ChatOrbi
No recomendado
En el sitio se estan registrando bots y esta el reCaptcha, le agregue una verificación por email para que ellos no publiquen nada, donde esta la captura pueden lograr pasar.
¿Alguien sabe como editar el codigo para que los bots no pasen?
Codigo de esa parte:
PHP:
function signup() {
global $db, $client, $uhome, $config, $captcha;
$reg_limit_ip = get_gvar('reg_limit_ip');
if (is_numeric($reg_limit_ip)) {
$res = sql_query("select count(*) as num from ".tb()."accounts where ipaddress='{$client['ip']}'");
$row = sql_fetch_array($res);
if ($row['num'] >= $reg_limit_ip) {
c(t('Sorry, only {1} registrations allowed per IP','<strong>'.$reg_limit_ip.'</strong>'));
stop_here();
}
}
if (get_gvar('only_invited')) {
$hold = 1;
}
$email = $_GET['email'];
if (isset($_POST['email'])) {
$email = $_POST['email'];
}
$iid = $_GET['iid'];
if (isset($_POST['iid'])) {
$iid = $_POST['iid'];
}
if (strlen($email)) {
$res = sql_query("select * from ".tb()."invites where id='$iid' and email='{$email}'");
$invite = sql_fetch_array($res);
if ($invite['id']) {
$hold = 0;
$iid_field = '<input type="hidden" name="iid" value="'.$iid.'" />';
}
}
if ($_POST['onpost']) {
if ($hold) {
c('only invited');
stop_here();
}
if (!get_gvar('disable_recaptcha_reg')) {
$resp = recaptcha_check_answer ($captcha['privatekey'],
$_SERVER["REMOTE_ADDR"],
$_POST["recaptcha_challenge_field"],
$_POST["recaptcha_response_field"]);
if (!$resp->is_valid) {
$captchaerror = $resp->error;
$errors[] = t('Wrong Verification code');
}
}
if (!$_POST['agree_rules']) {
$errors[] = t('You must agree to our rules for signing up');
}
//get_r(array('username','password','password2','email','agree','confirm_code','location'));
if (strtolower($_COOKIE['cfm']) != strtolower($_POST['confirm_code'])) {
$errors[] = t('The string you entered for the code verification did not match what was displayed');
}
$_POST['username'] = strtolower($_POST['username']);
if (strlen($_POST['username']) < 4 || strlen($_POST['username']) > 18 || !preg_match("/^[0-9a-z]+$/i",$_POST['username'])) {
$errors[] = t('Username').': '.t('from 4 to 18 characters, only 0-9,a-z');
}
if (preg_match("/</",$_POST['fullname'])) {
$errors[] = 'Unavailable Full name format';
}
if (!$_POST['email'] || !$_POST['username'] || !$_POST['password']) {
$errors[] = t('Please fill in all the required blanks');
}
/*
else {
for($i=1;$i<=7;$i++) {
$col = 'var'.$i;
$key = 'cf_var'.$i;
$key2 = 'cf_var_value'.$i;
$key3 = 'cf_var_des'.$i;
$key4 = 'cf_var_label'.$i;
$key5 = 'cf_var_required'.$i;
$ctype = get_gvar($key);
if ($ctype != 'disabled' && get_gvar($key5)) {
if (!strlen($_POST[$col])) {
$errors[] = t('Please fill in all the required blanks');
}
}
}
}
*/
if(!preg_match("/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/i", $_POST['email'])) {
$errors[] = t('Unavailable email address');
}
$password = md5($_POST['password'].'jcow');
$timeline = time();
$res = sql_query("select * from `".tb()."accounts` where email='{$_POST['email']}'");
if (sql_counts($res)) {
$errors[] = t('You have registered with this email address before.');
}
$res = sql_query("select * from `".tb()."accounts` where username='{$_POST['username']}'");
if (sql_counts($res)) {
$errors[] = t('The Username has already been used');
}
if (!is_array($errors)) {
if (get_gvar('acc_verify') == 1) {
$reg_code = get_rand(6,'0123456789');
$verify_note = t('Verification Code: {1}',$reg_code)."\r\n<br />";
}
else {
$reg_code = '';
$verify_note = '';
}
// member
if ($_POST['hide_age']) {
$hide_age = 1;
}
else {
$hide_age = 0;
}
$newss = get_rand(12);
if (get_gvar('pm_enabled') || get_gvar('acc_verify')) {
$member_disabled = 1;
}
else {
$member_disabled = 0;
}
sql_query("insert into `".tb()."accounts` (about_me,disabled,gender,location,birthyear,birthmonth,birthday,hide_age,password,email,username,fullname,created,lastlogin,ipaddress,var1,var2,var3,var4,var5,var6,var7,reg_code) values('{$_POST['about_me']}',$member_disabled,'{$_POST['gender']}','{$_POST['location']}','{$_POST['birthyear']}','{$_POST['birthmonth']}','{$_POST['birthday']}','{$hide_age}','$password','".$_POST['email']."','{$_POST['username']}','{$_POST['fullname']}',$timeline,$timeline,'{$client['ip']}','{$_POST['var1']}','{$_POST['var2']}','{$_POST['var3']}','{$_POST['var4']}','{$_POST['var5']}','{$_POST['var6']}','{$_POST['var7']}','{$reg_code}')");
