Changeset 1793

Timestamp:

09/25/06 13:31:58 (2 years ago)

Author:

sam

Message:

Improved antispam protection system. Few tweaks here and there

Location:

trunk

Files:

• htdocs/css/common.css (modified) (1 diff)
• htdocs/install/zwe-data-common.sql (modified) (2 diffs)
• htdocs/install/zwe-db.sql (modified) (1 diff)
• htdocs/interface/ask.png (added)
• php-include/core/admin/admin.inc.php (modified) (3 diffs)
• php-include/core/admin/i18n/fr (modified) (2 diffs)
• php-include/core/users/i18n/fr (modified) (10 diffs)
• php-include/core/users/users.inc.php (modified) (15 diffs)
• php-include/kernel/session.inc.php (modified) (3 diffs)
• php-include/modules/blog/blog.inc.php (modified) (10 diffs)
• php-include/modules/blog/i18n/fr (modified) (4 diffs)
• php-include/modules/pages/pages.inc.php (modified) (4 diffs)

trunk/htdocs/css/common.css

@@ -66 +66 @@
           height: 100px; }
 
+p.ask   { padding: 1em; padding-left: 120px;
+          background-image: url("../interface/ask.png");
+          background-repeat: no-repeat; background-position: left center;
+          height: 100px; }
+
 span#autherror { color: red; font-size: smaller; font-weight: bold;
                  padding: 0 1em; }

trunk/htdocs/install/zwe-data-common.sql

@@ -28 +28 @@
 INSERT INTO `__PREFIX__config` VALUES (19, 'checkbox', 'on', 'Use Access Control Lists', 'use_acl', 'on');
 INSERT INTO `__PREFIX__config` VALUES (20, 'checkbox', 'on', 'Use Gravatars', 'gravatars', 'on');
-INSERT INTO `__PREFIX__config` VALUES (20, 'checkbox', 'on', 'Math Antispam', 'math_antispam', 'on');
 INSERT INTO `__PREFIX__css` VALUES (1, 'zwe-v2-5', 'screen', 'stylesheet', 'Zwe v2.5');
 INSERT INTO `__PREFIX__css` VALUES (2, 'zwe-v2-4', 'screen', 'alternate stylesheet', 'Zwe v2.4');
@@ -40 +39 @@
 INSERT INTO `__PREFIX__modules` VALUES ('admin', 'admin', 'core');
 INSERT INTO `__PREFIX__modules` VALUES ('menus', 'menus', 'core');
-INSERT INTO `__PREFIX__users_accounts` VALUES (1, '__LOGIN__', '__PASSWORD__', '__NAME__', '__EMAIL__', 'mixed', '__URL__', '', '1', '__TIMESTAMP__');
+INSERT INTO `__PREFIX__users_accounts` VALUES (1, '__LOGIN__', '__PASSWORD__', '__NAME__', '__EMAIL__', 'mixed', '__URL__', '', '1', '__TIMESTAMP__', 1);
 INSERT INTO `__PREFIX__users_groups` VALUES ('admin', 'Administration', 'Administration group');
 INSERT INTO `__PREFIX__users_group_links` VALUES (1, 'admin')

