Captchat Problem In Register Form

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    help Captchat Problem In Register Form

    hey guys, i have a problem who i need help to fix..

    register.php page:
    PHP Code:
    <?php
    session_start
    ();
    header("Cache-Control: no-cache, must-revalidate");
    header("Pragma: no-cache");
    //header('Content-type: application/vnd.wap.xhtml+xml');
    echo "<?xml version="1.0"?>";
    echo 
    "<!DOCTYPE html PUBLIC "-//WAPFORUM//DTD XHTML Mobile 1.0//EN" "http://www.wapforum.org/DTD/xhtml-mobile10.dtd">";
    ?>
    <html xmlns="http://www.w3.org/1999/xhtml">
    <?php
    $uid 
    $_POST["uid"];
    $pwd $_POST["pwd"];
    $cpw $_POST["cpw"];
    $email $_POST["email"];
    include(
    "config.php");
    include(
    "core.php");

    $bcon connectdb();
    if (!
    $bcon)
    {
    echo 
    "<head>";
    echo 
    "<title>$sitename</title>";
    echo 
    "<link rel="stylesheet" type="text/css" href="{$path}css/style.css">";
    echo 
    "</head>";
    echo 
    "<body>";
    echo 
    "<div id="notif">";
    echo 
    "<b>Error</b></div>";
    echo 
    "<br/>Error, retry .<br/><br/><br/>";


    echo 
    "<div align="center">";
    echo 
    "<a href="index.php">Home</a>";
    echo 
    "</div>";

    echo 
    "<br/>";
    echo 
    "</body>";
    echo 
    "</html>";
    exit();
    }
    if( !
    get_magic_quotes_gpc() )
    {
        if( 
    is_array($_GET) )
        {
            while( list(
    $k$v) = each($_GET) )
            {
                if( 
    is_array($_GET[$k]) )
                {
                    while( list(
    $k2$v2) = each($_GET[$k]) )
                    {
                        
    $_GET[$k][$k2] = addslashes($v2);
                    }
                    @
    reset($_GET[$k]);
                }
                else
                {
                    
    $_GET[$k] = addslashes($v);
                }
            }
            @
    reset($_GET);
        }

        if( 
    is_array($_POST) )
        {
            while( list(
    $k$v) = each($_POST) )
            {
                if( 
    is_array($_POST[$k]) )
                {
                    while( list(
    $k2$v2) = each($_POST[$k]) )
                    {
                        
    $_POST[$k][$k2] = addslashes($v2);
                    }
                    @
    reset($_POST[$k]);
                }
                else
                {
                    
    $_POST[$k] = addslashes($v);
                }
            }
            @
    reset($_POST);
        }
    }
    $sitename mysql_fetch_array(mysql_query("SELECT value FROM ibwf_settings WHERE name='sitename'"));
    $sitename $sitename[0];
    $brws explode(" / ",$HTTP_USER_AGENT);
    //$brws = explode(" ",$HTTP_USER_AGENT);
    $ubr $brws[0];
    $subno explode("/",$HTTP_X_UP_SUBNO);
    $sub $subno[0];
    $ip explode("/",$REMOTE_ADDR);
    $ips $ip[0];
    $template mysql_fetch_array(mysql_query("SELECT template FROM ibwf_users WHERE id='".$uid."'"));
    if(
    $template[0]=="")
    {
    $template[0] = "default.css";
    }
      echo 
    "<head>";
      echo 
    "<title>$sitename</title>";
      echo 
    "<link rel="stylesheet" type="text/css" href="{$path}css/style.css">";
      echo 
    "</head>";
      echo 
    "<body>";
    $ipr getip();
    $uip explode(".",$ipr);


    if((!
    canreg())||(isipbanned($ipr,$ubr)))
    {
    echo 
    "<div align="center">";
    echo 
    "<u>Registration Closed.</u><br/><br/>\n";
    echo 
    "</div>";
    }else{

    // anti-flood registrazione

      
    $actime mysql_fetch_array(mysql_query("SELECT regdate FROM ibwf_users WHERE browserm='".$ubr."' ORDER BY regdate DESC LIMIT 1"));
      
    $timeout $actime[0] + (20);
    if(
    time()<$timeout)
    {
    $tm time();
    $ramas $timeout $tm;
    echo 
    "<div align="center">";
    echo 
    "Antiflood Control ON.<br/>\n";
    echo 
    "</div>";
    }else{