$uid = insert_id();
if ($uid == 1) {
sql_query("update ".tb()."accounts set roles='3' where id='$uid'");
}
sql_query("insert into `".tb()."pages` (uid,uri,type) values($uid,'{$_POST['username']}','u')");
$page_id = insert_id();
if ($invite['id']>0) {
sql_query("update ".tb()."invites set status=1 where id='{$invite['id']}'");
sql_query("insert into `".tb()."friends` (uid,fid,created) values ($uid,{$invite['uid']},".time().")");
sql_query("insert into `".tb()."friends` (uid,fid,created) values ({$invite['uid']},$uid,".time().")");
}
stream_publish(t('Signed Up','','','',1),'','',$uid,$page_id);
// welcome email
$welcome_email = nl2br(get_text('welcome_email'));
$welcome_email = str_replace('%username%',$_POST['username'],$welcome_email);
$welcome_email = str_replace('%email%',$_POST['email'],$welcome_email);
$welcome_email = str_replace('%password%',$_POST['password'],$welcome_email);
$welcome_email = str_replace('%sitelink%',url(uhome(),h(get_gvar('site_name')) ),$welcome_email);
@jcow_mail($_POST['email'], 'Welcome to "'.h(get_gvar('site_name')).'"!', $verify_note.$welcome_email);
$_SESSION['login_cd'] = 3;
//login
$_SESSION['uid'] = $uid;
redirect('account/index/1');
exit;
//redirect(url('member/login'),t('Congratulations! You have successfully signed up. You can now login with your account'));
}
else {
foreach ($errors as $error) {
$error_msg .= '<li>'.$error.'</li>';
}
sys_notice(t('Errors').':<ul>'.$error_msg.'</ul>');
}
}
if ($hold) {
c(t('Sorry, only invited people can sign up'));
stop_here();
}
set_title('Signup');
if (get_gvar('pm_enabled')) {
c('<strong>'.t('Join Us').'</strong><br />
'.t('Membership pricing').':<ul>');
if ($pm_1m = get_gvar('pm_1m')) {
c('<li>'.$pm_1m.' '.get_gvar('pm_currency').' '.t('Per month').'</li>');
}
if ($pm_3m = get_gvar('pm_3m')) {
c('<li>'.$pm_3m.' '.get_gvar('pm_currency').' '.t('Per Annua').'</li>');
}
if ($pm_12m = get_gvar('pm_12m')) {
c('<li>'.$pm_12m.' '.get_gvar('pm_currency').' '.t('Per Yeal').'</li>');
}
c('</ul>');
section_close(t('Paid membership'));
}
c('
<script>
$(document).ready( function(){
objrow = $("tr.row1 td::first-child");
objrow.attr("valign","top");
objrow.attr("align","right");
});
</script>
<form method="post" action="'.url('member/signup').'" >
<table class="stories">
<tr class="table_line1">
<td colspan="2">'.t('Passport').'</td>
</tr>
<tr class="row1">
<td>*'.t('Email Address').'</td>
<td>
<input type="text" size="20" name="email" value="'.h($_REQUEST['email']).'" class="fpost" style="width:180px" />
<br /><span class="sub">('.$invite_msg.t("We won't display your Email Address.").')</span>
</tr>
<tr class="row1">
<td>*'.t('Username').'/'.t('Nickname').'</td><td>
<input type="text" size="18" class="fpost" name="username" value="'.h($_REQUEST['username']).'" style="width:180px" /><br />
<span class="sub">('.t('4 to 18 characters, made up of 0-9,a-z').')</span>
</tr>
<tr class="row1">
<td>*'.t('Password').'</td><td>
<input type="password" name="password" class="fpost" value="'.h($_REQUEST['password']).'" style="width:180px" />
</tr>
');
/*
c('
<tr class="table_line1">
<td colspan="2">'.t('Personal info').'</td>
</tr>
<tr class="row1">
<td>*'.t('Full Name').'</td><td>
<input type="text" size="20" name="fullname" value="'.h($_REQUEST['fullname']).'" class="fpost" style="width:180px" />
</td>
</tr>
<tr class="row1">
<td>*'.t('Birth').'</td><td>
<select name="birthyear" class="fpost">
');
$year_from = date("Y",time()) - 8;
$year_to = date("Y",time()) - 100;
if ($_REQUEST['birthyear'])
$yearkey = $_REQUEST['birthyear'];
else
$yearkey = $year_from - 12;
for ($i=$year_from;$i>$year_to;$i--) {
$selected = '';
if ($yearkey == $i)
$selected = 'selected';
c('<option value="'.$i.'" '.$selected.'>'.$i.'</option>');
}
if ($row['hide_age']) $hide_age = 'checked';
c('
</select>
<select name="birthmonth" class="fpost">');
for ($i=1;$i<13;$i++) {
if ($i<10)$j='0'.$i;else $j=$i;$iss='';
if ($_REQUEST['birthmonth'] == $j) $iss='selected';
c('<option value="'.$j.'" '.$iss.' >'.$j.'</option>');
}
c('</select>
<select name="birthday" class="fpost">');
for ($i=1;$i<=31;$i++) {
if ($i<10)$j='0'.$i;else $j=$i;$iss='';
if ($_REQUEST['birthday'] == $j) $iss='selected';
c('<option value="'.$j.'" '.$iss.'>'.$j.'</option>');
}
c('</select><br />
<input type="checkbox" name="hide_age" value="1" '.$hide_age.' />'.t('Hide my age').'
