chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Show captcha after the first wrong attempt see BT#6486

Browse Source
1.9.x
Julio Montoya 13 years ago
parent f817d5da57
commit 37597b882b
11 changed files with 197 additions and 59 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 25
      main/inc/ajax/form.ajax.php
  2. 14
      main/inc/lib/autoload.class.php
  3. 7
      main/inc/lib/formvalidator/FormValidator.class.php
  4. 9
      main/inc/lib/main_api.lib.php
  5. 80
      main/inc/lib/pear/HTML/QuickForm.php
  6. 7
      main/inc/lib/pear/HTML/QuickForm/CAPTCHA.php
  7. 17
      main/inc/lib/pear/HTML/QuickForm/CAPTCHA/Image.php
  8. 11
      main/inc/lib/pear/Text/CAPTCHA.php
  9. 6
      main/inc/lib/pear/Text/CAPTCHA/Driver/Image.php
  10. 51
      main/inc/lib/userportal.lib.php
  11. 29
      main/inc/local.inc.php

25
main/inc/ajax/form.ajax.php
Unescape View File

@ -0,0 +1,25 @@
<?php
/* For licensing terms, see /license.txt */
require_once '../global.inc.php';
$action = isset($_REQUEST['a']) ? $_REQUEST['a'] : null;
switch ($action) {
case 'get_captcha':
header('Content-Type: image/jpeg');
$sessionVar = (empty($_REQUEST['var']))
? '_HTML_QuickForm_CAPTCHA'
: $_REQUEST['var'];
// Force a new CAPTCHA for each one displayed
/** @var Text_CAPTCHA $obj */
$obj = $_SESSION[$sessionVar];
$obj->generate(true);
echo $image = $obj->getCAPTCHA();
//echo $_SESSION[$sessionVar]->getCAPTCHAAsJPEG();
exit;
break;
}

14
main/inc/lib/autoload.class.php
Unescape View File

@ -685,6 +685,20 @@ class Autoload
$result['HTML_QuickForm_text'] = '/main/inc/lib/pear/HTML/QuickForm/text.php';
$result['HTML_QuickForm_textarea'] = '/main/inc/lib/pear/HTML/QuickForm/textarea.php';
$result['HTML_QuickForm_xbutton'] = '/main/inc/lib/pear/HTML/QuickForm/xbutton.php';
$result['Text_CAPTCHA_Driver_Equation'] = '/main/inc/lib/pear/Text/CAPTCHA/Driver/Equation.php';
$result['Text_CAPTCHA_Driver_Figlet'] = '/main/inc/lib/pear/Text/CAPTCHA/Driver/Figlet.php';
$result['Text_CAPTCHA_Driver_Image'] = '/main/inc/lib/pear/Text/CAPTCHA/Driver/Image.php';
$result['Text_CAPTCHA_Driver_Numeral'] = '/main/inc/lib/pear/Text/CAPTCHA/Driver/Numeral.php';
$result['Text_CAPTCHA_Driver'] = '/main/inc/lib/pear/Text/CAPTCHA/Driver.php';
$result['Text_CAPTCHA_Exception'] = '/main/inc/lib/pear/Text/CAPTCHA/Exception.php';
$result['Text_CAPTCHA'] = '/main/inc/lib/pear/Text/CAPTCHA.php';
$result['HTML_QuickForm_CAPTCHA'] = '/main/inc/lib/pear/HTML/QuickForm/CAPTCHA.php';
$result['HTML_QuickForm_CAPTCHA_Image'] = '/main/inc/lib/pear/HTML/QuickForm/CAPTCHA/Image.php';
$result['HTML_QuickForm_CAPTCHA_Word'] = '/main/inc/lib/pear/HTML/QuickForm/CAPTCHA/Word.php';
$result['HTML_Table'] = '/main/inc/lib/pear/HTML/Table.php';
$result['HTML_Table_Storage'] = '/main/inc/lib/pear/HTML/Table/Storage.php';
$result['Header'] = '/main/inc/lib/system/web/header.class.php';

