Status: | Merged |
---|---|
Merged at revision: | 308 |
Proposed branch: | lp:~t7-vla7-lz/psiphon/psiphon |
Merge into: | lp:psiphon |
Diff against target: |
517 lines (+255/-178) 6 files modified
trunk/cronjobs/cleanup_sessions_captcha_cron.php (+49/-0) trunk/cronjobs/crontab (+5/-4) trunk/sql/upgrades/upgrade-2.7.010.sql (+9/-0) trunk/www/create_account.php (+27/-8) trunk/www/image-code.php (+74/-166) trunk/www/includes/sess.php (+91/-0) |
To merge this branch: | bzr merge lp:~t7-vla7-lz/psiphon/psiphon |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
e.fryntov | Approve | ||
Review via email: mp+116756@code.launchpad.net |
Commit message
Description of the change
Replacing Captcha, based on php sessions to the new one, based on mysql sessions (includes/
It is necessary to replace file-based php sessions to mysql-based for ability to create a mirrored servers (N * apache/php servers connected to a single database).
To post a comment you must log in.
Revision history for this message
e.fryntov (e-fryntov) : | # |
review:
Approve
lp:~t7-vla7-lz/psiphon/psiphon
updated
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1 | === added file 'trunk/cronjobs/cleanup_sessions_captcha_cron.php' | |||
2 | --- trunk/cronjobs/cleanup_sessions_captcha_cron.php 1970-01-01 00:00:00 +0000 | |||
3 | +++ trunk/cronjobs/cleanup_sessions_captcha_cron.php 2012-07-26 17:56:19 +0000 | |||
4 | @@ -0,0 +1,49 @@ | |||
5 | 1 | <? | ||
6 | 2 | /* | ||
7 | 3 | Psiphon Circumvention Platform | ||
8 | 4 | Copyright (C) 2009 Psiphon Inc. | ||
9 | 5 | |||
10 | 6 | This program is free software: you can redistribute it and/or modify | ||
11 | 7 | it under the terms of the GNU General Public License as published by | ||
12 | 8 | the Free Software Foundation, either version 3 of the License, or | ||
13 | 9 | (at your option) any later version. | ||
14 | 10 | |||
15 | 11 | This program is distributed in the hope that it will be useful, | ||
16 | 12 | but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
17 | 13 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
18 | 14 | GNU General Public License for more details. | ||
19 | 15 | |||
20 | 16 | You should have received a copy of the GNU General Public License | ||
21 | 17 | along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
22 | 18 | */ | ||
23 | 19 | |||
24 | 20 | // Add to crontab (to have it run once a day): | ||
25 | 21 | // | ||
26 | 22 | // 15 3 * * * /usr/local/bin/php /home/ppcron/cronjobs/cleanup_sessions_captcha_cron.php | ||
27 | 23 | // | ||
28 | 24 | |||
29 | 25 | // pwd of a cronjob seems to be the cron user's (ppcron) home directory. | ||
30 | 26 | // This messes up includes, so we're going to explicitly use the directory | ||
31 | 27 | // of this file. | ||
32 | 28 | $current_directory = substr($argv[0], 0, strrpos($argv[0], "/")); | ||
33 | 29 | |||
34 | 30 | // | ||
35 | 31 | // Remove expired mysql-sessions used in captcha | ||
36 | 32 | // Any session older than 1 day is deleted. | ||
37 | 33 | // | ||
38 | 34 | $_SERVER["DOCUMENT_ROOT"] = $current_directory; | ||
39 | 35 | include($current_directory."/config.php"); | ||
40 | 36 | |||
41 | 37 | include($current_directory."/includes/sql_error_cli.php"); | ||
42 | 38 | |||
43 | 39 | // Clean up expired sessions | ||
44 | 40 | |||
45 | 41 | $query = "DELETE FROM sess WHERE updated < :expire"; | ||
46 | 42 | |||