</td></tr>');
if ($_REQUEST['gender'] == 1) {
$gender1 = 'checked';
}
elseif ($_REQUEST['gender'] == 2) {
$gender2 = 'checked';
}
else {
$gender0 = 'checked';
}
c('
<tr class="row1"><td>*'.t('Gender').'</td><td>
<input type="radio" name="gender" value="1" '.$gender1.' />'.t('Male').'
<input type="radio" name="gender" value="0" '.$gender0.' />'.t('Female').'
<input type="radio" name="gender" value="2" '.$gender2.' />'.t('Hide').'
</td></tr>');
c('<tr class="row1"><td>*'.t('Come from').'</td><td>
<select name="location" class="inputText">');
$locations = explode("\r\n",get_text('locations'));
$_REQUEST['location'] = trim($_REQUEST['location']);
foreach($locations as $location) {
if ($_REQUEST['location'] == trim($location)) {
$selected = 'selected';
}
else {
$selected = '';
}
c('<option value="'.$location.'" '.$selected.' >'.$location.'</option>');
}
c('</select>
</td>
</tr>
<tr class="row1">
<td>'.t('About me').'</td><td>
<textarea rows="5" name="about_me">'.htmlspecialchars($client['about_me']).'</textarea>
</td>
</tr>
');
// custom fields
$profile = array();
for($i=1;$i<=7;$i++) {
$col = 'var'.$i;
$key = 'cf_var'.$i;
$key2 = 'cf_var_value'.$i;
$key3 = 'cf_var_des'.$i;
$key4 = 'cf_var_label'.$i;
$key5 = 'cf_var_required'.$i;
$ctype = get_gvar($key);
$value = get_gvar($key2);
$des = get_gvar($key3);
$label = get_gvar($key4);
$required = get_gvar($key5);
if ($required) $required = '*';
if ($ctype != 'disabled') {
if ($ctype == 'text') {
if (strlen($profile[$col])) {
$value = htmlspecialchars($profile[$col]);
}
if (strlen($_POST[$col])) {
$value = h($_POST[$col]);
}
c('<tr class="row1"><td>
'.$required.$label.'</td><td><input type="text" name="'.$col.'" value="'.$value.'" />
<br /><span class="sub">'.$des.'</span></td></tr>');
}
elseif ($ctype == 'textarea') {
if (strlen($profile[$col])) {
$value = htmlspecialchars($profile[$col]);
}
if (strlen($_POST[$col])) {
$value = h($_POST[$col]);
}
c('<tr class="row1"><td>'.$required.$label.'</td><td>
<textarea rows="3" name="'.$col.'" />'.$value.'</textarea><br />
<br /><span class="sub">'.$des.'</span></td></tr>');
}
elseif ($ctype == 'select_box') {
$tarr = explode("\r\n",$value);
c('<tr class="row1">
<td>'.$label.'</td><td>
<select name="'.$col.'">
');
if (strlen($_POST[$col])) {
$value = h($_POST[$col]);
}
foreach ($tarr as $val) {
if ($val == $value) {
$selected = 'selected';
}
else {
$selected = '';
}
c('<option value="'.$val.'" '.$selected.'>'.$val.'</option>');
}
c('</select><br /><span class="sub">'.$des.'</span></td></tr>');
}
}
}
*/
c($iid_field);
if (!get_gvar('disable_recaptcha_reg')) {
c('<tr class="row1">
<td>'.t('Image verification').'</td><td>
'.recaptcha_get_html($captcha['publickey'],$captchaerror).'
</td>
</tr>');
}
c('
<tr class="row2">
<td colspan="2"><strong>'.t('Rules & Conditions').'</strong>
<div style="width:700px;height:100px;overflow:scroll;border:white 2px solid;padding:5px;">
'.nl2br(h(get_text('rules_conditions'))).'
</div></td>
</tr>
<tr class="row2">
<td colspan="2" align="center">
<input type="hidden" name="g" value="'.h($_REQUEST['g']).'" />
<input type="hidden" name="onpost" value="1" />
<input type="checkbox" name="agree_rules" value="1" checked /> '.t('I have read, and agree to abide by the Rules & Conditions.').'
<input type="submit" style="background:#5BA239;color:white;font-size:1.5em;font-weight:bold" value="'.t('Signup Now').'" />
</td></tr>
</table>
</form>
');
}