7
main/inc/lib/formvalidator/FormValidator.class.php
Unescape View File

@ -135,6 +135,9 @@ class FormValidator extends HTML_QuickForm
$this->registerElementType('style_reset_button', $dir . 'Element/style_reset_button.php', 'HTML_QuickForm_styleresetbutton');
$this->registerElementType('button', $dir . 'Element/style_submit_button.php', 'HTML_QuickForm_stylesubmitbutton');
$this->registerElementType('captcha', 'HTML/QuickForm/CAPTCHA.php', 'HTML_QuickForm_CAPTCHA');
$this->registerElementType('CAPTCHA_Image', 'HTML/QuickForm/CAPTCHA/Image.php', 'HTML_QuickForm_CAPTCHA_Image');
$this->registerRule('date', null, 'HTML_QuickForm_Rule_Date', $dir . 'Rule/Date.php');
$this->registerRule('date_compare', null, 'HTML_QuickForm_Rule_DateCompare', $dir . 'Rule/DateCompare.php');
$this->registerRule('html', null, 'HTML_QuickForm_Rule_HTML', $dir . 'Rule/HTML.php');
@ -145,6 +148,8 @@ class FormValidator extends HTML_QuickForm
$this->registerRule('url', null, 'HTML_QuickForm_Rule_Url', $dir . 'Rule/Url.php');
$this->registerRule('compare_fields', null, 'HTML_QuickForm_Compare_Fields', $dir . 'Rule/CompareFields.php');
$this->registerRule('CAPTCHA', 'rule', 'HTML_QuickForm_Rule_CAPTCHA', 'HTML/QuickForm/Rule/CAPTCHA.php');
// Modify the default templates
$renderer = & $this->defaultRenderer();
@ -574,4 +579,4 @@ function html_filter_teacher_fullpage($html)
function html_filter_student_fullpage($html)
{
return html_filter($html, STUDENT_HTML_FULLPAGE);
}
}

9
main/inc/lib/main_api.lib.php
Unescape View File

@ -6452,6 +6452,11 @@ function api_get_user_info_from_official_code($official_code = '') {
return false;
}
/**
*
* @param string $inputId the jquery id example: #password
* @return string
*/
function api_get_password_checker_js($inputId)
{
global $_configuration;
@ -6492,6 +6497,10 @@ function api_get_password_checker_js($inputId)
return $js;
}
/**
* Gets an array with "easy" passwords
* @return array
*/
function api_get_easy_password_list()
{
$passwordList = array('123', '1234', '123456', 'admin', 'user', 'student', 'teacher');

