WebSVN – oidplus – Diff – /trunk/plugins/viathinksoft/captcha/vts_challenge/OIDplusCaptchaPluginVtsClientChallenge.class.php



 
                        $starttime = time();
                        $random = mt_rand($min,$max);
                        $ip_target = $_SERVER['REMOTE_ADDR'] ?? 'unknown';
                        $challenge = sha3_512($starttime.'/'.$ip_target.'/'.$random); // $random is secret!
                        $challenge_integrity = OIDplus::authUtils()->makeAuthKey(['797bfc34-f4fa-11ed-86ca-3c4a92df8582',$challenge]);
                        $send_to_client = array($starttime, $ip_target, $challenge, $min, $max, $challenge_integrity);
 
                        $open_trans_file = self::getOpenTransFileName($ip_target, $random);
                        if (@file_put_contents($open_trans_file, '') === false) {
                                throw new OIDplusException(_L('Cannot write file %1', $open_trans_file));

                        if (!is_file($file)) continue;
                        if (filemtime($file) > $expire) continue;
                        @unlink($file);
                }
 
                return $dir.'/vts_client_challenge_'.OIDplus::authUtils()->makeSecret(['461f4a9e-f4fa-11ed-86ca-3c4a92df8582',$ip_target,$random]).'.tmp';
        }
 
        /**
         * @param string|null $header_text
         * @param string|null $footer_text

                $open_trans_file = self::getOpenTransFileName($ip_target, $answer);
 
                $current_ip = ($_SERVER['REMOTE_ADDR'] ?? 'unknown');
                if ($ip_target != $current_ip) {
                        throw new OIDplusException(_L('IP address has changed. Please try again. (current IP %1, expected %2)', $current_ip, $ip_target));
                //} else if (time()-$starttime > OIDplus::baseConfig()->getValue('VTS_CAPTCHA_MAXTIME', 10*60/*10 minutes*/)) {
                //      throw new OIDplusException(_L('Challenge expired. Please try again.'));
                } else if (!OIDplus::authUtils()->validateAuthKey(['797bfc34-f4fa-11ed-86ca-3c4a92df8582',$challenge],$challenge_integrity,OIDplus::baseConfig()->getValue('VTS_CAPTCHA_MAXTIME', 10*60/*10 minutes*/))) {
                        throw new OIDplusException(_L('Invalid or expired authentication key'));
                } else if ($challenge !== sha3_512($starttime.'/'.$ip_target.'/'.$answer)) {
                        throw new OIDplusException(_L('Wrong answer'));
                } else if (!file_exists($open_trans_file)) {
                        throw new OIDplusException(_L('Challenge submitted twice or transaction missing'));
                } else {

Subversion Repositories oidplus

oidplus/trunk/plugins/viathinksoft/captcha/vts_challenge/OIDplusCaptchaPluginVtsClientChallenge.class.php – Rev 1282 → 1283

