-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcaptcha.diff
94 lines (88 loc) · 4.66 KB
/
captcha.diff
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
+++ include/MVC/SugarApplication.php 2021-12-20 03:33:30.088897841 +0100
@@ -117,7 +117,11 @@
if (($user_unique_key != $server_unique_key) && (!in_array($this->controller->action, $allowed_actions)) &&
(!isset($_SESSION['login_error']))) {
- session_destroy();
+
+ //only destroy logged in sessions
+ if (isset($_SESSION['unique_key'])){
+ session_destroy();
+}
if (!empty($this->controller->action)) {
if (strtolower($this->controller->action) == 'delete') {
+++ modules/Users/Authenticate.php 2021-12-20 03:33:30.084897839 +0100
@@ -54,6 +54,18 @@
$password = isset($_REQUEST['username_password'])
? $_REQUEST['username_password'] : '';
+require_once 'custom/include/securimage/securimage.php';
+
+$securimage = new Securimage();
+
+if ($securimage->check($_POST['captcha_code']) == false) {
+ // the code was incorrect
+ // you should handle the error so that the form processor doesn't continue
+ // or you can use the following code if there is no validation or you do not know how
+ header("Location: index.php?action=Login&module=Users&loginErrorMessage=ERR_CAPTCHA_INCORRECT");
+ sugar_cleanup(true);
+}
+
$authController->login($user_name, $password);
// authController will set the authenticated_user_id session variable
if (isset($_SESSION['authenticated_user_id'])) {
+++ modules/Users/GeneratePassword.php 2021-12-20 03:33:30.084897839 +0100
@@ -112,6 +112,20 @@
///////
///////////////////////////////////////////////////
+require_once 'custom/include/securimage/securimage.php';
+
+$securimage = new Securimage(array( 'perturbation' => 0.6,
+ 'wordlist_file' => 'custom/include/securimage/words/words.txt',
+ 'ttf_file' => 'custom/include/securimage/AHGBold.ttf'));
+
+if ($securimage->check($_POST['captcha_code']) == false) {
+ // the code was incorrect
+ // you should handle the error so that the form processor doesn't continue
+ // or you can use the following code if there is no validation or you do not know how
+ echo $mod_strings['ERR_CAPTCHA_INCORRECT'];
+ return;
+}
+
///////////////////////////////////////////////////
/////// Check email address
+++ themes/SuiteP/css/suitep-base/login.scss 2021-12-20 03:33:30.088897841 +0100
@@ -68,7 +68,7 @@
div.p_login #loginform {
padding: 15px;
- margin: 8% auto 0 auto;
+ margin: 3% auto 0 auto;
text-align: center;
max-width: 400px;
}
+++ themes/SuiteP/tpls/login.tpl 2021-12-20 03:33:30.088897841 +0100
@@ -107,6 +107,12 @@
id="username_password" name="username_password" value='{$LOGIN_PASSWORD}' autocomplete="off">
</div>
<br>
+ <div class="input-group" style="{$CAPTCHA_STYLE}">
+ <img id="captcha" src="index.php?entryPoint=securimage_show" alt="CAPTCHA Image" /><br/>
+ <input id="user_captcha" class="form-control" placeholder="{sugar_translate module="Users" label="LBL_CAPTCHA_CHALLENGE"}" type="text" name="captcha_code" maxlength="6" tabindex="3"/><br/>
+ <a href="#" onclick="document.getElementById('captcha').src = 'index.php?entryPoint=securimage_show&p=' + Math.random(); return false">[ Different Image ]</a>
+ </div>
+ <br>
<input id="bigbutton" class="btn btn-lg btn-primary btn-block" type="submit"
title="{sugar_translate module="Users" label="LBL_LOGIN_BUTTON_TITLE"}" tabindex="3" name="Login"
value="{sugar_translate module="Users" label="LBL_LOGIN_BUTTON_LABEL"}">
@@ -134,7 +140,12 @@
placeholder="{sugar_translate module="Users" label="LBL_EMAIL"}" autocomplete="off">
</div>
<br>
- {$CAPTCHA}
+ <div class="input-group" style="{$CAPTCHA_STYLE}">
+ <img id="captcha" src="index.php?entryPoint=securimage_show" alt="CAPTCHA Image" /><br/>
+ <input id="user_captcha" class="form-control" placeholder="{sugar_translate module="Users" label="LBL_CAPTCHA_CHALLENGE"}" type="text" name="captcha_code" maxlength="6" /><br/>
+ <a href="#" onclick="document.getElementById('captcha').src = 'index.php?entryPoint=securimage_show&p=' + Math.random(); return false">[ Different Image ]</a>
+ </div>
+ <br>
<div id='wait_pwd_generation'></div>
<input title="Email Temp Password" class="button btn-block" type="button" style="display:inline"
onclick="validateAndSubmit(); return document.getElementById('cant_login').value == ''"