trunk/htdocs/install/zwe-db.sql

@@ -8 +8 @@
 CREATE TABLE IF NOT EXISTS `__PREFIX__menu` (  `key` varchar(32) NOT NULL default '',  `contents` text NOT NULL default '',  PRIMARY KEY  (`key`)) TYPE=MyISAM COMMENT='Menu entries';
 CREATE TABLE IF NOT EXISTS `__PREFIX__modules` (  `name` varchar(32) NOT NULL default '',  `type` varchar(32) NOT NULL default '',  `status` enum('inactive','active','core') NOT NULL default 'inactive',  PRIMARY KEY  (`name`)) TYPE=MyISAM PACK_KEYS=0 COMMENT='Module management';
-CREATE TABLE IF NOT EXISTS `__PREFIX__users_accounts` (  `id` smallint(6) NOT NULL auto_increment,  `login` varchar(255) default NULL,  `pass` varchar(255) default NULL,  `name` text,  `email` text,  `private` enum('private','mixed','public') NOT NULL default 'mixed',  `url` varchar(255) default NULL,  `css` varchar(64) NOT NULL default '',  `confirmation` varchar(255) default NULL,  `created` varchar(42) NOT NULL default '',  PRIMARY KEY  (`id`)) TYPE=MyISAM COMMENT='Site users';
+CREATE TABLE IF NOT EXISTS `__PREFIX__users_accounts` (  `id` smallint(6) NOT NULL auto_increment,  `login` varchar(255) default NULL,  `pass` varchar(255) default NULL,  `name` text,  `email` text,  `private` enum('private','mixed','public') NOT NULL default 'mixed',  `url` varchar(255) default NULL,  `css` varchar(64) NOT NULL default '',  `confirmation` varchar(255) default NULL,  `created` varchar(42) NOT NULL default '',  `human` tinyint(1) NOT NULL default 0,  PRIMARY KEY  (`id`)) TYPE=MyISAM COMMENT='Site users';
 CREATE TABLE IF NOT EXISTS `__PREFIX__users_group_links` (  `userid` smallint(6) NOT NULL default '0',  `group` varchar(32) NOT NULL default '',  PRIMARY KEY  (`userid`, `group`)) TYPE=MyISAM COMMENT='Group linkings';
 CREATE TABLE IF NOT EXISTS `__PREFIX__users_groups` (  `key` varchar(32) NOT NULL default '',  `name` varchar(32) NOT NULL default '',  `desc` text NOT NULL,  PRIMARY KEY  (`key`)) TYPE=MyISAM COMMENT='User groups';

trunk/php-include/core/admin/admin.inc.php

@@ -430 +430 @@
   function DeleteModule ($name)
   {
+    $this->parser->open_parag (_msg ("Delete module"), false);
+
     if (!array_key_exists($name, $GLOBALS['modules']->modules))
       ZweError ("Module not found!");
@@ -444 +446 @@
       }
 
-    $this->parser->open_parag (_msg ("Delete module:") . " $name");
+    $this->parser->output ("<p class=\"ask\">\n", 1);
     $this->parser->output (_msg ("Are you sure you want to delete this module?"));
+    $this->parser->output ("<br /><br />" . _msg ("The name of this module is:") .
+                           " <i>" . $name . "</i>\n");
     $this->parser->output ("</p>\n", -1);
 
@@ -741 +745 @@
       }
 
-    $this->parser->open_parag (_msg ("Delete a stylesheet"));
+    $this->parser->open_parag (_msg ("Delete a stylesheet"), false);
+
+    $this->parser->output ("<p class=\"ask\">\n", 1);
     $this->parser->output (_msg("Are you sure you want to delete the stylesheet") . " <b>" .
                             $stylesheet['title'] . "</b> ?");

trunk/php-include/core/admin/i18n/fr

@@ -103 +103 @@
 Supprimer une feuille de style
 
-:Delete module:
-Supprimer le module :
+:Delete module
+Supprimer un module
 
 :Delete this module
@@ -300 +300 @@
 Tâches :
 
+:The name of this module is:
+Le nom de ce module est :
+
 :The stylesheet key name can only contain alphanumeric characters ([a-zA-Z0-9_-/]+).
 La clé de la feuille de style ne peut contenir que des caractères alphanumériques ([a-zA-Z0-9_-/]+).

trunk/php-include/core/users/i18n/fr

@@ -7 +7 @@
 Compte créé
 
+:activates antispam protection again on all accounts
+active a nouveau la protection antispam sur tous les comptes
+
 :Activation canceled
 Activation annulée
@@ -14 +17 @@
 
 :Activated:
-Activé il y a:
+Activé il y a :
 
 :Activation failed! Please check your login and password and try again.
@@ -34 +37 @@
 Souhaitez-vous vraiment supprimer cet utilisateur ?
 
+:Are you sure you want to deshumanize all users, thus re-enabling the antispam protection?
+Souhaitez-vous vraiment déshumaniser tous les utilisateurs, ré-activant ainsi la protection antispam ?
+
 :As mail confirmation is needed, you must give an email address!
 La confirmation par mail étant nécessaire, vous devez fournir une adresse email !
@@ -56 +62 @@
 Confirmer
 
+:Confirmed
+Confirmé
+
 :Create
 Créer
@@ -85 +94 @@
 Radier cet utilisateur du groupe
 
-:Delete group:
-Supprimer le groupe :
+:Delete group
+Supprimer un groupe
 
 :Details
@@ -94 +103 @@
 Description :
 
+:Deshumanize
+Déshumaniser
+
 [e]
 
@@ -123 +135 @@
 Erreur lors de la création du groupe !
 
