|
|
Posted by Steve on 04/18/07 03:50
"Swann" <nomailatall9182374614@hotmail.com> wrote in message
news:f02ctg$7sd$1@tdi.cu.mi.it...
|
| i'm trying to write a very simple CAPTCHA script. following some examples
| and working a bit on the code to suit my needs, i managed to generate the
| random image as desired. i have a php file with the form to be filled
| (called "form.php"), and another one with the code needed to generate the
| CAPTCHA image (called "captcha.php"). int the former i have a simple IMG
tag
| in the former file to call the latter, like this:
|
| <img src="captcha.php">
|
|
| before writing the code needed to process the entered password against the
| value of the one displayed in the image, i wanted to make sure that the
| script was getting the correct value. "captcha.php", after randomly
| generating the password, puts its value into a session var using the
| following instruction:
|
| $_SESSION["passcheck"] = $pass;
|
| i put the following line at the end of "form.php", to check if the value
was
| passed correctly:
|
|
| print "VAR VALUE: ".$_SESSION["passcheck"];
|
| here comes the problem: the script always displays the *former* value of
the
| variable, not the current one. for example, if the first time i run the
| script the image displays, say, "AAAAA", the bottom line displays "VAR
| VALUE: " with an empty string after it.
| i have to reload the page to see "VAR VALUE: AAAAA", but of course in the
| meantime the image has changed to, say "BBBBB". i am sure it's a very
silly
| thing, but right now i just can't manage to untie the knot. anybody wants
to
| point out how stupid i am by giving me some advice? :)
|
| thanks a lot.
ahhh...a man who knows 'a lot'...excellent!
look, if it's any use to you, here's a singleton class i have that stores
configuration information for a site...including storing a current security
code whilst being able to validate with the previously seen security code.
also, see the user class that follows the site class. it handles basic
validation using the security code. you'll have to forgive the text-wrapping
and the references to dealerships (it's a carfax thing:)
in the end, these classes allow you to include a couple of lines of code to
enable security:
user::initialize($_REQUEST['logIn'], $_POST['passwd'],
$_POST['securityCode']);
// take action here if !user::$isValid ... i.e. a 'not authorized' message,
then exit.
hth...
<?
class site
{
public static $adminEmail = '';
public static $classDirectory = '';
public static $cssDirectory = '';
public static $currentPage = '';
public static $description = '';
public static $errorLogFile = '';
public static $fontDirectory = '';
public static $homePage = '';
public static $host = '';
public static $htdocsDirectory = '';
public static $imagesDirectory = '';
public static $includeDirectory = '';
public static $jscriptDirectory = '';
public static $lastSecurityCode = '';
public static $logo = '';
public static $mailDropDirectory = '';
public static $popUpAttributes = '';
public static $rootDirectory = '';
public static $securityCode = '';
public static $title = '';
public static $uploadBaseDirectory = '';
public static $uri = '';
private function __clone(){}
private function __construct(){}
private static function getSecurityCode()
{
$alphabet = '2347ACEFHJKLMNPRTWXYZ'; // removed 0, 1, I, O, Q,
D, 8, 9, B, 5, S, 6, G, U, V - look too similar
$alphabetLength = strlen($alphabet) - 1;
self::$securityCode = '';
for ($i = 0; $i < 6; $i++)
{
self::$securityCode .= $alphabet[mt_rand(0, $alphabetLength)];
}
$_SESSION['securityCode'] = self::$securityCode;
if (!self::$lastSecurityCode){ self::$lastSecurityCode =
self::$securityCode; }
}
public static function initialize()
{
self::$lastSecurityCode = $_SESSION['securityCode'];
self::getSecurityCode();
}
}
?>
<?
require_once 'relative.path.php';
require_once $relativePath . 'site.cfg.php';
// the above defines the site class static vars
// and connects an abstract db class with a db...
// see db::execute($sql) references.
