psiphon

Merge lp:~t7-vla7-lz/psiphon/psiphon into lp:psiphon

psiphon
Merge into trunk

Proposed by Vlad on 2012-07-25

Status:	Merged
Merged at revision:	308
Proposed branch:	lp:~t7-vla7-lz/psiphon/psiphon
Merge into:	lp:psiphon
Diff against target:	517 lines (+255/-178) 6 files modified trunk/cronjobs/cleanup_sessions_captcha_cron.php (+49/-0) trunk/cronjobs/crontab (+5/-4) trunk/sql/upgrades/upgrade-2.7.010.sql (+9/-0) trunk/www/create_account.php (+27/-8) trunk/www/image-code.php (+74/-166) trunk/www/includes/sess.php (+91/-0)
To merge this branch:	bzr merge lp:~t7-vla7-lz/psiphon/psiphon
Related bugs:	Link a bug report

Reviewer	Review Type	Date Requested	Status
e.fryntov		2012-07-25	Approve on 2012-07-26
Review via email: mp+116756@code.launchpad.net

Description of the change

Replacing Captcha, based on php sessions to the new one, based on mysql sessions (includes/sess.php).

It is necessary to replace file-based php sessions to mysql-based for ability to create a mirrored servers (N * apache/php servers connected to a single database).

Revision history for this message

e.fryntov (e-fryntov) wrote on 2012-07-25:

the SQL upgrade script should be placed into the sql/upgrade/ directory, otherwise it will not be executed by automation script. I need to update the old README

review: Needs Fixing

Revision history for this message

e.fryntov (e-fryntov) on 2012-07-26:

review: Approve

lp:~t7-vla7-lz/psiphon/psiphon updated on 2012-07-26

307. By e-fryntov on 2012-07-26: Removed console.debug(..) from the JS
308. By e-fryntov on 2012-07-26: Merged Vlad's mysql session for CAPTCHA branch