47 | 43 | if (!db_query_execute($config, $query, convert_null_array(array(":expire" => strftime("%Y%m%d%H%M%S", time() - 86400))), true)) | ||
48 | 44 | { | ||
49 | 45 | sql_error_cli($query, $config['sql']); | ||
50 | 46 | } | ||
51 | 47 | |||
52 | 48 | exit(0); | ||
53 | 49 | ?> | ||
54 | 0 | 50 | ||
55 | === modified file 'trunk/cronjobs/crontab' | |||
56 | --- trunk/cronjobs/crontab 2011-05-17 21:34:54 +0000 | |||
57 | +++ trunk/cronjobs/crontab 2012-07-26 17:56:19 +0000 | |||
58 | @@ -1,4 +1,5 @@ | |||
63 | 1 | 3 2 * * * #dest#/php/bin/php #dest#/ppcron/cleanup_invitations_cron.php | 1 | 10 4 * * * #dest#/php/bin/php #dest#/ppcron/cleanup_email_candidates_cron.php |
64 | 2 | 4 2 * * * #dest#/php/bin/php #dest#/ppcron/cleanup_email_candidates_cron.php | 2 | 13 4 * * * #dest#/php/bin/php #dest#/ppcron/cleanup_invitations_cron.php |
65 | 3 | 6 5 * * * #dest#/php/bin/php #dest#/ppcron/cleanup_sessions_cron.php | 3 | 16 4 * * * #dest#/php/bin/php #dest#/ppcron/cleanup_sessions_captcha_cron.php |
66 | 4 | 5 4 * * * #dest#/php/bin/php #dest#/ppcron/cleanup_unused_accounts_cron.php | 4 | 19 4 * * * #dest#/php/bin/php #dest#/ppcron/cleanup_sessions_cron.php |
67 | 5 | 22 4 * * * #dest#/php/bin/php #dest#/ppcron/cleanup_unused_accounts_cron.php | ||
68 | 5 | 6 | ||
69 | === added file 'trunk/sql/upgrades/upgrade-2.7.010.sql' | |||
70 | --- trunk/sql/upgrades/upgrade-2.7.010.sql 1970-01-01 00:00:00 +0000 | |||
71 | +++ trunk/sql/upgrades/upgrade-2.7.010.sql 2012-07-26 17:56:19 +0000 | |||
72 | @@ -0,0 +1,9 @@ | |||
73 | 1 | drop table if exists sess; | ||
74 | 2 | |||
75 | 3 | create table sess ( | ||
76 | 4 | id char(32) not null, | ||
77 | 5 | data char(255) default "", -- change it to "blob" for larger sessions | ||
78 | 6 | updated datetime, | ||
79 | 7 | primary key (id), | ||
80 | 8 | key idx_updated (updated) | ||
81 | 9 | ); | ||
82 | 0 | 10 | ||
83 | === modified file 'trunk/www/create_account.php' | |||
84 | --- trunk/www/create_account.php 2012-03-01 19:21:32 +0000 | |||
85 | +++ trunk/www/create_account.php 2012-07-26 17:56:19 +0000 | |||
86 | @@ -34,6 +34,7 @@ | |||
87 | 34 | include_once($_SERVER[DOCUMENT_ROOT]."/includes/common_includes.php"); | 34 | include_once($_SERVER[DOCUMENT_ROOT]."/includes/common_includes.php"); |
88 | 35 | include_once($_SERVER[DOCUMENT_ROOT]."/includes/cr.php"); | 35 | include_once($_SERVER[DOCUMENT_ROOT]."/includes/cr.php"); |
89 | 36 | include_once($_SERVER[DOCUMENT_ROOT]."/includes/geoip_helpers.php"); | 36 | include_once($_SERVER[DOCUMENT_ROOT]."/includes/geoip_helpers.php"); |
90 | 37 | include_once($_SERVER[DOCUMENT_ROOT]."/includes/sess.php"); | ||
91 | 37 | 38 | ||
92 | 38 | // mode sanity check | 39 | // mode sanity check |
93 | 39 | 40 | ||
94 | @@ -59,9 +60,6 @@ | |||
95 | 59 | // Business logic | 60 | // Business logic |
96 | 60 | // | 61 | // |
97 | 61 | 62 | ||
98 | 62 | // create PHP session for CAPCHA (see image-code.php) | ||
99 | 63 | |||
100 | 64 | session_start(); | ||
101 | 65 | 63 | ||
102 | 66 | // Set invitation code from GET parameter in invite URL | 64 | // Set invitation code from GET parameter in invite URL |
103 | 67 | 65 | ||
104 | @@ -94,6 +92,7 @@ | |||
105 | 94 | // By default, invite and anonymous forms use invite and anonymous | 92 | // By default, invite and anonymous forms use invite and anonymous |
106 | 95 | // session languages, respectively | 93 | // session languages, respectively |