class user
{
public static $id = 0;
public static $firstName = '';
public static $middleName = '';
public static $lastName = '';
public static $logIn = '';
public static $password = '';
public static $passport = '';
public static $email = '';
public static $expired = false;
public static $dealership = 0;
public static $region = 0;
public static $dealerships = array();
public static $regions = array();
public static $isValid = false;
public static $invalidUser = true;
public static $invalidSecurityCode = true;
public static $validated = false;
public static $isAdministrator = false;
public static $isDealershipManager = false;
public static $isRegionalManager = false;
public static $isNationalManager = false;
public static $staticDealership = true;
public static $reportAccess = array();
private function __clone(){}
private function __construct(){}
public static function reset()
{
self::$firstName = '';
self::$middleName = '';
self::$lastName = '';
self::$logIn = '';
self::$password = '';
self::$passport = '';
self::$email = '';
self::$expired = false;
self::$dealership = 0;
self::$region = 0;
self::$dealerships = array();
self::$regions = array();
self::$isValid = false;
self::$invalidUser = true;
self::$invalidSecurityCode = true;
self::$validated = false;
self::$isAdministrator = false;
self::$isDealershipManager = false;
self::$isRegionalManager = false;
self::$isNationalManager = false;
self::$staticDealership = true;
self::$reportAccess = array();
$_SESSION['logIn'] = '';
$_SESSION['password'] = '';
$_SESSION['validated'] = '';
}
public static function initialize($logIn = '', $password = '',
$securityCode = '', $dealership = '')
{
$password = $password ? $password : $_SESSION['password'];
self::$logIn = $logIn ? $logIn : $_SESSION['logIn'];
self::$password = $_SESSION['password'];
self::$validated = $_SESSION['validated'];
$securityCode = strtoupper(!self::$validated ? $securityCode :
site::$lastSecurityCode);
$sql = "
SELECT Id ,
FirstName ,
MiddleName ,
LastName ,
Password ,
UserName ,
Email ,
Expired ,
Passport
FROM people
WHERE UserName = '" . user::$logIn . "'
OR Email = '" . user::$logIn . "'
";
unset($records);
$records = db::execute($sql);
self::$id = $records[0]['ID'];
self::$firstName = $records[0]['FIRSTNAME'];
self::$middleName = $records[0]['MIDDLENAME'];
self::$lastName = $records[0]['LASTNAME'];
self::$logIn = $records[0]['USERNAME'];
self::$passport = $records[0]['PASSPORT'];
self::$password = $records[0]['PASSWORD'];
self::$invalidUser = count($records) ? false : true;
self::$invalidSecurityCode = $securityCode == site::$lastSecurityCode ?
false : true;
self::$isValid = !self::$invalidUser &&
$password == self::$password &&
!self::$invalidSecurityCode;
self::$expired = $records[0]['EXPIRED'];
self::$email = $records[0]['EMAIL'];
self::$validated = self::$isValid;
if (!self::$isValid){ return; }
$records = getSetting(self::$logIn, 'DEFAULT
DEALERSHIP');
self::$dealership = $records[0]['LABEL'];
self::$region = getRegion(self::$dealership);
self::$isAdministrator = getSetting(self::$logIn, 'SECURITY [
AUTHORIZATION ]', 'ADMINISTRATOR') ? true : false;
self::$isDealershipManager = getSetting(self::$logIn, 'SECURITY [
AUTHORIZATION ]', 'DEALERSHIP') ? true : false;
self::$isRegionalManager = getSetting(self::$logIn, 'SECURITY [
AUTHORIZATION ]', 'REGIONAL') ? true : false;
self::$isNationalManager = getSetting(self::$logIn, 'SECURITY [
AUTHORIZATION ]', 'NATIONAL') ? true : false;
self::$dealerships = array(self::$dealership =>
getDealerName(self::$dealership));
self::$regions = array(self::$region =>
getRegionName(self::$region));
if (self::$isAdministrator || self::$isRegionalManager)
{
self::$dealerships = array();
$records = getDealersInRegion(self::$region);
foreach ($records as $dealer => $name)
{
self::$dealerships[$dealer] = $name;
}
}
if (self::$isAdministrator || self::$isNationalManager)
{
self::$dealerships = array();
self::$regions = array();
$records = getCertifiedDealers(true);
foreach ($records as $dealerId => $name)
{
self::$dealerships[$dealerId] = strtoupper($name);
}
$records = getRegions();
foreach ($records as $region => $name)
{
self::$regions[$region] = strtoupper($name);
}
}
self::$staticDealership = !(
self::$isAdministrator ||
self::$isNationalManager ||
self::$isRegionalManager
);
$reports = array(
'DEALER MANAGEMENT REPORT' ,
'EXECUTIVE SUMMARY' ,
'EXECUTIVE SUMMARY [ REGIONAL ]' ,
'ESTIMATE METRICS SUMMARY' ,
'ESTIMATE METRICS BREAK-OUT' ,
'RO VS. ESTIMATE ANALYSIS' ,
'RO VS. ESTIMATE SUMMARY' ,
'RO VS. ESTIMATE BREAK-OUT'
);
self::$reportAccess = array();
foreach ($reports as $report)
{
self::$reportAccess[$report] = getSetting(self::$logIn, 'REPORT
ACCESS', $report) ? true : false;
}
$_SESSION['logIn'] = self::$logIn;
$_SESSION['password'] = self::$password;
$_SESSION['validated'] = self::$validated;
if ($dealership)
{
$dealerships = array_keys(user::$dealerships);
if (in_array($dealership, $dealerships))
{
deleteSetting(user::$logIn, 'DEFAULT DEALERSHIP');
saveSetting( user::$logIn, 'DEFAULT DEALERSHIP', $dealership,
getDealerName($dealership) . ' - ' . $dealership);
self::initialize(user::$logIn, user::$password);
}
}
}
}
?>
Navigation:
[Reply to this message]
|