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Adam P

Vlad

e.fryntov

 === added file 'trunk/cronjobs/cleanup_sessions_captcha_cron.php'
 --- trunk/cronjobs/cleanup_sessions_captcha_cron.php	1970-01-01 00:00:00 +0000
 +++ trunk/cronjobs/cleanup_sessions_captcha_cron.php	2012-07-26 17:56:19 +0000
@@ -0,0 +1,49 @@
++<?
++/*
++    Psiphon Circumvention Platform
++    Copyright (C) 2009 Psiphon Inc.
++
++    This program is free software: you can redistribute it and/or modify
++    it under the terms of the GNU General Public License as published by
++    the Free Software Foundation, either version 3 of the License, or
++    (at your option) any later version.
++
++    This program is distributed in the hope that it will be useful,
++    but WITHOUT ANY WARRANTY; without even the implied warranty of
++    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++    GNU General Public License for more details.
++
++    You should have received a copy of the GNU General Public License
++    along with this program.  If not, see <http://www.gnu.org/licenses/>.
++*/
++
++// Add to crontab (to have it run once a day):
++//
++// 15 3 * * * /usr/local/bin/php /home/ppcron/cronjobs/cleanup_sessions_captcha_cron.php
++//
++
++// pwd of a cronjob seems to be the cron user's (ppcron) home directory.
++// This messes up includes, so we're going to explicitly use the directory
++// of this file.
++$current_directory = substr($argv[0], 0, strrpos($argv[0], "/"));
++
++//
++// Remove expired mysql-sessions used in captcha
++// Any session older than 1 day is deleted.
++//
++$_SERVER["DOCUMENT_ROOT"] = $current_directory;
++include($current_directory."/config.php");
++
++include($current_directory."/includes/sql_error_cli.php");
++
++// Clean up expired sessions
++
++$query = "DELETE FROM sess WHERE updated < :expire";
++
++if (!db_query_execute($config, $query, convert_null_array(array(":expire" => strftime("%Y%m%d%H%M%S", time() - 86400))), true))
++{
++    sql_error_cli($query, $config['sql']);
++}
++
++exit(0);
++?>
 === modified file 'trunk/cronjobs/crontab'
 --- trunk/cronjobs/crontab	2011-05-17 21:34:54 +0000
 +++ trunk/cronjobs/crontab	2012-07-26 17:56:19 +0000
@@ -1,4 +1,5 @@
--3 2 * * * #dest#/php/bin/php #dest#/ppcron/cleanup_invitations_cron.php
--4 2 * * * #dest#/php/bin/php #dest#/ppcron/cleanup_email_candidates_cron.php
--6 5 * * * #dest#/php/bin/php #dest#/ppcron/cleanup_sessions_cron.php
--5 4 * * * #dest#/php/bin/php #dest#/ppcron/cleanup_unused_accounts_cron.php
++10 4 * * * #dest#/php/bin/php #dest#/ppcron/cleanup_email_candidates_cron.php
++13 4 * * * #dest#/php/bin/php #dest#/ppcron/cleanup_invitations_cron.php
++16 4 * * * #dest#/php/bin/php #dest#/ppcron/cleanup_sessions_captcha_cron.php
++19 4 * * * #dest#/php/bin/php #dest#/ppcron/cleanup_sessions_cron.php
++22 4 * * * #dest#/php/bin/php #dest#/ppcron/cleanup_unused_accounts_cron.php
 === added file 'trunk/sql/upgrades/upgrade-2.7.010.sql'
 --- trunk/sql/upgrades/upgrade-2.7.010.sql	1970-01-01 00:00:00 +0000
 +++ trunk/sql/upgrades/upgrade-2.7.010.sql	2012-07-26 17:56:19 +0000
@@ -0,0 +1,9 @@
++drop table if exists sess;
++
++create table sess (
++    id char(32) not null,
++    data char(255) default "", -- change it to "blob" for larger sessions
++    updated datetime,
++    primary key (id),
++    key idx_updated (updated)
++);
 === modified file 'trunk/www/create_account.php'
 --- trunk/www/create_account.php	2012-03-01 19:21:32 +0000
 +++ trunk/www/create_account.php	2012-07-26 17:56:19 +0000
@@ -34,6 +34,7 @@
  include_once($_SERVER[DOCUMENT_ROOT]."/includes/common_includes.php");
  include_once($_SERVER[DOCUMENT_ROOT]."/includes/cr.php");
  include_once($_SERVER[DOCUMENT_ROOT]."/includes/geoip_helpers.php");
++include_once($_SERVER[DOCUMENT_ROOT]."/includes/sess.php");
  // mode sanity check
@@ -59,9 +60,6 @@
  // Business logic
  //