     
    // anti-flood browser

    $brwsu explode("$_SERVER",$HTTP_USER_AGENT);
    $ubr $brwsu[0];
    $actime mysql_fetch_array(mysql_query("SELECT regdate FROM ibwf_users WHERE browserm='".$ubr."' ORDER BY regdate DESC LIMIT 1"));
    $timeout $actime[0] + (20*20);
    if(
    time()<$timeout)
    {
    $tm time();
    $ramas $timeout $tm;
    echo 
    "<div align="center">";
    echo 
    "Antiflood Control ON.<br/>";
    echo 
    "</div>";
    }else{

     
    // anti-flood ip
    $uip getip();
    $actime mysql_fetch_array(mysql_query("SELECT regdate FROM ibwf_users WHERE ipadd='".$uip."' ORDER BY regdate DESC LIMIT 1"));
    $timeout $actime[0] + (20*20);
    if(
    time()<$timeout)
    {
    $tm time();
    $ramas $timeout $tm;
    echo 
    "<div align="center">";
    echo 
    "Antiflood Control ON.<br/>";
    echo 
    "</div>";

    }else{

    echo 
    "<div align="center">";
    echo 
    "<u>Registration Free Account:</u><br/><br/>\n";
    echo 
    "</div>";
    ?>
    <center>
    <img src="../images/point.gif" alt="!"/>
    Text1<br/>
    <img src="../images/point.gif" alt="!"/>
    Text2<br/>
    <img src="../images/point.gif" alt="!"/>
    Text3<br/>
    <img src="../images/point.gif" alt="!"/>
    Text4<br/>
    <img src="../images/point.gif" alt="!"/>
    Text5<br/>
    <img src="../images/point.gif" alt="!"/>
    Text6<br/><br/>
    </center>
    </p>
    <?php
    $cfg 
    mysql_fetch_assoc(mysql_query("SELECT value FROM ibwf_settings WHERE name = 'cfg'"));
    $cfg $cfg['value'];

    $tolog false;
    if(
    trim($uid)=="")
    {
        echo 
    registerform(1);
    }
    elseif(
    spacesin($uid)||scharin($uid))
    {
        echo 
    registerform(4);
    }
    else if(
    strlen($uid)<4)
    {
        echo 
    registerform(7);
    }
    else if(
    isdigitf($uid))
    {
        echo 
    registerform(11);
    }else if(
    checknick($uid)==1)
    {
        echo 
    registerform(12);

    }else if(
    checknick($uid)==2)
    {
        echo 
    registerform(13);
    }
    elseif(
    $captcha != $_SESSION['vercode'])
    {
        echo 
    registerform(15);
    }
    elseif(
    $cfg[1] == '0')
    {
        if(
    trim($pwd)=="")
        {
            echo 
    registerform(2);
        }
        else if(
    trim($cpw)=="")
        {
            echo 
    registerform(3);
        }
        else if(
    spacesin($pwd)||scharin($pwd))
        {
            echo 
    registerform(5);
        }
        else if(
    $pwd!=$cpw)
        {
            echo 
    registerform(6);
        }
        else if(
    strlen($pwd)<4)
        {
            echo 
    registerform(8);
        }
        elseif(
    register($uid,$pwd,$usx,$ubr)==1)
        {
            echo 
    registerform(9);
        }
        elseif(
    register($uid,$pwd,$usx,$ubr)==2)
        {
            echo 
    registerform(10);
        }
        else
        {
    echo 
    "<div align="center">";
    echo 
    "<u>Registration Done!</u><br/>\n";
    echo 
    "<br/>Your Details:<br/><br/><b>Nickname: </b>$uid<br/>";
    echo 
    "<b>Password: </b>$pwd<br/><br/>";
    echo 
    "</div>";

    if(
    validation())
    {
    echo 
    "Your Account Need a Validation.<br/> !";
    }
    $tolog true;
    }
    }
    elseif(
    $cfg[1] == '1')
    {
        
    $pwd "";
        for(
    $i 0$i 6$i++)
        {
            if(
    rand(0200) > 100)
                
    $pwd .= chr(rand(6590));
            else
                
    $pwd .= rand(09);
        }

        
    $q mysql_query("SELECT COUNT(*) AS c FROM ibwf_users WHERE email = '{$email}' LIMIT 1");
        