107 | 96 | 94 | ||
108 | 95 | |||
109 | 97 | if ($create_account_mode == create_account_mode_anonymous) | 96 | if ($create_account_mode == create_account_mode_anonymous) |
110 | 98 | { | 97 | { |
111 | 99 | // validation: check that this is an anonymous session | 98 | // validation: check that this is an anonymous session |
112 | @@ -227,18 +226,37 @@ | |||
113 | 227 | if ($create_account_mode == create_account_mode_create | 226 | if ($create_account_mode == create_account_mode_create |
114 | 228 | || $create_account_mode == create_account_mode_anonymous) | 227 | || $create_account_mode == create_account_mode_anonymous) |
115 | 229 | { | 228 | { |
116 | 229 | // create PHP session for CAPCHA (see image-code.php) | ||
117 | 230 | if (($s=sess_open()) === false) | ||
118 | 231 | { | ||
119 | 232 | syslog(LOG_DEBUG, getenv("HTTP_HOST").getenv("REQUEST_URI").": client ".getenv("REMOTE_ADDR").": Can not open a session"); | ||
120 | 233 | include($_SERVER[DOCUMENT_ROOT]."/http-errors/500.php"); | ||
121 | 234 | } | ||
122 | 235 | |||
123 | 230 | // "code" is the session variable set by image-code.php | 236 | // "code" is the session variable set by image-code.php |
124 | 231 | // also, see image-code.php reference below | 237 | // also, see image-code.php reference below |
125 | 238 | |||
126 | 239 | if (!isset($s["code"])) | ||
127 | 240 | { | ||
128 | 241 | $processing_errors[] = ___("Error: Wrong security code"); | ||
129 | 242 | $curs = "create_account.create_account_security_code"; | ||
130 | 243 | $valid = false; // v: ??? | ||
131 | 244 | break; | ||
132 | 245 | } | ||
133 | 246 | |||
134 | 247 | // Making sure CAPTCHA session is not re-used | ||
135 | 248 | $code=$s["code"]; | ||
136 | 249 | unset($s["code"]); | ||
137 | 250 | sess_close($s); | ||
138 | 251 | |||
139 | 232 | $_POST[create_account_security_code] = trim($_POST[create_account_security_code]); | 252 | $_POST[create_account_security_code] = trim($_POST[create_account_security_code]); |
140 | 233 | if (!strlen($_POST[create_account_security_code]) || | 253 | if (!strlen($_POST[create_account_security_code]) || |
142 | 234 | ($_POST[create_account_security_code] != $_SESSION[code])) | 254 | ($_POST[create_account_security_code] != $code)) |
143 | 235 | { | 255 | { |
144 | 236 | $processing_errors[] = ___("Error: Wrong security code"); | 256 | $processing_errors[] = ___("Error: Wrong security code"); |
145 | 237 | $curs = "create_account.create_account_security_code"; | 257 | $curs = "create_account.create_account_security_code"; |
146 | 238 | $valid = false; | 258 | $valid = false; |
147 | 239 | } | 259 | } |
148 | 240 | //Making sure CAPTCHA session is not re-used | ||
149 | 241 | unset($_SESSION[code]); | ||
150 | 242 | } | 260 | } |
151 | 243 | 261 | ||
152 | 244 | // check lang | 262 | // check lang |
153 | @@ -672,8 +690,9 @@ | |||
154 | 672 | <td valign="top"><font class="fourteenblue"><?=___("Security code")?></font></td> | 690 | <td valign="top"><font class="fourteenblue"><?=___("Security code")?></font></td> |
155 | 673 | <td><input type="text" name="create_account_security_code" value="" size="15" maxlength="4"> | 691 | <td><input type="text" name="create_account_security_code" value="" size="15" maxlength="4"> |
156 | 674 | <br/> | 692 | <br/> |
159 | 675 | <?/* image-code generates a CAPTCHA which is associated with a PHP session (e.g., _SESSION) */?> | 693 | <?/* image-code generates a CAPTCHA which is associated with a mysql session, see includes/sess.php file */?> |
