diff options
-rw-r--r-- | includes/common.php | 1 | ||||
-rw-r--r-- | recaptcha-php/LICENSE | 22 | ||||
-rw-r--r-- | recaptcha-php/README | 7 | ||||
-rw-r--r-- | recaptcha-php/example-captcha.php | 37 | ||||
-rw-r--r-- | recaptcha-php/example-mailhide.php | 17 | ||||
-rw-r--r-- | recaptcha-php/recaptchalib.php | 277 | ||||
-rw-r--r-- | registration.php | 108 |
7 files changed, 469 insertions, 0 deletions
diff --git a/includes/common.php b/includes/common.php index 4d5d267..1e111a0 100644 --- a/includes/common.php +++ b/includes/common.php @@ -117,6 +117,7 @@ function placeHeader($page_title) <div class="section banners"> Server status <iframe src="http://server.themanaworld.org/status.php" width="130" height="30" frameborder="0" scrolling="no"></iframe> + <a href="registration.php">Register new account</a> </div> </div> </div> diff --git a/recaptcha-php/LICENSE b/recaptcha-php/LICENSE new file mode 100644 index 0000000..b612f71 --- /dev/null +++ b/recaptcha-php/LICENSE @@ -0,0 +1,22 @@ +Copyright (c) 2007 reCAPTCHA -- http://recaptcha.net +AUTHORS: + Mike Crawford + Ben Maurer + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. diff --git a/recaptcha-php/README b/recaptcha-php/README new file mode 100644 index 0000000..21f1a27 --- /dev/null +++ b/recaptcha-php/README @@ -0,0 +1,7 @@ +reCAPTCHA README +================ + +The reCAPTCHA PHP Lirary helps you use the reCAPTCHA API. Documentation +for this library can be found at + + http://recaptcha.net/plugins/php diff --git a/recaptcha-php/example-captcha.php b/recaptcha-php/example-captcha.php new file mode 100644 index 0000000..1c4ca5f --- /dev/null +++ b/recaptcha-php/example-captcha.php @@ -0,0 +1,37 @@ +<html> + <body> + <form action="" method="post"> +<?php + +require_once('recaptchalib.php'); + +// Get a key from http://recaptcha.net/api/getkey +$publickey = ""; +$privatekey = ""; + +# the response from reCAPTCHA +$resp = null; +# the error code from reCAPTCHA, if any +$error = null; + +# was there a reCAPTCHA response? +if ($_POST["recaptcha_response_field"]) { + $resp = recaptcha_check_answer ($privatekey, + $_SERVER["REMOTE_ADDR"], + $_POST["recaptcha_challenge_field"], + $_POST["recaptcha_response_field"]); + + if ($resp->is_valid) { + echo "You got it!"; + } else { + # set the error code so that we can display it + $error = $resp->error; + } +} +echo recaptcha_get_html($publickey, $error); +?> + <br/> + <input type="submit" value="submit" /> + </form> + </body> +</html> diff --git a/recaptcha-php/example-mailhide.php b/recaptcha-php/example-mailhide.php new file mode 100644 index 0000000..e389eb9 --- /dev/null +++ b/recaptcha-php/example-mailhide.php @@ -0,0 +1,17 @@ +<html><body> +<? +require_once ("recaptchalib.php"); + +// get a key at http://mailhide.recaptcha.net/apikey +$mailhide_pubkey = ''; +$mailhide_privkey = ''; + +?> + +The Mailhide version of example@example.com is +<? echo recaptcha_mailhide_html ($mailhide_pubkey, $mailhide_privkey, "example@example.com"); ?>. <br> + +The url for the email is: +<? echo recaptcha_mailhide_url ($mailhide_pubkey, $mailhide_privkey, "example@example.com"); ?