firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

텍스트캡챠 적용

Browse Source
This commit is contained in:
gnuboard
2012-12-28 14:29:48 +09:00
parent f425ce9832
commit 66dfd975f9
24 changed files with 537 additions and 517 deletions
Download Patch File Download Diff File Expand all files Collapse all files

233
bbs/kcaptcha.php
View File

@ -1,233 +0,0 @@
<?php
# KCAPTCHA PROJECT VERSION 1.2.6
# Automatic test to tell computers and humans apart
# Copyright by Kruglov Sergei, 2006, 2007, 2008
# www.captcha.ru, www.kruglov.ru
# System requirements: PHP 4.0.6+ w/ GD
# KCAPTCHA is a free software. You can freely use it for building own site or software.
# If you use this software as a part of own sofware, you must leave copyright notices intact or add KCAPTCHA copyright notices to own.
# As a default configuration, KCAPTCHA has a small credits text at bottom of CAPTCHA image.
# You can remove it, but I would be pleased if you left it. ;)
# See kcaptcha_config.php for customization
class KCAPTCHA{
// generates keystring and image
function image(){
require(dirname(__FILE__).'/kcaptcha_config.php');
$fonts=array();
$fontsdir_absolute=dirname(__FILE__).'/'.$fontsdir;
if ($handle = opendir($fontsdir_absolute)) {
while (false !== ($file = readdir($handle))) {
if (preg_match('/\.png$/i', $file)) {
$fonts[]=$fontsdir_absolute.'/'.$file;
}
}
closedir($handle);
}
$alphabet_length=strlen($alphabet);
do{
/*
// generating random keystring
while(true){
$this->keystring='';
for($i=0;$i<$length;$i++){
$this->keystring.=$allowed_symbols{mt_rand(0,strlen($allowed_symbols)-1)};
}
if(!preg_match('/cp|cb|ck|c6|c9|rn|rm|mm|co|do|cl|db|qp|qb|dp|ww/', $this->keystring)) break;
}
*/
$font_file=$fonts[mt_rand(0, count($fonts)-1)];
$font=imagecreatefrompng($font_file);
imagealphablending($font, true);
$fontfile_width=imagesx($font);
$fontfile_height=imagesy($font)-1;
$font_metrics=array();
$symbol=0;
$reading_symbol=false;
// loading font
for($i=0;$i<$fontfile_width && $symbol<$alphabet_length;$i++){
$transparent = (imagecolorat($font, $i, 0) >> 24) == 127;
if(!$reading_symbol && !$transparent){
$font_metrics[$alphabet{$symbol}]=array('start'=>$i);
$reading_symbol=true;
continue;
}
if($reading_symbol && $transparent){
$font_metrics[$alphabet{$symbol}]['end']=$i;
$reading_symbol=false;
$symbol++;
continue;
}
}
$img=imagecreatetruecolor($width, $height);
imagealphablending($img, true);
$white=imagecolorallocate($img, 255, 255, 255);
$black=imagecolorallocate($img, 0, 0, 0);
imagefilledrectangle($img, 0, 0, $width-1, $height-1, $white);
// draw text
$x=1;
for($i=0;$i<strlen($this->keystring);$i++){
$m=$font_metrics[$this->keystring{$i}];
$y=mt_rand(-$fluctuation_amplitude, $fluctuation_amplitude)+($height-$fontfile_height)/2+2;
if($no_spaces){
$shift=0;
if($i>0){
$shift=10000;
for($sy=7;$sy<$fontfile_height-20;$sy+=1){
for($sx=$m['start']-1;$sx<$m['end'];$sx+=1){
$rgb=imagecolorat($font, $sx, $sy);
$opacity=$rgb>>24;
if($opacity<127){
$left=$sx-$m['start']+$x;
$py=$sy+$y;
if($py>$height) break;
for($px=min($left,$width-1);$px>$left-12 && $px>=0;$px-=1){
$color=imagecolorat($img, $px, $py) & 0xff;
if($color+$opacity<190){
if($shift>$left-$px){
$shift=$left-$px;
}
break;
}
}
break;
}
}
}
if($shift==10000){
$shift=mt_rand(4,6);
}
}
}else{
$shift=1;
}
