<?php
error_reporting(E_ALL ^ E_DEPRECATED);
mysqli_report(MYSQLI_REPORT_OFF);
include "../include/variables.php";
include "../include/functions.php";
include "../include/errors.php";
include "../include/getip.php";
$PHP_SELF=$_SERVER['PHP_SELF'];
if (isset($_SERVER['HTTP_ACCEPT_ENCODING']) && substr_count($_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip')) {
if (ob_get_length()) ob_end_clean();
ob_start("ob_gzhandler");
}
else ob_start();
if(!empty($_GET['sid']) && gettype($_GET['sid']) == "string" && $_GET['sid']!= session_id()) {
session_id($_GET['sid']);
}
if (!empty($_SERVER['HTTPS'])) {
$session_options = array(
"secure" => true,
"SameSite" => "None"
);
session_set_cookie_params($session_options);
}
session_start();
include "../include/iplog.php";
function avg($a,$b) {
return ($a+$b)/2;
}
list($usec, $sec) = explode(' ', microtime());
mt_srand($usec*1000000);
$generate_captcha = false;
$agent=!empty($_SERVER['HTTP_USER_AGENT'])?$_SERVER['HTTP_USER_AGENT']:"";
$whitelisted=false;
$host_whitelist[]="\.fbsv\.net$"; //facebook
if (isset($host_whitelist)) {
foreach ($host_whitelist as $pattern) {
if (preg_match("/".$pattern."/i",$host)) {
$whitelisted = true;
break;
}
}
}
$agent_whitelist[]="Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534+ (KHTML, like Gecko) BingPreview/1.0b";
if (isset($agent_whitelist) && in_array($agent, $agent_whitelist)) {
$whitelisted=true;
}
$show_captcha = false;
$logmsg="";
if (empty($_COOKIE)) {
$logmsg = "No cookies";
} elseif (empty($_SESSION)) {
$logmsg = "No session cookie";
} elseif (!isset($_GET['cid']) || gettype($_GET['cid']) != "string"){
if (!empty($_SESSION['image_value']))
$old_captcha = $_SESSION['image_value'];
if (!empty($_SESSION['image_time']) && $_SESSION['image_time'] < time())
$generate_captcha = true;
$show_captcha = true;
} else {
if (!isset($_SESSION['data']) || !is_array($_SESSION['data'])) {
//$logmsg="No data entry in session";
} elseif (!isset($_SESSION['data'][$_GET['cid']]) || !is_array($_SESSION['data'][$_GET['cid']])) {
$logmsg="Unknown captcha id";
} elseif (empty($_SESSION['data'][$_GET['cid']]["ip"])) {
$logmsg="Captcha id w/o ip address";
} elseif ($_SESSION['data'][$_GET['cid']]["ip"] != $ip) {
$logmsg="Bad ip address (Captcha generated on ".$_SESSION['data'][$_GET['cid']]["ip"].")";
} elseif ($_SESSION['data'][$_GET['cid']]["agent"] != $agent) {
$logmsg="Bad user agent (Captcha generated on ".$_SESSION['data'][$_GET['cid']]["ip"]." with ".$_SESSION['data'][$_GET['cid']]["agent"]." User Agent)";
} else {
if (!empty($_SESSION['data'][$_GET['cid']]["captcha"]))
$old_captcha = $_SESSION['data'][$_GET['cid']]["captcha"];
if (!empty($_SESSION['data'][$_GET['cid']]["time"]) && $_SESSION['data'][$_GET['cid']]["time"] < time())
$generate_captcha = true;
$show_captcha = true;
}
}
if (!isset($old_captcha))
$generate_captcha = true;
if ($generate_captcha) {
$width=100;
$height=30;
$image=imagecreatetruecolor($width, $height);
// Add Random noise
for ($i = 0; $i < $width; $i++) {
for ($j = 0; $j < $height; $j++) {
$color = imagecolorallocate($image, mt_rand(0,128), mt_rand(0,128), mt_rand(0,128));
imagesetpixel($image, $i, $j, $color);
}
}
// Add Random lines
for ($i = 0; $i < mt_rand(0,255); $i++) {
$x1=mt_rand(0,$width);
$x2=mt_rand(0,$width);
$y1=mt_rand(0,$height);
$y2=mt_rand(0,$height);
$color = imagecolorallocatealpha($image, mt_rand(0,192), mt_rand(0,192), mt_rand(0,192), mt_rand(0,127));
imageline($image, $x1, $y1, $x2, $y2, $color);
}
}
if ($whitelisted) {
if (!empty($logmsg)) $logmsg=$logmsg." (Whitelisted)";
if (!$show_captcha) $show_captcha=true;
}
if ($show_captcha) {
if ($generate_captcha || empty($old_captcha)) {
$rand_str=random_string(mt_rand(3,6));