80
main/inc/lib/pear/HTML/QuickForm.php
Unescape View File

@ -39,35 +39,34 @@ require_once 'HTML/Common.php';
* @global array $GLOBALS['HTML_QUICKFORM_ELEMENT_TYPES']
*/
$GLOBALS['HTML_QUICKFORM_ELEMENT_TYPES'] =
array(
'group' =>array('HTML/QuickForm/group.php','HTML_QuickForm_group'),
'hidden' =>array('HTML/QuickForm/hidden.php','HTML_QuickForm_hidden'),
'reset' =>array('HTML/QuickForm/reset.php','HTML_QuickForm_reset'),
'checkbox' =>array('HTML/QuickForm/checkbox.php','HTML_QuickForm_checkbox'),
'file' =>array('HTML/QuickForm/file.php','HTML_QuickForm_file'),
'image' =>array('HTML/QuickForm/image.php','HTML_QuickForm_image'),
'password' =>array('HTML/QuickForm/password.php','HTML_QuickForm_password'),
'radio' =>array('HTML/QuickForm/radio.php','HTML_QuickForm_radio'),
'button' =>array('HTML/QuickForm/button.php','HTML_QuickForm_button'),
'submit' =>array('HTML/QuickForm/submit.php','HTML_QuickForm_submit'),
'select' =>array('HTML/QuickForm/select.php','HTML_QuickForm_select'),
'hiddenselect' =>array('HTML/QuickForm/hiddenselect.php','HTML_QuickForm_hiddenselect'),
'text' =>array('HTML/QuickForm/text.php','HTML_QuickForm_text'),
'textarea' =>array('HTML/QuickForm/textarea.php','HTML_QuickForm_textarea'),
'link' =>array('HTML/QuickForm/link.php','HTML_QuickForm_link'),
'advcheckbox' =>array('HTML/QuickForm/advcheckbox.php','HTML_QuickForm_advcheckbox'),
'date' =>array('HTML/QuickForm/date.php','HTML_QuickForm_date'),
'static' =>array('HTML/QuickForm/static.php','HTML_QuickForm_static'),
'header' =>array('HTML/QuickForm/header.php', 'HTML_QuickForm_header'),
'html' =>array('HTML/QuickForm/html.php', 'HTML_QuickForm_html'),
'hierselect' =>array('HTML/QuickForm/hierselect.php', 'HTML_QuickForm_hierselect'),
'autocomplete' =>array('HTML/QuickForm/autocomplete.php', 'HTML_QuickForm_autocomplete'),
'xbutton' =>array('HTML/QuickForm/xbutton.php','HTML_QuickForm_xbutton'),
'advanced_settings' =>array('HTML/QuickForm/advanced_settings.php','HTML_QuickForm_advanced_settings'),
'label' =>array('HTML/QuickForm/label.php','HTML_QuickForm_label'),
'email' =>array('HTML/QuickForm/email.php','HTML_QuickForm_email'),
);
array(
'group' => array('HTML/QuickForm/group.php','HTML_QuickForm_group'),
'hidden' => array('HTML/QuickForm/hidden.php','HTML_QuickForm_hidden'),
'reset' => array('HTML/QuickForm/reset.php','HTML_QuickForm_reset'),
'checkbox' => array('HTML/QuickForm/checkbox.php','HTML_QuickForm_checkbox'),
'file' => array('HTML/QuickForm/file.php','HTML_QuickForm_file'),
'image' => array('HTML/QuickForm/image.php','HTML_QuickForm_image'),
'password' => array('HTML/QuickForm/password.php','HTML_QuickForm_password'),
'radio' => array('HTML/QuickForm/radio.php','HTML_QuickForm_radio'),
'button' => array('HTML/QuickForm/button.php','HTML_QuickForm_button'),
'submit' => array('HTML/QuickForm/submit.php','HTML_QuickForm_submit'),
'select' => array('HTML/QuickForm/select.php','HTML_QuickForm_select'),
'hiddenselect' => array('HTML/QuickForm/hiddenselect.php','HTML_QuickForm_hiddenselect'),
'text' => array('HTML/QuickForm/text.php','HTML_QuickForm_text'),
'textarea' => array('HTML/QuickForm/textarea.php','HTML_QuickForm_textarea'),
'link' => array('HTML/QuickForm/link.php','HTML_QuickForm_link'),
'advcheckbox' => array('HTML/QuickForm/advcheckbox.php','HTML_QuickForm_advcheckbox'),
'date' => array('HTML/QuickForm/date.php','HTML_QuickForm_date'),
'static' => array('HTML/QuickForm/static.php','HTML_QuickForm_static'),
'header' => array('HTML/QuickForm/header.php', 'HTML_QuickForm_header'),
'html' => array('HTML/QuickForm/html.php', 'HTML_QuickForm_html'),
'hierselect' => array('HTML/QuickForm/hierselect.php', 'HTML_QuickForm_hierselect'),
