Add basic captcha

captcha.php

@@ -0,0 +1,32 @@
+<?php
+
+require_once 'inc/functions.php';
+require_once 'inc/lib/securimage/securimage.php';
+
+if(!isset($config['securimage']) || !$config['securimage']){
+	error('Securimage captcha not enabled.'); //TODO error image
+}
+
+$image=new Securimage(array('config_file'=>__DIR__ . '/inc/captchaconfig.php'));
+
+$image->show();
+
+$code=$image->getCode(false, true);
+
+$ip=$_SERVER['REMOTE_ADDR'];
+
+$query=prepare('INSERT INTO captchas(ip, code, time) VALUES(:ip, :code, NOW())');
+$query->bindValue(':ip', $ip);
+$query->bindValue(':code', $code);
+$query->execute() or error(db_error($query));
+
+$query=prepare('SELECT count(*) from captchas where ip=:ip');
+$query->bindValue(':ip', $ip);
+$query->execute() or error(db_error($query));
+
+$count=$query->fetch()[0];
+if($count>10){
+	$query=prepare('DELETE from captchas where ip=:ip ORDER BY time asc LIMIT 1');
+	$query->bindValue(':ip', $ip);
+	$query->execute()or error(db_error($query));
+}

inc/captchaconfig.php

@@ -0,0 +1,90 @@
+<?php
+
+/**
+  Securimage sample config file (rename to config.inc.php to activate)
+  Place your custom configuration in this file to make settings global so they
+  are applied to the captcha image, audio playback, and validation.
+  Using this file is optional but makes settings managing settings easier,
+  especially when upgrading to a new version.
+  When a new Securimage object is created, if config.inc.php is found in the
+  Securimage directory, these settings will be applied *before* any settings
+  passed to the constructor (so options passed in will override these).
+  This file is especially useful if you use a custom database or session
+  configuration and is easier than modifying securimage.php directly.
+  Any class property from securimage.php can be used here.
+*/
+
+return array(
+    /**** CAPTCHA Appearance Options ****/
+
+    'image_width'      => 275,       // width of captcha image in pixels
+    'image_height'     => 100,       // height of captcha image in pixels
+    'code_length'      => 6,         // # of characters for captcha code
+    'image_bg_color'   => '#770000', // hex color for image background
+    'text_color'       => '#DDDD64', // hex color for captcha text
+    'line_color'       => '#DDDD64', // hex color for lines over text
+    'noise_color'      => '#DDDD64', // color of random noise to draw under text
+    'num_lines'        => 5,         // # of lines to draw over text
+    'noise_level'      => 0.5,         // how much random noise to add (0-10)
+    'perturbation'     => 0.75,       // distoration level
+
+    'use_random_spaces'   => true,
+    'use_random_baseline' => true,
+    'use_text_angles'     => true,
+    'use_random_boxes' => false,
+'use_transparent_text' => false,
+
+    'wordlist_file'    => 'words/words.txt', // text file for word captcha
+    'use_wordlist'     => false,             // true to use word list
+    'wordlist_file_encoding' => null,        // character encoding of word file if other than ASCII (e.g. UTF-8, GB2312)
+
+    // example UTF-8 charset (TTF file must support symbols being used
+    // 'charset'          => "абвгдeжзийклмнопрстуфхцчшщъьюяАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЬЮЯ",
+    'charset'          => "2345689abdfgkmnpqsuwxyz", // capitals are more effort to type, removed confusable characters like o,O,0,1,l
+
+  //  'ttf_file'         => './AHGBold.ttf',   // TTF file for captcha text
+
+    //'captcha_type' => Securimage::SI_CAPTCHA_WORDS, // Securimage::SI_CAPTCHA_STRING || Securimage:: SI_CAPTCHA_MATHEMATIC || Securimage::SI_CAPTCHA_WORDS
+
+    //'display_value' => 'ABC 123', // Draws custom text on captcha
+
+
+    /**** Code Storage & Database Options ****/
+
+    // true if you *DO NOT* want to use PHP sessions at all, false to use PHP sessions
+    'no_session'       => true,
+
+    // the PHP session name to use (null for default PHP session name)
+    // do not change unless you know what you are doing
+    'session_name'     => null,
+
+    // change to true to store codes in a database
+    'use_database'     => false,
+
+    // database engine to use for storing codes.  must have the PDO extension loaded
+    // Values choices are:
+    // Securimage::SI_DRIVER_MYSQL, Securimage::SI_DRIVER_SQLITE3, Securimage::SI_DRIVER_PGSQL
+    'database_driver'  => Securimage::SI_DRIVER_MYSQL,
+
+    'database_host'    => 'localhost',     // database server host to connect to
+    'database_user'    => 'lainchan',          // database user to connect as
+    'database_pass'    => '',              // database user password
+    'database_name'    => 'lainchan',    // name of database to select (you must create this first or use an existing database)
+    'database_table'   => 'captcha_codes', // database table for storing codes, will be created automatically
+
+    // Securimage will automatically create the database table if it is not found
+    // change to true for performance reasons once database table is up and running
+    'skip_table_check' => false,
+
+    /**** Audio Options ****/
+
+    //'audio_path'       => __DIR__ . '/audio/en/',
+    //'audio_use_noise'  => true,
+    //'audio_noise_path' => __DIR__ . '/audio/noise/',
+    //'degrade_audio' => true,
+
+    'no_exit'=>true,
+
+
+    'log_file'=>'/dev/null', //This should be placed somewhere sensible.
+);

