amber/AvocadoAmber
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions

update

Browse source
This commit is contained in:
Amberstone 2024-10-12 13:34:19 +09:00
parent 7fa0609ac5
commit b905c326c2
Signed by: amber
GPG key ID: 094B0E55F98D8BF1
16 changed files with 4711 additions and 4629 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
.editorconfig
View file

@ -6,3 +6,15 @@ insert_final_newline = true
charset = utf-8
indent_style = space
indent_size = 2
[*.php]
indent_style = space
indent_size = 2
[composer.json]
indent_style = space
indent_size = 2
[*.yml]
indent_style = space
indent_size = 2

2
AvocadoAmber/plugin/PHPMailer/PHPMailerAutoload.php
View file

@ -24,7 +24,7 @@
function PHPMailerAutoload($classname)
{
//Can't use __DIR__ as it's only in PHP 5.3+
$filename = dirname(__FILE__).DIRECTORY_SEPARATOR.'class.'.strtolower($classname).'.php';
$filename = dirname(__FILE__) . DIRECTORY_SEPARATOR . 'class.' . strtolower($classname) . '.php';
if (is_readable($filename)) {
require $filename;
}

7
AvocadoAmber/plugin/PHPMailer/class.phpmaileroauth.php
View file

@ -132,12 +132,12 @@ class PHPMailerOAuth extends PHPMailer
if ('tls' === $secure or 'ssl' === $secure) {
//Check for an OpenSSL constant rather than using extension_loaded, which is sometimes disabled
if (!$sslext) {
throw new phpmailerException($this->lang('extension_missing').'openssl', self::STOP_CRITICAL);
throw new phpmailerException($this->lang('extension_missing') . 'openssl', self::STOP_CRITICAL);
}
}
$host = $hostinfo[3];
$port = $this->Port;
$tport = (integer)$hostinfo[4];
$tport = (integer) $hostinfo[4];
if ($tport > 0 and $tport < 65536) {
$port = $tport;
}
@ -165,7 +165,8 @@ class PHPMailerOAuth extends PHPMailer
$this->smtp->hello($hello);
}
if ($this->SMTPAuth) {
if (!$this->smtp->authenticate(
if (
!$this->smtp->authenticate(
$this->Username,
$this->Password,
$this->AuthType,

7
AvocadoAmber/plugin/PHPMailer/class.pop3.php
View file

@ -169,13 +169,13 @@ class POP3
if (false === $port) {
$this->port = $this->POP3_PORT;
} else {
$this->port = (integer)$port;
$this->port = (integer) $port;
}
// If no timeout value provided, use default
if (false === $timeout) {
$this->tval = $this->POP3_TIMEOUT;
} else {
$this->tval = (integer)$timeout;
$this->tval = (integer) $timeout;
}
$this->do_debug = $debug_level;
$this->username = $username;
@ -302,7 +302,8 @@ class POP3
@fclose($this->pop_conn);
} catch (Exception $e) {
//Do nothing
};
}
;
}
/**

10
AvocadoAmber/plugin/PHPMailer/class.smtp.php
View file

@ -445,7 +445,8 @@ class SMTP
return false;
}
// Send encoded username and password
if (!$this->sendCommand(
if (
!$this->sendCommand(
'User & Password',
base64_encode("\0" . $username . "\0" . $password),
235
@ -504,7 +505,8 @@ class SMTP
//msg1
$msg1 = $ntlm_client->typeMsg1($realm, $workstation); //msg1
if (!$this->sendCommand(
if (
!$this->sendCommand(
'AUTH NTLM',
'AUTH NTLM ' . base64_encode($msg1),
334
@ -733,7 +735,7 @@ class SMTP
public function hello($host = '')
{
//Try extended hello first (RFC 2821)
return (boolean)($this->sendHello('EHLO', $host) or $this->sendHello('HELO', $host));
return (boolean) ($this->sendHello('EHLO', $host) or $this->sendHello('HELO', $host));
}
/**
@ -912,7 +914,7 @@ class SMTP
$this->edebug('SERVER -> CLIENT: ' . $this->last_reply, self::DEBUG_SERVER);
if (!in_array($code, (array)$expect)) {
if (!in_array($code, (array) $expect)) {
$this->setError(
"$command command failed",
$detail,

2
AvocadoAmber/plugin/PHPMailer/extras/EasyPeasyICS.php
View file

@ -137,7 +137,7 @@ END:VCALENDAR';
$filename = $this->calendarName;
//Filename needs quoting if it contains spaces
if (strpos($filename, ' ') !== false) {
$filename = '"'.$filename.'"';
$filename = '"' . $filename . '"';
}
header('Content-type: text/calendar; charset=utf-8');
header('Content-Disposition: inline; filename=' . $filename . '.ics');