'autocomplete' => array('HTML/QuickForm/autocomplete.php', 'HTML_QuickForm_autocomplete'),
'xbutton' => array('HTML/QuickForm/xbutton.php','HTML_QuickForm_xbutton'),
'advanced_settings' => array('HTML/QuickForm/advanced_settings.php','HTML_QuickForm_advanced_settings'),
'label' => array('HTML/QuickForm/label.php','HTML_QuickForm_label'),
'email' => array('HTML/QuickForm/email.php','HTML_QuickForm_email')
);
/**
* Validation rules known to HTML_QuickForm
@ -92,7 +91,8 @@ $GLOBALS['_HTML_QuickForm_registered_rules'] = array(
//'compare' => array('html_quickform_rule_compare', 'HTML/QuickForm/Rule/Compare.php')
'compare' => array('html_quickform_rule_compare', 'HTML/QuickForm/Rule/Compare.php'),
'comparedate' => array('html_quickform_rule_comparedate', 'HTML/QuickForm/Rule/CompareDate.php'),
'errordate' => array('html_quickform_rule_date', 'HTML/QuickForm/Rule/Date.php')
'errordate' => array('html_quickform_rule_date', 'HTML/QuickForm/Rule/Date.php'),
'captcha' => array('HTML_QuickForm_Rule_CAPTCHA', 'HTML/QuickForm/Rule/CAPTCHA.php')
//
);
@ -327,7 +327,7 @@ class HTML_QuickForm extends HTML_Common
unset($this->_submitValues['_qf__' . $formName]);
$this->addElement('hidden', '_qf__' . $formName, null);
}
if (preg_match('/^([0-9]+)([a-zA-Z]*)$/', ini_get('upload_max_filesize'), $matches)) {
// see http://www.php.net/manual/en/faq.using.php#faq.using.shorthandbytes
switch (strtoupper($matches['2'])) {
@ -344,10 +344,10 @@ class HTML_QuickForm extends HTML_Common
$this->_maxFileSize = $matches['1'];
}
}
$course_id = api_get_course_int_id();
//If I'm in a course replace the default max filesize with the course limits
if (!empty($course_id)) {
if (!empty($course_id)) {
$free_course_quota = DocumentManager::get_course_quota() - DocumentManager::documents_total_space();
if (empty($this->_maxFileSize) || $free_course_quota <= $this->_maxFileSize) {
$this->_maxFileSize = intval($free_course_quota);
@ -618,11 +618,12 @@ class HTML_QuickForm extends HTML_Common
}
$className = $GLOBALS['HTML_QUICKFORM_ELEMENT_TYPES'][$type][1];
$includeFile = $GLOBALS['HTML_QUICKFORM_ELEMENT_TYPES'][$type][0];
include_once($includeFile);
include_once $includeFile;
// Modified by Ivan Tcholakov, 16-MAR-2010. Suppressing a deprecation warning on PHP 5.3
//$elementObject =& new $className();
$elementObject = new $className();
for ($i = 0; $i < 5; $i++) {
if (!isset($args[$i])) {
$args[$i] = null;
@ -1548,6 +1549,7 @@ class HTML_QuickForm extends HTML_Common
foreach ($this->_rules as $target => $rules) {
$submitValue = $this->getSubmitValue($target);
foreach ($rules as $rule) {
if ((isset($rule['group']) && isset($this->_errors[$rule['group']])) ||
isset($this->_errors[$target])) {
@ -1733,7 +1735,7 @@ class HTML_QuickForm extends HTML_Common
// Modified by Ivan Tcholakov, 16-MAR-2010. Suppressing a deprecation warning on PHP 5.3
//$GLOBALS['_HTML_QuickForm_default_renderer'] =& new HTML_QuickForm_Renderer_Default();
$GLOBALS['_HTML_QuickForm_default_renderer'] = new HTML_QuickForm_Renderer_Default();
}
}
return $GLOBALS['_HTML_QuickForm_default_renderer'];
} // end func defaultRenderer
@ -1750,11 +1752,11 @@ class HTML_QuickForm extends HTML_Common
* @since 1.0
* @access public
*/
function toHtml ($in_data = null) {
function toHtml ($in_data = null) {
if (!is_null($in_data)) {
$this->addElement('html', $in_data);
}
$renderer =& $this->defaultRenderer();
$renderer =& $this->defaultRenderer();
$this->accept($renderer);
return $renderer->toHtml();
} // end func toHtml
@ -2091,4 +2093,4 @@ class HTML_QuickForm_Error extends PEAR_Error {
}
// }}}
} // end class HTML_QuickForm_Error
?>
?>