160 | 676 | <img src="image-code.php?<?=strtoupper(bin2hex(secure_rand(8)))?>" border="0" hspace="0" vspace="2" alt=""></td> | 694 | <img src="image-code.php?<?=strtoupper(bin2hex(secure_rand(8)))?>" border="0" hspace="0" vspace="2" alt="" onClick="this.src='image-code.php?r='+Math.random(); document.create_account.create_account_security_code.focus();" title="<?=___("Click to refresh")?>" style="cursor: pointer; border: none;"></td> |
161 | 695 | |||
162 | 677 | </tr> | 696 | </tr> |
163 | 678 | <?}?> | 697 | <?}?> |
164 | 679 | <tr> | 698 | <tr> |
165 | 680 | 699 | ||
166 | === added file 'trunk/www/image-code.pfb' | |||
167 | 681 | Binary files trunk/www/image-code.pfb 1970-01-01 00:00:00 +0000 and trunk/www/image-code.pfb 2012-07-26 17:56:19 +0000 differ | 700 | Binary files trunk/www/image-code.pfb 1970-01-01 00:00:00 +0000 and trunk/www/image-code.pfb 2012-07-26 17:56:19 +0000 differ |
168 | === modified file 'trunk/www/image-code.php' | |||
169 | --- trunk/www/image-code.php 2009-11-23 23:23:36 +0000 | |||
170 | +++ trunk/www/image-code.php 2012-07-26 17:56:19 +0000 | |||
171 | @@ -1,8 +1,7 @@ | |||
174 | 1 | <?php | 1 | <? |
173 | 2 | |||
175 | 3 | /* | 2 | /* |
176 | 4 | Psiphon Circumvention Platform | 3 | Psiphon Circumvention Platform |
178 | 5 | Copyright (C) 2009 Psiphon Inc. | 4 | Copyright (C) 2010 Psiphon Inc. |
179 | 6 | 5 | ||
180 | 7 | This program is free software: you can redistribute it and/or modify | 6 | This program is free software: you can redistribute it and/or modify |
181 | 8 | it under the terms of the GNU General Public License as published by | 7 | it under the terms of the GNU General Public License as published by |
182 | @@ -18,167 +17,76 @@ | |||
183 | 18 | along with this program. If not, see <http://www.gnu.org/licenses/>. | 17 | along with this program. If not, see <http://www.gnu.org/licenses/>. |
184 | 19 | */ | 18 | */ |
185 | 20 | 19 | ||
341 | 21 | /* | 20 | include_once($_SERVER[DOCUMENT_ROOT]."/includes/common_includes.php"); |
342 | 22 | ============================ | 21 | include_once($_SERVER[DOCUMENT_ROOT]."/includes/sess.php"); |
343 | 23 | QuickCaptcha 1.0 - A bot-thwarting text-in-image web tool. | 22 | |
344 | 24 | Copyright (c) 2006 Web 1 Marketing, Inc. | 23 | $config["len"] = 4; |
345 | 25 | 24 | $config["chars"] = "012345689"; | |
346 | 26 | This program is free software; you can redistribute it and/or | 25 | $config["lines"] = 6; |
347 | 27 | modify it under the terms of the GNU General Public License | 26 | $config["width"] = 55; |
348 | 28 | as published by the Free Software Foundation; either version 2 | 27 | $config["height"] = 37; |
349 | 29 | of the License, or (at your option) any later version. | 28 | $config["overlap"] = 0.85; // 0 - over, > 1 - none |
350 | 30 | 29 | $config["font_size"] = 34; | |
351 | 31 | This program is distributed in the hope that it will be useful, | 30 | $config["font"] = $_SERVER[DOCUMENT_ROOT]."/image-code.pfb"; |
352 | 32 | but WITHOUT ANY WARRANTY; without even the implied warranty of | 31 | |
353 | 33 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | 32 | // password |
354 | 34 | GNU General Public License for more details. | 33 | $max = strlen($config["chars"]) - 1; |
355 | 35 | ============================ | 34 | $pwd = ""; |
