From f425ce9832c2e8932b8c61fa590b4cf54b1b7b04 Mon Sep 17 00:00:00 2001 From: gnuboard Date: Fri, 28 Dec 2012 14:29:24 +0900 Subject: [PATCH 1/4] =?UTF-8?q?=EA=B2=BD=EA=B3=A0=EB=A9=94=EC=84=B8?= =?UTF-8?q?=EC=A7=80=EB=A5=BC=20alert.php=20=EC=97=90=EC=84=9C=20=EC=B2=98?= =?UTF-8?q?=EB=A6=AC?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bbs/alert.php | 10 +++++++--- lib/common.lib.php | 21 ++++++++++++++++++++- 2 files changed, 27 insertions(+), 4 deletions(-) diff --git a/bbs/alert.php b/bbs/alert.php index 956f75c0f..63b57c977 100644 --- a/bbs/alert.php +++ b/bbs/alert.php @@ -23,17 +23,21 @@ include_once($g4['path'].'/head.sub.php');
-

회원가입 정보 입력 확인

-

다음 항목을 입력하지 않으셨거나 입력에 오류가 있습니다.

+ +

+

다음 항목에 오류가 있습니다.

+ +

-돌아가기 +돌아가기
", $msg); + if (!$url) $url = "javascript:history.go(-1);"; + + /* //header("Content-Type: text/html; charset=$g4['charset']"); echo ""; echo " \ No newline at end of file diff --git a/bbs/norobot_check.inc.php b/bbs/norobot_check.inc.php deleted file mode 100644 index 4efa649d3..000000000 --- a/bbs/norobot_check.inc.php +++ /dev/null @@ -1,31 +0,0 @@ - diff --git a/bbs/norobot_image.php b/bbs/norobot_image.php deleted file mode 100644 index e559b1275..000000000 --- a/bbs/norobot_image.php +++ /dev/null @@ -1,54 +0,0 @@ - RGB - $BR = hexdec(substr($background_color, 0, 2)); - $BG = hexdec(substr($background_color, 2, 2)); - $BB = hexdec(substr($background_color, 4, 2)); - - $TR = hexdec(substr($text_color, 0, 2)); - $TG = hexdec(substr($text_color, 2, 2)); - $TB = hexdec(substr($text_color, 4, 2)); - - $GR = hexdec(substr($grid_color, 0, 2)); - $GG = hexdec(substr($grid_color, 2, 2)); - $GB = hexdec(substr($grid_color, 4, 2)); - - $im = @imagecreate($width, $height) or die("Cannot Initialize new GD image stream"); - header ("Content-type: image/png"); - - $background_color = imagecolorallocate($im, $BR, $BG, $BB); - $text_color = imagecolorallocate($im, $TR, $TG, $TB); - $grid_color = imagecolorallocate($im, $GR, $GG, $GB); - - - image_random_grid($im, $width, $height, 5, $grid_color); - imagestring($im, rand(4,6), rand(5,15), rand(1,3), $number, $text_color); - imagepng($im); - imagedestroy($im); -} - -function image_random_grid($im, $w, $h, $s, $color) -{ - for($i=1; $i<$w/$s; $i++) { - $tmp = rand($s-$s/3, $s+$s/3); - imageline($im, $i*$tmp, 0, $i*$tmp, $h, $color); - } - - for($i=1; $i<$h/$s; $i++) { - $tmp = rand($s-$s/3, $s+$s/3); - imageline($im, 0, $i*$tmp, $w, $i*$tmp, $color); - } -} - -//echo_check_image(rand(4,6), 65, 20, "#FF33CC", "#FFFFFF", "#FF79DE"); -echo_check_image($_SESSION['ss_norobot_key'], 80, 19, '#FF33CC', '#FFFFFF', '#FF79DE'); -?> \ No newline at end of file diff --git a/bbs/write.php b/bbs/write.php index 769f5ec2f..640a22efc 100644 --- a/bbs/write.php +++ b/bbs/write.php @@ -1,7 +1,8 @@ lib) - include_once($editor->lib); + +if (isset($editor->lib)) include_once($editor->lib); +if (isset($captcha->lib)) include_once($captcha->lib); set_session('ss_bo_table', $bo_table); set_session('ss_wr_id', $wr_id); @@ -360,9 +361,15 @@ if ($is_admin) { $write_max = (int)$board['bo_write_max']; } -if ($is_dhtml_editor && $editor->js) { - array_push($g4['js_file'], $editor->js); - array_push($g4['js_file'], $editor->config_js); +if ($is_dhtml_editor && isset($editor->js)) { + $g4['js_file'][] = $editor->js; + if (isset($editor->config_js)) { + $g4['js_file'][] = $editor->config_js; + } +} + +if (isset($captcha->js)) { + $g4['js_file'][] = $captcha->js; } include_once($g4['path'].'