7
main/inc/lib/pear/HTML/QuickForm/CAPTCHA.php
Unescape View File

@ -121,8 +121,7 @@ class HTML_QuickForm_CAPTCHA extends HTML_QuickForm_input
function HTML_QuickForm_CAPTCHA($elementName = null, $elementLabel = null,
$options = null, $attributes = null)
{
HTML_QuickForm_input::HTML_QuickForm_input($elementName, $elementLabel,
$attributes);
HTML_QuickForm_input::HTML_QuickForm_input($elementName, $elementLabel, $attributes);
$this->setType('CAPTCHA_'.$this->_CAPTCHA_driver);
if (is_array($options)) {
@ -141,7 +140,9 @@ class HTML_QuickForm_CAPTCHA extends HTML_QuickForm_input
$sessionVar = $this->_options['sessionVar'];
if (empty($_SESSION[$sessionVar])) {
$_SESSION[$sessionVar] =& Text_CAPTCHA::factory($this->_CAPTCHA_driver);
$_SESSION[$sessionVar] = Text_CAPTCHA::factory($this->_CAPTCHA_driver);
if (PEAR::isError($_SESSION[$sessionVar])) {
return $_SESSION[$sessionVar];
}

17
main/inc/lib/pear/HTML/QuickForm/CAPTCHA/Image.php
Unescape View File

@ -61,6 +61,10 @@ require_once 'Text/CAPTCHA/Driver/Image.php';
class HTML_QuickForm_CAPTCHA_Image extends HTML_QuickForm_CAPTCHA
{
function HTML_QuickForm_CAPTCHA_Image($elementName = null, $elementLabel = null, $options = null, $attributes = null) {
return parent::HTML_QuickForm_CAPTCHA($elementName, $elementLabel, $options, $attributes);
}
/**
* Default options
*
@ -75,7 +79,7 @@ class HTML_QuickForm_CAPTCHA_Image extends HTML_QuickForm_CAPTCHA
'callback' => '',
'imageOptions' => null,
'phrase' => null,
);
);
/**
* CAPTCHA driver
@ -98,6 +102,7 @@ class HTML_QuickForm_CAPTCHA_Image extends HTML_QuickForm_CAPTCHA
}
$result = parent::_initCAPTCHA();
if (PEAR::isError($result)) {
return $result;
}
@ -153,13 +158,3 @@ class HTML_QuickForm_CAPTCHA_Image extends HTML_QuickForm_CAPTCHA
return $onclickJs;
}
}
/**
* Registers the class with QuickForm
*/
if (class_exists('HTML_QuickForm')) {
HTML_QuickForm::registerElementType('CAPTCHA_Image',
'HTML/QuickForm/CAPTCHA/Image.php', 'HTML_QuickForm_CAPTCHA_Image');
}
?>

11
main/inc/lib/pear/Text/CAPTCHA.php
Unescape View File

@ -149,4 +149,15 @@ class Text_CAPTCHA
{
return $this->_driver->getPhrase();
}
/**
* Place holder for the real getCAPTCHA() method used by extended classes to
* return the generated CAPTCHA (as an image resource, as an ASCII text, ...).
*
* @return string|object
*/
public function getCAPTCHAAsJPEG()
{
return $this->_driver->_getCAPTCHAAsJPEG();
}
}

6
main/inc/lib/pear/Text/CAPTCHA/Driver/Image.php
Unescape View File

@ -102,7 +102,7 @@ class Text_CAPTCHA_Driver_Image extends Text_CAPTCHA_Driver_Base
$this->setPhrase($options['phrase']);
}
if (!isset($options['output']) || empty($options['output'])) {
$this->_output = 'resource';
$this->_output = 'jpeg';
} else {
$this->_output = $options['output'];
}
@ -144,6 +144,7 @@ class Text_CAPTCHA_Driver_Image extends Text_CAPTCHA_Driver_Base
$options['background_color'] = $this->_imageOptions['background_color'];
$options['max_lines'] = 1;
$options['mode'] = 'auto';
do {
$imageText = new Image_Text($this->getPhrase(), $options);
$imageText->init();
@ -185,6 +186,9 @@ class Text_CAPTCHA_Driver_Image extends Text_CAPTCHA_Driver_Base
imagearc($image, $cx, $cy, $w, $w, 0, 360, $linesColor);
}
// @todo remove hardcoded value
$this->_output = 'jpg';
if ($this->_output == 'gif' && imagetypes() & IMG_GIF) {
$this->setCaptcha($this->_getCAPTCHAAsGIF($image));
} else if (($this->_output == 'jpg' && imagetypes() & IMG_JPG)