84
AvocadoAmber/plugin/PHPMailer/extras/htmlfilter.php
View file

@ -46,7 +46,7 @@ function tln_tagprint($tagname, $attary, $tagtype)
$fulltag = '<' . $tagname;
if (is_array($attary) && count($attary)) {
$atts = array();
foreach($attary as $attname => $attvalue) {
foreach ($attary as $attname => $attvalue) {
array_push($atts, "$attname=$attvalue");
}
$fulltag .= ' ' . join(' ', $atts);
@ -467,7 +467,8 @@ function tln_defang(&$attvalue)
/**
* Skip this if there aren't ampersands or backslashes.
*/
if (strpos($attvalue, '&') === false
if (
strpos($attvalue, '&') === false
&& strpos($attvalue, '\\') === false
) {
return;
@ -520,7 +521,7 @@ function tln_fixatts(
$trans_image_path,
$block_external_images
) {
foreach($attary as $attname => $attvalue) {
foreach ($attary as $attname => $attvalue) {
/**
* See if this attribute should be removed.
*/
@ -576,7 +577,7 @@ function tln_fixatts(
}
preg_match_all("/url\s*\((.+)\)/si", $attvalue, $aMatch);
if (count($aMatch)) {
foreach($aMatch[1] as $sMatch) {
foreach ($aMatch[1] as $sMatch) {
$urlvalue = $sMatch;
tln_fixurl($attname, $urlvalue, $trans_image_path, $block_external_images);
$attary[$attname] = str_replace($sMatch, $urlvalue, $attvalue);
@ -599,10 +600,10 @@ function tln_fixurl($attname, &$attvalue, $trans_image_path, $block_external_ima
{
$sQuote = '"';
$attvalue = trim($attvalue);
if ($attvalue && ($attvalue[0] =='"'|| $attvalue[0] == "'")) {
if ($attvalue && ($attvalue[0] == '"' || $attvalue[0] == "'")) {
// remove the double quotes
$sQuote = $attvalue[0];
$attvalue = trim(substr($attvalue,1,-1));
$attvalue = trim(substr($attvalue, 1, -1));
}
/**
@ -615,7 +616,7 @@ function tln_fixurl($attname, &$attvalue, $trans_image_path, $block_external_ima
$attvalue = $sQuote . $trans_image_path . $sQuote;
} else {
// first, disallow 8 bit characters and control characters
if (preg_match('/[\0-\37\200-\377]+/',$attvalue)) {
if (preg_match('/[\0-\37\200-\377]+/', $attvalue)) {
switch ($attname) {
case 'href':
$attvalue = $sQuote . 'http://invalid-stuff-detected.example.com' . $sQuote;
@ -627,7 +628,7 @@ function tln_fixurl($attname, &$attvalue, $trans_image_path, $block_external_ima
} else {
$aUrl = parse_url($attvalue);
if (isset($aUrl['scheme'])) {
switch(strtolower($aUrl['scheme'])) {
switch (strtolower($aUrl['scheme'])) {
case 'mailto':
case 'http':
case 'https':
@ -670,7 +671,7 @@ function tln_fixstyle($body, $pos, $trans_image_path, $block_external_images)
$sToken = '';
$bSucces = false;
$bEndTag = false;
for ($i=$pos,$iCount=strlen($body);$i<$iCount;++$i) {
for ($i = $pos, $iCount = strlen($body); $i < $iCount; ++$i) {
$char = $body[$i];
switch ($char) {
case '<':
@ -687,7 +688,7 @@ function tln_fixstyle($body, $pos, $trans_image_path, $block_external_images)
case '>':
if ($bEndTag) {
$sToken .= $char;
if (preg_match('/\<\/\s*style\s*\>/i',$sToken,$aMatch)) {
if (preg_match('/\<\/\s*style\s*\>/i', $sToken, $aMatch)) {
$newpos = $i + 1;
$bSucces = true;
break 2;
@ -702,8 +703,8 @@ function tln_fixstyle($body, $pos, $trans_image_path, $block_external_images)
case '!':
if ($sToken == '<') {
// possible comment
if (isset($body[$i+2]) && substr($body,$i,3) == '!--') {
$i = strpos($body,'-->',$i+3);
if (isset($body[$i + 2]) && substr($body, $i, 3) == '!--') {
$i = strpos($body, '-->', $i + 3);
if ($i === false) { // no end comment
$i = strlen($body);
}
@ -722,7 +723,7 @@ function tln_fixstyle($body, $pos, $trans_image_path, $block_external_images)
break;
}
}
if ($bSucces == FALSE){
if ($bSucces == FALSE) {
return array(FALSE, strlen($body));
}
@ -743,26 +744,26 @@ function tln_fixstyle($body, $pos, $trans_image_path, $block_external_images)
// "url(\\1$trans_image_path\\2)", $content);
// first check for 8bit sequences and disallowed control characters
if (preg_match('/[\16-\37\200-\377]+/',$content)) {
if (preg_match('/[\16-\37\200-\377]+/', $content)) {
$content = '<!-- style block removed by html filter due to presence of 8bit characters -->';
return array($content, $newpos);
}
// remove @import line
$content = preg_replace("/^\s*(@import.*)$/mi","\n<!-- @import rules forbidden -->\n",$content);