/head.sub.php'); @@ -396,6 +403,11 @@ if ($file_length < 0) { } //-------------------------------------------------------------------------- +if ($g4['https_url']) + $action_url = "{$g4['https_url']}/{$g4['bbs']}/write_update.php"; +else + $action_url = "{$g4['bbs_path']}/write_update.php"; + include_once ($board_skin_path.'/write.skin.php'); include_once('./board_tail.php'); diff --git a/bbs/write_update.php b/bbs/write_update.php index a20f30817..cfab11dad 100644 --- a/bbs/write_update.php +++ b/bbs/write_update.php @@ -1,6 +1,8 @@ lib)) include_once($captcha->lib); + // 090710 if (substr_count($wr_content, '&#') > 50) { alert('내용에 올바르지 않은 코드가 다수 포함되어 있습니다.'); @@ -124,17 +126,8 @@ if ($w == "" || $w == "r") alert('동일한 내용을 연속해서 등록할 수 없습니다.'); } -// 자동등록방지 검사 -//include_once ("./norobot_check.inc.php"); - -if (!$is_member) { - if ($w=='' || $w=='r') { - $key = get_session("captcha_keystring"); - if (!($key && $key == $_POST['wr_key'])) { - session_unregister("captcha_keystring"); - alert('정상적인 접근이 아닌것 같습니다.'); - } - } +if (!chk_captcha()) { + alert('자동등록방지의 답변으로 입력한 숫자가 틀렸습니다.'); } if (!isset($_POST['wr_subject']) || !trim($_POST['wr_subject'])) diff --git a/common.php b/common.php index bcc721169..ed34d7118 100644 --- a/common.php +++ b/common.php @@ -466,7 +466,7 @@ if (!get_cookie('ck_first_referer')) set_cookie('ck_first_referer', $_SERVER['H // 회원, 비회원 구분 $is_member = $is_guest = false; $is_admin = ""; -if (array_key_exists('mb_id', $member)) { +if (isset($member['mb_id'])) { $is_member = true; $is_admin = is_admin($member['mb_id']); $member['mb_dir'] = substr($member['mb_id'],0,2); diff --git a/extend/tcaptcha.extend.php b/extend/tcaptcha.extend.php new file mode 100644 index 000000000..1c778f019 --- /dev/null +++ b/extend/tcaptcha.extend.php @@ -0,0 +1,8 @@ + $g4['path']."/plugin/tcaptcha/tcaptcha.lib.php", + 'js' => $g4['path']."/plugin/tcaptcha/tcaptcha.js" +); +?> \ No newline at end of file diff --git a/head.sub.php b/head.sub.php index c5fba948c..7a07a2f8c 100644 --- a/head.sub.php +++ b/head.sub.php @@ -4,7 +4,7 @@ if (!defined("_GNUBOARD_")) exit; // 개별 페이지 접근 불가 $begin_time = get_microtime(); -if (!$g4['title']) +if (!isset($g4['title'])) $g4['title'] = $config['cf_title']; // 쪽지를 받았나? diff --git a/plugin/ckeditor/ckeditor.lib.php b/plugin/ckeditor/ckeditor.lib.php index 66f8950b0..c863d4a06 100644 --- a/plugin/ckeditor/ckeditor.lib.php +++ b/plugin/ckeditor/ckeditor.lib.php @@ -1,4 +1,6 @@ \ No newline at end of file diff --git a/plugin/tcaptcha/chk_answer.ajax.php b/plugin/tcaptcha/chk_answer.ajax.php new file mode 100644 index 000000000..a032cddb0 --- /dev/null +++ b/plugin/tcaptcha/chk_answer.ajax.php @@ -0,0 +1,32 @@ += _ANSWER_COUNT_) { + die("{\"error\":\"입력하신 답변 횟수가 "._ANSWER_COUNT_."회를 넘었습니다.\n\n문제를 클릭하신후 다시 답변해 주십시오.\"}"); +} + +$user_answer = $_POST['user_answer']; +$is_answer = (get_session("ss_tcaptcha_answer") == $user_answer); +if ($is_answer == false) { + $tcaptcha_error_count++; + set_session("ss_tcaptcha_error_count", $tcaptcha_error_count); + // 토큰을 다시 생성 + $token = _token(); + set_session("ss_tcaptcha_token", $token); + die("{\"error\":\"입력하신 답이 틀렸습니다.\",\"token\":\"$token\"}"); +} + +die("{\"error\":\"\"}"); +?> \ No newline at end of file diff --git a/plugin/tcaptcha/run.php b/plugin/tcaptcha/run.php new file mode 100644 index 000000000..61517fc16 --- /dev/null +++ b/plugin/tcaptcha/run.php @@ -0,0 +1,8 @@ +run(); +die("{\"tcaptcha\":\"{$tcaptcha->question}\",\"token\":\"{$tcaptcha->token}\"}"); +?> \ No newline at end of file diff --git a/plugin/tcaptcha/sample.php b/plugin/tcaptcha/sample.php new file mode 100644 index 000000000..5541ca2ce --- /dev/null +++ b/plugin/tcaptcha/sample.php @@ -0,0 +1,33 @@ + + + +