Rev 1282		Rev 1283
Line 63...		Line 63...
63		63
64	$starttime = time();	64	$starttime = time();
65	$random = mt_rand($min,$max);	65	$random = mt_rand($min,$max);
66	$ip_target = $_SERVER['REMOTE_ADDR'] ?? 'unknown';	66	$ip_target = $_SERVER['REMOTE_ADDR'] ?? 'unknown';
67	$challenge = sha3_512($starttime.'/'.$ip_target.'/'.$random); // $random is secret!	67	$challenge = sha3_512($starttime.'/'.$ip_target.'/'.$random); // $random is secret!
68	$challenge_integrity = OIDplus::authUtils()->makeAuthKey('797bfc34-f4fa-11ed-86ca-3c4a92df8582:'.$challenge);	68	$challenge_integrity = OIDplus::authUtils()->makeAuthKey(['797bfc34-f4fa-11ed-86ca-3c4a92df8582',$challenge]);
69	$send_to_client = array($starttime, $ip_target, $challenge, $min, $max, $challenge_integrity);	69	$send_to_client = array($starttime, $ip_target, $challenge, $min, $max, $challenge_integrity);
70		70
71	$open_trans_file = self::getOpenTransFileName($ip_target, $random);	71	$open_trans_file = self::getOpenTransFileName($ip_target, $random);
72	if (@file_put_contents($open_trans_file, '') === false) {	72	if (@file_put_contents($open_trans_file, '') === false) {
73	throw new OIDplusException(_L('Cannot write file %1', $open_trans_file));	73	throw new OIDplusException(_L('Cannot write file %1', $open_trans_file));
Line 100...		Line 100...
100	if (!is_file($file)) continue;	100	if (!is_file($file)) continue;
101	if (filemtime($file) > $expire) continue;	101	if (filemtime($file) > $expire) continue;
102	@unlink($file);	102	@unlink($file);
103	}	103	}
104		104
105	return $dir.'/vts_client_challenge_'.OIDplus::authUtils()->makeSecret('461f4a9e-f4fa-11ed-86ca-3c4a92df8582:'.$ip_target.'/'.$random).'.tmp';	105	return $dir.'/vts_client_challenge_'.OIDplus::authUtils()->makeSecret(['461f4a9e-f4fa-11ed-86ca-3c4a92df8582',$ip_target,$random]).'.tmp';
106	}	106	}
107		107
108	/**	108	/**
109	* @param string\|null $header_text	109	* @param string\|null $header_text
110	* @param string\|null $footer_text	110	* @param string\|null $footer_text
Line 147...		Line 147...
147	$open_trans_file = self::getOpenTransFileName($ip_target, $answer);	147	$open_trans_file = self::getOpenTransFileName($ip_target, $answer);
148		148
149	$current_ip = ($_SERVER['REMOTE_ADDR'] ?? 'unknown');	149	$current_ip = ($_SERVER['REMOTE_ADDR'] ?? 'unknown');
150	if ($ip_target != $current_ip) {	150	if ($ip_target != $current_ip) {
151	throw new OIDplusException(_L('IP address has changed. Please try again. (current IP %1, expected %2)', $current_ip, $ip_target));	151	throw new OIDplusException(_L('IP address has changed. Please try again. (current IP %1, expected %2)', $current_ip, $ip_target));
152	} else if (time()-$starttime > OIDplus::baseConfig()->getValue('VTS_CAPTCHA_MAXTIME', 1060/10 minutes*/)) {	152	//} else if (time()-$starttime > OIDplus::baseConfig()->getValue('VTS_CAPTCHA_MAXTIME', 1060/10 minutes*/)) {
153	throw new OIDplusException(_L('Challenge expired. Please try again.'));	153	// throw new OIDplusException(_L('Challenge expired. Please try again.'));
154	} else if (!OIDplus::authUtils()->validateAuthKey('797bfc34-f4fa-11ed-86ca-3c4a92df8582:'.$challenge, $challenge_integrity)) {	154	} else if (!OIDplus::authUtils()->validateAuthKey(['797bfc34-f4fa-11ed-86ca-3c4a92df8582',$challenge],$challenge_integrity,OIDplus::baseConfig()->getValue('VTS_CAPTCHA_MAXTIME', 1060/10 minutes*/))) {
155	throw new OIDplusException(_L('Challenge integrity failed'));	155	throw new OIDplusException(_L('Invalid or expired authentication key'));
156	} else if ($challenge !== sha3_512($starttime.'/'.$ip_target.'/'.$answer)) {	156	} else if ($challenge !== sha3_512($starttime.'/'.$ip_target.'/'.$answer)) {
157	throw new OIDplusException(_L('Wrong answer'));	157	throw new OIDplusException(_L('Wrong answer'));
158	} else if (!file_exists($open_trans_file)) {	158	} else if (!file_exists($open_trans_file)) {
159	throw new OIDplusException(_L('Challenge submitted twice or transaction missing'));	159	throw new OIDplusException(_L('Challenge submitted twice or transaction missing'));
160	} else {	160	} else {