$content = preg_replace("/^\s*(@import.*)$/mi", "\n<!-- @import rules forbidden -->\n", $content);
$content = preg_replace("/(\\\\)?u(\\\\)?r(\\\\)?l(\\\\)?/i", 'url', $content);
preg_match_all("/url\s*\((.+)\)/si",$content,$aMatch);
preg_match_all("/url\s*\((.+)\)/si", $content, $aMatch);
if (count($aMatch)) {
$aValue = $aReplace = array();
foreach($aMatch[1] as $sMatch) {
foreach ($aMatch[1] as $sMatch) {
// url value
$urlvalue = $sMatch;
tln_fixurl('style',$urlvalue, $trans_image_path, $block_external_images);
tln_fixurl('style', $urlvalue, $trans_image_path, $block_external_images);
$aValue[] = $sMatch;
$aReplace[] = $urlvalue;
}
$content = str_replace($aValue,$aReplace,$content);
$content = str_replace($aValue, $aReplace, $content);
}
/**
@ -772,15 +773,17 @@ function tln_fixstyle($body, $pos, $trans_image_path, $block_external_images)
tln_defang($contentTemp);
tln_unspace($contentTemp);
$match = array('/\/\*.*\*\//',
$match = array(
'/\/\*.*\*\//',
'/expression/i',
'/behaviou*r/i',
'/binding/i',
'/include-source/i',
'/javascript/i',
'/script/i',
'/position/i');
$replace = array('','idiocy', 'idiocy', 'idiocy', 'idiocy', 'idiocy', 'idiocy', '');
'/position/i'
);
$replace = array('', 'idiocy', 'idiocy', 'idiocy', 'idiocy', 'idiocy', 'idiocy', '');
$contentNew = preg_replace($match, $replace, $contentTemp);
if ($contentNew !== $contentTemp) {
$content = $contentNew;
@ -794,11 +797,11 @@ function tln_body2div($attary, $trans_image_path)
$text = '#000000';
$has_bgc_stl = $has_txt_stl = false;
$styledef = '';
if (is_array($attary) && count($attary) > 0){
foreach ($attary as $attname=>$attvalue){
if (is_array($attary) && count($attary) > 0) {
foreach ($attary as $attname => $attvalue) {
$quotchar = substr($attvalue, 0, 1);
$attvalue = str_replace($quotchar, "", $attvalue);
switch ($attname){
switch ($attname) {
case 'background':
$styledef .= "background-image: url('$trans_image_path'); ";
break;
@ -817,7 +820,7 @@ function tln_body2div($attary, $trans_image_path)
if ($has_bgc_stl && !$has_txt_stl) {
$styledef .= "color: $text; ";
}
if (strlen($styledef) > 0){
if (strlen($styledef) > 0) {
$divattary["style"] = "\"$styledef\"";
}
}
@ -874,16 +877,17 @@ function tln_sanitize(
$body = preg_replace('/&(\{.*?\};)/si', '&amp;\\1', $body);
while (($curtag = tln_getnxtag($body, $curpos)) != false) {
list($tagname, $attary, $tagtype, $lt, $gt) = $curtag;
$free_content = substr($body, $curpos, $lt-$curpos);
$free_content = substr($body, $curpos, $lt - $curpos);
/**
* Take care of <style>
*/
if ($tagname == "style" && $tagtype == 1){
if ($tagname == "style" && $tagtype == 1) {
list($free_content, $curpos) =
tln_fixstyle($body, $gt+1, $trans_image_path, $block_external_images);
if ($free_content != FALSE){
if ( !empty($attary) ) {
$attary = tln_fixatts($tagname,
tln_fixstyle($body, $gt + 1, $trans_image_path, $block_external_images);
if ($free_content != FALSE) {
if (!empty($attary)) {
$attary = tln_fixatts(
$tagname,
$attary,
$rm_attnames,
$bad_attvals,
@ -898,7 +902,7 @@ function tln_sanitize(
}
continue;
}
if ($skip_content == false){
if ($skip_content == false) {
$trusted .= $free_content;
}
if ($tagname != false) {
@ -914,7 +918,8 @@ function tln_sanitize(
if ($tagname == "body") {
$tagname = "div";
}
if (isset($open_tags[$tagname]) &&
if (
isset($open_tags[$tagname]) &&
$open_tags[$tagname] > 0
) {
$open_tags[$tagname]--;
@ -932,7 +937,8 @@ function tln_sanitize(
* See if this is a self-closing type and change
* tagtype appropriately.
*/
if ($tagtype == 1
if (
$tagtype == 1
&& in_array($tagname, $self_closing_tags)
) {
$tagtype = 3;
@ -941,12 +947,14 @@ function tln_sanitize(
* See if we should skip this tag and any content
* inside it.
*/
if ($tagtype == 1
if (
$tagtype == 1
&& in_array($tagname, $rm_tags_with_content)
) {
$skip_content = $tagname;
} else {
if (($rm_tags == false
if (
($rm_tags == false
&& in_array($tagname, $tag_list)) ||
($rm_tags == true
&& !in_array($tagname, $tag_list))
@ -956,7 +964,7 @@ function tln_sanitize(
/**
* Convert body into div.
*/
if ($tagname == "body"){
if ($tagname == "body") {
$tagname = "div";
$attary = tln_body2div($attary, $trans_image_path);
}

