Thu, 13 May 2010 09:31:01 -0500
Initial commit
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/backend_ejabberd_postgres.php Thu May 13 09:31:01 2010 -0500 @@ -0,0 +1,40 @@ +<?php + +Class RegistrationBackend { + + protected $dbconn; + + function init($config) + { + $this->dbconn = pg_connect("host={$config['dbhost']} dbname={$config['dbname']}\ + user={$config['dbuser']} password={$config['dbpass']}") + or die('Could not connect: ' . pg_last_error()); + } + + function validate($user, $pass) + { + return FALSE; + } + + function exists($user) + { + $result = pg_query_params('SELECT * FROM users WHERE username = $1 LIMIT 1', + array($user)); + if (pg_num_rows($result) > 0 ) + return TRUE; + return FALSE; + } + + function create($user, $pass) + { + return pg_query_params('INSERT INTO users ("username", "password") VALUES($1, $2)', + array($user, $pass)); + } + + function close() + { + pg_close($this->dbconn); + } +} + +?>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/backend_isode_ldap.php Thu May 13 09:31:01 2010 -0500 @@ -0,0 +1,106 @@ +<?php + +Class RegistrationBackend { + + protected $dbconn; + + protected $hostname = "localhost"; + protected $port = 389; + protected $bind_dn; + protected $bind_pw; + protected $base_dn; + protected $objectClass = array( + "cmuSaslUser", + "mboxUser", + "inetUser", + "inetOrgPerson", + "organizationalPerson", + "person" + ); + + protected $debug = FALSE; + + private $ldap; + + function init($config) + { + if(array_key_exists('ldapHostname', $config)) + $this->hostname = $config['ldapHostname']; + if(array_key_exists('ldapPort', $config)) + $this->port = $config['ldapPort']; + if(array_key_exists('ldapBindDN', $config)) + $this->bind_dn = $config['ldapBindDN']; + if(array_key_exists('ldapBindPass', $config)) + $this->bind_pw = $config['ldapBindPass']; + if(array_key_exists('ldapBaseDN', $config)) + $this->base_dn = $config['ldapBaseDN']; + + if($config['debug']) + $this->debug = TRUE; + + $this->ldap = ldap_connect($this->hostname, $this->port) + or die("Cannot connect to DSA"); + + ldap_set_option($this->ldap, LDAP_OPT_PROTOCOL_VERSION, 3); + + ldap_bind($this->ldap, $this->bind_dn, $this->bind_pw) + or die("Cannot bind to DSA"); + } + + function validate($user, $pass) + { + if(strcspn($user, " \"#+,;<=>\\") !== strlen($user)) + return "Your username contains invalid characters."; + return NULL; + } + + function exists($user) + { + $dn = "uid=" . $user . "," . $this->base_dn; + $res = @ldap_read($this->ldap, $dn, "objectClass=inetOrgPerson"); + if($res === FALSE) + return FALSE; + return TRUE; + } + + function create($user, $pass) + { + $dn = "uid=" . $user . "," . $this->base_dn; + + $attrs["objectClass"] = $this->objectClass; + $attrs["uid"] = $user; + $attrs["userPassword"] = $pass; + + # X.500 person class requires a Surname. + $attrs["sn"] = $user; + + # Something else (?) requires a CommonName. + $attrs["cn"] = $attrs["sn"]; + + if (@ldap_add($this->ldap, $dn, $attrs)) + { + return TRUE; + } + else + { + if($this->debug) + { + $errno = ldap_errno($this->ldap); + echo "<p>Exciting error number " . $errno . ": <i>" . ldap_err2str($errno) . "</i></p>"; + echo "<p>DN: " . $dn . "</p>"; + echo "<p>Attrs: <pre>"; + print_r($attrs); + echo "</pre></p>"; + } + return FALSE; + } + } + + + function close() + { + ldap_unbind($this->ldap); + } +} + +?>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/config.php.example Thu May 13 09:31:01 2010 -0500 @@ -0,0 +1,34 @@ +<?php + +$config = Array( + // Which registration backend to use + "backend" => "ejabberd_postgres", + + // For display purposes + "host" => "example.com", + "website" => "http://example.com/", + + // For database backends + "dbhost" => "localhost", + "dbuser" => "abc", + "dbpass" => "secret", + + // For LDAP backends + "ldapHostname" => "localhost", + "ldapPort" => 389, + "ldapBindPass" => "s3cr3t", + "ldapBindDN" => "cn=DSA Manager,cn=dsa,o=Org", + "ldapBaseDN" => "ou=Users,dc=jabber,dc=org,o=Org", + + // Your ReCAPCTHA keys (from http://recaptcha.net/api/getkey ) + "recaptchaPrivateKey" => "abcdefghijklmnopqrstuvwxyz", + "recaptchaPublicKey" => "abcdefghijklmnopqrstuvwxyz", + + // Page theme + "theme" => "default", + + // Temporarily change to TRUE if you need more output + "debug" => FALSE +); + +?