imagecopy($img, $font, $x-$shift, $y, $m['start'], 1, $m['end']-$m['start'], $fontfile_height);
$x+=$m['end']-$m['start']-$shift;
}
}while($x>=$width-10); // while not fit in canvas
$center=$x/2;
// credits. To remove, see configuration file
$img2=imagecreatetruecolor($width, $height+($show_credits?12:0));
$foreground=imagecolorallocate($img2, $foreground_color[0], $foreground_color[1], $foreground_color[2]);
$background=imagecolorallocate($img2, $background_color[0], $background_color[1], $background_color[2]);
imagefilledrectangle($img2, 0, 0, $width-1, $height-1, $background);
imagefilledrectangle($img2, 0, $height, $width-1, $height+12, $foreground);
$credits=empty($credits)?$_SERVER['HTTP_HOST']:$credits;
imagestring($img2, 2, $width/2-imagefontwidth(2)*strlen($credits)/2, $height-2, $credits, $background);
// periods
$rand1=mt_rand(750000,1200000)/10000000;
$rand2=mt_rand(750000,1200000)/10000000;
$rand3=mt_rand(750000,1200000)/10000000;
$rand4=mt_rand(750000,1200000)/10000000;
// phases
$rand5=mt_rand(0,31415926)/10000000;
$rand6=mt_rand(0,31415926)/10000000;
$rand7=mt_rand(0,31415926)/10000000;
$rand8=mt_rand(0,31415926)/10000000;
// amplitudes
$rand9=mt_rand(330,420)/110;
$rand10=mt_rand(330,450)/110;
//wave distortion
for($x=0;$x<$width;$x++){
for($y=0;$y<$height;$y++){
if ($wave) {
$sx=$x+(sin($x*$rand1+$rand5)+sin($y*$rand3+$rand6))*$rand9-$width/2+$center+1;
$sy=$y+(sin($x*$rand2+$rand7)+sin($y*$rand4+$rand8))*$rand10;
}
else {
$sx=$x-$width/2+$center+1;
$sy=$y+(sin($x*$rand2+$rand7)+sin($y*$rand4+$rand8))*1.5;
}
if($sx<0 || $sy<0 || $sx>=$width-1 || $sy>=$height-1){
continue;
}else{
$color=imagecolorat($img, $sx, $sy) & 0xFF;
$color_x=imagecolorat($img, $sx+1, $sy) & 0xFF;
$color_y=imagecolorat($img, $sx, $sy+1) & 0xFF;
$color_xy=imagecolorat($img, $sx+1, $sy+1) & 0xFF;
}
if($color==255 && $color_x==255 && $color_y==255 && $color_xy==255){
continue;
}else if($color==0 && $color_x==0 && $color_y==0 && $color_xy==0){
$newred=$foreground_color[0];
$newgreen=$foreground_color[1];
$newblue=$foreground_color[2];
}else{
$frsx=$sx-floor($sx);
$frsy=$sy-floor($sy);
$frsx1=1-$frsx;
$frsy1=1-$frsy;
$newcolor=(
$color*$frsx1*$frsy1+
$color_x*$frsx*$frsy1+
$color_y*$frsx1*$frsy+
$color_xy*$frsx*$frsy);
if($newcolor>255) $newcolor=255;
$newcolor=$newcolor/255;
$newcolor0=1-$newcolor;
$newred=$newcolor0*$foreground_color[0]+$newcolor*$background_color[0];
$newgreen=$newcolor0*$foreground_color[1]+$newcolor*$background_color[1];
$newblue=$newcolor0*$foreground_color[2]+$newcolor*$background_color[2];
}
imagesetpixel($img2, $x, $y, imagecolorallocate($img2, $newred, $newgreen, $newblue));
}
}
header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');
header('Cache-Control: no-store, no-cache, must-revalidate');
header('Cache-Control: post-check=0, pre-check=0', FALSE);
header('Pragma: no-cache');
if(function_exists("imagejpeg")){
header("Content-Type: image/jpeg");
imagejpeg($img2, null, $jpeg_quality);
}else if(function_exists("imagegif")){
header("Content-Type: image/gif");
imagegif($img2);
}else if(function_exists("imagepng")){
header("Content-Type: image/x-png");
imagepng($img2);
}
}
// returns keystring
function getKeyString(){
return $this->keystring;
}
function setKeyString($str){
$this->keystring = $str;
}
}
?>