3
AvocadoAmber/plugin/PHPMailer/extras/ntlm_sasl_client.php
View file

@ -20,7 +20,8 @@ class ntlm_sasl_client_class
public function initialize(&$client)
{
if (!function_exists($function = "mcrypt_encrypt")
if (
!function_exists($function = "mcrypt_encrypt")
|| !function_exists($function = "mhash")
) {
$extensions = array(

2
AvocadoAmber/plugin/PHPMailer/get_oauth_token.php
View file

@ -144,7 +144,7 @@ if (!isset($_GET['code'])) {
$_SESSION['oauth2state'] = $provider->getState();
header('Location: ' . $authUrl);
exit;
// Check given state against previously stored one to mitigate CSRF attack
// Check given state against previously stored one to mitigate CSRF attack
} elseif (empty($_GET['state']) || ($_GET['state'] !== $_SESSION['oauth2state'])) {
unset($_SESSION['oauth2state']);
exit('Invalid state');

62
AvocadoAmber/plugin/browscap/Browscap.php
View file

@ -654,7 +654,8 @@ class Browscap
foreach ($tmpUserAgents as $i => $userAgent) {
$properties = $browsers[$userAgent];
if (empty($properties['Comment'])
if (
empty($properties['Comment'])
|| false !== strpos($userAgent, '*')
|| false !== strpos($userAgent, '?')
) {
@ -690,7 +691,8 @@ class Browscap
$properties['Parent'] = $parentKey;
$this->_userAgents[$parentKey . '.0'] = $tmpUserAgents[$parentKey];
};
}
;
$this->_browsers[] = $this->resortProperties($properties, $propertiesKeys);
}
@ -756,7 +758,7 @@ class Browscap
if (preg_match("/\\.*[" . $key . "\\][^[]*Version=(\\d+)\\D.*/", $iniContent, $matches)) {
if (isset($matches[1])) {
$this->_source_version = (int)$matches[1];
$this->_source_version = (int) $matches[1];
}
}
@ -768,7 +770,8 @@ class Browscap
$properties = parse_ini_string($iniParts[($position + 1)], true, INI_SCANNER_RAW);
if (empty($properties['Comment'])
if (
empty($properties['Comment'])
|| false !== strpos($userAgent, '*')
|| false !== strpos($userAgent, '?')
) {
@ -804,7 +807,8 @@ class Browscap
$properties['Parent'] = $parentKey - 1;
$this->_userAgents[($parentKey - 1) . '.0'] = $patternPositions[$parentKey];
};
}
;
$this->_browsers[] = $this->resortProperties($properties, $propertiesKeys);
}
@ -1020,12 +1024,52 @@ class Browscap
// to properly unescape '?' which was changed to '.', I replace '\.' (real dot) with '\?',
// then change '.' to '?' and then '\?' to '.'.
$search = array(
'\\' . self::REGEX_DELIMITER, '\\.', '\\\\', '\\+', '\\[', '\\^', '\\]', '\\$', '\\(', '\\)', '\\{', '\\}',
'\\=', '\\!', '\\<', '\\>', '\\|', '\\:', '\\-', '.*', '.', '\\?'
'\\' . self::REGEX_DELIMITER,
'\\.',
'\\\\',
'\\+',
'\\[',
'\\^',
'\\]',
'\\$',
'\\(',
'\\)',
'\\{',
'\\}',
'\\=',
'\\!',
'\\<',
'\\>',
'\\|',
'\\:',
'\\-',
'.*',
'.',
'\\?'
);
$replace = array(
self::REGEX_DELIMITER, '\\?', '\\', '+', '[', '^', ']', '$', '(', ')', '{', '}', '=', '!', '<', '>', '|',
':', '-', '*', '?', '.'
self::REGEX_DELIMITER,
'\\?',
'\\',
'+',
'[',
'^',
']',
'$',
'(',
')',
'{',
'}',
'=',
'!',
'<',
'>',
'|',
':',
'-',
'*',
'?',
'.'
);
$result = substr(str_replace($search, $replace, $pattern), 2, -2);