>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/index.php Thu May 13 09:31:01 2010 -0500 @@ -0,0 +1,206 @@ +<?php + +require_once('recaptchalib.php'); +require_once('config.php'); + +if(!array_key_exists('backend', $config)) + die("Please specify a backend in config.php!"); + +if($config['debug']) + include('backend_'.$config['backend'].'.php'); +else + @include('backend_'.$config['backend'].'.php'); + +if(class_exists("RegistrationBackend")) +{ + $registration_backend = new RegistrationBackend(); +} +else +{ + echo('Failed to initialize backend "'.$config['backend'].'": '); + + if(!$config['debug']) + echo('enable debug in the config for more info.'); + else + include('backend_'.$config['backend'].'.php'); + die(); +} + +header( 'Content-type: text/html; charset=utf-8' ); + +?> +<html> +<head> + <link rel='stylesheet' href='themes/<?php echo $config['theme']; ?>/style.css' /> +</head> +<body> + +<?php @include('themes/'.$config['theme'].'/header.php'); ?> + +<div id="box"> + +<?php +if (!$_POST["submit"]) +{ +?> + +<h2>Register a <?php echo ucfirst($config['host']); ?> account</h2> +<p>Use the form below to create an account.</p> +<form method="post"> + <table> + <tr><td class="label">Username:</td><td><input type="text" class="edit username" name="username" size="10" />@<?php echo $config['host']; ?></td></tr> + <tr><td class="label">Password:</td><td><input type="password" class="edit" name="password" size="15"/></td></tr> + <tr><td class="label">Re-type password:</td><td><input type="password" class="edit" name="password2" size="15"/></td></tr> + <tr><td colspan="2" style="text-align:center; margin-left:auto; margin-right:auto;" align="center"> + <center> + <div id="captcha"> + <?php echo recaptcha_get_html($config['recaptchaPublicKey'], null, !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off'); ?> + </div> + </center> + </td></tr> + <tr><td colspan="2" style="text-align:center;"> + <input type="submit" name="submit" value="Register" /> + </td></tr> +</form> + +<?php +} +else +{ + // Process submission + $resp = recaptcha_check_answer ($config['recaptchaPrivateKey'], + $_SERVER["REMOTE_ADDR"], + $_POST["recaptcha_challenge_field"], + $_POST["recaptcha_response_field"]); + if ($resp->is_valid) + { + $registration_backend->init($config); + $user = $_POST['username']; + $pass = $_POST['password']; + $pass2 = $_POST['password2']; + + $ok = true; + + if (!$user) + { + echo '<p>Sorry, you didn\'t tell us which username you want! Please <a href="./">go back</a> and try again.</p>'; + $ok = false; + } + + if($pass !== $pass2) + { + echo '<p>The two passwords you typed are not the same, please <a href="./">go back</a> and try more carefully! :-)</p>'; + $ok = false; + } + + if($ok) + { + if(!mb_check_encoding($user, 'UTF-8') || !mb_check_encoding($pass, 'UTF-8')) + { + echo '<p>Sorry, your browser sent an invalid form entry. Try removing special characters from your username/password.</p>'; + echo '<p>Alternatively please try a different browser and re-submit <a href="./">the form</a>.</p>'; + $ok = false; + } + else + { + $user = mb_strtolower($user, 'UTF-8'); + } + } + + // Check that username is valid for a JID + if ($ok && strlen($user) > 255) + { + echo '<p>Sorry, the username you entered is waaaaay too long. <a href="./">Please try</a> something shorter!</p>'; + $ok = false; + } + + if ($ok) + { + if (strcspn($user, "\"&'/:<>@".chr(127)) !== strlen($user)) + { + echo '<p>Sorry, that username contains invalid characters (such as &, <, >, / etc.). Please remove them and <a href="./">try again</a>.</p>'; + echo strcspn($user, "\"&'/:<>@".chr(127))." vs ".strlen($user); + $ok = false; + } + else if (strpos($user, chr(255).chr(254)) || strpos($user, chr(255.255))) + { + echo '<p>Sorry, that username contains invalid characters. Please remove them and <a href="./">try again</a>.</p>'; + $ok = false; + } + else + { + $charfreq = array_keys(count_chars($user, 1)); + if (min($charfreq) <= 32) + { + echo '<p>Sorry, that username contains invalid characters. For example you cannot use spaces in a username. Please <a href="./">go back</a>, remove them, and try again.