '{l_username}'))) {				  return false;				}				if (!(validateRequiredField(form['join_password'], '{l_password}'))) {				  return false;				}				if (!(validateMinLength(form['join_password'], '{l_password}','6'))) {				  return false;				}				if (!(validateMaxLength(form['join_password'], '{l_password}','15'))) {				  return false;				}				if (!(validateAlphaNumeric(form['join_password'], '{l_password}'))) {				  return false;				}				if (!(validateRequiredField(form['join_password'], '{l_password}'))) {				  return false;				}				if (!(validateMinLength(form['join_password'], '{l_password}','6'))) {				  return false;				}				if (!(validateMaxLength(form['join_password'], '{l_password}','15'))) {				  return false;				}				if (!(validateAlphaNumeric(form['join_password'], '{l_password}'))) {				  return false;				}				if (!(validateNotTwoFields(form['join_password'],'{l_password}',form['join_handle'],'{l_username}'))) {				  return false;				}				if (!(validateTwoFields(form['verify_password'],'{l_verify_password}',form['join_password'],'{l_password}'))) {				  return false;				}				if (!(validateRequiredField(form['email'], '{l_email_address}'))) {				  return false;				}				if (!(validateMaxLength(form['email'], '{l_email_address}','100'))) {				  return false;				}				if (!(validateEmailField(form['email'], '{l_email_address}'))) {				  return false;				}				if (!(validateRequiredField(form['verify_email'], '{l_verify_email}'))) {				  return false;				}				if (!(validateMaxLength(form['verify_email'], '{l_verify_email}','100'))) {				  return false;				}				if (!(validateEmailField(form['verify_email'], '{l_verify_email}'))) {				  return false;				}				if (!(validateTwoFields(form['verify_email'],'{l_verify_email}',form['email'],'{l_email_address}'))) {				  return false;				}				if (!(validateRequiredSelect(form['orientation'],'{l_orientation}','00'))) {				  return false;				}				if (!(validateRequiredField(form['orientation'], '{l_orientation}', '00'))) {				  return false;				}				if (!(validateRequiredSelect(form['country'],'{l_country}','-1'))) {				  return false;				}				if (!(validateRequiredField(form['country'], '{l_country}', '-1'))) {				  return false;				}				if (!(validateRequiredField(form['month'], '{l_month}'))) {				  return false;				}				if (!(validateRequiredField(form['day'], '{l_day}'))) {				  return false;				}				if (!(validateRequiredField(form['year'], '{l_year}'))) {				  return false;				}				if (!(validateRequiredCheckbox(form['privacy_policy'],'','{l_agree_privete_policy}'))) {				  return false;				}				if (!(validateRequiredField(form['code'], 'The security code'))) {				  return false;				}				return true;			  }			  function validateJoinForm() {				blockSubmission = true;				 if (typeof beforeJoinFormValidation != 'undefined') {				   beforeJoinFormValidation();				}				var validated = onValidateJoinForm();				if (validated && (typeof uponSuccessfulJoinFormValidation != 'undefined')) {				  validated = uponSuccessfulJoinFormValidation();				}				else if (!validated && (typeof uponUnsuccessfulJoinFormValidation != 'undefined')) {				  uponUnsuccessfulJoinFormValidation();				}				if (!validated) {				}				return validated;			  }			  function submitJoinForm() {			   if (validateJoinForm()) document.JoinForm.submit();			   else return false;			  }			</script>

but that's it there's nothing else that I can find.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...