42
bbs/kcaptcha_config.php
View File

@ -1,42 +0,0 @@
<?php
# KCAPTCHA configuration file
$alphabet = "0123456789abcdefghijklmnopqrstuvwxyz"; # do not change without changing font files!
# symbols used to draw CAPTCHA
$allowed_symbols = "0123456789"; #digits
//$allowed_symbols = "23456789abcdeghkmnpqsuvxyz"; #alphabet without similar symbols (o=0, 1=l, i=j, t=f)
# folder with fonts
$fontsdir = 'fonts';
# CAPTCHA string length
$length = mt_rand(5,6); # random 5 or 6
//$length = 5;
# CAPTCHA image size (you do not need to change it, whis parameters is optimal)
$width = 120;
$height = 60;
# symbol's vertical fluctuation amplitude divided by 2
$fluctuation_amplitude = 5;
# increase safety by prevention of spaces between symbols
$no_spaces = true;
# show credits
$show_credits = false; # set to false to remove credits line. Credits adds 12 pixels to image height
$credits = 'www.captcha.ru'; # if empty, HTTP_HOST will be shown
# CAPTCHA image colors (RGB, 0-255)
//$foreground_color = array(0, 0, 0);
//$background_color = array(220, 230, 255);
$foreground_color = array(mt_rand(0,100), mt_rand(0,100), mt_rand(0,100));
$background_color = array(mt_rand(200,255), mt_rand(200,255), mt_rand(200,255));
# JPEG quality of CAPTCHA image (bigger is better quality, but larger file size)
$jpeg_quality = 90;
$wave = false;
?>

11
bbs/kcaptcha_image.php
View File

@ -1,11 +0,0 @@
<?php
include_once("_common.php");
//error_reporting (E_ALL);
include('kcaptcha.php');
//session_start();
$captcha = new KCAPTCHA();
$captcha->setKeyString(get_session("captcha_keystring"));
$captcha->getKeyString();
$captcha->image();
?>

13
bbs/kcaptcha_result.php
View File

@ -1,13 +0,0 @@
<?
// 캡챠 세션값과 비교하여 맞는지? 틀린지? 결과값을 출력합니다.
include_once("_common.php");
header("Content-Type: text/html; charset=$g4[charset]");
$count = (int)get_session("captcha_count");
if ($count >= 5) { // 설정값 이상이면 자동등록방지 입력 문자가 맞아도 오류 처리
echo false;
} else {
set_session("captcha_count", $count + 1);
echo (get_session("captcha_keystring") == $_POST['captcha_key']) ? true : false;
}
?>

19
bbs/kcaptcha_session.php
View File

@ -1,19 +0,0 @@
<?
include_once("_common.php");
header("Content-Type: text/html; charset=$g4[charset]");
require(dirname(__FILE__).'/kcaptcha_config.php');
include('kcaptcha.php');
while(true){
$keystring='';
for($i=0;$i<$length;$i++){
$keystring.=$allowed_symbols{mt_rand(0,strlen($allowed_symbols)-1)};
}
if(!preg_match('/cp|cb|ck|c6|c9|rn|rm|mm|co|do|cl|db|qp|qb|dp|ww/', $keystring)) break;
}
set_session("captcha_count", 0);
set_session("captcha_keystring", $keystring);
$captcha = new KCAPTCHA();
$captcha->setKeyString(get_session("captcha_keystring"));
?>

10
bbs/login_check.php
View File

@ -1,6 +1,8 @@
<?
include_once('./_common.php');
$g4['title'] = "로그인 검사";
$mb_id = $_POST['mb_id'];
$mb_password = $_POST['mb_password'];
@ -23,23 +25,23 @@ $mb = get_member($mb_id);
// 회원아이디를 입력해 보고 맞으면 또 패스워드를 입력해보는 경우를 방지하기 위해서입니다.
// 불법사용자의 경우 회원아이디가 틀린지, 패스워드가 틀린지를 알기까지는 많은 시간이 소요되기 때문입니다.
if (!$mb['mb_id'] || (sql_password($mb_password) != $mb['mb_password'])) {
alert('가입된 회원 아니거나 패스워드가 틀립니다.\n\n패스워드는 대소문자를 구분합니다.');
alert('가입된 회원아이디가 아니거나 패스워드가 틀립니다.\n패스워드는 대소문자를 구분합니다.');
}
// 차단된 아이디인가?
if ($mb['mb_intercept_date'] && $mb['mb_intercept_date'] <= date("Ymd", $g4['server_time'])) {
$date = preg_replace("/([0-9]{4})([0-9]{2})([0-9]{2})/", "\\1년 \\2월 \\3일", $mb['mb_intercept_date']);
alert('회원님의 아이디는 접근이 금지되어 있습니다.\n\n처리일 : '.$date);
alert('회원님의 아이디는 접근이 금지되어 있습니다.\n처리일 : '.$date);
}
// 탈퇴한 아이디인가?
if ($mb['mb_leave_date'] && $mb['mb_leave_date'] <= date("Ymd", $g4['server_time'])) {
$date = preg_replace("/([0-9]{4})([0-9]{2})([0-9]{2})/", "\\1년 \\2월 \\3일", $mb['mb_leave_date']);
alert('탈퇴한 아이디이므로 접근하실 수 없습니다.\n\n탈퇴일 : '.$date);
alert('탈퇴한 아이디이므로 접근하실 수 없습니다.\n탈퇴일 : '.$date);
}
if ($config['cf_use_email_certify'] && !preg_match("/[1-9]/", $mb['mb_email_certify']))
alert('메일인증을 받으셔야 로그인 하실 수 있습니다.\n\n회원님의 메일주소는 '.$mb['mb_email'].' 입니다.');
alert('메일인증을 받으셔야 로그인 하실 수 있습니다.\n회원님의 메일주소는 '.$mb['mb_email'].' 입니다.');
$member_skin_path = $g4['path'].'/skin/member/'.$config['cf_member_skin'];
@include_once($member_skin_path.'/login_check.skin.php');