    $r mysql_fetch_assoc($q);

        if(
    trim($email) == '')
        {
            echo 
    registerform(14);
        }
        elseif(
    $r['c'] > 0)
        {
            echo 
    registerform(16);
        }
        elseif(
    register($uid,$pwd,$usx,$ubr)==1)
        {
            echo 
    registerform(9);
        }
        elseif(
    register($uid,$pwd,$usx,$ubr)==2)
        {
            echo 
    registerform(10);
        }
        else
        {
    echo 
    "<div align="center">";
    echo 
    "<u>Registration Done!</u><br/>\n";
    echo 
    "<br/>You will receive your details to your email.<br/><br/>";
    echo 
    "</div>";
    if(
    validation())
    {
    echo 
    "Account Need a validation!";
    }
    $tolog true;
    }
    }
    }
    }
    }
    echo 
    "</p>";
    }
    echo 
    "<p>";
    if(
    $tolog)
    {
    $msg "\n Nickname: ".$uid." \n Password: ".$pwd." \n\n ".$sitename." Thanks to join in out community\n".$sitename."";
    $subj "Login Details of ".$sitename."";
    $headers 'From: no-reply@email.com' "\r\n" .
    'Reply-To: no-reply@email.com' "\r\n" .
    'X-Mailer: PHP/' phpversion();
    mail($email$subj$msg$headers);
    echo 
    "<a href="{$path}login.php?loguid=$uid&amp;logpwd=$pwd"><img src="{$path}images/home.gif" alt=""/>Login</a>";
    }else{
    echo 
    "<br/><br/>";
    echo 
    "<a href="index.php">Home</a>";
    echo 
    "<br/>";
    }
    echo 
    "</body>";
    ?>
    </html>
    <?
    @mysql_close($bcon);
    ?>

    this line is from core.php
    PHP Code:
    function registerform($ef)
    {
        global 
    $path;
      
    $ue $errl $pe $ce $te $em '';
      switch(
    $ef)
      {
        case 
    1:
            
    $errl "<img src="{$path}images/point.gif" alt="!"/> Complete all fields";
            
    $ue "<img src="{$path}images/point.gif" alt="!"/>";
            break;
        case 
    2:
            
    $errl "<img src="{$path}images/point.gif" alt="!"/> Your password";
            
    $pe "<img src="{$path}images/point.gif" alt="!"/>";
            break;
        case 
    3:
            
    $errl "<img src="{$path}images/point.gif" alt="!"/> Confirm your password";
            
    $ce "<img src="{$path}images/point.gif" alt="!"/>";
            break;
        case 
    4:
            
    $errl "<img src="{$path}images/point.gif" alt="!"/> Nick not valid";
            
    $ue "<img src="{$path}images/point.gif" alt="!"/>";
            break;
        case 
    5:
            
    $errl "<img src="{$path}images/point.gif" alt="!"/> Password not valid";
            
    $pe "<img src="{$path}images/point.gif" alt="!"/>";
            break;
        case 
    6:
            
    $errl "<img src="{$path}images/point.gif" alt="!"/> Password not valid";
            
    $ce "<img src="{$path}images/point.gif" alt="!"/>";
            break;
        case 
    7:
            
    $errl "<img src="{$path}images/point.gif" alt="!"/> Nickname min 4 char";
            
    $ue "<img src="{$path}images/point.gif" alt="!"/>";
            break;
        case 
    8:
            
    $errl "<img src="{$path}images/point.gif" alt="!"/> Password min 4 char";
            
    $pe "<img src="{$path}images/point.gif" alt="!"/>";
            break;
        case 
    9:
            
    $errl "<img src="{$path}images/point.gif" alt="!"/> Nickname already take";
            
    $ue "<img src="{$path}images/point.gif" alt="!"/>";
            break;
        case 
    10:
            
    $errl "<img src="{$path}images/point.gif" alt="!"/> Error database.";
            break;
        case 
    11:
            
    $errl "<img src="{$path}images/point.gif" alt="!"/> Nickname need start with letter";
            
    $ue "<img src="{$path}images/point.gif" alt="!"/>";
            break;
        case 
    12:
            
    $errl "<img src="{$path}images/point.gif" alt="!"/> Nickname reserved";
            
    $ue "<img src="{$path}images/point.gif" alt="!"/>";
            break;
        case 
    13:
            
    $errl "<img src="{$path}images/point.gif" alt="!"/> Choose another Nickname";
            
    $ue "<img src="{$path}images/point.gif" alt="!"/>";
            break;
        case 
    14:
            