356 | 36 | Pretty much everything that you'll need to change/adjust | 35 | for ($i = 0; $i < $config["len"]; $i++) |
357 | 37 | should be right here in this file. | 36 | { |
358 | 38 | ============================ | 37 | $pwd .= $config["chars"]{mt_rand(0, $max)}; |
359 | 39 | */ | 38 | } |
360 | 40 | 39 | ||
361 | 41 | //////////////settings | 40 | if (($s = sess_open()) === false) |
362 | 42 | $acceptedChars = 'AEFHJKLMNPQRTWX234689'; | 41 | { |
363 | 43 | $acceptedChars = '012345689'; | 42 | syslog(LOG_DEBUG, $_SERVER["HTTP_HOST"].$_SERVER["REQUEST_URI"].": Can not open the session"); |
364 | 44 | 43 | include($_SERVER[DOCUMENT_ROOT]."/http-errors/500.php"); | |
365 | 45 | // Number of characters in image. | 44 | } |
366 | 46 | $stringlength = 4; | 45 | |
367 | 47 | 46 | $s["code"]=$pwd; | |
368 | 48 | // A value between 0 and 100 describing how much color overlap | 47 | |
369 | 49 | // there is between text and other objects. Lower is more | 48 | // syslog(LOG_DEBUG, $pwd); |
370 | 50 | // secure against bots, but also harder to read. | 49 | if (!sess_close($s)) |
371 | 51 | $contrast = 60; | 50 | { |
372 | 52 | 51 | syslog(LOG_DEBUG, $_SERVER["HTTP_HOST"].$_SERVER["REQUEST_URI"].": Can not save the session"); | |
373 | 53 | // Various obfuscation techniques. | 52 | include("/home/httpd/common/500.php"); |
374 | 54 | $num_polygons = 3; // Number of triangles to draw. 0 = none | 53 | } |
375 | 55 | $num_ellipses = 3; // Number of ellipses to draw. 0 = none | 54 | |
376 | 56 | $num_lines = 3; // Number of lines to draw. 0 = none | 55 | if (($font = @imagepsloadfont($config["font"])) === false) |
377 | 57 | $num_dots = 90; // Number of dots to draw. 0 = none | 56 | { |
378 | 58 | 57 | syslog(LOG_DEBUG, $_SERVER["HTTP_HOST"].$_SERVER["REQUEST_URI"].": Can not load \"{$config["font"]}\""); | |
379 | 59 | $min_thickness = 1; // Minimum thickness in pixels of lines | 58 | include($_SERVER[DOCUMENT_ROOT]."/http-errors/500.php"); |
380 | 60 | $max_thickness = 3; // Maximum thickness in pixles of lines | 59 | } |
381 | 61 | $min_radius = 5; // Minimum radius in pixels of ellipses | 60 | |
382 | 62 | $max_radius = 10; // Maximum radius in pixels of ellipses | 61 | $image = imagecreate($config["width"], $config["height"]); |
383 | 63 | 62 | ||
384 | 64 | // How opaque should the obscuring objects be. 0 is opaque, 127 | 63 | $bg = imagecolorallocate($image, 255, 255, 255); |
385 | 65 | // is transparent. | 64 | $fg = imagecolorallocate($image, 0, 0, 0); |
386 | 66 | $object_alpha = 70; | 65 | |
387 | 67 | ////////////////end settings/////////////////////// | 66 | imagefill($image, 0, 0, $bg); |
388 | 68 | 67 | ||
389 | 69 | // Keep #'s reasonable. | 68 | $x = 2; |
390 | 70 | $min_thickness = max(1,$min_thickness); | 69 | $y = (int)($config["height"] * 0.85); |
391 | 71 | $max_thickness = min(20,$max_thickness); | 70 | |
392 | 72 | // Make radii into height/width | 71 | for ($i = 0; $i < $config["len"]; $i++) |
393 | 73 | $min_radius *= 2; | 72 | { |
394 | 74 | $max_radius *= 2; | 73 | $res = @imagepstext($image, $pwd{$i}, $font, $config["font_size"], $fg, $bg, $x, $y, 0, 0, mt_rand(-10, 10), 4); |
395 | 75 | // Renormalize contrast | 74 | if (!is_array($res)) |
396 | 76 | $contrast = 255 * ($contrast / 100.0); | 75 | { |
397 | 77 | $o_contrast = 1.3 * $contrast; | 76 | syslog(LOG_DEBUG, $_SERVER["HTTP_HOST"].$_SERVER["REQUEST_URI"].": imagepstext() returned an error"); |