61
bbs/norobot.inc.php
View File

@ -1,61 +0,0 @@
<?
if (!defined("_GNUBOARD_")) exit; // 개별 페이지 접근 불가
/*
** $norobot_str 와 $_SESSION[ss_norobot_key] 을 반환함
*/
// 자동등록기를 막아볼까요?
$is_norobot = false;
if ($config[cf_use_norobot]) {
// 임의의 md5 문자열을 생성
$tmp_str = substr(md5($g4[server_time]),0,12);
// 난수 발생기
list($usec, $sec) = explode(' ', microtime());
$seed = (float)$sec + ((float)$usec * 100000);
srand($seed);
$keylen = strlen($tmp_str);
$div = (int)($keylen / 2);
while (count($arr) < 4)
{
unset($arr);
for ($i=0; $i<$keylen; $i++)
{
$rnd = rand(1, $keylen);
$arr[$rnd] = $rnd;
if ($rnd > $div) break;
}
}
// 배열에 저장된 숫자를 차례대로 정렬
sort($arr);
$norobot_key = '';
$norobot_str = '';
$m = 0;
for ($i=0; $i<count($arr); $i++)
{
for ($k=$m; $k<$arr[$i]-1; $k++)
$norobot_str .= $tmp_str[$k];
$norobot_str .= '<font size=3 color=#FF0000><b>'.$tmp_str[$k].'</b></font>';
$norobot_key .= $tmp_str[$k];
$m = $k + 1;
}
if ($m < $keylen) {
for ($k=$m; $k<$keylen; $k++)
$norobot_str .= $tmp_str[$k];
}
$norobot_str = '<font color=#999999>'.$norobot_str.'</font>';
// 입력, 답변이면서 회원이 아닐 경우만 자동등록방지 사용
if (($w == '' || $w == 'r') && !$member[mb_id]) {
set_session("ss_norobot_key", $norobot_key);
$is_norobot = true;
}
else
set_session("ss_norobot_key", "");
}
?>
<script> var md5_norobot_key = '<?=md5($norobot_key)?>'; </script>

31
bbs/norobot_check.inc.php
View File

@ -1,31 +0,0 @@
<?
if (!defined("_GNUBOARD_")) exit; // 개별 페이지 접근 불가
// norobot.inc.php 가 선행된 후 사용
// 자동등록방지 검사
if ($config[cf_use_norobot]) {
/*
// 우선 이 URL 로 부터 온것인지 검사
$parse = parse_url($_SERVER[HTTP_REFERER]);
// 3.35
// 포트번호가 존재할 경우의 처리 (mumu님께서 알려주셨습니다)
$parse2 = explode(':', $_SERVER[HTTP_HOST]);
if ($parse[host] != $parse2[0]) {
//if ($parse[host] != $_SERVER[HTTP_HOST]) {
alert('올바른 접근이 아닌것 같습니다.', './');
}
*/
$key = $_SESSION[ss_norobot_key];
if (($w=='' || $w=='c') && !$member[mb_id]) {
if ($key) {
if ($key != $_POST[wr_key]) {
alert('정상적인 등록이 아닌것 같습니다.');
}
} else {
alert('정상적인 접근이 아닌것 같습니다.');
}
}
}
?>