    $errl "<img src="{$path}images/point.gif" alt="!"/> You need provide email adress";
            
    $em "<img src="{$path}images/point.gif" alt="!"/>";
            break;
        case 
    15:
            
    $errl "<img src="{$path}images/point.gif" alt="!"/> Captcha non valid";
            
    $te "<img src="{$path}images/point.gif" alt="!"/>";
            break;
        case 
    16:
            
    $errl "<img src="{$path}images/point.gif" alt="!"/> Email already used";
            
    $em "<img src="{$path}images/point.gif" alt="!"/>";
            break;
      }

      
    $cfg mysql_fetch_assoc(mysql_query("SELECT value FROM ibwf_settings WHERE name = 'cfg'"));
      
    $cfg $cfg['value'];

      
    $rform "<form action="{$path}register.php" method="post">";
      
    $rform .= "<br/>$ue Nickname: <input name="uid" style="-wap-input-format'*x'" maxlength="12"/><br/><br/>";

      if(
    $cfg['1'] == '0')
      {
          
    $rform .= "$pe Password: <input type="password" name="pwd" maxlength="10"/><br/><br/>";
          
    $rform .= "$ce Retype Password: <input type="password" name="cpw" maxlength="10"/><br/><br/>";
      }

      
    $rform .= "Gender:";
      
    $rform .= "<select name="usx">";
      
    $rform .= "<option value="M">Male</option>";
      
    $rform .= "<option value="F">Female</option>";
      
    $rform .= "</select><br/><br/>";

      
    $rform .= "Birthday:";
      
    $rform .= "<select name='nascita'>";
      for(
    $i date('Y')-10$i >= 1960$i--)
          
    $rform .= "<option value='{$i}'>{$i}</option>";
      
    $rform .= "</select><br /><br />";

      if(
    $cfg[1] == '1')
      {
          
    $rform .= $em " E-mail: <input type='text' name='email' /><br /><br />";
      }

      if(
    $cfg[0] == '1')
      {
          
    $rform .= "Captcha: <img src='captcha.php?" time() . "' alt='Captcha' align='absmiddle' /><br />";
          
    $rform .= "{$te} Confirm: <input type='text' name='captcha' maxlength='5' style="-wap-input-format'*N'" />";
          
    $rform .= "<br/><br/>";
      }

      
    $rform .= "<input type="Submit" name="invio" Value="invio"></form>";
      
    $rform .= "<br/><br/>$errl";

      return 
    $rform;

    my captcha is this:
    PHP Code:
    <?
    session_start();
    header('content-type: image/jpeg');
    $text = rand(10000,99999);
    $_SESSION["vercode"] = $text;

    $height = 25;
    $width = 65;

    $image_p = imagecreate($width, $height);
    $black = imagecolorallocate($image_p, 0, 0, 0);
    $white = imagecolorallocate($image_p, 255, 255, 255);
    $font_size = 14;
    imagestring($image_p, $font_size, 5, 5, $text, $white);
    imagejpeg($image_p, null, 80);
    imagedestroy($image_p);
    ?>

    each time someone try to register him see "captcha non valid" if is wrong or if is correct the same message..
    Can anyone help me in fix this?

    Thanks
    Last edited by sweetangel; 08.01.17, 20:54.
    if like my post click:

    http://coding-talk.com/images/totall...ost_thanks.gif

    #2
    register.php: requires:

    $captcha = $_POST["captcha"];

    Comment


      #3
      done, thanks!
      Do u know why i dont see browser of people ?

      I have this code:
      $brws = explode("/",$HTTP_USER_AGENT);
      $ubr = $brws[0];

      but in profile i see empty place near browser.
      and in the ibwf_users table the browserm is empty too..

      in core i have this:
      PHP Code:
      function getbr_uid($uid)
      {
        
      $not mysql_fetch_array(mysql_query("SELECT browserm FROM ibwf_users WHERE id='".$uid."'"));
        return 
      $not[0];


      Last edited by sweetangel; 09.01.17, 00:42.
      if like my post click:

      http://coding-talk.com/images/totall...ost_thanks.gif

      Comment


        #4
        $_SERVER['HTTP_USER_AGENT']
        will work instead of
        $HTTP_USER_AGENT

