[pLog-svn] r1075 - in plugins/trunk/authimage: . class
class/security
mark at devel.plogworld.net
mark at devel.plogworld.net
Mon Feb 14 19:41:55 GMT 2005
Author: mark
Date: 2005-02-14 19:41:55 +0000 (Mon, 14 Feb 2005)
New Revision: 1075
Added:
plugins/trunk/authimage/class/security/
plugins/trunk/authimage/class/security/authimagefilter.class.php
Modified:
plugins/trunk/authimage/pluginauthimage.class.php
Log:
Added: plugins/trunk/authimage/class/security/authimagefilter.class.php
===================================================================
--- plugins/trunk/authimage/class/security/authimagefilter.class.php 2005-02-14 17:19:52 UTC (rev 1074)
+++ plugins/trunk/authimage/class/security/authimagefilter.class.php 2005-02-14 19:41:55 UTC (rev 1075)
@@ -0,0 +1,75 @@
+<?php
+
+ include_once( PLOG_CLASS_PATH."class/security/pipelinefilter.class.php" );
+ include_once( PLOG_CLASS_PATH."class/file/file.class.php" );
+ include_once( PLOG_CLASS_PATH."class/config/config.class.php" );
+
+ // custom error code that will be returned to the pipeline whenever an
+ // error is found... Be careful so as to not to have two different modules
+ // use the same code!!
+ define( "AUTHIMAGE_FILTER_MATCH_FOUND", 1011 );
+
+ /**
+ * Filters the text posted in a comment by a user, to prevent spam-bots. This
+ * filter only works if the incoming request has the "op" parameter as
+ * "AddComment", because then it means that we're posting a comment. If it's not
+ * like that, then we'll quit. Otherwise, the process will continue as normally.
+ */
+ class AuthImageFilter extends PipelineFilter
+ {
+
+ function AuthImageFilter( $pipelineRequest )
+ {
+ $this->PipelineFilter( $pipelineRequest );
+ }
+
+ function filter()
+ {
+ // get some info
+ $blogInfo = $this->_pipelineRequest->getBlogInfo();
+ $request = $this->_pipelineRequest->getHttpRequest();
+
+ // check if this section has been enabled or disabled
+ $blogSettings = $blogInfo->getSettings();
+ $pluginEnabled = $blogSettings->getValue( "plugin_authimage_enabled" );
+ if( !$pluginEnabled) {
+ $result = new PipelineResult();
+ return $result;
+ }
+
+ // we only have to filter the contents if the user is posting a comment
+ // so there's no point in doing anything else if that's not the case
+ if( $request->getValue( "op" ) != "AddComment" ) {
+ $result = new PipelineResult();
+ return $result;
+ }
+
+ $config =& Config::getConfig();
+ $cacheFolder = $config->getValue('temp_folder');
+ $cacheFolder = $cacheFolder.'/authimage/'.$blogInfo->getId();
+
+ // text and topic of the comment
+ $key = $blogSettings->getValue( "plugin_authimage_key" );
+ $code = $request->getValue( "authImage" );
+ $encrypt = $this->encrypt($code, $key);
+ $tempFile = $cacheFolder."/".$encrypt.".gif";
+ if ( !File::exists( $tempFile ) ) {
+ // if there is a match, we can quit and reject this request
+ $result = new PipelineResult( false, AUTHIMAGE_FILTER_MATCH_FOUND, "error_authimage_code" );
+ return $result;
+ }
+
+ // if everything went fine, we can say so by returning
+ // a positive PipelineResult object
+ // File::delete( $tempFile );
+ $result = new PipelineResult();
+ return $result;
+ }
+
+ function encrypt($string, $key) {
+ $plainText = $string.$key;
+ $encodeText = md5($plainText);
+ return $encodeText;
+ }
+ }
+?>
Modified: plugins/trunk/authimage/pluginauthimage.class.php
===================================================================
--- plugins/trunk/authimage/pluginauthimage.class.php 2005-02-14 17:19:52 UTC (rev 1074)
+++ plugins/trunk/authimage/pluginauthimage.class.php 2005-02-14 19:41:55 UTC (rev 1075)
@@ -4,7 +4,8 @@
include_once( PLOG_CLASS_PATH."class/plugin/pluginmanager.class.php" );
include_once( PLOG_CLASS_PATH."class/dao/model.class.php" );
include_once( PLOG_CLASS_PATH."class/net/requestgenerator.class.php" );
- include_once( PLOG_CLASS_PATH."class/misc/glob.class.php" );
+ include_once( PLOG_CLASS_PATH."class/misc/glob.class.php" );
+ include_once( PLOG_CLASS_PATH."plugins/authimage/class/security/authimagefilter.class.php" );
define( "AUTHIMAGE_FILE", "/plugins/authimage/authimage.php" );
define( "AUTHIMAGE_BACKGROUND_FOLDER", PLOG_CLASS_PATH."plugins/authimage/backgrounds/" );
@@ -39,6 +40,9 @@
function init()
{
+ // register the filter
+ $this->registerFilter( "AuthImageFilter" );
+
$this->registerAdminAction( "authimage", "PluginAuthImageConfigAction" );
$this->registerAdminAction( "updateAuthImageConfig", "PluginAuthImageUpdateConfigAction" );
$this->registerBlogAction( "AuthImageShow", "PluginAuthImageShowAction" );
@@ -51,9 +55,9 @@
function register()
{
- $this->cacheFolder = $this->cacheFolder.'/'.$this->blogInfo->getId();
+ $this->cacheFolder = $this->cacheFolder.'/authimage/'.$this->blogInfo->getId();
if( !File::exists( $this->cacheFolder )) {
- $this->log->debug( "creating temporary folder".$this->tempFolder );
+ $this->log->debug( "creating temporary folder".$this->cacheFolder );
File::createDir( $this->cacheFolder );
}
@@ -89,8 +93,9 @@
function showImage() {
$code = $this->generateCode();
+ $encrypt = $this->encrypt($code, $this->key);
$background = AUTHIMAGE_BACKGROUND_FOLDER.$this->background;
- $tempFile = $this->cacheFolder."/".$code.".gif";
+ $tempFile = $this->cacheFolder."/".$encrypt.".gif";
$image = @imagecreatefromgif($background) or die("Cannot Initialize new GD image stream");
$textColor = imageColorAllocate($image, 0x00, 0x00, 0x00);
@@ -114,19 +119,12 @@
}
// encrypt string
- function encrypt($string) {
- $iv_size = mcrypt_get_iv_size(MCRYPT_BLOWFISH, MCRYPT_MODE_ECB);
- $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
- return mcrypt_encrypt(MCRYPT_BLOWFISH, $this->key, $string, MCRYPT_MODE_ECB, $iv);
+ function encrypt($string, $key) {
+ $plainText = $string.$key;
+ $encodeText = md5($plainText);
+ return $encodeText;
}
- // decrypt string
- function decrypt($crypttext) {
- $iv_size = mcrypt_get_iv_size(MCRYPT_BLOWFISH, MCRYPT_MODE_ECB);
- $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
- return mcrypt_decrypt(MCRYPT_BLOWFISH, $this->key, $crypttext, MCRYPT_MODE_ECB, $iv);
- }
-
function generateCode() {
$code = "";
for($i=0; $i < $this->length; $i++) $code .= rand(0,9);
More information about the pLog-svn
mailing list