aboutsummaryrefslogtreecommitdiffstats
path: root/include/functions_comment.inc.php
diff options
context:
space:
mode:
authorrvelices <rv-github@modusoptimus.com>2010-10-30 11:32:11 +0000
committerrvelices <rv-github@modusoptimus.com>2010-10-30 11:32:11 +0000
commitd8ec9b9fdd6fb5a29e762ecd95d440f8942ca382 (patch)
tree97fb4e7424278f37020d6ad4951480a474dd8b8a /include/functions_comment.inc.php
parent6f841013d93c3252ffb022594118b96aef25ea69 (diff)
feature 1915: add protection on user registration against robots
git-svn-id: http://piwigo.org/svn/trunk@7495 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'include/functions_comment.inc.php')
-rw-r--r--include/functions_comment.inc.php17
1 files changed, 2 insertions, 15 deletions
diff --git a/include/functions_comment.inc.php b/include/functions_comment.inc.php
index 7f2fd9257..d5b403b8e 100644
--- a/include/functions_comment.inc.php
+++ b/include/functions_comment.inc.php
@@ -119,14 +119,7 @@ SELECT COUNT(*) AS user_exists
$comment_action='reject';
}
- $key = explode( ':', @$key );
- if ( count($key)!=2
- or $key[0]>time()-2 // page must have been retrieved more than 2 sec ago
- or $key[0]<time()-3600 // 60 minutes expiration
- or hash_hmac(
- 'md5', $key[0].':'.$comm['image_id'], $conf['secret_key']
- ) != $key[1]
- )
+ if ( !verify_ephemeral_key(@$key, $comm['image_id']) )
{
$comment_action='reject';
}
@@ -248,13 +241,7 @@ function update_user_comment($comment, $post_key)
$comment_action = 'validate';
- $key = explode( ':', $post_key );
- if ( count($key)!=2
- or $key[0]>time()-2 // page must have been retrieved more than 2 sec ago
- or $key[0]<time()-3600 // 60 minutes expiration
- or hash_hmac('md5', $key[0].':'.$comment['image_id'], $conf['secret_key']
- ) != $key[1]
- )
+ if ( !verify_ephemeral_key($post_key, $comment['image_id']) )
{
$comment_action='reject';
}