From 198653ab0ba419e835822c6b9d497458c68aa338 Mon Sep 17 00:00:00 2001
From: "wclouser%mozilla.com" <wclouser%mozilla.com>
Date: Mon, 17 Jul 2006 18:50:06 +0000
Subject: [PATCH] now with more captcha

---
 webtools/firefox_survey/.htaccess             |   1 +
 .../controllers/users_controller.php          |  32 ++++++++++++++++++
 webtools/firefox_survey/views/users/add.thtml |   8 +++++
 webtools/firefox_survey/webroot/.htaccess     |   2 ++
 .../firefox_survey/webroot/css/screen.css     |  15 +++++++-
 .../webroot/img/accessibility.jpg             | Bin 0 -> 1234 bytes
 .../firefox_survey/webroot/img/freecap.php    |   6 ++++
 7 files changed, 63 insertions(+), 1 deletion(-)
 create mode 100644 webtools/firefox_survey/webroot/img/accessibility.jpg
 create mode 100644 webtools/firefox_survey/webroot/img/freecap.php

diff --git a/webtools/firefox_survey/.htaccess b/webtools/firefox_survey/.htaccess
index 8cfc1eafd8ff..4ddf43558b4d 100644
--- a/webtools/firefox_survey/.htaccess
+++ b/webtools/firefox_survey/.htaccess
@@ -1,5 +1,6 @@
 <IfModule mod_rewrite.c>
     RewriteEngine on
+    RewriteBase /~clouserw/firefox_survey
     RewriteRule    ^$    webroot/    [L]
     RewriteRule    (.*) webroot/$1    [L]
 </IfModule>
diff --git a/webtools/firefox_survey/controllers/users_controller.php b/webtools/firefox_survey/controllers/users_controller.php
index 055be911e97b..4b5d583ed646 100644
--- a/webtools/firefox_survey/controllers/users_controller.php
+++ b/webtools/firefox_survey/controllers/users_controller.php
@@ -18,6 +18,38 @@ class UsersController extends AppController {
         }
         else
         {
+            /**
+             * @todo The captcha stuff should be moved to a component (instead of a vendor
+             * package).  The manual error handling and vendor code was added because
+             * of time constraints (namely, this needs to be done in the next 22
+             * minutes)
+             */
+
+            // They didn't fill in a value
+            if (empty($_SESSION['freecap_word_hash']) || empty($this->params['data']['captcha'][0])) {
+                $form_captcha_error = 'You must enter the code above.  If you are unable to see the code, please <a href="mailto:firefoxsurvey@mozilla.com">email us.</a>';
+                $this->set('form_captcha_error',$form_captcha_error);
+                return;
+            }
+
+            // Just some sanity checking.  If a user messes with their cookie
+            // manually, they could be trying to execute custom functions
+            if (!in_array($_SESSION['hash_func'], array('sha1','md5','crc32'))) {
+                // fail silently?
+                return;
+            }
+
+            // Check the captcha values
+            if( $_SESSION['hash_func'](strtolower($this->params['data']['captcha'][0])) != $_SESSION['freecap_word_hash']) {
+                $form_captcha_error = 'The code you entered did not match the picture.  Please try again.';
+                $this->set('form_captcha_error',$form_captcha_error);
+                return;
+            } else {
+                //reset session values
+                $_SESSION['freecap_attempts'] = 0;
+                $_SESSION['freecap_word_hash'] = false;
+            }
+
             // If they've already signed up, send them another email
             if ($this->User->findByEmail($this->params['data']['User']['email'])) {
                     $mail_params = array(
diff --git a/webtools/firefox_survey/views/users/add.thtml b/webtools/firefox_survey/views/users/add.thtml
index 2a2cdfd4e6cd..28cca3343957 100644
--- a/webtools/firefox_survey/views/users/add.thtml
+++ b/webtools/firefox_survey/views/users/add.thtml
@@ -9,6 +9,14 @@
             <?php echo $html->input('User/email', array('size' => '40'))?>
             <?php echo $html->tagErrorMsg('User/email', 'A properly formatted email address is required.') ?>
         </p>
+        
+        <p class="captcha"><?php echo $html->image('freecap.php'); ?></p>
+        <p><label class="captcha-entry" for="captcha">Enter the code above:<span class="required">*</span></label> <?php echo $html->input('captcha', array('size' => '40')); ?>
+            <a href="mailto:firefoxsurvey@mozilla.com"><?php echo $html->image('accessibility.jpg',array('class' => 'captcha-entry'));?></a>
+        </p>
+        <?php if (!empty($form_captcha_error)) : ?>
+        <p class="error_message"><?php echo $form_captcha_error; ?></p>
+        <?php endif; ?>
         <p><?php echo $html->submit('Send') ?></p>
     </form>
 </div>
diff --git a/webtools/firefox_survey/webroot/.htaccess b/webtools/firefox_survey/webroot/.htaccess
index 2ff089ec0036..3d0defafac32 100644
--- a/webtools/firefox_survey/webroot/.htaccess
+++ b/webtools/firefox_survey/webroot/.htaccess
@@ -1,6 +1,8 @@
 <IfModule mod_rewrite.c>
     RewriteEngine On
 