inc/config.php

@@ -1779,6 +1779,16 @@
  * ====================
  */
 
+	//Securimage captcha
+	//Note from lainchan PR: "TODO move a bunch of things here"
+
+	$config['spam']['valid_inputs'][]='captcha';
+	$config['error']['securimage']=array(
+		'missing'=>'The captcha field was missing. Please try again',
+		'empty'=>'Please fill out the captcha',
+		'bad'=>'Incorrect captcha',
+	);
+
     // Meta keywords. It's probably best to include these in per-board configurations.
     // $config['meta_keywords'] = 'chan,anonymous discussion,imageboard,tinyboard';
 

inc/instance-config.php

@@ -117,6 +117,11 @@ $config['url_banner'] = '/banners.php';
  */
 $config['spam']['enabled'] = false;
 
+/*
+ * Basic captcha. See also: captchaconfig.php
+ */
+$config['securimage'] = false;
+
 /*
  * Permissions
  */

post.php

@@ -491,6 +491,22 @@ function handle_post(){
             }
         }
 
+        if(isset($config['securimage']) && $config['securimage']){
+            if(!isset($_POST['captcha'])){
+                error($config['error']['securimage']['missing']);
+            }
+            if(empty($_POST['captcha'])){
+                error($config['error']['securimage']['empty']);
+            }
+            $query=prepare('DELETE FROM captchas WHERE time<DATE_SUB(NOW(), INTERVAL 30 MINUTE)');
+            $query=prepare('DELETE FROM captchas WHERE ip=:ip AND code=:code LIMIT 1');
+            $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']);
+            $query->bindValue(':code', $_POST['captcha']);
+            $query->execute();
+            if($query->rowCount()==0){
+                error($config['error']['securimage']['bad']);
+            }
+        }
 
         if (!(($post['op'] && $_POST['post'] == $config['button_newtopic']) ||
             (!$post['op'] && $_POST['post'] == $config['button_reply']))) {

templates/post_form.html

@@ -96,6 +96,17 @@
 			</td>
 		</tr>
 		{% endif %}
+		{% if config.securimage %}
+		<tr>
+			<th>
+				Captcha
+			</th>
+			<td>
+				<img src="{{ config.root }}/captcha.php"><br />
+				<input type="text" name="captcha" size="25" maxlength="10" autocomplete="off">
+			</td>
+		</tr>
+		{% endif %}
 		{% if config.user_flag %}
 			<tr>
 				<th>{% trans %}Flag{% endtrans %}</th>