From bc79e5240cd4544c9f953c48ecafdf4693bd1d64 Mon Sep 17 00:00:00 2001 From: Liam McLoughlin Date: Sun, 24 Jul 2011 03:10:52 +0100 Subject: Adding RECAPTCHA, more standards work --- client.php | 14 ++- daemon.php | 164 ++++++++++++++++---------------- status.php | 20 +++- web/config.php | 12 ++- web/index.php | 28 +++++- web/process.php | 26 ++++- web/recaptcha.php | 277 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ web/status.php | 15 ++- web/testdrive.php | 15 ++- 9 files changed, 462 insertions(+), 109 deletions(-) create mode 100644 web/recaptcha.php diff --git a/client.php b/client.php index ce4bc1f..e2284b4 100644 --- a/client.php +++ b/client.php @@ -3,7 +3,11 @@ // Gentoaster build daemon client // Licensed under GPL v3, see COPYING file - if(!isset($argv[1])) die("No config file provided\n"); + require_once "config.php"; + + if (!isset($argv[1])) { + die("No config file provided\n"); + } $client= new GearmanClient(); $client->addServer(); @@ -17,9 +21,11 @@ echo "Job sent, handle was ".$handle." - hash ".$handlehash."\n"; - $db = mysql_connect("localhost", "gentoaster", ""); - if(!$db) die("Could not connect to database ".mysql_error()); - mysql_select_db("gentoaster"); + $db = mysql_connect(MYSQL_HOSTNAME, MYSQL_USERNAME, MYSQL_PASSWORD); + if (!$db) { + die("Could not connect to database ".mysql_error()); + } + mysql_select_db(MYSQL_DATABASE); $query = "INSERT INTO builds (id, handle)". ." VALUES('".$handlehash."','".$handle."')"; mysql_query($query); diff --git a/daemon.php b/daemon.php index 6570185..1936864 100644 --- a/daemon.php +++ b/daemon.php @@ -3,31 +3,25 @@ // Gentoaster build daemon worker // Licensed under GPL v3, see COPYING file - $configurationsPath = "/var/www/gentoaster/images"; - $gentoasterPath = "/usr/share/gentoaster"; - $buildToolName = "create_image.sh"; - $wrapToolName = "wrap.sh"; - $externalHost = "192.168.2.169"; - $lowPort = 5900; - $highPort = 5999; - - // DO NOT EDIT BELOW THIS LINE - - $progressMagic = 23; + require_once "config.php"; $worker = new GearmanWorker(); $worker->addServer(); $worker->addFunction("invoke_image_build", "image_build"); $worker->addFunction("invoke_start_image", "start_image"); - while ($worker->work()); + while ($worker->work()) { + // Do nothing! + }; function update_result($handle, $returncode, $result) { $result = trim($result); echo "A job finished with return code ".$returncode.": ".$result."\n"; - $db = mysql_connect("localhost", "gentoaster", ""); - if(!$db) die("Could not connect to database ".mysql_error()); - mysql_select_db("gentoaster"); + $db = mysql_connect(MYSQL_HOSTNAME, MYSQL_USERNAME, MYSQL_PASSWORD); + if (!$db) { + die("Could not connect to database ".mysql_error()); + } + mysql_select_db(MYSQL_DATABASE); $result = mysql_real_escape_string($result); $query = "UPDATE builds". " SET result = '".$result."', returncode = '".$returncode. @@ -36,19 +30,19 @@ return serialize(array($returncode, $result)); } - function check_pid($pid) - { - $cmd = "ps $pid"; - exec($cmd, $output, $result); - if(count($output) >= 2){ - return true; - } - return false; - } + function check_pid($pid) + { + $cmd = "ps $pid"; + exec($cmd, $output, $result); + if (count($output) >= 2) { + return true; + } + return false; + } function image_build($job) { - global $configurationsPath, $gentoasterPath, $buildToolName, $progressMagic; + $progressMagic = 23; $handle = $job->handle(); $handlehash = md5($handle); @@ -58,17 +52,17 @@ $configurationString = $job->workload(); $configurationArray = parse_ini_string($configurationString); - if ($configurationArray !== FALSE) { + if ($configurationArray !== false) { if (isset($configurationArray["BUILD_ID"])) { $buildID = $configurationArray["BUILD_ID"]; - $buildPath = $configurationsPath."/".$buildID; + $buildPath = CONFIGURATIONS_PATH."/".$buildID; @mkdir($buildPath, 0777, true); if (is_writable($buildPath)) { chdir($buildPath); file_put_contents("config.ini", $configurationString); $toolArgs = "--config config.ini --compress"; - $cmd = $gentoasterPath."/".$buildToolName." ".$toolArgs; + $cmd = GENTOASTER_PATH."/".BUILD_TOOL_NAME." ".$toolArgs; $processHandle = popen($cmd." 2>&1", "r"); $nonstatusOutput = ""; @@ -104,83 +98,83 @@ function start_image($job) { - global $configurationsPath, $gentoasterPath, $wrapToolName; - global $externalHost, $lowPort, $highPort; - $buildID = $job->workload(); $running = false; $insert = false; $update = false; - $db = mysql_connect("localhost", "gentoaster", ""); - if(!