$rand_str2=random_string(mt_rand(3,6));
}
if (!isset($_GET['cid']) || gettype($_GET['cid']) != "string"){
if ($generate_captcha || empty($old_captcha)) {
$_SESSION['image_value'] = md5($rand_str);
$_SESSION['image_time'] = time();
} else
$_SESSION['image_value'] = $old_captcha;
} else {
if ($generate_captcha || empty($old_captcha)) {
$_SESSION['data'][$_GET['cid']]["captcha"] = md5($rand_str);
$_SESSION['data'][$_GET['cid']]["time"] = time();
} else
$_SESSION['data'][$_GET['cid']]["captcha"] = $old_captcha;
$cid=$_GET['cid'];
}
if ($generate_captcha) {
$red=mt_rand(0,192);
$green=mt_rand(0,192);
$blue=mt_rand(0,192);
$color = ImageColorAllocate($image, $red, $green, $blue);
//imagestring($image, 5, 12, 4, $rand_str, $color);
$angle=mt_rand(-8,8);
$size= mt_rand(14,15);
$box = imageftbbox($size, $angle, '../fonts/pala.ttf', $rand_str2);
$x_left=avg($box[0],$box[6]);
$x_right=avg($box[2],$box[4]);
$text_width = $x_right - $x_left;
$y_top=avg($box[7],$box[5]);
$y_bottom=avg($box[1],$box[3]);
$text_height = $y_bottom - $y_top;
$x=($width-$text_width)/2;
$y=($height+$text_height)/2;
imagettftext ($image, $size, $angle , $x, $y, $color , '../fonts/pala.ttf' , $rand_str2);
$red=mt_rand(192,255);
$green=mt_rand(192,255);
$blue=mt_rand(192,255);
$color = ImageColorAllocate($image, $red, $green, $blue);
//imagestring($image, 5, 12, 4, $rand_str, $color);
$angle=mt_rand(-8,8);
$size= mt_rand(14,15);
$box = imageftbbox($size, $angle, '../fonts/pala.ttf', $rand_str);
$x_left=avg($box[0],$box[6]);
$x_right=avg($box[2],$box[4]);
$text_width = $x_right - $x_left;
$y_top=avg($box[7],$box[5]);
$y_bottom=avg($box[1],$box[3]);
$text_height = $y_bottom - $y_top;
$x=($width-$text_width)/2;
$y=($height+$text_height)/2;
imagettftext ($image, $size, $angle , $x, $y, $color , '../fonts/pala.ttf' , $rand_str);
}
} else {
header ($_SERVER['SERVER_PROTOCOL']." 403 Forbidden");
if ($logmsg) {
$file=fopen("$prefix/logs/captcha.txt", "a");
$msg= getinfo().(!empty($_SERVER['HTTP_USER_AGENT'])?("\nUser Agent: ".$_SERVER['HTTP_USER_AGENT']):"")."\n$logmsg".(!empty($dbg)?"\n$dbg":"")."\n\n";
fwrite($file, $msg); fclose($file);
}
}
if ($generate_captcha) {
// Add Random noise with alpha
for ($i = 0; $i < $width; $i++) {
for ($j = 0; $j < $height; $j++) {
$color = imagecolorallocatealpha($image, mt_rand(0,128), mt_rand(0,128), mt_rand(0,128), mt_rand(96,127));
imagesetpixel($image, $i, $j, $color);
}
}
if ($show_captcha) {
// Add Random lines
for ($i = 0; $i < mt_rand(0,255); $i++) {
$x1=mt_rand(0,$width);
$x2=mt_rand(0,$width);
$y1=mt_rand(0,$height);
$y2=mt_rand(0,$height);
$color = imagecolorallocatealpha($image, mt_rand(0,128), mt_rand(0,255), mt_rand(0,255), mt_rand(63,127));
imageline($image, $x1, $y1, $x2, $y2, $color);
}
}
}
ob_start();
header('Content-type: image/jpeg');
header("Content-Disposition: inline; filename=".(isset($cid)?$cid:"random").".jpg");
//header ("Expires: ");
//header ("Pragma: ");
if($generate_captcha)
imagejpeg($image);
if (!isset($_GET['cid']) || gettype($_GET['cid']) != "string"){
if ($generate_captcha || !isset($_SESSION['image']))
$_SESSION['image'] = base64_encode(gzencode(ob_get_contents(),9));
else {
ob_clean();
echo gzdecode(base64_decode($_SESSION['image']));
}
} else {
if ($generate_captcha || !isset($_SESSION['data'][$_GET['cid']]["image"]))
$_SESSION['data'][$_GET['cid']]["image"] = base64_encode(gzencode(ob_get_contents(),9));
else {
ob_clean();
echo gzdecode(base64_decode($_SESSION['data'][$_GET['cid']]["image"]));
}
}
header("Content-length: " . ob_get_length());
ob_end_flush();
if ($generate_captcha)
imagedestroy($image);
?>
You can also check other includes below (some files are hidden as they are in exclusion list):
functions.php
errors.php
getip.php
iplog.php