+    RewriteBase /~clouserw/firefox_survey
+
     RewriteCond %{REQUEST_FILENAME} !-d
     RewriteCond %{REQUEST_FILENAME} !-f
     RewriteRule ^(.*)$ index.php?url=$1 [QSA,L]
diff --git a/webtools/firefox_survey/webroot/css/screen.css b/webtools/firefox_survey/webroot/css/screen.css
index de2c65b872c9..797af27d8def 100644
--- a/webtools/firefox_survey/webroot/css/screen.css
+++ b/webtools/firefox_survey/webroot/css/screen.css
@@ -6,9 +6,22 @@
 
  div#UsersAdd label {
      float:left;
-     width:12em;
+     width:13em;
  }
 
  .center {
      text-align:center;
  }
+
+ .captcha {
+     padding-left:13em;
+ }
+
+ .captcha-entry {
+     vertical-align:bottom;
+ }
+
+ .error_message {
+     color:#e11;
+     padding-left:5em;
+ }
diff --git a/webtools/firefox_survey/webroot/img/accessibility.jpg b/webtools/firefox_survey/webroot/img/accessibility.jpg
new file mode 100644
index 0000000000000000000000000000000000000000..6bc390e3d70cc47299cbe44ffcb9218f423da0e9
GIT binary patch
literal 1234
zcmex=<NpH&0WUXCHwH!~28I+MWcdGvLC~c%IlGd9k%5JQfx!kS^p1hgF(p4Kl_BK-
zP=xXSZ3brsHWn5ZRu(o^RyIyHAm-*^W8>iF;o{=v;^GnD0RsUZK7IjyJ|1CV5fNcw
z8EI*08F@GW8N$fU&d$rjD<L2tAtfp(Dg~D$mht}pgCGZkB!eU~qaXv5AS1IN<NqTJ
z@<2DTGJ*lnxnRJ^#LU9V#?HaX#SK)jRe*tsk(rr^g_)I=1?Wk}TA(}wiy*6zqM;+3
za9|?4QlW@Z<HUs=%1#>(iUwW$pkka<)WpdpCN3c<rK+Z`p{ZqJYG!U>Y31zV>gMj@
z=@lFj8WtWA8I_!pnwFlCnN?g;T2@|BS=HRq+ScCD*)?hMl&RCE&zL!D(c&dbmn~nh
za@D5ITefc7zGLUELx+zXJ$C%W$y1juU%7hi`i+~n9zJ^f<mt2LFJ8X-`04YPuiw7^
z`1uRuFGdDth_`?wR(}Blfsu)Yg_(sN<S$01av)|FWMNe_WD{}>WKS#<Rx)bj5OJEg
zaN|KvW#ga^qDe&;xx`dV9;$u>c@69{;yl(wme1fGL-^|!0}nGJF!GoM8SEKWX4(j5
z37jmKj)_{b>bd}%R!Wb7-t2beg2$%cg?x`LUA*z9t);5Tll9WCb}!!eV^4{PO@PT?
zt)n?{r&PVSb?6kHxTG=F>{vtX)w+mJRmnZ`?X{nm{9N+Bwm;dvWO4kYIhB=R+b&wa
z-t^}`!-<F6_kZty9yhgL=;_|Ge;@yx)f_!L%5Ubf+dtw%u7B0wz4jBxaaj|hdS&8F
zsq*6)m#4}+`Bf_OHOupAuf^`#<u7kPE4#3m<HFp`b-9(w|J2r(zu5L~=CvQ2V?Ky?
zsP3JRRd(%c`P2UlOJt2I^{$`hu$X-|^!e%IcjWa&pC_&iUz%U$ch~ajzQ;F@CmB@q
z<<|*5+qUnVUsUwl_|w~t&;QZxTr2lC_s{(;(f%UkX5ooah9<&#PbO&B9KO(ep*e0Z
z*S$;TH`hwNx%hd;9`lWJ*H>(rRUK<PGj7G1I~PoC&7QmO`EYKn{Y~Ax^yt&vpO#+Y
zUJ}%PCiJk#H2cXmZ*3m$c(&HhD{D#Ut+4D}{}~#8%)JqHVX9@oil0gMO;T?~XFs_%
zFSeIg|F9HW`wHh(*}J~BUY)zRGw8C<^tZw1b?U9$w`Xwlgip)iyOXZ0HKX%NcaNgV
z{YY(<k_!ie7McdFjqozOcA@6%)>Y9Nd+slrzH?^fBU$O7OR7!(PI;`?UAAMghgh1#
zf<EizpLvYZjGih^)@dlc<9<5Yt>vNh(HEDV?R~#I_Se_Heo-@ag=%iK*sAjM<mr@2
lllRV>z9nw;)wMi1T`w%!?eFKWT*%wIz|leM6>tCln*h6r08Rh^

literal 0
HcmV?d00001

diff --git a/webtools/firefox_survey/webroot/img/freecap.php b/webtools/firefox_survey/webroot/img/freecap.php
new file mode 100644
index 000000000000..4087cf581998
--- /dev/null
+++ b/webtools/firefox_survey/webroot/img/freecap.php
@@ -0,0 +1,6 @@
+<?php
+//freecap has a couple warnings in it
+error_reporting(0);
+require_once '../../config/defines.php';
+require_once '../../vendors/captcha/freecap.php';
+?>