$db) die("Could not connect to database ".mysql_error()); - mysql_select_db("gentoaster"); + $db = mysql_connect(MYSQL_HOSTNAME, MYSQL_USERNAME, MYSQL_PASSWORD); + if (!$db) { + die("Could not connect to database ".mysql_error()); + } + mysql_select_db(MYSQL_DATABASE); $query = "SELECT port FROM ports ORDER BY port DESC LIMIT 1"; $result = mysql_query($query); - if(mysql_num_rows($result) == 0) { - // no ports! assign a new one - $port = $lowPort; - $insert = true; - echo "No ports! Assigning ".$port."\n"; + if (mysql_num_rows($result) == 0) { + // no ports! assign a new one + $port = LOW_PORT; + $insert = true; + echo "No ports! Assigning ".$port."\n"; } else { - // we have a port! let's check if our vm has one - $ports = mysql_fetch_array($result); - $lastport = $ports[0]; - $query = "SELECT port, pid FROM ports WHERE id = '".$buildID."'"; - $result = mysql_query($query); - if (mysql_num_rows($result) == 0) { - // vm doesn't have one, assign one! - $port = $lastport+1; - if ($port > $highPort) { - $port = $lowPort; - } - $insert = true; - echo "Assigning new port ".$port."\n"; - } else { - // vm already has one, return it - $ports = mysql_fetch_array($result); - $port = $ports[0]; - $pid = $ports[1]; - $running = true; - if(!check_pid($pid)) { - $running = false; - $update = true; - echo "VM is not running, PID ".$pid." is dead!\n"; - } else { - echo "VM is running on PID ".$pid."\n"; - } - echo "VM already has port ".$port."\n"; - } + // we have a port! let's check if our vm has one + $ports = mysql_fetch_array($result); + $lastport = $ports[0]; + $query = "SELECT port, pid FROM ports WHERE id = '".$buildID."'"; + $result = mysql_query($query); + if (mysql_num_rows($result) == 0) { + // vm doesn't have one, assign one! + $port = $lastport+1; + if ($port > HIGH_PORT) { + $port = LOW_PORT; + } + $insert = true; + echo "Assigning new port ".$port."\n"; + } else { + // vm already has one, return it + $ports = mysql_fetch_array($result); + $port = $ports[0]; + $pid = $ports[1]; + $running = true; + if (!check_pid($pid)) { + $running = false; + $update = true; + echo "VM is not running, PID ".$pid." is dead!\n"; + } else { + echo "VM is running on PID ".$pid."\n"; + } + echo "VM already has port ".$port."\n"; + } } if (!$running || $update) { - $cmd = $gentoasterPath."/".$wrapToolName." ". - $configurationsPath."/".$buildID."/".$buildID.".image ". - $port." &"; - $handle = proc_open($cmd, array(), $foo); - $status = proc_get_status($handle); - $pid = $status["pid"]; - echo "New process spawned with PID ".$pid."\n"; - proc_close($handle); + $cmd = GENTOASTER_PATH."/".WRAP_TOOL_NAME." ". + CONFIGURATIONS_PATH."/".$buildID."/".$buildID.".image ". + $port." &"; + $handle = proc_open($cmd, array(), $foo); + $status = proc_get_status($handle); + $pid = $status["pid"]; + echo "New process spawned with PID ".$pid."\n"; + proc_close($handle); } // qemu pid is two up + // hacky? works for now though $pid = $pid + 2; if ($insert) { - $query = "DELETE FROM ports WHERE port = ".$port; - $result = mysql_query($query); - $query = "INSERT INTO ports (id, port, pid) VALUES('".mysql_real_escape_string($buildID)."', ".$port.", ".$pid.")"; - $result = mysql_query($query); - echo "Doing insert!\n"; - } elseif($update) { - $query = "UPDATE ports SET pid = ".$pid." WHERE id = '".$buildID."'"; - $result = mysql_query($query); - echo "Doing update\n"; + $query = "DELETE FROM ports WHERE port = ".$port; + $result = mysql_query($query); + $query = "INSERT INTO ports (id, port, pid) VALUES('".mysql_real_escape_string($buildID)."', ".$port.", ".$pid.")"; + $result = mysql_query($query); + echo "Doing insert!\n"; + } elseif ($update) { + $query = "UPDATE ports SET pid = ".$pid." WHERE id = '".$buildID."'"; + $result = mysql_query($query); + echo "Doing update\n"; } $port = $port+1000; - return serialize(array($externalHost, $port)); + return serialize(array(EXTERNAL_HOST, $port)); } diff --git a/status.php b/status.php index a69bc35..48f4dff 100644 --- a/status.php +++ b/status.php @@ -1,8 +1,18 @@ This wizard will guide you through the creation of your own personalised Gentoo virtual machine image.