텍스트 캡챠 샘플 페이지

+
+
+
+
+

문)

+
+ 답) 반드시 숫자로 입력하세요. + + +
+
+ + + + \ No newline at end of file diff --git a/plugin/tcaptcha/tcaptcha.js b/plugin/tcaptcha/tcaptcha.js new file mode 100644 index 000000000..7958d696e --- /dev/null +++ b/plugin/tcaptcha/tcaptcha.js @@ -0,0 +1,45 @@ +function chk_tcaptcha(user_answer, user_token) +{ + if (typeof(user_answer) == "undefined") return false; + if (typeof(user_token ) == "undefined") return false; + + var error = false; + $.ajax({ + type: "POST", + url: g4_path+"/plugin/tcaptcha/chk_answer.ajax.php", + async: false, + data: { + "user_answer": user_answer.value, + "user_token" : user_token.value + }, + dataType: "json", + success: function(data, textStatus, jqXHR) { + error = data.error; + if (data.token) { + $("#user_token").val(data.token); + } + } + }); + + if (error) { + //alert('답이 틀렸거나 입력 횟수가 넘었습니다.\n\n문제를 클릭하신후 답을 다시 입력해 주십시오.'); + alert(error); + user_answer.select(); + return false; + } + return true; +} + +$(function() { + $("#tcaptcha").click(function() { + $.ajax({ + url: g4_path+"/plugin/tcaptcha/run.php?t="+(new Date).getTime(), + dataType: "json", + success: function(data, textStatus, jqXHR) { + $("#tcaptcha").html(data.tcaptcha); + $("#user_token").val(data.token); + } + }) + }) + .css("cursor", "pointer"); +}); \ No newline at end of file diff --git a/plugin/tcaptcha/tcaptcha.lib.php b/plugin/tcaptcha/tcaptcha.lib.php new file mode 100644 index 000000000..c15f3d1d3 --- /dev/null +++ b/plugin/tcaptcha/tcaptcha.lib.php @@ -0,0 +1,360 @@ +kr = new stdClass; +$text_number->en = new stdClass; + +//$text_number->kr = (object)array('a'=>1); + +// 기수 cardinal (양을 나타낼때 사용하는 수) +$text_number->kr = (object)array( + 'number' => array( + array("영","일","이","삼","사","오","육","칠","팔","구","십"), + array("영","하나","둘","셋","넷","다섯","여섯","일곱","여덟","아홉","열") + ), + // 서수 ordinal (순서를 나타낼때 사용하는 수) + 'ordinal' => array("영","첫번째","두번째","세번째","네번째","다섯번째","여섯번째","일곱번째","여덟번째","아홉번째","열번째"), + 'high' => array("다음 중 가장 큰 수는? %s.", "%s 중에서 가장 큰 수는?"), + 'low' => array("다음 중 가장 작은 수는? %s.", "%s 중에서 가장 작은 수는?"), + 'position0' => array("다음 중 %s 숫자는? %s."), // 인수가 두개 있으며 첫번째에 위치가, 두번째 인수에 질문이 나열된다. + 'position1' => array("%s 중 %s 숫자는?"), // 인수가 두개 있으며 첫번째에 인수가 두반째에 위치에 대한 질문이 나열된다. + 'add' => array("%s 더하기 %s ?", "%s + %s = ?"), + 'subtract' => array("%s 빼기 %s ?", "%s - %s = ?"), + 'multiply' => array("%s 곱하기 %s ?"), + //'multiply' => array("%s 곱하기 %s ?", "%s 의 %s 배는 ?"), + 'and' => "그리고", +); +/* +// 서수 ordinal (순서를 나타낼때 사용하는 수) +$text_number->kr->ordinal = array("영","첫번째","두번째","세번째","네번째","다섯번째","여섯번째","일곱번째","여덟번째","아홉번째","열번째"); +$text_number->kr->plus = array("+","+","더하기"); +$text_number->kr->minus = array("-","-","빼기"); +$text_number->kr->multiply = array("x","×","*","곱하기"); +$text_number->kr->high = array("다음 중 가장 큰 수는? %s.", "%s 중에서 가장 큰 수는?"); +$text_number->kr->low = array("다음 중 가장 작은 수는? %s.", "%s 중에서 가장 작은 