286
AvocadoAmber/plugin/kcaptcha/kcaptcha.lib.php
View file

@ -16,92 +16,97 @@
# See kcaptcha_config.php for customization
class KCAPTCHA{
class KCAPTCHA
{
private $keystring;
// generates keystring and image
function image(){
require dirname(__FILE__).'/kcaptcha_config.php';
function image()
{
require dirname(__FILE__) . '/kcaptcha_config.php';
$fonts=array();
$fontsdir_absolute=dirname(__FILE__).'/'.$fontsdir;
$fonts = array();
$fontsdir_absolute = dirname(__FILE__) . '/' . $fontsdir;
if ($handle = opendir($fontsdir_absolute)) {
while (false !== ($file = readdir($handle))) {
if (preg_match('/\.png$/i', $file)) {
$fonts[]=$fontsdir_absolute.'/'.$file;
$fonts[] = $fontsdir_absolute . '/' . $file;
}
}
closedir($handle);
}
$alphabet_length=strlen($alphabet);
$alphabet_length = strlen($alphabet);
$font_file=$fonts[mt_rand(0, count($fonts)-1)];
$font=imagecreatefrompng($font_file);
$font_file = $fonts[mt_rand(0, count($fonts) - 1)];
$font = imagecreatefrompng($font_file);
imagealphablending($font, true);
$fontfile_width=imagesx($font);
$fontfile_height=imagesy($font)-1;
$font_metrics=array();
$symbol=0;
$reading_symbol=false;
$fontfile_width = imagesx($font);
$fontfile_height = imagesy($font) - 1;
$font_metrics = array();
$symbol = 0;
$reading_symbol = false;
// loading font
for($i=0;$i<$fontfile_width && $symbol<$alphabet_length;$i++){
for ($i = 0; $i < $fontfile_width && $symbol < $alphabet_length; $i++) {
$transparent = (imagecolorat($font, $i, 0) >> 24) == 127;
if(!$reading_symbol && !$transparent){
$font_metrics[$alphabet[$symbol]]=array('start'=>$i);
$reading_symbol=true;
if (!$reading_symbol && !$transparent) {
$font_metrics[$alphabet[$symbol]] = array('start' => $i);
$reading_symbol = true;
continue;
}
if($reading_symbol && $transparent){
$font_metrics[$alphabet[$symbol]]['end']=$i;
$reading_symbol=false;
if ($reading_symbol && $transparent) {
$font_metrics[$alphabet[$symbol]]['end'] = $i;
$reading_symbol = false;
$symbol++;
continue;
}
}
$img=imagecreatetruecolor($width, $height);
$img = imagecreatetruecolor($width, $height);
imagealphablending($img, true);
$white=imagecolorallocate($img, 255, 255, 255);
$black=imagecolorallocate($img, 0, 0, 0);
$white = imagecolorallocate($img, 255, 255, 255);
$black = imagecolorallocate($img, 0, 0, 0);
imagefilledrectangle($img, 0, 0, $width-1, $height-1, $white);
imagefilledrectangle($img, 0, 0, $width - 1, $height - 1, $white);
// draw text
$x=1;
$odd=mt_rand(0,1);
if($odd==0) $odd=-1;
for($i=0;$i<$length;$i++){
$x = 1;
$odd = mt_rand(0, 1);
if ($odd == 0)
$odd = -1;
for ($i = 0; $i < $length; $i++) {
if( ! isset($this->keystring[$i]) ) continue;
$m=$font_metrics[$this->keystring[$i]];
if (!isset($this->keystring[$i]))
continue;
$m = $font_metrics[$this->keystring[$i]];
$y=(($i%2)*$fluctuation_amplitude - $fluctuation_amplitude/2)*$odd
+ mt_rand(-round($fluctuation_amplitude/3), round($fluctuation_amplitude/3))
+ ($height-$fontfile_height)/2;
$y = (($i % 2) * $fluctuation_amplitude - $fluctuation_amplitude / 2) * $odd
+ mt_rand(-round($fluctuation_amplitude / 3), round($fluctuation_amplitude / 3))
+ ($height - $fontfile_height) / 2;
if($no_spaces){
$shift=0;
if($i>0){
$shift=10000;
for($sy=3;$sy<$fontfile_height-10;$sy+=1){
for($sx=$m['start']-1;$sx<$m['end'];$sx+=1){
$rgb=imagecolorat($font, $sx, $sy);
$opacity=$rgb>>24;
if($opacity<127){
$left=$sx-$m['start']+$x;
$py=$sy+$y;
if($py>$height) break;
for($px=min($left,$width-1);$px>$left-200 && $px>=0;$px-=1){
$color=imagecolorat($img, $px, $py) & 0xff;
if($color+$opacity<170){ // 170 - threshold
if($shift>$left-$px){
$shift=$left-$px;
if ($no_spaces) {
$shift = 0;
if ($i > 0) {
$shift = 10000;
for ($sy = 3; $sy < $fontfile_height - 10; $sy += 1) {
for ($sx = $m['start'] - 1; $sx < $m['end']; $sx += 1) {
$rgb = imagecolorat($font, $sx, $sy);
$opacity = $rgb >> 24;
if ($opacity < 127) {
$left = $sx - $m['start'] + $x;
$py = $sy + $y;
if ($py > $height)
break;
for ($px = min($left, $width - 1); $px > $left - 200 && $px >= 0; $px -= 1) {
$color = imagecolorat($img, $px, $py) & 0xff;
if ($color + $opacity < 170) { // 170 - threshold
if ($shift > $left - $px) {
$shift = $left - $px;
}
break;
}
@ -110,103 +115,103 @@ class KCAPTCHA{
}
}
}
if($shift==10000){
$shift=mt_rand(4,6);
if ($shift == 10000) {
$shift = mt_rand(4, 6);
}
}
}else{
$shift=1;
} else {
$shift = 1;
}
imagecopy($img, $font, $x-$shift, $y, $m['start'], 1, $m['end']-$m['start'], $fontfile_height);
$x+=$m['end']-$m['start']-$shift;
imagecopy($img, $font, $x - $shift, $y, $m['start'], 1, $m['end'] - $m['start'], $fontfile_height);
$x += $m['end'] - $m['start'] - $shift;
}
//noise
$white=imagecolorallocate($font, 255, 255, 255);
$black=imagecolorallocate($font, 0, 0, 0);