+ +
+

Verification

+ + +
+
+

Locale

diff --git a/web/process.php b/web/process.php index 93c5d68..43827b9 100644 --- a/web/process.php +++ b/web/process.php @@ -1,5 +1,23 @@ is_valid) { + die("CAPTCHA was incorrect"); + } + } + $buildID = uniqid(); $bootMegabytes = intval($_POST["boot_size"]); $swapMegabytes = intval($_POST["swap_size"]); @@ -37,9 +55,11 @@ OUTPUT_FORMAT=$outputFormat"; $client->addServer(); $handle = $client->doBackground("invoke_image_build", $iniString); - $db = mysql_connect("localhost", "gentoaster", ""); - if(!$db) die("Could not connect to database ".mysql_error()); - mysql_select_db("gentoaster"); + $db = mysql_connect(MYSQL_HOSTNAME, MYSQL_USERNAME, MYSQL_PASSWORD); + if (!$db) { + die("Could not connect to database ".mysql_error()); + } + mysql_select_db(MYSQL_DATABASE); $query = "INSERT INTO builds (id, handle) ". "VALUES('".$buildID."','".$handle."')"; mysql_query($query); diff --git a/web/recaptcha.php b/web/recaptcha.php new file mode 100644 index 0000000..32c4f4d --- /dev/null +++ b/web/recaptcha.php @@ -0,0 +1,277 @@ + $value ) + $req .= $key . '=' . urlencode( stripslashes($value) ) . '&'; + + // Cut the last '&' + $req=substr($req,0,strlen($req)-1); + return $req; +} + + + +/** + * Submits an HTTP POST to a reCAPTCHA server + * @param string $host + * @param string $path + * @param array $data + * @param int port + * @return array response + */ +function _recaptcha_http_post($host, $path, $data, $port = 80) { + + $req = _recaptcha_qsencode ($data); + + $http_request = "POST $path HTTP/1.0\r\n"; + $http_request .= "Host: $host\r\n"; + $http_request .= "Content-Type: application/x-www-form-urlencoded;\r\n"; + $http_request .= "Content-Length: " . strlen($req) . "\r\n"; + $http_request .= "User-Agent: reCAPTCHA/PHP\r\n"; + $http_request .= "\r\n"; + $http_request .= $req; + + $response = ''; + if( false == ( $fs = @fsockopen($host, $port, $errno, $errstr, 10) ) ) { + die ('Could not open socket'); + } + + fwrite($fs, $http_request); + + while ( !feof($fs) ) + $response .= fgets($fs, 1160); // One TCP-IP packet + fclose($fs); + $response = explode("\r\n\r\n", $response, 2); + + return $response; +} + + + +/** + * Gets the challenge HTML (javascript and non-javascript version). + * This is called from the browser, and the resulting reCAPTCHA HTML widget + * is embedded within the HTML form it was called from. + * @param string $pubkey A public key for reCAPTCHA + * @param string $error The error given by reCAPTCHA (optional, default is null) + * @param boolean $use_ssl Should the request be made over ssl? (optional, default is false) + + * @return string - The HTML to be embedded in the user's form. + */ +function recaptcha_get_html ($pubkey, $error = null, $use_ssl = false) +{ + if ($pubkey == null || $pubkey == '') { + die ("To use reCAPTCHA you must get an API key from https://www.google.com/recaptcha/admin/create"); + } + + if ($use_ssl) { + $server = RECAPTCHA_API_SECURE_SERVER; + } else { + $server = RECAPTCHA_API_SERVER; + } + + $errorpart = ""; + if ($error) { + $errorpart = "&error=" . $error; + } + return ' + + '; +} + + + + +/** + * A ReCaptchaResponse is returned from recaptcha_check_answer() + */ +class ReCaptchaResponse { + var $is_valid; + var $error; +} + + +/** + * Calls an HTTP POST function to verify if the user's guess was correct + * @param string $privkey + * @param string $remoteip + * @param string $challenge + * @param string $response + * @param array $extra_params an array of extra variables to post to the server + * @return ReCaptchaResponse + */ +function recaptcha_check_answer ($privkey, $remoteip, $challenge, $response, $extra_params = array()) +{ + if ($privkey == null || $privkey == '') { + die ("To use reCAPTCHA you must get an API key from https://www.google.com/recaptcha/admin/create"); + } + + if ($remoteip == null || $remoteip == '') { + die ("For security reasons, you must pass the remote ip to reCAPTCHA"); + } + + + + //discard spam submissions + if ($challenge == null || strlen($challenge) == 0 || $response == null || strlen($response) == 0) { + $recaptcha_response = new ReCaptchaResponse(); + $recaptcha_response->is_valid = false; + $recaptcha_response->error = 'incorrect-captcha-sol'; + return $recaptcha_response; + } + + $response = _recaptcha_http_post (RECAPTCHA_VERIFY_SERVER, "/recaptcha/api/verify", + array ( + 'privatekey' => $privkey, + 'remoteip' => $remoteip, + 'challenge' => $challenge, + 'response' => $response + ) + $extra_params + ); + + $answers = explode ("\n", $response [1]); + $recaptcha_response = new ReCaptchaResponse(); + + if (trim ($answers [0]) == 'true') { + $recaptcha_response->is_valid = true; + } + else { + $recaptcha_response->is_valid = false; + $recaptcha_response->error = $answers [1]; + } + return $recaptcha_response; + +} + +/** + * gets a URL where the user can sign up for reCAPTCHA. If your application + * has a configuration page where you enter a key, you should provide a link + * using this function. + * @param string $domain The domain where the page is hosted + * @param string $appname The name of your application + */ +function recaptcha_get_signup_url ($domain = null, $appname = null) { + return "https://www.google.com/recaptcha/admin/create?" . _recaptcha_qsencode (array ('domains' => $domain, 'app' => $appname)); +} + +function _recaptcha_aes_pad($val) { + $block_size = 16; + $numpad = $block_size - (strlen ($val) % $block_size); + return str_pad($val, strlen ($val) + $numpad, chr($numpad)); +} + +/* Mailhide related code */ + +function _recaptcha_aes_encrypt($val,$ky) { + if (! function_exists ("mcrypt_encrypt")) { + die ("To use reCAPTCHA Mailhide, you need to have the mcrypt php module installed."); + } + $mode=MCRYPT_MODE_CBC; + $enc=MCRYPT_RIJNDAEL_128; + $val=_recaptcha_aes_pad($val); + return mcrypt_encrypt($enc, $ky, $val, $mode, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"); +} + + +function _recaptcha_mailhide_urlbase64 ($x) { + return strtr(base64_encode ($x), '+/', '-_'); +} + +/* gets the reCAPTCHA Mailhide url for a given email, public key and private key */ +function recaptcha_mailhide_url($pubkey, $privkey, $email) { + if ($pubkey == '' || $pubkey == null || $privkey == "" || $privkey == null) { + die ("To use reCAPTCHA Mailhide, you have to sign up for a public and private key, " . + "you can do so at http://www.google.com/recaptcha/mailhide/apikey"); + } + + + $ky = pack('H*', $privkey); + $cryptmail = _recaptcha_aes_encrypt ($email, $ky); + + return "http://www.google.com/recaptcha/mailhide/d?k=" . $pubkey . "&c=" . _recaptcha_mailhide_urlbase64 ($cryptmail); +} + +/** + * gets the parts of the email to expose to the user. + * eg, given johndoe@example,com return ["john", "example.com"]. + * the email is then displayed as john...@example.com + */ +function _recaptcha_mailhide_email_parts ($email) { + $arr = preg_split("/@/", $email ); + + if (strlen ($arr[0]) <= 4) { + $arr[0] = substr ($arr[0], 0, 1); + } else if (strlen ($arr[0]) <= 6) { + $arr[0] = substr ($arr[0], 0, 3); + } else { + $arr[0] = substr ($arr[0], 0, 4); + } + return $arr; +} + +/** + * Gets html to display an email address given a public an private key. + * to get a key, go to: + * + * http://www.google.com/recaptcha/mailhide/apikey + */ +function recaptcha_mailhide_html($pubkey, $privkey, $email) { + $emailparts = _recaptcha_mailhide_email_parts ($email); + $url = recaptcha_mailhide_url ($pubkey, $privkey, $email); + + return htmlentities($emailparts[0]) . "...@" . htmlentities ($emailparts [1]); + +} + + +?> diff --git a/web/status.php b/web/status.php index 20aacec..86e7e0e 100644 --- a/web/status.php +++ b/web/status.php @@ -1,13 +1,20 @@