--// create PHP session for CAPCHA (see image-code.php)
--
--session_start();
  // Set invitation code from GET parameter in invite URL
@@ -94,6 +92,7 @@
  // By default, invite and anonymous forms use invite and anonymous
  // session languages, respectively
++
  if ($create_account_mode == create_account_mode_anonymous)
+ {
      // validation: check that this is an anonymous session
@@ -227,18 +226,37 @@
      if ($create_account_mode == create_account_mode_create
          || $create_account_mode == create_account_mode_anonymous)
+     {
++        // create PHP session for CAPCHA (see image-code.php)
++        if (($s=sess_open()) === false)
++        {
++            syslog(LOG_DEBUG, getenv("HTTP_HOST").getenv("REQUEST_URI").": client ".getenv("REMOTE_ADDR").": Can not open a session");
++            include($_SERVER[DOCUMENT_ROOT]."/http-errors/500.php");
++        }
++
          // "code" is the session variable set by image-code.php
          // also, see image-code.php reference below
++
++        if (!isset($s["code"]))
++        {
++            $processing_errors[] = ___("Error: Wrong security code");
++            $curs = "create_account.create_account_security_code";
++            $valid = false; // v: ???
++            break;
++        }
++
++        // Making sure CAPTCHA session is not re-used
++        $code=$s["code"];
++        unset($s["code"]);
++        sess_close($s);
++
          $_POST[create_account_security_code] = trim($_POST[create_account_security_code]);
          if (!strlen($_POST[create_account_security_code]) ||
--            ($_POST[create_account_security_code] != $_SESSION[code]))
++            ($_POST[create_account_security_code] != $code))
+         {
              $processing_errors[] = ___("Error: Wrong security code");
              $curs = "create_account.create_account_security_code";
              $valid = false;
+         }
--       //Making sure CAPTCHA session is not re-used
--        unset($_SESSION[code]);
+     }
      // check lang
@@ -672,8 +690,9 @@
                              <td valign="top"><font class="fourteenblue"><?=___("Security code")?></font></td>
                              <td><input type="text" name="create_account_security_code" value="" size="15" maxlength="4">
                              <br/>
--                            <?/* image-code generates a CAPTCHA which is associated with a PHP session (e.g., _SESSION) */?>
--                            <img src="image-code.php?<?=strtoupper(bin2hex(secure_rand(8)))?>" border="0" hspace="0" vspace="2" alt=""></td>
++                            <?/* image-code generates a CAPTCHA which is associated with a mysql session, see includes/sess.php file */?>
++                            <img src="image-code.php?<?=strtoupper(bin2hex(secure_rand(8)))?>" border="0" hspace="0" vspace="2" alt="" onClick="this.src='image-code.php?r='+Math.random(); document.create_account.create_account_security_code.focus();" title="<?=___("Click to refresh")?>" style="cursor: pointer; border: none;"></td>
++
                          </tr>
                      <?}?>
                      <tr>
 === added file 'trunk/www/image-code.pfb'
 Binary files trunk/www/image-code.pfb	1970-01-01 00:00:00 +0000 and trunk/www/image-code.pfb	2012-07-26 17:56:19 +0000 differ
 === modified file 'trunk/www/image-code.php'
 --- trunk/www/image-code.php	2009-11-23 23:23:36 +0000
 +++ trunk/www/image-code.php	2012-07-26 17:56:19 +0000
@@ -1,8 +1,7 @@
--<?php
--
++<?
  /*
      Psiphon Circumvention Platform
--    Copyright (C) 2009 Psiphon Inc.
++    Copyright (C) 2010 Psiphon Inc.
      This program is free software: you can redistribute it and/or modify
      it under the terms of the GNU General Public License as published by
@@ -18,167 +17,76 @@
      along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
--/*
