From 0ef93646615516ae2bc87e54894708adaa29700f Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 7 Nov 2017 15:30:36 +0200 Subject: Implement data:image URIs in CAPTCHA helper Also, switched to PNG by default and dropped JPEG; refactored image files GC. Close #5200 --- system/helpers/captcha_helper.php | 74 ++++++++++++++++++++++++--------------- 1 file changed, 46 insertions(+), 28 deletions(-) (limited to 'system/helpers') diff --git a/system/helpers/captcha_helper.php b/system/helpers/captcha_helper.php index f98d8a4cd..1da4a923b 100644 --- a/system/helpers/captcha_helper.php +++ b/system/helpers/captcha_helper.php @@ -70,9 +70,9 @@ if ( ! function_exists('create_captcha')) 'img_height' => '30', 'img_alt' => 'captcha', 'font_path' => '', + 'font_size' => 16, 'expiration' => 7200, 'word_length' => 8, - 'font_size' => 16, 'img_id' => '', 'pool' => '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ', 'colors' => array( @@ -95,30 +95,41 @@ if ( ! function_exists('create_captcha')) } } - if ($img_path === '' OR $img_url === '' - OR ! is_dir($img_path) OR ! is_really_writable($img_path) - OR ! extension_loaded('gd')) + if ( ! extension_loaded('gd')) { return FALSE; } - // ----------------------------------- - // Remove old images - // ----------------------------------- + if ($img_url !== '' OR $img_path !== '') + { + if ($img_path === '' OR $img_url === '' OR ! is_dir($img_path) OR ! is_really_writable($img_path)) + { + return FALSE; + } - $now = microtime(TRUE); + /** + * Remove old images + */ + $now = microtime(TRUE); - $current_dir = @opendir($img_path); - while ($filename = @readdir($current_dir)) - { - if (in_array(substr($filename, -4), array('.jpg', '.png')) - && (str_replace(array('.jpg', '.png'), '', $filename) + $expiration) < $now) + $current_dir = @opendir($img_path); + while ($filename = @readdir($current_dir)) { - @unlink($img_path.$filename); + if (preg_match('#^(?\d{10})\.png$#', $filename, $match) && ($match['ts'] + $expiration) < $now) + { + @unlink($img_path.$filename); + } } - } - @closedir($current_dir); + @closedir($current_dir); + + // This variable will later be used later to determine whether we write to disk or output a data:image URI + $img_filename = $now.'.png'; + } + else + { + $img_filename = NULL; + } // ----------------------------------- // Do we have a "word" yet? @@ -228,8 +239,8 @@ if ( ! function_exists('create_captcha')) // Determine angle and position // ----------------------------------- $length = strlen($word); - $angle = ($length >= 6) ? mt_rand(-($length-6), ($length-6)) : 0; - $x_axis = mt_rand(6, (360/$length)-16); + $angle = ($length >= 6) ? mt_rand(-($length - 6), ($length - 6)) : 0; + $x_axis = mt_rand(6, (360 / $length)-16); $y_axis = ($angle >= 0) ? mt_rand($img_height, $img_width) : mt_rand(6, $img_height); // Create image @@ -317,24 +328,31 @@ if ( ! function_exists('create_captcha')) // ----------------------------------- // Generate the image // ----------------------------------- - $img_url = rtrim($img_url, '/').'/'; - if (function_exists('imagejpeg')) - { - $img_filename = $now.'.jpg'; - imagejpeg($im, $img_path.$img_filename); - } - elseif (function_exists('imagepng')) + if (isset($img_filename)) { - $img_filename = $now.'.png'; + $img_src = rtrim($img_url, '/').'/'.$img_filename; imagepng($im, $img_path.$img_filename); } else { - return FALSE; + // I don't see an easier way to get the image contents without writing to file + $buffer = fopen('php://memory', 'wb+'); + imagepng($im, $buffer); + rewind($buffer); + $img_src = ''; + + // fread() will return an empty string (not FALSE) after the entire contents are read + while (strlen($read = fread($buffer, 4096))) + { + $img_src .= $read; + } + + fclose($buffer); + $img_src = 'data:image/png;base64,'.base64_encode($img_src); } - $img = ''.$img_alt.''; + $img = ''.$img_alt.''; ImageDestroy($im); return array('word' => $word, 'time' => $now, 'image' => $img, 'filename' => $img_filename); -- cgit v1.2.3-24-g4f1b