+:Error while deshumanizing user accounts!
+Erreur lors de la déshumanisation des comptes utilisateur !
+
 :Error while removing user!
 Erreur lors de la suppression de l'utilisateur !
@@ -186 +201 @@
 Bonjour
 
+:Human:
+Humain :
+
 [i]
 
@@ -237 +255 @@
 Aucun
 
+:Not yet confirmed, antispam protection active
+Pas encore confirmé, protection antispam active
+
 [o]
 
@@ -297 +318 @@
 [t]
 
+:The name of this group is:
+Le nom de ce groupe est :
+
 :There is currently one user in the database.
 Il y a actuellement un seul utilisateur dans la base de données.

trunk/php-include/core/users/users.inc.php

@@ -73 +73 @@
     ZweError ("You must be logged in to access this page!");
 
-  $user = new cQuery ("SELECT `id`,`name`,`login`,`email`,`url`,`private`,`created`,`confirmation`
+  $user = new cQuery ("SELECT `id`,`name`,`login`,`email`,`url`,
+                                    `private`,`created`,`confirmation`,
+                                    `human`
                               FROM `" . $this->tables['users'] . "`
                               WHERE `login` = '" . $GLOBALS['db']->EscapeString($parts[1]) . "'");
@@ -126 +128 @@
       $this->CreateAccount ();
 
+    elseif (preg_match("/^deshumanize$/", $GLOBALS['context']['context']))
+      $this->Deshumanize ();
+
     elseif (preg_match("/^lost$/", $GLOBALS['context']['context']))
       $this->LostPassword ();
@@ -193 +198 @@
   function ShowAccounts ()
   {
-    $query = new cQuery ("SELECT `id`,`name`,`login`,`email`,`url`,`private`,`created`,`confirmation`
+    $query = new cQuery ("SELECT `id`,`name`,`login`,`email`,`url`,
+                                 `private`,`created`,`confirmation`,
+                                 `human`
                            FROM `" . $this->tables['users'] . "`
                            ORDER BY `confirmation` ASC");
@@ -209 +216 @@
     $this->parser->output ("</p>\n", -1);
 
+    $this->parser->output ("<ul id=\"adminmenu\">\n", 1);
+    $this->parser->output ("<li><a href=\"" . $this->flow->GetBaseURL ("users") . "/deshumanize\">" .
+                           _msg ("Deshumanize") . "</a> (" .
+                           _msg ("activates antispam protection again on all accounts") . ")</li>\n");
+    $this->parser->output ("<li><a href=\"" . $this->flow->GetBaseURL ("users") . "/groups\">" .
+                           _msg ("Groups management") . "</a></li>\n");
+    $this->parser->output ("</ul>\n", -1);
+
     $this->parser->output ("<table border=\"0\" width=\"99%\">\n", 1);
     $this->parser->output ("<thead><tr>\n", 1);
@@ -231 +246 @@
 
         $this->parser->output ("</a>\n", -1);
+
+        if ($row['human'] != 1)
+          $this->parser->output ("<img src=\"" . $GLOBALS['config']['site_path']['value'] .
+                                 "interface/puce.gif\" alt=\"" . _msg ("No antispam confirmation yet") . "\" />\n");
+
         $this->parser->output ("</td>\n", -1);
 
@@ -591 +611 @@
   function DeleteGroup ($group)
   {
+    $this->parser->open_parag (_msg ("Delete group"), false);
+
     if ($group == $GLOBALS['config']['users_admin_group']['value'])
       ZweError ("You can't remove the administration group!");
@@ -614 +636 @@
     $grp = $query->Step ();
 