수는?"); +$text_number->kr->position0 =array("다음 중 %s 숫자는? %s."); // 인수가 두개 있으며 첫번째에 위치가, 두번째 인수에 질문이 나열된다. +$text_number->kr->position1 =array("%s 중 %s 숫자는?"); // 인수가 두개 있으며 첫번째에 인수가 두반째에 위치에 대한 질문이 나열된다. +$text_number->kr->add = array("%s 더하기 %s ?", "%s + %s = ?"); +$text_number->kr->subtract = array("%s 빼기 %s ?", "%s - %s = ?"); +$text_number->kr->and = "그리고"; +*/ + +$text_number->en = (object)array( + 'number' => array( + array("zero","one","two","three","four","five","six","seven","eight","nine","ten"), + array("zero","first","second","third","fourth","fifth","sixth","seventh","eighth","ninth","tenth") + ), + 'ordinal' => array("zero","1st","2nd","3rd","4th","5th","6th","7th","8th","9th","10th"), + 'high' => array("%s : which of these is the largest?"), + 'low' => array("%s : which of these is the smallest?"), + 'position0' => array("lists %s postion number ? %s."), // 인수가 두개 있으며 첫번째에 위치가, 두번째 인수에 질문이 나열된다. + 'position1' => array("%s lists %s postion number ?"), // 인수가 두개 있으며 첫번째에 인수가 두반째에 위치에 대한 질문이 나열된다. + 'add' => array("%s add %s ?", "%s plus %s ?", "%s + %s = ?"), + 'subtract' => array("%s subtract %s ?", "%s minus %s ?", "%s - %s = ?"), + 'multiply' => array("%s multiply %s ?"), + 'and' => "and" +); + +class tcaptcha +{ + var $language; + var $tnum; // text number 의 약어 + var $min_count = 3; // 최소 문제 갯수 + var $max_count = 4; // 최대 문제 갯수 + var $select; // 결과값 배열 + var $arabia; // 결과값 아라비아 숫자 배열 + var $count; // 결과값 수 + var $high; // 결과값 배열 중 가장 큰 값 + var $low; // 결과값 배열 중 가장 작은 값 + var $position; // 몇번째 숫자는 값이 얼마인가? + var $question; // 문제 + var $answer; // 더하기, 빼기 시에 답 + + function tcaptcha($language='') { + if (trim($language) == '') + $language = 'kr'; + $this->set_language($language); + } + + function set_language($language) { + $this->language = $language; + } + + function set_min_count($min_count) { + $this->min_count = $min_count; + } + + function set_max_count($max_count) { + $this->max_count = $max_count; + } + + function random_question() { + $this->count = $count = rand($this->min_count, $this->max_count); // 숫자를 몇개 뿌려줄것인지? + $select = array(); // 선택된 값들 + $arabia = array(); // 선택된 값들의 아라비아 숫자 + $high = 0; + $low = 9999; + while ($count != count($select)) { + $choice = rand(0, count($this->tnum->number)-1); // 여러개의 숫자 형식중 하나를 선택한다. + $number = $this->tnum->number[$choice]; + $index = rand(1, count($number)-1); // 영은 빼고 + if (in_array($index, $arabia)) continue; + if (rand(0, 3) < 3) { // 아라비아 숫자도 들어가도록 한다. + array_push($select, $number[$index]); + } else { + array_push($select, $index); + } + array_push($arabia, $index); + if ($index > $high) { + $high = $index; + } + if ($index < $low) { + $low = $index; + } + } + + $this->select = $select; + $this->arabia = $arabia; + $this->high = $high; // 배열중 가장 큰 값 + $this->low = $low; // 배열중 가장 작은 값 + + return $select; + } + + // 숫자의 중간에 , 나 and 를 넣는다. + function comma_question($question) { + $str = ""; + $and = false; + $comma = ""; + for ($qi=0; $qi" . $question[$qi] . "" . $comma; + } + return $str . "" . $question[$qi] . ""; + } + + // 가장 큰수나 가장 작은수의 질문을 만든다. + function series_question($question, $highlow) { + $question = $this->comma_question($question); + $highlow_array = $this->tnum->$highlow; + return sprintf($highlow_array[rand(0, count($highlow_array)-1)], $question); + } + + // 몇번째 어떤수가 있는지의 질문을 만든다. + function position_question($question) { + $question = $this->comma_question($question); + $position = rand(0, $this->count-1); + $ordinal = $this->get_ordinal_value($position+1); + $this->position = $this->arabia[$position]; // 몇번째 숫자는?의 답 + // 포지션 배열에 따라 인수의 위치가 다르다. + if (rand(0,1) == 0) { + $position_array = $this->tnum->position0; + return sprintf($position_array[rand(0, count($position_array)-1)], $ordinal, $question); + } else { + $position_array = $this->tnum->position1; + return sprintf($position_array[rand(0, count($position_array)-1)], $question, $ordinal); + } + } + + // 더하기 계산 문제 + function add_question($question) { + $add_array = $this->tnum->add; + $rand = rand(0, count($add_array)-1); + $first_number = $this->arabia[0]; + $second_number = $this->arabia[1]; + $this->answer = $first_number + $second_number; + return sprintf($add_array[rand(0, count($add_array)-1)], $question[0], $question[1] ); + } + + // a, b 변수값을 바꾼다. + function swap(&$a, &$b) + { + $temp = $a; + $a = $b; + $b = $temp; + } + + // 빼기 계산 문제 + function subtract_question($question) { + $subtract_array = $this->tnum->subtract; + $rand = rand(0, count($subtract_array)-1); + $first_number = $this->arabia[0]; + $second_number = $this->arabia[1]; + if ($first_number < $second_number) { + $this->swap($first_number, $second_number); + $this->swap($question[0], $question[1]); + } + $this->answer = $first_number - $second_number; + return sprintf($subtract_array[$rand], $question[0], $question[1] ); + } + + // 곱하기 계산 문제 + function multiply_question($question) { + $multiply_array = $this->tnum->multiply; + $rand = rand(0, count($multiply_array)-1); + $first_number = $this->arabia[0]; + $second_number = $this->arabia[1]; + $this->answer = $first_number * $second_number; + return sprintf($multiply_array[$rand], $question[0], $question[1] ); + } + + // 서수값을 반환 + function get_ordinal_value($index) { + return $this->tnum->ordinal[$index]; + } + + // ajax 비교를 위한 코드 : 답을 저장해 놓는다. + function set_session($answer) { + $this->token = _token(); + set_session("ss_tcaptcha_token", $this->token); + set_session("ss_tcaptcha_answer", $answer); + set_session("ss_tcaptcha_error_count", 0); + } + + function run() { + global $text_number; + $this->tnum = $text_number->{$this->language}; + $random_question = $this->random_question(); + switch (rand(0,5)) { + case 0 : + $question = $this->series_question( $random_question, 'high' ); + $this->set_session($this->high); + break; + case 1 : + $question = $this->series_question( $random_question, 'low' ); + $this->set_session($this->low); + break; + case 2 : + $question = $this->add_question( $random_question ); + $this->set_session($this->answer); + break; + case 3 : + $question = $this->subtract_question( $random_question ); + $this->set_session($this->answer); + break; + case 4 : + $question = $this->multiply_question( $random_question ); + $this->set_session($this->answer); + break; + default : + $question = $this->position_question( $random_question ); + $this->set_session($this->position); + break; + } + $this->question = $question; + return $question; + } +} + + +function html_unicode($unicode) +{ + return "&#".$unicode.";"; +} + + +function utf8_to_unicode( $str ) +{ + $unicode = array(); + $values = array(); + $lookingFor = 1; + + for ($i = 0; $i < strlen( $str ); $i++ ) { + + $thisValue = ord( $str[ $i ] ); + + if ( $thisValue < 128 ) $unicode[] = $thisValue; + else { + + if ( count( $values ) == 0 ) $lookingFor = ( $thisValue < 224 ) ? 2 : 3; + + $values[] = $thisValue; + + if ( count( $values ) == $lookingFor ) { + + $number = ( $lookingFor == 3 ) ? + ( ( $values[0] % 16 ) * 4096 ) + ( ( $values[1] % 64 ) * 64 ) + ( $values[2] % 64 ): + ( ( $values[0] % 32 ) * 64 ) + ( $values[1] % 64 ); + + $unicode[] = $number; + $values = array(); + $lookingFor = 1; + + } // if + + } // if + + } // for + + return $unicode; + +} + +function unicode_to_utf8($dec) +{ + $unicode_hex = dechex($dec); + $unicode = hexdec($unicode_hex); + + $utf8 = ""; + + if ($unicode < 128) { + $utf8 = chr($unicode); + } elseif ( $unicode < 2048 ) { + $utf8 .= chr( 192 + ( ( $unicode - ( $unicode % 64 ) ) / 64 ) ); + $utf8 .= chr( 128 + ( $unicode % 64 ) ); + } else { + $utf8 .= chr( 224 + ( ( $unicode - ( $unicode % 4096 ) ) / 4096 ) ); + $utf8 .= chr( 128 + ( ( ( $unicode % 4096 ) - ( $unicode % 64 ) ) / 64 ) ); + $utf8 .= chr( 128 + ( $unicode % 64 ) ); + } + return $utf8; +} + + +function chk_captcha() +{ + $token = get_session("ss_tcaptcha_token"); + if ($token && $token == $_POST['user_token']) { + $answer = get_session("ss_tcaptcha_answer"); + if ($answer && $answer == $_POST['user_answer']) { + return true; + } + } + set_session("ss_tcaptcha_token", ""); + return false; +} + + +function chk_js_captcha() +{ + return "if (!chk_tcaptcha(f.user_answer, f.user_token)) { return false; }\n"; + +} + + +function run_captcha($encoding='kr') +{ + $captcha = new tcaptcha($encoding); + + $str = "
\n"; + $str .= "자동등록방지\n"; + $str .= "
".$captcha->run()."
\n"; + $str .= "답은 반드시 숫자로 입력하세요.\n"; + $str .= "\n"; + $str .= ""; + $str .= "
\n"; + return $str; +} +?> \ No newline at end of file diff --git a/skin/board/neo/view.skin.php b/skin/board/neo/view.skin.php index 634b4b442..dd5f499e4 100644 --- a/skin/board/neo/view.skin.php +++ b/skin/board/neo/view.skin.php @@ -7,7 +7,7 @@ if (!defined("_GNUBOARD_")) exit; // 개별 페이지 접근 불가