--============================
--QuickCaptcha 1.0 - A bot-thwarting text-in-image web tool.
--Copyright (c) 2006 Web 1 Marketing, Inc.
--
--This program is free software; you can redistribute it and/or
--modify it under the terms of the GNU General Public License
--as published by the Free Software Foundation; either version 2
--of the License, or (at your option) any later version.
--
--This program is distributed in the hope that it will be useful,
--but WITHOUT ANY WARRANTY; without even the implied warranty of
--MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
--GNU General Public License for more details.
--============================
--Pretty much everything that you'll need to change/adjust
--should be right here in this file.
--============================
--*/
--
--//////////////settings
--$acceptedChars = 'AEFHJKLMNPQRTWX234689';
--$acceptedChars = '012345689';
--
--// Number of characters in image.
--$stringlength = 4;
--
--// A value between 0 and 100 describing how much color overlap
--// there is between text and other objects.  Lower is more
--// secure against bots, but also harder to read.
--$contrast = 60;
--
--// Various obfuscation techniques.
--$num_polygons = 3; // Number of triangles to draw.  0 = none
--$num_ellipses = 3;  // Number of ellipses to draw.  0 = none
--$num_lines = 3;  // Number of lines to draw.  0 = none
--$num_dots = 90;  // Number of dots to draw.  0 = none
--
--$min_thickness = 1;  // Minimum thickness in pixels of lines
--$max_thickness = 3;  // Maximum thickness in pixles of lines
--$min_radius = 5;  // Minimum radius in pixels of ellipses
--$max_radius = 10;  // Maximum radius in pixels of ellipses
--
--// How opaque should the obscuring objects be. 0 is opaque, 127
--// is transparent.
--$object_alpha = 70;
--////////////////end settings///////////////////////
--
--// Keep #'s reasonable.
--$min_thickness = max(1,$min_thickness);
--$max_thickness = min(20,$max_thickness);
--// Make radii into height/width
--$min_radius *= 2;
--$max_radius *= 2;
--// Renormalize contrast
--$contrast = 255 * ($contrast / 100.0);
--$o_contrast = 1.3 * $contrast;
--
--$width = 12 * imagefontwidth(5);
--$height = 2.5 * imagefontheight(5);
--$image = imagecreatetruecolor($width, $height);
--imagealphablending($image, true);
--$black = imagecolorallocatealpha($image,0,0,0,0);
--
--// Build the validation string
--$max = strlen($acceptedChars)-1;
--$password = NULL;
--for ($i=0; $i<$stringlength; $i++) {
--    $cnum[$i] = $acceptedChars{mt_rand(0, $max)};
--    $password .= $cnum[$i];
--    }
--
--// Add string to image
--$rotated = imagecreatetruecolor(70, 70);
--for ($i = 0; $i < $stringlength; $i++) {
--	$buffer = imagecreatetruecolor (20, 20);
--	$buffer2 = imagecreatetruecolor (40, 40);
--
--	// Get a random color
--	$red = mt_rand(150,255);
--	$green = mt_rand(150,255);
--	$blue = 255 - sqrt($red * $red + $green * $green);
--	$color = imagecolorallocate($buffer, $red, $green, $blue);
--
--	// Create character
--	imagestring($buffer, 5, 0, 0, $cnum[$i], $color);
--
--	// Resize character
--	imagecopyresized($buffer2, $buffer, 0, 0, 0, 0, 25 + mt_rand(0,12), 25 + mt_rand(0,12), 20, 20);
--
--	// Rotate characters a little
--	if (function_exists("imagerotate")) {
--        $rotated = imagerotate($buffer2, mt_rand(-20, 20),imagecolorallocatealpha($buffer2,0,0,0,0));
--    } else {
--        $rotated = $buffer2;
--    }
--
--	imagecolortransparent ($rotated, imagecolorallocatealpha($rotated,0,0,0,0));
--
--	// Move characters around a little
--	$y = mt_rand(1, 3);
--	$x += mt_rand(2, 4);
--	imagecopymerge($image, $rotated, $x, $y, 0, 0, 40, 40, 100);
--	$x += 22;
--
--	imagedestroy ($buffer);
--	imagedestroy ($buffer2);
--}
--
--// Draw polygons
--if ($num_polygons > 0) for ($i = 0; $i < $num_polygons; $i++) {
--	$vertices = array (
--		mt_rand(-0.25*$width,$width*1.25),mt_rand(-0.25*$width,$width*1.25),