-    $this->parser->open_parag (_msg ("Delete group:") . " " . $grp['name']);
+    $this->parser->output ("<p class=\"ask\">\n", 1);
     $this->parser->output (_msg ("Are you sure you want to delete this group?"));
-    $this->parser->output ("</p>\n", -1);
+    $this->parser->output ("<br /><br />" . _msg ("The name of this group is:") .
+                           " <i>" . $grp['name'] . "</i>\n");
+    $this->parser->output ("</p>\n", -1);
+
     $this->parser->output ("<form method=\"post\" action=\"" . $this->flow->GetBaseURL () . "/groups/$group/delete\">\n", 1);
 
@@ -631 +656 @@
   function ManageGroups ()
   {
+    $this->parser->open_parag (_msg ("Create group"));
+
     if (isset($_POST['__add_group']))
       {
@@ -662 +689 @@
       }
 
-    $this->parser->open_parag (_msg ("Create group"));
     $this->parser->output ("</p>\n", -1);
     $this->parser->output ("<form method=\"post\" action=\"" . $this->flow->GetBaseURL () . "/groups\">\n", 1);
@@ -737 +763 @@
   function GroupDetails ($group)
   {
+    $this->parser->open_parag (_msg ("Edit group:") . " " . $group, false);
+
     $group_query = new cQuery ("SELECT `name`,`desc` FROM `" . $this->tables['groups'] . "`
                                  WHERE `key` = '" . $GLOBALS['db']->EscapeString($group) . "'");
@@ -762 +790 @@
 
     $grp = $group_query->Step ();
-
-    $this->parser->open_parag (_msg ("Edit group:") . " " . $group, false);
 
     $this->parser->output ("<form method=\"post\" action=\"" . $this->flow->GetBaseURL () .
@@ -1174 +1200 @@
   }
 
+  function Deshumanize ()
+  {
+    if (isset($_POST['__cancel']))
+      ReloadPage ($this->flow->GetBaseURL ());
+
+    $this->parser->open_parag (_msg ("Deshumanize"), false);
+
+    if (isset($_POST['__deshumanize']))
+      {
+        $query = new cUpdate($this->tables['users'],
+                             array("human" => 0),
+                             array("human" => 1));
+        if (!$query)
+          ZweError ("Error while deshumanizing user accounts!");
+
+        ReloadPage ($this->flow->GetBaseURL ());
+      }
+
+    $this->parser->output ("<p class=\"ask\">\n", 1);
+    $this->parser->output (_msg ("Are you sure you want to deshumanize all users, thus re-enabling the antispam protection?"));
+    $this->parser->output ("</p>\n", -1);
+
+    $this->parser->output ("<form method=\"post\" action=\"" . $this->flow->GetBaseURL () . "/deshumanize\">\n", 1);
+
+    $this->parser->output ("<div style=\"text-align: center;\">\n", 1);
+    $this->parser->output ("<input type=\"submit\" name=\"__deshumanize\" value=\"" . _msg ("Deshumanize") . "\" />\n");
+    $this->parser->output ("<input type=\"submit\" name=\"__cancel\"      value=\"" . _msg ("Cancel") . "\" />\n");
+    $this->parser->output ("</div>\n", -1);
+
+    $this->parser->output ("</form>\n", -1);
+    $this->parser->output ("<p>\n", 1);
+
+    $this->parser->close_parag ();
+  }
+
   function ShowProfile ($info, $small = false)
   {
@@ -1206 +1267 @@
     $this->parser->output ("</dt><dd>" . DateOffset ($info['created']) . "</dd>\n", 2);
 
+    /* Antispam confirmation */
+    $this->parser->output ("<dt>" . _msg ("Human:") . "</dt>");
+    if ($info['human'] == 1)
+      $this->parser->output ("<dd>" . _msg ("Confirmed") . "</dd>\n", 2);
+    else
+      $this->parser->output ("<dd>" . _msg ("Not yet confirmed, antispam protection active") . "</dd>\n", 2);
+
     /* Groups */
     $groups = $GLOBALS['session']->LoadGroups ($info['id']);
@@ -1246 +1314 @@
   function DeleteAccount ($login)
   {
-    $user = new cQuery ("SELECT `id`,`name`,`login`,`email`,`url`,`private`,`created`,`confirmation`
+    $this->parser->open_parag (_msg ("Delete user"), false);
+
+    $user = new cQuery ("SELECT `id`,`name`,`login`,`email`,`url`,
+                                `private`,`created`,`confirmation`,
+                                `human`
                           FROM `" . $this->tables['users'] . "`
                           WHERE `login` = '" . $GLOBALS['db']->EscapeString($login) . "'");
@@ -1267 +1339 @@
     $user = $user->Step ();
 