54
bbs/norobot_image.php
View File

@ -1,54 +0,0 @@
<?
include_once('./_common.php');
function echo_check_image($str, $width, $height, $background_color, $text_color, $grid_color)
{
$number = $str;
$background_color = str_replace('#', '', $background_color);
$text_color = str_replace('#', '', $text_color);
$grid_color = str_replace('#', '', $grid_color);
// WebColor -> RGB
$BR = hexdec(substr($background_color, 0, 2));
$BG = hexdec(substr($background_color, 2, 2));
$BB = hexdec(substr($background_color, 4, 2));
$TR = hexdec(substr($text_color, 0, 2));
$TG = hexdec(substr($text_color, 2, 2));
$TB = hexdec(substr($text_color, 4, 2));
$GR = hexdec(substr($grid_color, 0, 2));
$GG = hexdec(substr($grid_color, 2, 2));
$GB = hexdec(substr($grid_color, 4, 2));
$im = @imagecreate($width, $height) or die("Cannot Initialize new GD image stream");
header ("Content-type: image/png");
$background_color = imagecolorallocate($im, $BR, $BG, $BB);
$text_color = imagecolorallocate($im, $TR, $TG, $TB);
$grid_color = imagecolorallocate($im, $GR, $GG, $GB);
image_random_grid($im, $width, $height, 5, $grid_color);
imagestring($im, rand(4,6), rand(5,15), rand(1,3), $number, $text_color);
imagepng($im);
imagedestroy($im);
}
function image_random_grid($im, $w, $h, $s, $color)
{
for($i=1; $i<$w/$s; $i++) {
$tmp = rand($s-$s/3, $s+$s/3);
imageline($im, $i*$tmp, 0, $i*$tmp, $h, $color);
}
for($i=1; $i<$h/$s; $i++) {
$tmp = rand($s-$s/3, $s+$s/3);
imageline($im, 0, $i*$tmp, $w, $i*$tmp, $color);
}
}
//echo_check_image(rand(4,6), 65, 20, "#FF33CC", "#FFFFFF", "#FF79DE");
echo_check_image($_SESSION['ss_norobot_key'], 80, 19, '#FF33CC', '#FFFFFF', '#FF79DE');
?>

22
bbs/write.php
View File

@ -1,7 +1,8 @@
<?
include_once('./_common.php');
if ($editor->lib)
include_once($editor->lib);
if (isset($editor->lib)) include_once($editor->lib);
if (isset($captcha->lib)) include_once($captcha->lib);
set_session('ss_bo_table', $bo_table);
set_session('ss_wr_id', $wr_id);
@ -360,9 +361,15 @@ if ($is_admin) {
$write_max = (int)$board['bo_write_max'];
}
if ($is_dhtml_editor && $editor->js) {
array_push($g4['js_file'], $editor->js);
array_push($g4['js_file'], $editor->config_js);
if ($is_dhtml_editor && isset($editor->js)) {
$g4['js_file'][] = $editor->js;
if (isset($editor->config_js)) {
$g4['js_file'][] = $editor->config_js;
}
}
if (isset($captcha->js)) {
$g4['js_file'][] = $captcha->js;
}
include_once($g4['path'].'/head.sub.php');
@ -396,6 +403,11 @@ if ($file_length < 0) {
}
//--------------------------------------------------------------------------
if ($g4['https_url'])
$action_url = "{$g4['https_url']}/{$g4['bbs']}/write_update.php";
else
$action_url = "{$g4['bbs_path']}/write_update.php";
include_once ($board_skin_path.'/write.skin.php');
include_once('./board_tail.php');

15
bbs/write_update.php
View File

@ -1,6 +1,8 @@
<?
include_once('./_common.php');
if (isset($captcha->lib)) include_once($captcha->lib);
// 090710
if (substr_count($wr_content, '&#') > 50) {
alert('내용에 올바르지 않은 코드가 다수 포함되어 있습니다.');
@ -124,17 +126,8 @@ if ($w == "" || $w == "r")
alert('동일한 내용을 연속해서 등록할 수 없습니다.');
}
// 자동등록방지 검사
//include_once ("./norobot_check.inc.php");
if (!$is_member) {
if ($w=='' || $w=='r') {
$key = get_session("captcha_keystring");
if (!($key && $key == $_POST['wr_key'])) {
session_unregister("captcha_keystring");
alert('정상적인 접근이 아닌것 같습니다.');
}
}
if (!chk_captcha()) {
alert('자동등록방지의 답변으로 입력한 숫자가 틀렸습니다.');
}
if (!isset($_POST['wr_subject']) || !trim($_POST['wr_subject']))