398 | 78 | 77 | include($_SERVER[DOCUMENT_ROOT]."/http-errors/503.php"); | |
399 | 79 | $width = 12 * imagefontwidth(5); | 78 | } |
400 | 80 | $height = 2.5 * imagefontheight(5); | 79 | $x += (int)($res[2] * $config["overlap"]); |
401 | 81 | $image = imagecreatetruecolor($width, $height); | 80 | } |
402 | 82 | imagealphablending($image, true); | 81 | |
403 | 83 | $black = imagecolorallocatealpha($image,0,0,0,0); | 82 | for ($i = 0; $i < $config["lines"]; $i++) |
404 | 84 | 83 | { | |
405 | 85 | // Build the validation string | 84 | imagesetthickness($image, mt_rand(1, 2)); |
406 | 86 | $max = strlen($acceptedChars)-1; | 85 | imageline($image, mt_rand(0, $config["width"]), mt_rand(0, $config["height"]), mt_rand(0, $config["width"]), mt_rand(0, $config["height"]), ($i % 2) ? $fg : $bg); |
407 | 87 | $password = NULL; | 86 | } |
408 | 88 | for ($i=0; $i<$stringlength; $i++) { | 87 | |
409 | 89 | $cnum[$i] = $acceptedChars{mt_rand(0, $max)}; | 88 | |
410 | 90 | $password .= $cnum[$i]; | 89 | header("Content-type: image/gif"); |
411 | 91 | } | 90 | imagegif($image); |
257 | 92 | |||
258 | 93 | // Add string to image | ||
259 | 94 | $rotated = imagecreatetruecolor(70, 70); | ||
260 | 95 | for ($i = 0; $i < $stringlength; $i++) { | ||
261 | 96 | $buffer = imagecreatetruecolor (20, 20); | ||
262 | 97 | $buffer2 = imagecreatetruecolor (40, 40); | ||
263 | 98 | |||
264 | 99 | // Get a random color | ||
265 | 100 | $red = mt_rand(150,255); | ||
266 | 101 | $green = mt_rand(150,255); | ||
267 | 102 | $blue = 255 - sqrt($red * $red + $green * $green); | ||
268 | 103 | $color = imagecolorallocate($buffer, $red, $green, $blue); | ||
269 | 104 | |||
270 | 105 | // Create character | ||
271 | 106 | imagestring($buffer, 5, 0, 0, $cnum[$i], $color); | ||
272 | 107 | |||
273 | 108 | // Resize character | ||
274 | 109 | imagecopyresized($buffer2, $buffer, 0, 0, 0, 0, 25 + mt_rand(0,12), 25 + mt_rand(0,12), 20, 20); | ||
275 | 110 | |||
276 | 111 | // Rotate characters a little | ||
277 | 112 | if (function_exists("imagerotate")) { | ||
278 | 113 | $rotated = imagerotate($buffer2, mt_rand(-20, 20),imagecolorallocatealpha($buffer2,0,0,0,0)); | ||
279 | 114 | } else { | ||
280 | 115 | $rotated = $buffer2; | ||
281 | 116 | } | ||
282 | 117 | |||
283 | 118 | imagecolortransparent ($rotated, imagecolorallocatealpha($rotated,0,0,0,0)); | ||
284 | 119 | |||
285 | 120 | // Move characters around a little | ||
286 | 121 | $y = mt_rand(1, 3); | ||
287 | 122 | $x += mt_rand(2, 4); | ||
288 | 123 | imagecopymerge($image, $rotated, $x, $y, 0, 0, 40, 40, 100); | ||
289 | 124 | $x += 22; | ||
290 | 125 | |||
291 | 126 | imagedestroy ($buffer); | ||
292 | 127 | imagedestroy ($buffer2); | ||
293 | 128 | } | ||
294 | 129 | |||
295 | 130 | // Draw polygons | ||
296 | 131 | if ($num_polygons > 0) for ($i = 0; $i < $num_polygons; $i++) { | ||
297 | 132 | $vertices = array ( | ||
298 | 133 | mt_rand(-0.25*$width,$width*1.25),mt_rand(-0.25*$width,$width*1.25), | ||
299 | 134 | mt_rand(-0.25*$width,$width*1.25),mt_rand(-0.25*$width,$width*1.25), | ||
300 | 135 | mt_rand(-0.25*$width,$width*1.25),mt_rand(-0.25*$width,$width*1.25) | ||
301 | 136 | ); | ||
302 | 137 | $color = imagecolorallocatealpha ($image, mt_rand(0,$o_contrast), mt_rand(0,$o_contrast), mt_rand(0,$o_contrast), $object_alpha); | ||
303 | 138 | imagefilledpolygon($image, $vertices, 3, $color); | ||