-    $this->parser->open_parag (_msg ("Delete user"));
+    $this->parser->output ("<p class=\"ask\">\n", 1);
     $this->parser->output (_msg ("Are you sure you want to delete this user?"));
     $this->parser->output ("</p>\n", -1);

trunk/php-include/kernel/session.inc.php

@@ -129 +129 @@
   function LoadFromSID ($sid)
   {
-    $info = new cQuery ("SELECT `id`,`login`,`name`,`email`,`url`,`private`,`css`
+    $info = new cQuery ("SELECT `id`,`login`,`name`,`email`,`url`,`private`,`css`,`human`
                           FROM `" . ZWE_TABLE_PREFIX . "users_sessions`
                           RIGHT JOIN `" . ZWE_TABLE_PREFIX . "users_accounts`
@@ -147 +147 @@
   function LoadFromLogin ($login)
   {
-    $info = new cQuery ("SELECT `id`,`login`,`name`,`email`,`private`,`css`
+    $info = new cQuery ("SELECT `id`,`login`,`name`,`email`,`private`,`css`,`human`
                           FROM `" . ZWE_TABLE_PREFIX . "users_accounts`
                           WHERE (`login`= '" . $GLOBALS['db']->EscapeString($login) . "')");
@@ -232 +232 @@
       return NULL;
   }
+
+  /** Toggle the status of a registered user to 'human, confirmed'.
+   *
+   * @param int An optionnal user id. Defaults to currently logged in.
+   */
+  function SetHuman ($id = null)
+  {
+    if (!$id)
+      {
+        $user = $_SESSION[$this->key];
+
+        if (!$user || !isset($user['id']))
+          return false;
+
+        $id = $user['id'];
+      }
+
+    $query = new cUpdate(ZWE_TABLE_PREFIX . "users_accounts",
+                         array("human" => 1),
+                         array("id"    => $id));
+    if ($query->nrows == 1)
+      return true;
+
+    return false;
+  }
 }
 

trunk/php-include/modules/blog/blog.inc.php

@@ -840 +840 @@
   function DeleteCategory ($category)
   {
+    $this->parser->open_parag (_msg ("Delete category"), false);
+
     if (!array_key_exists ($category, $this->categories))
       ZweError ("This category does not exist!");
@@ -854 +856 @@
       }
 
-    $this->parser->open_parag (_msg ("Delete category:") . " " . $this->categories[$category]['name']);
+    $this->parser->output ("<p class=\"ask\">\n", 1);
     $this->parser->output (_msg ("Are you sure you want to delete this category?"));
+    $this->parser->output ("<br /><br />" . _msg ("The name of this category is:") .
+                           " <i>" . $this->categories[$category]['name'] . "</i>\n");
     $this->parser->output ("</p>\n", -1);
     $this->parser->output ("<form method=\"post\" action=\"" . $this->flow->GetBaseURL () .
@@ -1165 +1169 @@
           ZweError("Could not add empty comment!");
 
-        if ($GLOBALS['config']['math_antispam']['value'] == "on")
+        /* If the user is not logged in, or logged in but not human
+         * confirmed, check the antispam thingy. */
+        if (!$islogged || ($islogged && ($GLOBALS['session']->GetProperty ("human") == 0)))
           {
             if (!isset($_POST['__comment_antispam_rand1']) ||
@@ -1172 +1178 @@
               ZweError("Mandatory antispam protection informations are missing!");
 
+            /* If the sum does not match, exit on error. Otherwise,
+             * toggle the human status of the user if he's logged in. */
             if ($_POST['__comment_antispam_total'] != ($_POST['__comment_antispam_rand1'] +
                                                        $_POST['__comment_antispam_rand2']))
               ZweError("Antispam protection triggered!");
+            elseif ($islogged)
+              $GLOBALS['session']->SetHuman ($islogged);
           }
 
