diff options
author | rvelices <rv-github@modusoptimus.com> | 2010-10-30 11:32:11 +0000 |
---|---|---|
committer | rvelices <rv-github@modusoptimus.com> | 2010-10-30 11:32:11 +0000 |
commit | d8ec9b9fdd6fb5a29e762ecd95d440f8942ca382 (patch) | |
tree | 97fb4e7424278f37020d6ad4951480a474dd8b8a /include/functions.inc.php | |
parent | 6f841013d93c3252ffb022594118b96aef25ea69 (diff) |
feature 1915: add protection on user registration against robots
git-svn-id: http://piwigo.org/svn/trunk@7495 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to '')
-rw-r--r-- | include/functions.inc.php | 42 |
1 files changed, 27 insertions, 15 deletions
diff --git a/include/functions.inc.php b/include/functions.inc.php index a994fdb95..61db92ab5 100644 --- a/include/functions.inc.php +++ b/include/functions.inc.php @@ -1333,25 +1333,37 @@ function secure_directory($dir) } /** - * returns a "secret key" that is to be sent back when a user enters a comment + * returns a "secret key" that is to be sent back when a user posts a form * - * @param int image_id + * @param int valid_after_seconds - key validity start time from now */ -function get_comment_post_key($image_id) +function get_ephemeral_key($valid_after_seconds, $aditionnal_data_to_hash = '') { - global $conf; - - $time = time(); + global $conf; + $time = round(microtime(true), 1); + return $time.':'.$valid_after_seconds.':' + .hash_hmac( + 'md5', + $time.substr($_SERVER['REMOTE_ADDR'],0,5).$valid_after_seconds.$aditionnal_data_to_hash, + $conf['secret_key']); +} - return sprintf( - '%s:%s', - $time, - hash_hmac( - 'md5', - $time.':'.$image_id, - $conf['secret_key'] - ) - ); +function verify_ephemeral_key($key, $aditionnal_data_to_hash = '') +{ + global $conf; + $time = microtime(true); + $key = explode( ':', @$key ); + if ( count($key)!=3 + or $key[0]>$time-(float)$key[1] // page must have been retrieved more than X sec ago + or $key[0]<$time-3600 // 60 minutes expiration + or hash_hmac( + 'md5', $key[0].substr($_SERVER['REMOTE_ADDR'],0,5).$key[1].$aditionnal_data_to_hash, $conf['secret_key'] + ) != $key[2] + ) + { + return false; + } + return true; } /** |