304 | 139 | } | ||
305 | 140 | |||
306 | 141 | // Draw random circles | ||
307 | 142 | if ($num_ellipses > 0) for ($i = 0; $i < $num_ellipses; $i++) { | ||
308 | 143 | $x1 = mt_rand(0,$width); | ||
309 | 144 | $y1 = mt_rand(0,$height); | ||
310 | 145 | $color = imagecolorallocatealpha ($image, mt_rand(0,$o_contrast), mt_rand(0,$o_contrast), mt_rand(0,$o_contrast), $object_alpha); | ||
311 | 146 | // $color = imagecolorallocate($image, mt_rand(0,$o_contrast), mt_rand(0,$o_contrast), mt_rand(0,$o_contrast)); | ||
312 | 147 | imagefilledellipse($image, $x1, $y1, mt_rand($min_radius,$max_radius), mt_rand($min_radius,$max_radius), $color); | ||
313 | 148 | } | ||
314 | 149 | |||
315 | 150 | // Draw random lines | ||
316 | 151 | if ($num_lines > 0) for ($i = 0; $i < $num_lines; $i++) { | ||
317 | 152 | $x1 = mt_rand(-$width*0.25,$width*1.25); | ||
318 | 153 | $y1 = mt_rand(-$height*0.25,$height*1.25); | ||
319 | 154 | $x2 = mt_rand(-$width*0.25,$width*1.25); | ||
320 | 155 | $y2 = mt_rand(-$height*0.25,$height*1.25); | ||
321 | 156 | $color = imagecolorallocatealpha ($image, mt_rand(0,$o_contrast), mt_rand(0,$o_contrast), mt_rand(0,$o_contrast), $object_alpha); | ||
322 | 157 | imagesetthickness ($image, mt_rand($min_thickness,$max_thickness)); | ||
323 | 158 | imageline($image, $x1, $y1, $x2, $y2 , $color); | ||
324 | 159 | } | ||
325 | 160 | |||
326 | 161 | // Draw random dots | ||
327 | 162 | if ($num_dots > 0) for ($i = 0; $i < $num_dots; $i++) { | ||
328 | 163 | $x1 = mt_rand(0,$width); | ||
329 | 164 | $y1 = mt_rand(0,$height); | ||
330 | 165 | $color = imagecolorallocatealpha($image, mt_rand(0,$o_contrast), mt_rand(0,$o_contrast), mt_rand(0,$o_contrast),$object_alpha); | ||
331 | 166 | imagesetpixel($image, $x1, $y1, $color); | ||
332 | 167 | } | ||
333 | 168 | |||
334 | 169 | session_start(); | ||
335 | 170 | |||
336 | 171 | if (session_id()) | ||
337 | 172 | $_SESSION['code'] = $password; | ||
338 | 173 | |||
339 | 174 | header("Content-type: image/jpeg"); | ||
340 | 175 | imagejpeg($image); | ||
412 | 176 | imagedestroy($image); | 91 | imagedestroy($image); |
421 | 177 | 92 | ?> | |
414 | 178 | /**** to check ***** | ||
415 | 179 | form: <img src="image-code.php" border="0" alt=""> | ||
416 | 180 | |||
417 | 181 | process: session_start(); if ($_POST["code"]!=$_SESSION["code"]) exit("Wrong code"); | ||
418 | 182 | *******************/ | ||
419 | 183 | |||
420 | 184 | ?> | ||
422 | 185 | 93 | ||
423 | === added file 'trunk/www/includes/sess.php' | |||
424 | --- trunk/www/includes/sess.php 1970-01-01 00:00:00 +0000 | |||
425 | +++ trunk/www/includes/sess.php 2012-07-26 17:56:19 +0000 | |||
426 | @@ -0,0 +1,91 @@ | |||
427 | 1 | <? | ||
428 | 2 | /* | ||
429 | 3 | Psiphon Circumvention Platform | ||
430 | 4 | Copyright (C) 2010 Psiphon Inc. | ||
431 | 5 | |||
432 | 6 | This program is free software: you can redistribute it and/or modify | ||
433 | 7 | it under the terms of the GNU General Public License as published by | ||
434 | 8 | the Free Software Foundation, either version 3 of the License, or | ||
435 | 9 | (at your option) any later version. | ||
436 | 10 | |||
437 | 11 | This program is distributed in the hope that it will be useful, | ||
438 | 12 | but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
439 | 13 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
440 | 14 | GNU General Public License for more details. | ||