for($i=0;$i<(($height-30)*$x)*$white_noise_density;$i++){
imagesetpixel($img, mt_rand(0, $x-1), mt_rand(10, $height-15), $white);
$white = imagecolorallocate($font, 255, 255, 255);
$black = imagecolorallocate($font, 0, 0, 0);
for ($i = 0; $i < (($height - 30) * $x) * $white_noise_density; $i++) {
imagesetpixel($img, mt_rand(0, $x - 1), mt_rand(10, $height - 15), $white);
}
for($i=0;$i<(($height-30)*$x)*$black_noise_density;$i++){
imagesetpixel($img, mt_rand(0, $x-1), mt_rand(10, $height-15), $black);
for ($i = 0; $i < (($height - 30) * $x) * $black_noise_density; $i++) {
imagesetpixel($img, mt_rand(0, $x - 1), mt_rand(10, $height - 15), $black);
}
$center=$x/2;
$center = $x / 2;
// credits. To remove, see configuration file
$img2=imagecreatetruecolor($width, $height+($show_credits?12:0));
$foreground=imagecolorallocate($img2, $foreground_color[0], $foreground_color[1], $foreground_color[2]);
$background=imagecolorallocate($img2, $background_color[0], $background_color[1], $background_color[2]);
imagefilledrectangle($img2, 0, 0, $width-1, $height-1, $background);
imagefilledrectangle($img2, 0, $height, $width-1, $height+12, $foreground);
$credits=empty($credits)?$_SERVER['HTTP_HOST']:$credits;
imagestring($img2, 2, $width/2-imagefontwidth(2)*strlen($credits)/2, $height-2, $credits, $background);
$img2 = imagecreatetruecolor($width, $height + ($show_credits ? 12 : 0));
$foreground = imagecolorallocate($img2, $foreground_color[0], $foreground_color[1], $foreground_color[2]);
$background = imagecolorallocate($img2, $background_color[0], $background_color[1], $background_color[2]);
imagefilledrectangle($img2, 0, 0, $width - 1, $height - 1, $background);
imagefilledrectangle($img2, 0, $height, $width - 1, $height + 12, $foreground);
$credits = empty($credits) ? $_SERVER['HTTP_HOST'] : $credits;
imagestring($img2, 2, $width / 2 - imagefontwidth(2) * strlen($credits) / 2, $height - 2, $credits, $background);
// periods
$rand1=mt_rand(750000,1200000)/10000000;
$rand2=mt_rand(750000,1200000)/10000000;
$rand3=mt_rand(750000,1200000)/10000000;
$rand4=mt_rand(750000,1200000)/10000000;
$rand1 = mt_rand(750000, 1200000) / 10000000;
$rand2 = mt_rand(750000, 1200000) / 10000000;
$rand3 = mt_rand(750000, 1200000) / 10000000;
$rand4 = mt_rand(750000, 1200000) / 10000000;
// phases
$rand5=mt_rand(0,31415926)/10000000;
$rand6=mt_rand(0,31415926)/10000000;
$rand7=mt_rand(0,31415926)/10000000;
$rand8=mt_rand(0,31415926)/10000000;
$rand5 = mt_rand(0, 31415926) / 10000000;
$rand6 = mt_rand(0, 31415926) / 10000000;
$rand7 = mt_rand(0, 31415926) / 10000000;
$rand8 = mt_rand(0, 31415926) / 10000000;
// amplitudes
$rand9=mt_rand(330,420)/110;
$rand10=mt_rand(330,450)/110;
$rand9 = mt_rand(330, 420) / 110;
$rand10 = mt_rand(330, 450) / 110;
//wave distortion
for($x=0;$x<$width;$x++){
for($y=0;$y<$height;$y++){
for ($x = 0; $x < $width; $x++) {
for ($y = 0; $y < $height; $y++) {
if ($wave) {
$sx=$x+(sin($x*$rand1+$rand5)+sin($y*$rand3+$rand6))*$rand9-$width/2+$center+1;
$sy=$y+(sin($x*$rand2+$rand7)+sin($y*$rand4+$rand8))*$rand10;
}
else {
$sx=$x-$width/2+$center+1;
$sy=$y+(sin($x*$rand2+$rand7)+sin($y*$rand4+$rand8))*1.5;
$sx = $x + (sin($x * $rand1 + $rand5) + sin($y * $rand3 + $rand6)) * $rand9 - $width / 2 + $center + 1;
$sy = $y + (sin($x * $rand2 + $rand7) + sin($y * $rand4 + $rand8)) * $rand10;
} else {
$sx = $x - $width / 2 + $center + 1;
$sy = $y + (sin($x * $rand2 + $rand7) + sin($y * $rand4 + $rand8)) * 1.5;
}
if($sx<0 || $sy<0 || $sx>=$width-1 || $sy>=$height-1){
if ($sx < 0 || $sy < 0 || $sx >= $width - 1 || $sy >= $height - 1) {
continue;
}else{
$color=imagecolorat($img, (int)$sx, (int)$sy) & 0xFF;
$color_x=imagecolorat($img, (int)$sx+1, (int)$sy) & 0xFF;
$color_y=imagecolorat($img, (int)$sx, (int)$sy+1) & 0xFF;
$color_xy=imagecolorat($img, (int)$sx+1, (int)$sy+1) & 0xFF;
} else {
$color = imagecolorat($img, (int) $sx, (int) $sy) & 0xFF;
$color_x = imagecolorat($img, (int) $sx + 1, (int) $sy) & 0xFF;
$color_y = imagecolorat($img, (int) $sx, (int) $sy + 1) & 0xFF;
$color_xy = imagecolorat($img, (int) $sx + 1, (int) $sy + 1) & 0xFF;
}
if($color==255 && $color_x==255 && $color_y==255 && $color_xy==255){
if ($color == 255 && $color_x == 255 && $color_y == 255 && $color_xy == 255) {
continue;
}else if($color==0 && $color_x==0 && $color_y==0 && $color_xy==0){
$newred=$foreground_color[0];
$newgreen=$foreground_color[1];
$newblue=$foreground_color[2];
}else{
$frsx=$sx-floor($sx);
$frsy=$sy-floor($sy);
$frsx1=1-$frsx;
$frsy1=1-$frsy;
} else if ($color == 0 && $color_x == 0 && $color_y == 0 && $color_xy == 0) {
$newred = $foreground_color[0];
$newgreen = $foreground_color[1];
$newblue = $foreground_color[2];
