diff options
| author | rvelices <rv-github@modusoptimus.com> | 2010-10-30 11:32:11 +0000 |
|---|---|---|
| committer | rvelices <rv-github@modusoptimus.com> | 2010-10-30 11:32:11 +0000 |
| commit | d8ec9b9fdd6fb5a29e762ecd95d440f8942ca382 (patch) | |
| tree | 97fb4e7424278f37020d6ad4951480a474dd8b8a /include/functions_comment.inc.php | |
| parent | 6f841013d93c3252ffb022594118b96aef25ea69 (diff) | |
feature 1915: add protection on user registration against robots
git-svn-id: http://piwigo.org/svn/trunk@7495 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'include/functions_comment.inc.php')
| -rw-r--r-- | include/functions_comment.inc.php | 17 |
1 files changed, 2 insertions, 15 deletions
diff --git a/include/functions_comment.inc.php b/include/functions_comment.inc.php index 7f2fd9257..d5b403b8e 100644 --- a/include/functions_comment.inc.php +++ b/include/functions_comment.inc.php @@ -119,14 +119,7 @@ SELECT COUNT(*) AS user_exists $comment_action='reject'; } - $key = explode( ':', @$key ); - if ( count($key)!=2 - or $key[0]>time()-2 // page must have been retrieved more than 2 sec ago - or $key[0]<time()-3600 // 60 minutes expiration - or hash_hmac( - 'md5', $key[0].':'.$comm['image_id'], $conf['secret_key'] - ) != $key[1] - ) + if ( !verify_ephemeral_key(@$key, $comm['image_id']) ) { $comment_action='reject'; } @@ -248,13 +241,7 @@ function update_user_comment($comment, $post_key) $comment_action = 'validate'; - $key = explode( ':', $post_key ); - if ( count($key)!=2 - or $key[0]>time()-2 // page must have been retrieved more than 2 sec ago - or $key[0]<time()-3600 // 60 minutes expiration - or hash_hmac('md5', $key[0].':'.$comment['image_id'], $conf['secret_key'] - ) != $key[1] - ) + if ( !verify_ephemeral_key($post_key, $comment['image_id']) ) { $comment_action='reject'; } |