441 | 15 | |||
442 | 16 | You should have received a copy of the GNU General Public License | ||
443 | 17 | along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
444 | 18 | */ | ||
445 | 19 | |||
446 | 20 | include_once($_SERVER[DOCUMENT_ROOT]."/includes/common_includes.php"); | ||
447 | 21 | |||
448 | 22 | $config["sess_name"]="S"; // session cookie name | ||
449 | 23 | $config["sess_path"]="/"; // session cookie path | ||
450 | 24 | |||
451 | 25 | /* | ||
452 | 26 | * Initialize the session, or read the data from an exising one | ||
453 | 27 | * | ||
454 | 28 | * RETURN: - session array on success (empty on the first call) | ||
455 | 29 | * - returns false on error | ||
456 | 30 | */ | ||
457 | 31 | function sess_open() | ||
458 | 32 | { | ||
459 | 33 | global $config; | ||
460 | 34 | |||
461 | 35 | if (!isset($_COOKIE[$config["sess_name"]])) | ||
462 | 36 | { | ||
463 | 37 | $id=md5(microtime().$_SERVER["REMOTE_ADDR"].mt_rand().$_SERVER["REQUEST_URI"]); | ||
464 | 38 | $_COOKIE[$config["sess_name"]]=$id; | ||
465 | 39 | header("Set-Cookie: {$config["sess_name"]}={$id}; path={$config["sess_path"]}", false); | ||
466 | 40 | return(array()); | ||
467 | 41 | } | ||
468 | 42 | |||
469 | 43 | $query="SELECT * FROM sess WHERE id = :sess_name"; | ||
470 | 44 | $result = db_query_execute($config, $query, convert_null_array(array(":sess_name" => $_COOKIE[$config["sess_name"]]))); | ||
471 | 45 | |||
472 | 46 | if (!($record = db_fetch_result($config, $result))) | ||
473 | 47 | { | ||
474 | 48 | return(array()); | ||
475 | 49 | } | ||
476 | 50 | |||
477 | 51 | if (($res = unserialize($record["data"])) === false) | ||
478 | 52 | { | ||
479 | 53 | syslog(LOG_DEBUG, $_SERVER["HTTP_HOST"].$_SERVER["REQUEST_URI"].": sess_open(): Can not unserialize the data"); | ||
480 | 54 | return(false); | ||
481 | 55 | } | ||
482 | 56 | |||
483 | 57 | return($res); | ||
484 | 58 | } | ||
485 | 59 | |||
486 | 60 | |||
487 | 61 | /* | ||
488 | 62 | * Save session data, delete expired data from the session table | ||
489 | 63 | * | ||
490 | 64 | * $s a session array | ||
491 | 65 | * | ||
492 | 66 | * RETURN: - true on success | ||
493 | 67 | * - false on error | ||
494 | 68 | */ | ||
495 | 69 | function sess_close($s) | ||
496 | 70 | { | ||
497 | 71 | global $config; | ||
498 | 72 | |||
499 | 73 | if (!isset($_COOKIE[$config["sess_name"]])) | ||
500 | 74 | { | ||
501 | 75 | syslog(LOG_DEBUG, $_SERVER["HTTP_HOST"].$_SERVER["REQUEST_URI"].": sess_close(): No session id"); | ||
502 | 76 | return(false); | ||
503 | 77 | } | ||
504 | 78 | |||
505 | 79 | $query="INSERT INTO sess (id, data, updated) VALUES (:id, :data, now())"; | ||
506 | 80 | if (!db_query_execute($config, $query, convert_null_array(array(":id" => $_COOKIE[$config["sess_name"]], ":data" => serialize($s))), true)) | ||
507 | 81 | { | ||
508 | 82 | $query="UPDATE sess SET data = :data, updated=now() WHERE id = :id"; | ||
509 | 83 | if (!db_query_execute($config, $query, convert_null_array(array(":data" => serialize($s), ":id" => $_COOKIE[$config["sess_name"]])), true)) | ||
510 | 84 | { | ||
511 | 85 | return(false); | ||
512 | 86 | } | ||
513 | 87 | } | ||
514 | 88 | |||
515 | 89 | return(true); | ||
516 | 90 | } | ||
517 | 91 | ?> |
the SQL upgrade script should be placed into the sql/upgrade/ directory, otherwise it will not be executed by automation script. I need to update the old README