From 198653ab0ba419e835822c6b9d497458c68aa338 Mon Sep 17 00:00:00 2001
From: "wclouser%mozilla.com"
Date: Mon, 17 Jul 2006 18:50:06 +0000
Subject: [PATCH] now with more captcha
---
webtools/firefox_survey/.htaccess | 1 +
.../controllers/users_controller.php | 32 ++++++++++++++++++
webtools/firefox_survey/views/users/add.thtml | 8 +++++
webtools/firefox_survey/webroot/.htaccess | 2 ++
.../firefox_survey/webroot/css/screen.css | 15 +++++++-
.../webroot/img/accessibility.jpg | Bin 0 -> 1234 bytes
.../firefox_survey/webroot/img/freecap.php | 6 ++++
7 files changed, 63 insertions(+), 1 deletion(-)
create mode 100644 webtools/firefox_survey/webroot/img/accessibility.jpg
create mode 100644 webtools/firefox_survey/webroot/img/freecap.php
diff --git a/webtools/firefox_survey/.htaccess b/webtools/firefox_survey/.htaccess
index 8cfc1eafd8ff..4ddf43558b4d 100644
--- a/webtools/firefox_survey/.htaccess
+++ b/webtools/firefox_survey/.htaccess
@@ -1,5 +1,6 @@
RewriteEngine on
+ RewriteBase /~clouserw/firefox_survey
RewriteRule ^$ webroot/ [L]
RewriteRule (.*) webroot/$1 [L]
diff --git a/webtools/firefox_survey/controllers/users_controller.php b/webtools/firefox_survey/controllers/users_controller.php
index 055be911e97b..4b5d583ed646 100644
--- a/webtools/firefox_survey/controllers/users_controller.php
+++ b/webtools/firefox_survey/controllers/users_controller.php
@@ -18,6 +18,38 @@ class UsersController extends AppController {
}
else
{
+ /**
+ * @todo The captcha stuff should be moved to a component (instead of a vendor
+ * package). The manual error handling and vendor code was added because
+ * of time constraints (namely, this needs to be done in the next 22
+ * minutes)
+ */
+
+ // They didn't fill in a value
+ if (empty($_SESSION['freecap_word_hash']) || empty($this->params['data']['captcha'][0])) {
+ $form_captcha_error = 'You must enter the code above. If you are unable to see the code, please email us.';
+ $this->set('form_captcha_error',$form_captcha_error);
+ return;
+ }
+
+ // Just some sanity checking. If a user messes with their cookie
+ // manually, they could be trying to execute custom functions
+ if (!in_array($_SESSION['hash_func'], array('sha1','md5','crc32'))) {
+ // fail silently?
+ return;
+ }
+
+ // Check the captcha values
+ if( $_SESSION['hash_func'](strtolower($this->params['data']['captcha'][0])) != $_SESSION['freecap_word_hash']) {
+ $form_captcha_error = 'The code you entered did not match the picture. Please try again.';
+ $this->set('form_captcha_error',$form_captcha_error);
+ return;
+ } else {
+ //reset session values
+ $_SESSION['freecap_attempts'] = 0;
+ $_SESSION['freecap_word_hash'] = false;
+ }
+
// If they've already signed up, send them another email
if ($this->User->findByEmail($this->params['data']['User']['email'])) {
$mail_params = array(
diff --git a/webtools/firefox_survey/views/users/add.thtml b/webtools/firefox_survey/views/users/add.thtml
index 2a2cdfd4e6cd..28cca3343957 100644
--- a/webtools/firefox_survey/views/users/add.thtml
+++ b/webtools/firefox_survey/views/users/add.thtml
@@ -9,6 +9,14 @@
input('User/email', array('size' => '40'))?>
tagErrorMsg('User/email', 'A properly formatted email address is required.') ?>