> <br> + +</body></html> diff --git a/recaptcha-php/recaptchalib.php b/recaptcha-php/recaptchalib.php new file mode 100644 index 0000000..897c509 --- /dev/null +++ b/recaptcha-php/recaptchalib.php @@ -0,0 +1,277 @@ +<?php +/* + * This is a PHP library that handles calling reCAPTCHA. + * - Documentation and latest version + * http://recaptcha.net/plugins/php/ + * - Get a reCAPTCHA API Key + * http://recaptcha.net/api/getkey + * - Discussion group + * http://groups.google.com/group/recaptcha + * + * Copyright (c) 2007 reCAPTCHA -- http://recaptcha.net + * AUTHORS: + * Mike Crawford + * Ben Maurer + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +/** + * The reCAPTCHA server URL's + */ +define("RECAPTCHA_API_SERVER", "http://api.recaptcha.net"); +define("RECAPTCHA_API_SECURE_SERVER", "https://api-secure.recaptcha.net"); +define("RECAPTCHA_VERIFY_SERVER", "api-verify.recaptcha.net"); + +/** + * Encodes the given data into a query string format + * @param $data - array of string elements to be encoded + * @return string - encoded request + */ +function _recaptcha_qsencode ($data) { + $req = ""; + foreach ( $data as $key => $value ) + $req .= $key . '=' . urlencode( stripslashes($value) ) . '&'; + + // Cut the last '&' + $req=substr($req,0,strlen($req)-1); + return $req; +} + + + +/** + * Submits an HTTP POST to a reCAPTCHA server + * @param string $host + * @param string $path + * @param array $data + * @param int port + * @return array response + */ +function _recaptcha_http_post($host, $path, $data, $port = 80) { + + $req = _recaptcha_qsencode ($data); + + $http_request = "POST $path HTTP/1.0\r\n"; + $http_request .= "Host: $host\r\n"; + $http_request .= "Content-Type: application/x-www-form-urlencoded;\r\n"; + $http_request .= "Content-Length: " . strlen($req) . "\r\n"; + $http_request .= "User-Agent: reCAPTCHA/PHP\r\n"; + $http_request .= "\r\n"; + $http_request .= $req; + + $response = ''; + if( false == ( $fs = @fsockopen($host, $port, $errno, $errstr, 10) ) ) { + die ('Could not open socket'); + } + + fwrite($fs, $http_request); + + while ( !feof($fs) ) + $response .= fgets($fs, 1160); // One TCP-IP packet + fclose($fs); + $response = explode("\r\n\r\n", $response, 2); + + return $response; +} + + + +/** + * Gets the challenge HTML (javascript and non-javascript version). + * This is called from the browser, and the resulting reCAPTCHA HTML widget + * is embedded within the HTML form it was called from. + * @param string $pubkey A public key for reCAPTCHA + * @param string $error The error given by reCAPTCHA (optional, default is null) + * @param boolean $use_ssl Should the request be made over ssl? (optional, default is false) + + * @return string - The HTML to be embedded in the user's form. + */ +function recaptcha_get_html ($pubkey, $error = null, $use_ssl = false) +{ + if ($pubkey == null || $pubkey == '') { + die ("To use reCAPTCHA you must get an API key from <a href='http://recaptcha.net/api/getkey'>http://recaptcha.net/api/getkey</a>"); + } + + if ($use_ssl) { + $server = RECAPTCHA_API_SECURE_SERVER; + } else { + $server = RECAPTCHA_API_SERVER; + } + + $errorpart = ""; + if ($error) { + $errorpart = "&error=" . $error; + } + return '<script type="text/javascript" src="'. $server . '/challenge?k=' . $pubkey . $errorpart . '"></script> + + <noscript> + <iframe src="'. $server . '/noscript?k=' . $pubkey . $errorpart . '" height="300" width="500" frameborder="0"></iframe><br/> + <textarea name="recaptcha_challenge_field" rows="3" cols="40"></textarea> + <input type="hidden" name="recaptcha_response_field" value="manual_challenge"/> + </noscript>'; +} + + + + +/** + * A ReCaptchaResponse is returned from recaptcha_check_answer() + */ +class ReCaptchaResponse { + var $is_valid; + var $error; +} + + +/** + * Calls an HTTP POST function to verify if the