--		mt_rand(-0.25*$width,$width*1.25),mt_rand(-0.25*$width,$width*1.25),
--		mt_rand(-0.25*$width,$width*1.25),mt_rand(-0.25*$width,$width*1.25)
--	);
--	$color = imagecolorallocatealpha ($image, mt_rand(0,$o_contrast), mt_rand(0,$o_contrast), mt_rand(0,$o_contrast), $object_alpha);
--	imagefilledpolygon($image, $vertices, 3, $color);
--}
--
--// Draw random circles
--if ($num_ellipses > 0) for ($i = 0; $i < $num_ellipses; $i++) {
--	$x1 = mt_rand(0,$width);
--	$y1 = mt_rand(0,$height);
--	$color = imagecolorallocatealpha ($image, mt_rand(0,$o_contrast), mt_rand(0,$o_contrast), mt_rand(0,$o_contrast), $object_alpha);
--//	$color = imagecolorallocate($image, mt_rand(0,$o_contrast), mt_rand(0,$o_contrast), mt_rand(0,$o_contrast));
--	imagefilledellipse($image, $x1, $y1, mt_rand($min_radius,$max_radius), mt_rand($min_radius,$max_radius), $color);
--}
--
--// Draw random lines
--if ($num_lines > 0) for ($i = 0; $i < $num_lines; $i++) {
--	$x1 = mt_rand(-$width*0.25,$width*1.25);
--	$y1 = mt_rand(-$height*0.25,$height*1.25);
--	$x2 = mt_rand(-$width*0.25,$width*1.25);
--	$y2 = mt_rand(-$height*0.25,$height*1.25);
--	$color = imagecolorallocatealpha ($image, mt_rand(0,$o_contrast), mt_rand(0,$o_contrast), mt_rand(0,$o_contrast), $object_alpha);
--	imagesetthickness ($image, mt_rand($min_thickness,$max_thickness));
--	imageline($image, $x1, $y1, $x2, $y2 , $color);
--}
--
--// Draw random dots
--if ($num_dots > 0) for ($i = 0; $i < $num_dots; $i++) {
--	$x1 = mt_rand(0,$width);
--	$y1 = mt_rand(0,$height);
--	$color = imagecolorallocatealpha($image, mt_rand(0,$o_contrast), mt_rand(0,$o_contrast), mt_rand(0,$o_contrast),$object_alpha);
--	imagesetpixel($image, $x1, $y1, $color);
--}
--
--session_start();
--
--if (session_id())
--   $_SESSION['code'] = $password;
--
--header("Content-type: image/jpeg");
--imagejpeg($image);
++include_once($_SERVER[DOCUMENT_ROOT]."/includes/common_includes.php");
++include_once($_SERVER[DOCUMENT_ROOT]."/includes/sess.php");
++
++$config["len"] = 4;
++$config["chars"] = "012345689";
++$config["lines"] = 6;
++$config["width"] = 55;
++$config["height"] = 37;
++$config["overlap"] = 0.85; // 0 - over, > 1 - none
++$config["font_size"] = 34;
++$config["font"] = $_SERVER[DOCUMENT_ROOT]."/image-code.pfb";
++
++// password
++$max = strlen($config["chars"]) - 1;
++$pwd = "";
++for ($i = 0; $i < $config["len"]; $i++)
++{
++    $pwd .= $config["chars"]{mt_rand(0, $max)};
++}
++
++if (($s = sess_open()) === false)
++{
++    syslog(LOG_DEBUG, $_SERVER["HTTP_HOST"].$_SERVER["REQUEST_URI"].": Can not open the session");
++    include($_SERVER[DOCUMENT_ROOT]."/http-errors/500.php");
++}
++
++$s["code"]=$pwd;
++
++// syslog(LOG_DEBUG, $pwd);
++if (!sess_close($s))
++{
++    syslog(LOG_DEBUG, $_SERVER["HTTP_HOST"].$_SERVER["REQUEST_URI"].": Can not save the session");
++    include("/home/httpd/common/500.php");
++}
++
++if (($font = @imagepsloadfont($config["font"])) === false)
++{
++    syslog(LOG_DEBUG, $_SERVER["HTTP_HOST"].$_SERVER["REQUEST_URI"].": Can not load \"{$config["font"]}\"");
++    include($_SERVER[DOCUMENT_ROOT]."/http-errors/500.php");
++}
++
++$image = imagecreate($config["width"], $config["height"]);
++
++$bg = imagecolorallocate($image, 255, 255, 255);
++$fg = imagecolorallocate($image, 0, 0, 0);
++
++imagefill($image, 0, 0, $bg);
++
++$x = 2;
++$y = (int)($config["height"] * 0.85);
++
++for ($i = 0; $i < $config["len"]; $i++)
++{
++    $res = @imagepstext($image, $pwd{$i}, $font, $config["font_size"], $fg, $bg, $x, $y, 0, 0, mt_rand(-10, 10), 4);
++    if (!is_array($res))
++    {
++        syslog(LOG_DEBUG, $_SERVER["HTTP_HOST"].$_SERVER["REQUEST_URI"].": imagepstext() returned an error");
++        include($_SERVER[DOCUMENT_ROOT]."/http-errors/503.php");
++    }
++    $x += (int)($res[2] * $config["overlap"]);
++}
++
++for ($i = 0; $i < $config["lines"]; $i++)