51
main/inc/lib/userportal.lib.php
Unescape View File

@ -332,6 +332,9 @@ class IndexManager {
case 'access_url_inactive':
$message = get_lang('AccountURLInactive');
break;
case 'wrong_captcha':
$message = get_lang('TheTextYouEnteredDoesNotMatchThePicture');
break;
case 'unrecognize_sso_origin':
//$message = get_lang('SSOError');
break;
@ -638,15 +641,55 @@ class IndexManager {
* Adds a form to let users login
* @version 1.1
*/
function display_login_form() {
function display_login_form()
{
$form = new FormValidator('formLogin', 'POST', null, null, array('class'=>'form-vertical'));
// 'placeholder'=>get_lang('UserName')
//'autocomplete'=>"off",
$form->addElement('text', 'login', get_lang('UserName'), array('class' => 'span2 autocapitalize_off', 'autofocus' => 'autofocus'));
$form->addElement('password', 'password', get_lang('Pass'), array('class' => 'span2'));
// Captcha
$useCaptcha = isset($_GET['loginFailed']) ? $_GET['loginFailed'] : null;
if ($useCaptcha) {
$form->addElement('text', 'captcha', 'Enter the letters you see');
$form->addRule('captcha', 'Enter the characters you read in the image', 'required', null, 'client');
$ajax = api_get_path(WEB_AJAX_PATH).'form.ajax.php?a=get_captcha';
$options = array(
'width' => 250,
'height' => 90,
'callback' => $ajax.'&var='.basename(__FILE__, '.php'),
'sessionVar' => basename(__FILE__, '.php'),
'imageOptions' => array(
'font_size' => 20,
'font_path' => api_get_path(LIBRARY_PATH).'pchart/fonts/',
'font_file' => 'tahoma.ttf',
//'output' => 'gif'
)
);
// Minimum options using all defaults (including defaults for Image_Text):
//$options = array('callback' => 'qfcaptcha_image.php');
$captcha_question = $form->addElement('CAPTCHA_Image', 'captcha_question', 'Verification', $options);
$form->addElement('static', null, null, 'Click on the image for a new one');
$form->addRule('captcha', 'What you entered didn\'t match the picture', 'CAPTCHA', $captcha_question);
}
$form->addElement('style_submit_button','submitAuth', get_lang('LoginEnter'), array('class' => 'btn'));
$html = $form->return_form();
/*if ($form->validate()) {
// Prevent re-use of the same CAPTCHA phrase
$captcha_question->destroy();
}*/
$_SESSION['login_form'] = $form;
if (api_get_setting('openid_authentication') == 'true') {
include_once 'main/auth/openid/login.php';
$html .= '<div>'.openid_form().'</div>';

29
main/inc/local.inc.php
Unescape View File

@ -237,9 +237,37 @@ if (!empty($_SESSION['_user']['user_id']) && !($login || $logout)) {
WHERE username = '".Database::escape_string($login)."'";
$result = Database::query($sql);
$catpchaValidated = true;
if (Database::num_rows($result) > 0) {
$uData = Database::fetch_array($result);
if (isset($_POST['captcha'])) {
// Check captcha
$captchaText = $_POST['captcha'];
/** @var Text_CAPTCHA $obj */
$obj = isset($_SESSION['userportal.lib']) ? $_SESSION['userportal.lib'] : null;
if ($obj) {
$obj->getPhrase();
if ($obj->getPhrase() != $captchaText) {
$catpchaValidated = false;
} else {
$catpchaValidated = true;
}
}
if (isset($_SESSION['captcha_question'])) {
$captcha_question = $_SESSION['captcha_question'];
$captcha_question->destroy();
}
}
if ($catpchaValidated == false) {
$loginFailed = true;
Session::erase('_uid');
header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=wrong_captcha');
exit;
}
if ($uData['auth_source'] == PLATFORM_AUTH_SOURCE || $uData['auth_source'] == CAS_AUTH_SOURCE) {
//The authentification of this user is managed by Chamilo itself
$password = api_get_encrypted_password(trim(stripslashes($password)));
@ -252,6 +280,7 @@ if (!empty($_SESSION['_user']['user_id']) && !($login || $logout)) {
include_once $extAuthSource[$update_type]['updateUser'];
}
// Check if the account is active (not locked)
if ($uData['active'] == '1') {

Write Preview
Loading…
Cancel
Save