} else {
$frsx = $sx - floor($sx);
$frsy = $sy - floor($sy);
$frsx1 = 1 - $frsx;
$frsy1 = 1 - $frsy;
$newcolor=(
$color*$frsx1*$frsy1+
$color_x*$frsx*$frsy1+
$color_y*$frsx1*$frsy+
$color_xy*$frsx*$frsy);
$newcolor = (
$color * $frsx1 * $frsy1 +
$color_x * $frsx * $frsy1 +
$color_y * $frsx1 * $frsy +
$color_xy * $frsx * $frsy);
if($newcolor>255) $newcolor=255;
$newcolor=$newcolor/255;
$newcolor0=1-$newcolor;
if ($newcolor > 255)
$newcolor = 255;
$newcolor = $newcolor / 255;
$newcolor0 = 1 - $newcolor;
$newred=$newcolor0*$foreground_color[0]+$newcolor*$background_color[0];
$newgreen=$newcolor0*$foreground_color[1]+$newcolor*$background_color[1];
$newblue=$newcolor0*$foreground_color[2]+$newcolor*$background_color[2];
$newred = $newcolor0 * $foreground_color[0] + $newcolor * $background_color[0];
$newgreen = $newcolor0 * $foreground_color[1] + $newcolor * $background_color[1];
$newblue = $newcolor0 * $foreground_color[2] + $newcolor * $background_color[2];
}
imagesetpixel($img2, (int)$x, (int)$y, imagecolorallocate($img2, (int)$newred, (int)$newgreen, (int)$newblue));
imagesetpixel($img2, (int) $x, (int) $y, imagecolorallocate($img2, (int) $newred, (int) $newgreen, (int) $newblue));
}
}
@ -215,48 +220,52 @@ class KCAPTCHA{
header('Cache-Control: post-check=0, pre-check=0', FALSE);
header('Pragma: no-cache');
if(function_exists("imagejpeg")){
if (function_exists("imagejpeg")) {
header("Content-Type: image/jpeg");
imagejpeg($img2, null, $jpeg_quality);
}else if(function_exists("imagegif")){
} else if (function_exists("imagegif")) {
header("Content-Type: image/gif");
imagegif($img2);
}else if(function_exists("imagepng")){
} else if (function_exists("imagepng")) {
header("Content-Type: image/x-png");
imagepng($img2);
}
}
// returns keystring
function getKeyString(){
function getKeyString()
{
return $this->keystring;
}
function setKeyString($str){
function setKeyString($str)
{
$this->keystring = $str;
}
}
// 캡챠 HTML 코드 출력
function captcha_html($class="captcha")
function captcha_html($class = "captcha")
{
if(is_mobile())
if (is_mobile())
$class .= ' m_captcha';
$html = "\n".'<script>var g5_captcha_url = "'.G5_CAPTCHA_URL.'";</script>';
$html = "\n" . '<script>var g5_captcha_url = "' . G5_CAPTCHA_URL . '";</script>';
//$html .= "\n".'<script>var g5_captcha_path = "'.G5_CAPTCHA_PATH.'";</script>';
$html .= "\n".'<script src="'.G5_CAPTCHA_URL.'/kcaptcha.js"></script>';
$html .= "\n".'<fieldset id="captcha" class="'.$class.'">';
$html .= "\n".'<legend><label for="captcha_key">자동등록방지</label></legend>';
if (is_mobile()) $html .= '<audio id="captcha_audio" controls></audio>';
$html .= "\n" . '<script src="' . G5_CAPTCHA_URL . '/kcaptcha.js"></script>';
$html .= "\n" . '<fieldset id="captcha" class="' . $class . '">';
$html .= "\n" . '<legend><label for="captcha_key">자동등록방지</label></legend>';
if (is_mobile())
$html .= '<audio id="captcha_audio" controls></audio>';
//$html .= "\n".'<img src="#" alt="" id="captcha_img">';
$html .= "\n".'<img src="'.G5_CAPTCHA_URL.'/img/dot.gif" alt="" id="captcha_img">';
$html .= "\n" . '<img src="' . G5_CAPTCHA_URL . '/img/dot.gif" alt="" id="captcha_img">';
$html .= '<input type="text" name="captcha_key" id="captcha_key" required class="captcha_box required" size="6" maxlength="6">';
if (!is_mobile()) $html .= "\n".'<button type="button" id="captcha_mp3"><span></span>숫자음성듣기</button>';
$html .= "\n".'<button type="button" id="captcha_reload"><span></span>새로고침</button>';
$html .= "\n".'<span id="captcha_info">자동등록방지 숫자를 순서대로 입력하세요.</span>';
$html .= "\n".'</fieldset>';
if (!is_mobile())
$html .= "\n" . '<button type="button" id="captcha_mp3"><span></span>숫자음성듣기</button>';
$html .= "\n" . '<button type="button" id="captcha_reload"><span></span>새로고침</button>';
$html .= "\n" . '<span id="captcha_info">자동등록방지 숫자를 순서대로 입력하세요.</span>';
$html .= "\n" . '</fieldset>';
return $html;
}
@ -271,17 +280,18 @@ function chk_captcha_js()
// 세션에 저장된 캡챠값과 $_POST 로 넘어온 캡챠값을 비교
function chk_captcha()
{
$captcha_count = (int)get_session('ss_captcha_count');
$captcha_count = (int) get_session('ss_captcha_count');
if ($captcha_count > 5) {
return false;
}
$post_captcha_key = (isset($_POST['captcha_key']) && $_POST['captcha_key']) ? trim($_POST['captcha_key']) : '';
if (!trim($post_captcha_key)) return false;
if (!trim($post_captcha_key))
return false;
if( $post_captcha_key && function_exists('get_string_encrypt') ){
if ($post_captcha_key && function_exists('get_string_encrypt')) {
$ip = md5(sha1($_SERVER['REMOTE_ADDR']));
$post_captcha_key = get_string_encrypt($ip.$post_captcha_key);
$post_captcha_key = get_string_encrypt($ip . $post_captcha_key);
}
if ($post_captcha_key != get_session('ss_captcha_key')) {