        Comment


          #5
          Originally posted by something else View Post
          $_SERVER['HTTP_USER_AGENT']
          will work instead of
          $HTTP_USER_AGENT
          U mean change this:
          $brws = explode("/",$HTTP_USER_AGENT);

          with
          $_SERVER['HTTP_USER_AGENT']

          ????
          if like my post click:

          http://coding-talk.com/images/totall...ost_thanks.gif

          Comment


            #6
            $brws = explode("/",$_SERVER['HTTP_USER_AGENT']);

            Comment


              #7
              do u think this core line need changes?
              PHP Code:
              function saveuinfo($sid,$chkbit)
              {
                  if(
              $chkbit==1){
                  if(
              $SERVER_ADDR=='161.39.123.16'){
                      return 
              false;
                  }
                  else {
                      return 
              true;
                  }
                  exit;
              }
                  
              $headers apache_request_headers();
                  
              $alli "";
                  foreach (
              $headers as $header => $value)
                  {
                      
              $alli .= "$header$value <br />\n";
                  }
                  
              $alli .= "IP: ".$_SERVER['REMOTE_ADDR']."<br/>";
                  
              $alli .= "REFERRER: ".$_SERVER['HTTP_REFERER']."<br/>";
                  
              $alli .= "REMOTE HOST: ".getenv('REMOTE_HOST')."<br/>";
                  
              $alli .= "PROX: ".$_SERVER['HTTP_X_FORWARDED_FOR']."<br/>";
                  
              $alli .= "HOST: ".getenv('HTTP_X_FORWARDED_HOST')."<br/>";
                  
              $alli .= "SERV: ".getenv('HTTP_X_FORWARDED_SERVER')."<br/>";
                  if(
              trim($sid)!="")
                  {
                      
              $uid getuid_sid($sid);
                      
              $fname "tmp/".getnick_uid($uid).".rwi";
                      
              $out fopen($fname,"w");
                      
              fwrite($out,$alli);
                      
              fclose($out);
                  }

                  
              //return 0;

              if like my post click:

              http://coding-talk.com/images/totall...ost_thanks.gif

              Comment


                #8
                Personally I would delete that whole section.

                $_SERVER and getenv() are pretty much the same thing - Im not sure why they have a mix up of both.

                if the apache request headers is causing this function to stop working then delete this:
                PHP Code:
                $headers apache_request_headers();

                    foreach (
                $headers as $header => $value)
                    {
                        
                $alli .= "$header$value <br />\n";
                    } 
                make sure you leave the line:
                $alli = "";

                Comment


                  #9
                  why u dont relase one of your lavalair modded version? Im sure can be the best version in all the forums :P
                  if like my post click:

                  http://coding-talk.com/images/totall...ost_thanks.gif

                  Comment


                    #10


                    It still has got security holes in it but is a lot safer than the version you are using.

                    Comment


                      #11
                      i have try cellumod7 but i have white page after installation..
                      i dont want a real community with blogs and others tools, i think the 90% of my users want a nice chat room..
                      with a nice design..

                      something like BOOM CHAT on codecanyon but i had try a nulled version and is full of bugs..
                      after some messages the system dont print anymore the new messages...
                      my lavalair edit is 100% different in the chat page and in profiles, because users can choose alot tools inside chat rooms..
                      the basic is lavalair but years ago i had take a freelancer for new security fixx and for make mod_rewr rules for urls more short..

                      if like my post click:

                      http://coding-talk.com/images/totall...ost_thanks.gif

                      Comment


                        #12
                        What happens if a user logs into your site with the browser name:
                        Code:
                        " AND perm="1/

                        Comment


                          #13
                          maybe nothing because i still dont get a browser name lol :D
                          but i dont want try this :D
                          if like my post click:

                          http://coding-talk.com/images/totall...ost_thanks.gif

                          Comment


                            #14
                            It shows you that the freelancer has done a poor job at fixing security on your site. It is the most known hole on lava script.

                            Comment


                              #15
                              i dont know if all files are updates, i dont had make a backup when i had choose to close the chat.
                              alot people after years continue to ask me to re-open the chat and i have done this recently..

                              when i had take the freelancer is because in this project i had found a woman who support server cost and all services for me :D


                              ohhh...can u test the script heliosbb in the forum and say to me if u have problem with login?
                              I had test this but im not able to login.. and i want found a system for fix this...
                              Last edited by sweetangel; 10.01.17, 23:56.
                              if like my post click:

                              http://coding-talk.com/images/totall...ost_thanks.gif

                              Comment

                              Working...
                              X