++{
++    imagesetthickness($image, mt_rand(1, 2));
++    imageline($image, mt_rand(0, $config["width"]), mt_rand(0, $config["height"]), mt_rand(0, $config["width"]), mt_rand(0, $config["height"]), ($i % 2) ? $fg : $bg);
++}
++
++
++header("Content-type: image/gif");
++imagegif($image);
  imagedestroy($image);
--
--/**** to check *****
--form: <img src="image-code.php" border="0" alt="">
--
--process: session_start(); if ($_POST["code"]!=$_SESSION["code"]) exit("Wrong code");
--*******************/
--
--?>
++?>
 === added file 'trunk/www/includes/sess.php'
 --- trunk/www/includes/sess.php	1970-01-01 00:00:00 +0000
 +++ trunk/www/includes/sess.php	2012-07-26 17:56:19 +0000
@@ -0,0 +1,91 @@
++<?
++/*
++    Psiphon Circumvention Platform
++    Copyright (C) 2010 Psiphon Inc.
++
++    This program is free software: you can redistribute it and/or modify
++    it under the terms of the GNU General Public License as published by
++    the Free Software Foundation, either version 3 of the License, or
++    (at your option) any later version.
++
++    This program is distributed in the hope that it will be useful,
++    but WITHOUT ANY WARRANTY; without even the implied warranty of
++    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++    GNU General Public License for more details.
++
++    You should have received a copy of the GNU General Public License
++    along with this program.  If not, see <http://www.gnu.org/licenses/>.
++*/
++
++include_once($_SERVER[DOCUMENT_ROOT]."/includes/common_includes.php");
++
++$config["sess_name"]="S"; // session cookie name
++$config["sess_path"]="/"; // session cookie path
++
++/*
++ * Initialize the session, or read the data from an exising one
++ *
++ * RETURN: - session array on success (empty on the first call)
++ *         - returns false on error
++ */
++function sess_open()
++{
++    global $config;
++
++    if (!isset($_COOKIE[$config["sess_name"]]))
++    {
++        $id=md5(microtime().$_SERVER["REMOTE_ADDR"].mt_rand().$_SERVER["REQUEST_URI"]);
++        $_COOKIE[$config["sess_name"]]=$id;
++        header("Set-Cookie: {$config["sess_name"]}={$id}; path={$config["sess_path"]}", false);
++        return(array());
++    }
++
++    $query="SELECT * FROM sess WHERE id = :sess_name";
++    $result = db_query_execute($config, $query, convert_null_array(array(":sess_name" => $_COOKIE[$config["sess_name"]])));
++
++    if (!($record = db_fetch_result($config, $result)))
++    {
++        return(array());
++    }
++
++    if (($res = unserialize($record["data"])) === false)
++    {
++        syslog(LOG_DEBUG, $_SERVER["HTTP_HOST"].$_SERVER["REQUEST_URI"].": sess_open(): Can not unserialize the data");
++        return(false);
++    }
++
++    return($res);
++}
++
++
++/*
++ * Save session data, delete expired data from the session table
++ *
++ * $s a session array
++ *
++ * RETURN: - true on success
++ *         - false on error
++ */
++function sess_close($s)
++{
++    global $config;
++
++    if (!isset($_COOKIE[$config["sess_name"]]))
++    {
++        syslog(LOG_DEBUG, $_SERVER["HTTP_HOST"].$_SERVER["REQUEST_URI"].": sess_close(): No session id");
++        return(false);
++    }
++
++    $query="INSERT INTO sess (id, data, updated) VALUES (:id, :data, now())";
++    if (!db_query_execute($config, $query, convert_null_array(array(":id" => $_COOKIE[$config["sess_name"]], ":data" => serialize($s))), true))
++    {
++        $query="UPDATE sess SET data = :data, updated=now() WHERE id = :id";
++        if (!db_query_execute($config, $query, convert_null_array(array(":data" => serialize($s), ":id" => $_COOKIE[$config["sess_name"]])), true))
++        {
++            return(false);
++        }
++    }
++
++    return(true);
++}
++?>

psiphon

Merge lp:~t7-vla7-lz/psiphon/psiphon into lp:psiphon

Commit message

Description of the change

Preview Diff

Subscribers