4
AvocadoAmber/plugin/kcaptcha/kcaptcha_config.php
View file

@ -28,9 +28,9 @@ $fluctuation_amplitude = 5; // 파동&진폭 원래대로 151029 15:00
#noise
//$white_noise_density=0; // no white noise
$white_noise_density=1/6;
$white_noise_density = 1 / 6;
//$black_noise_density=0; // no black noise
$black_noise_density=1/20;
$black_noise_density = 1 / 20;
# increase safety by prevention of spaces between symbols
$no_spaces = false;

5
AvocadoAmber/plugin/kcaptcha/kcaptcha_image.php
View file

@ -5,12 +5,13 @@ include_once "captcha.lib.php";
$captcha = new KCAPTCHA();
$ss_captcha_key = get_session("ss_captcha_key");
$ss_captcha_key_decrypt = '';
if( $ss_captcha_key && !preg_match('/^[0-9]/', $ss_captcha_key) && function_exists('get_string_decrypt') ){
if ($ss_captcha_key && !preg_match('/^[0-9]/', $ss_captcha_key) && function_exists('get_string_decrypt')) {
$ip = md5(sha1($_SERVER['REMOTE_ADDR']));
$ss_captcha_key_decrypt = str_replace($ip, '', get_string_decrypt($ss_captcha_key));
}
# php 5.2 또는 5.3 버전에서 포인터처럼 해당 세션값이 변경되는 버그가 있어서 아래와 같이 조치함
if(! $ss_captcha_key_decrypt) $ss_captcha_key_decrypt = $ss_captcha_key;
if (!$ss_captcha_key_decrypt)
$ss_captcha_key_decrypt = $ss_captcha_key;
$captcha->setKeyString($ss_captcha_key_decrypt);
$captcha->getKeyString();
$captcha->image();

26
AvocadoAmber/plugin/kcaptcha/kcaptcha_mp3.php
View file

@ -7,43 +7,45 @@ function make_mp3()
$number = get_session("ss_captcha_key");
if ($number == "") return;
if ($number == "")
return;
$ip = md5(sha1($_SERVER['REMOTE_ADDR']));
if( $number && function_exists('get_string_decrypt') ){
if ($number && function_exists('get_string_decrypt')) {
$number = str_replace($ip, '', get_string_decrypt($number));
}
if ($number == get_session("ss_captcha_save")) return;
if ($number == get_session("ss_captcha_save"))
return;
$mp3s = array();
for($i=0;$i<strlen($number);$i++){
$file = G5_CAPTCHA_PATH.'/mp3/'.$config['cf_captcha_mp3'].'/'.$number[$i].'.mp3';
for ($i = 0; $i < strlen($number); $i++) {
$file = G5_CAPTCHA_PATH . '/mp3/' . $config['cf_captcha_mp3'] . '/' . $number[$i] . '.mp3';
$mp3s[] = $file;
}
$mp3_file = 'cache/kcaptcha-'.$ip.'_'.G5_SERVER_TIME.'.mp3';
$mp3_file = 'cache/kcaptcha-' . $ip . '_' . G5_SERVER_TIME . '.mp3';
$contents = '';
foreach ($mp3s as $mp3) {
$contents .= file_get_contents($mp3);
}
file_put_contents(G5_DATA_PATH.'/'.$mp3_file, $contents);
file_put_contents(G5_DATA_PATH . '/' . $mp3_file, $contents);
// 지난 캡챠 파일 삭제
if (rand(0,99) == 0) {
foreach (glob(G5_DATA_PATH.'/cache/kcaptcha-*.mp3') as $file) {
if (rand(0, 99) == 0) {
foreach (glob(G5_DATA_PATH . '/cache/kcaptcha-*.mp3') as $file) {
if (filemtime($file) + 86400 < G5_SERVER_TIME) {
@unlink($file);
}
}
}
if( $number && function_exists('get_string_encrypt') ){
$number = get_string_encrypt($ip.$number);
if ($number && function_exists('get_string_encrypt')) {
$number = get_string_encrypt($ip . $number);
}
set_session("ss_captcha_save", $number);
return G5_DATA_URL.'/'.$mp3_file;
return G5_DATA_URL . '/' . $mp3_file;
}
echo make_mp3();

6
AvocadoAmber/plugin/kcaptcha/kcaptcha_result.php
View file

@ -4,15 +4,15 @@ include_once "_common.php";
$captcha_key = isset($_POST['captcha_key']) ? $_POST['captcha_key'] : '';
$count = (int)get_session("ss_captcha_count");
$count = (int) get_session("ss_captcha_count");
if ($count >= 5) { // 설정값 이상이면 자동등록방지 입력 문자가 맞아도 오류 처리
echo false;
} else {
set_session("ss_captcha_count", $count + 1);
if( $captcha_key && function_exists('get_string_encrypt') ){
if ($captcha_key && function_exists('get_string_encrypt')) {
$ip = md5(sha1($_SERVER['REMOTE_ADDR']));
$captcha_key = get_string_encrypt($ip.$captcha_key);
$captcha_key = get_string_encrypt($ip . $captcha_key);
}
echo (get_session("ss_captcha_key") === $captcha_key) ? true : false;
}