@@ -1301 +1311 @@
 
     /* Optionnal antispam protection */
-    if ($GLOBALS['config']['math_antispam']['value'] == "on")
+    if (!$islogged || ($islogged && ($GLOBALS['session']->GetProperty ("human") == 0)))
       {
         $rands = array(rand(1,9), rand(1,9));
@@ -1310 +1320 @@
         $this->parser->output ("<input type=\"hidden\" name=\"__comment_antispam_rand1\" value=\"" . $rands[0] . "\" />\n");
         $this->parser->output ("<input type=\"hidden\" name=\"__comment_antispam_rand2\" value=\"" . $rands[1] . "\" />\n");
-        $this->parser->output ("<input type=\"text\" name=\"__comment_antispam_total\" />\n");
+        $this->parser->output ("<input type=\"text\"   name=\"__comment_antispam_total\" style=\"width: 2em\" size=\"2\" />\n");
+
+        if (!$islogged)
+          $this->parser->output ("<a href=\"" . $this->flow->GetBaseURL ("users") . "/create\">" . _msg ("Create an account")    .
+                                 "</a> " . _msg ("to get rid of this!") . "\n");
+
         $this->parser->output ("</dd>\n", -1);
       }
@@ -1943 +1958 @@
       ReloadPage ($this->flow->GetBaseURL () . "/" . $id);
 
+    $this->parser->open_parag (_msg ("Delete entry"), false);
+
     if (isset($_POST['__delete_blog']))
       {
@@ -1963 +1980 @@
       ZweError ("This entry does not belong to you!");
 
-    $this->parser->open_parag (_msg ("Delete entry"));
+    $this->parser->output ("<p class=\"ask\">\n", 1);
     $this->parser->output (_msg ("Are you sure you want to delete this entry and all its comments?"));
-    $this->parser->output ("</p>\n", -1);
-    $this->parser->output ("<p>\n", 1);
-    $this->parser->output (_msg ("The title of this entry is:") . " <i>" . $blog['title'] . "</i>\n");
+    $this->parser->output ("<br /><br />" . _msg ("The title of this entry is:") .
+                           " <i>" . $blog['title'] . "</i>\n");
     $this->parser->output ("</p>\n", -1);
 
@@ -1994 +2010 @@
       ReloadPage ($this->flow->GetBaseURL () . "/" . $_POST['__blogid']);
 
+    $this->parser->open_parag (_msg("Delete comment"), false);
+
     if (isset($_POST['__delete_comment']))
       {
@@ -2011 +2029 @@
     $comment = $comment->Step ();
 
-    $this->parser->open_parag (_msg("Delete comment"));
+    $this->parser->output ("<p class=\"ask\">\n", 1);
     $this->parser->output (_msg("Are you sure you want to delete this comment from") . " <b>" .
                            $comment['login'] . "</b> ?");

trunk/php-include/modules/blog/i18n/fr

@@ -134 +134 @@
 Impossible de supprimer le titre de l'entrée !
 
+:Create an account
+Créez-vous un compte
+
 :Create category
 Créer une catégorie
@@ -151 +154 @@
 Supprimer
 
-:Delete category:
-Supprimer la catégorie :
+:Delete category
+Supprimer une catégorie
 
 :Delete comment
@@ -393 +396 @@
 Il n'y a aucune entrée dans la base de données pour cette année !
 
+:The name of this category is:
+Le nom de cette catégorie est :
+
 :The title of this entry is:
 Le titre de cette entrée est :
@@ -429 +435 @@
 Titre :
 
+:to get rid of this!
+pour en être débarrassé !
+
 :Type:
 Type :

trunk/php-include/modules/pages/pages.inc.php

@@ -210 +210 @@
 
     $this->parser->output ("<ul id=\"pagelist\">\n", 1);
-    foreach ($list as $name => $page)     
+    foreach ($list as $name => $page)
     {
        $this->parser->output ("<li><a href=\"" . $this->flow->GetBaseURL () . "/" .
@@ -250 +250 @@
         return;
       }
-        
+
     $this->parser->output ("</p><p>\n" . _msg ("No page available."));
     $this->parser->close_parag ();
@@ -482 +482 @@
       ReloadPage ($this->flow->GetBaseURL () . "/" . $page);
 
-    $this->parser->open_parag (_msg ("Delete page"));
+    $this->parser->open_parag (_msg ("Delete page"), false);
 
     if (isset($_POST['__delete_page']))