user's guess was correct + * @param string $privkey + * @param string $remoteip + * @param string $challenge + * @param string $response + * @param array $extra_params an array of extra variables to post to the server + * @return ReCaptchaResponse + */ +function recaptcha_check_answer ($privkey, $remoteip, $challenge, $response, $extra_params = array()) +{ + if ($privkey == null || $privkey == '') { + die ("To use reCAPTCHA you must get an API key from <a href='http://recaptcha.net/api/getkey'>http://recaptcha.net/api/getkey</a>"); + } + + if ($remoteip == null || $remoteip == '') { + die ("For security reasons, you must pass the remote ip to reCAPTCHA"); + } + + + + //discard spam submissions + if ($challenge == null || strlen($challenge) == 0 || $response == null || strlen($response) == 0) { + $recaptcha_response = new ReCaptchaResponse(); + $recaptcha_response->is_valid = false; + $recaptcha_response->error = 'incorrect-captcha-sol'; + return $recaptcha_response; + } + + $response = _recaptcha_http_post (RECAPTCHA_VERIFY_SERVER, "/verify", + array ( + 'privatekey' => $privkey, + 'remoteip' => $remoteip, + 'challenge' => $challenge, + 'response' => $response + ) + $extra_params + ); + + $answers = explode ("\n", $response [1]); + $recaptcha_response = new ReCaptchaResponse(); + + if (trim ($answers [0]) == 'true') { + $recaptcha_response->is_valid = true; + } + else { + $recaptcha_response->is_valid = false; + $recaptcha_response->error = $answers [1]; + } + return $recaptcha_response; + +} + +/** + * gets a URL where the user can sign up for reCAPTCHA. If your application + * has a configuration page where you enter a key, you should provide a link + * using this function. + * @param string $domain The domain where the page is hosted + * @param string $appname The name of your application + */ +function recaptcha_get_signup_url ($domain = null, $appname = null) { + return "http://recaptcha.net/api/getkey?" . _recaptcha_qsencode (array ('domain' => $domain, 'app' => $appname)); +} + +function _recaptcha_aes_pad($val) { + $block_size = 16; + $numpad = $block_size - (strlen ($val) % $block_size); + return str_pad($val, strlen ($val) + $numpad, chr($numpad)); +} + +/* Mailhide related code */ + +function _recaptcha_aes_encrypt($val,$ky) { + if (! function_exists ("mcrypt_encrypt")) { + die ("To use reCAPTCHA Mailhide, you need to have the mcrypt php module installed."); + } + $mode=MCRYPT_MODE_CBC; + $enc=MCRYPT_RIJNDAEL_128; + $val=_recaptcha_aes_pad($val); + return mcrypt_encrypt($enc, $ky, $val, $mode, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"); +} + + +function _recaptcha_mailhide_urlbase64 ($x) { + return strtr(base64_encode ($x), '+/', '-_'); +} + +/* gets the reCAPTCHA Mailhide url for a given email, public key and private key */ +function recaptcha_mailhide_url($pubkey, $privkey, $email) { + if ($pubkey == '' || $pubkey == null || $privkey == "" || $privkey == null) { + die ("To use reCAPTCHA Mailhide, you have to sign up for a public and private key, " . + "you can do so at <a href='http://mailhide.recaptcha.net/apikey'>http://mailhide.recaptcha.net/apikey</a>"); + } + + + $ky = pack('H*', $privkey); + $cryptmail = _recaptcha_aes_encrypt ($email, $ky); + + return "http://mailhide.recaptcha.net/d?k=" . $pubkey . "&c=" . _recaptcha_mailhide_urlbase64 ($cryptmail); +} + +/** + * gets the parts of the email to expose to the user. + * eg, given johndoe@example,com return ["john", "example.com"]. + * the email is then displayed as john...@example.com + */ +function _recaptcha_mailhide_email_parts ($email) { + $arr = preg_split("/@/", $email ); + + if (strlen ($arr[0]) <= 4) { + $arr[0] = substr ($arr[0], 0, 1); + } else if (strlen ($arr[0]) <= 6) { + $arr[0] = substr ($arr[0], 0, 3); + } else { + $arr[0] = substr ($arr[0], 0, 4); + } + return $arr; +} + +/** + * Gets html to display an email address given a public an private key. + * to get a key, go to: + * + * http://mailhide.recaptcha.net/apikey + */ +function recaptcha_mailhide_html($pubkey, $privkey, $email) { + $emailparts = _recaptcha_mailhide_email_parts ($email); + $url = recaptcha_mailhide_url ($pubkey, $privkey, $email); + + return htmlentities($emailparts[0]) . "<a href='" . htmlentities ($url) . + "' onclick=\"window.open('" . htmlentities ($url) . "', '', 'toolbar=0,scrollbars=0,location=0,statusbar=0,menubar=0,resizable=0,width=500,height=300'); return false;\" title=\"Reveal this e-mail address\">...</a>@" . htmlentities ($emailparts [1]); + +} + + +?> diff --git a/registration.php b/registration.php new file mode 100644 index 0000000..02a1911 --- /dev/null +++ b/registration.php @@ -0,0 +1,108 @@ +<?php + + require_once('recaptcha-php/recaptchalib.php'); + $publickey = "..."; // you got this from the signup page + $privatekey = ":::"; + + include("includes/common.php"); + placeHeader("Registration"); + $showform = true; + + if (isset($_POST['register']) && $_POST['register'] == "true") + { + // handle registration + if (!isset($_POST['username']) || strlen($_POST['username']) < 4) + { + $err = "Username is not given or too short!"; $showform = true; + } + else if (!isset($_POST['password1']) || strlen($_POST['password1']) < 4) + { + $err = "Password is not given or too short!"; $showform = true; + } + else if (!isset($_POST['password2']) || strlen($_POST['password2']) < 4) + { + $err = "Password is not given or too short!"; $showform = true; + } + else if ($_POST['password2'] != $_POST['password1']) + { + $err = "The given passwords don't match!"; $showform = true; + } + else + { + // check captcha + $resp = recaptcha_check_answer ($privatekey, + $_SERVER["REMOTE_ADDR"], + $_POST["recaptcha_challenge_field"], + $_POST["recaptcha_response_field"]); + + if (!$resp->is_valid) + { + $err = "The captcha was incorret!"; $showform = true; + } + else + { + + // everything was fine, create account + $showform = false; + + // create a new account with ladmin here.... + } + } + + + } + + if ($showform) + { + +?> + +<p>With this form you can register for a new account.</p> + +<form action="registration.php" method="post"> + + <input type="hidden" name="register" value="true" /> + <table> + <?php if (isset($err)) + { + echo "<tr><td colspan=\"2\" style=\"border: 1px solid red; color: red;\">" . + $err . "</td></tr>"; + } + ?> + <tr> + <td>Username:</td> + <td><input type="text" size="20" name="username" /></td> + </tr> + <tr> + <td>Password:</td> + <td><input type="password" size="20" name="password1" /></td> + </tr> + <tr> + <td>Retype password:</td> + <td><input type="password" size="20" name="password2" /></td> + </tr> + <tr> + <td colspan="2"> + <?php echo recaptcha_get_html($publickey); ?> + </td> + </tr> + <tr> + <td colspan="2" style="text-align:right"> + <input type="submit" value="Register" /> + </td> + </tr> + </table> +</form> + + +<?php + + } // end of showform + else + { + ?> + <p>Your account has been created!</p> + <?php } + placeFooter(); +?> + |