</p>'; + $ok = false; + } + } + + } + + if ($ok && (strlen($pass) < 6)) + { + echo '<p>Your password isn\'t long enough. It needs to be at least 6 characters long, to make sure that it can\'t be easily guessed. <a href="./">Go back</a> and try again.</p>'; + $ok = false; + } + + if ($ok) + { + $backend_message = $registration_backend->validate($user, $pass); + if($backend_message) + { + echo "<p>".htmlentities($backend_message)." Please <a href='./'>go back</a> and try again.</p>"; + $ok = false; + } + } + + // Check that username does not already exist + if ($ok) + { + if($registration_backend->exists($user)) + { + echo '<p>A user with that name already exists, please <a href="./">go back</a> and choose a different username.</p>'; + $ok = false; + } + } + + if ($ok) + { + $result = $registration_backend->create($user, $pass); + if ($result) + { + echo '<p>You successfully registered the Jabber ID<br/><b>'.$_POST["username"].'@'.$config['host'].'</b></p>'; + echo "<div style='text-align:left;'>"; + echo "<p>If you haven't already, now is a good time to "; + echo "<a href='http://www.jabber.org/index.php/download-a-client/'>download a client</a> which you can "; + echo 'use to log into your new account.</p>'; + echo '<p>Wondering what you can do with your new <a href="'.$config['website'].'">'.$config['host'].'</a> account? '; + echo 'Here are some services at which you can use your Jabber ID:</p>'; + echo '<ul>'; + echo '<li><a href="http://identi.ca/">identi.ca</a> - Open microblogging service</li>'; + echo '<li><a href="http://speeqe.com/">Speeqe</a> - Web-based Jabber chatrooms</li>'; + echo '</ul>'; + echo '<p><b>Did you know?</b> <a href="http://www.google.com/talk/">Google Talk</a> is one of the many other '; + echo '<a href="http://xmpp.org/services/">Jabber-compatible services</a>, which '; + echo 'means you can add your Gmail and Google Apps friends directly to your '.ucfirst($config['host']).' contact list!</p>'; + echo '</div>'; + } + else + echo '<p>There was a problem creating your account. If the problem persists, please <a href="http://speeqe.com/room/jabber@conference.jabber.org/">contact us</a>.</p>'; + } + $registration_backend->close(); + } + else + { + echo '<p>Sorry, the CAPTCHA text you entered was incorrect, please <a href="./">go back</a> and try again.</p>'; + if($config['debug']) + echo '('.$resp->error.')'; + } +} +?> + +</div> +<?php @include('themes/'.$config['theme'].'/footer.php'); ?> +</body> +</html>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/recaptchalib.php Thu May 13 09:31:01 2010 -0500 @@ -0,0 +1,277 @@ +<?php +/* + * This is a PHP library that handles calling reCAPTCHA. + * - Documentation and latest version + * http://recaptcha.net/plugins/php/ + * - Get a reCAPTCHA API Key + * http://recaptcha.net/api/getkey + * - Discussion group + * http://groups.google.com/group/recaptcha + * + * Copyright (c) 2007 reCAPTCHA -- http://recaptcha.net + * AUTHORS: + * Mike Crawford + * Ben Maurer + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +/** + * The reCAPTCHA server URL's + */ +define("RECAPTCHA_API_SERVER", "http://api.recaptcha.net"); +define("RECAPTCHA_API_SECURE_SERVER", "https://api-secure.recaptcha.net"); +define("RECAPTCHA_VERIFY_SERVER", "api-verify.recaptcha.net"); + +/** + * Encodes the given data into a query string format + * @param $data - array of string elements to be encoded + * @return string - encoded request + */ +function _recaptcha_qsencode ($data) { + $req = ""; + foreach ( $data as $key => $value ) + $req .= $key . '=' . urlencode( stripslashes($value) ) . '&'; + + // Cut the last '&' + $req=substr($req,0,strlen($req)-1); + return $req; +} + + + +/** + * Submits an HTTP POST to a reCAPTCHA server + * @param string $host + * @param string $path + * @param array $data + * @param int port + * @return array response + */ +function _recaptcha_http_post($host, $path, $data, $port = 80) { + + $req = _recaptcha_qsencode ($data); + + $http_request = "POST $path HTTP/1.0\r\n"; + $http_request .= "Host: $host\r\n"; + $http_request .= "Content-Type: application/x-www-form-urlencoded;\r\n"; + $http_request .= "Content-Length: " . strlen($req) . "\r\n"; + $http_request .= "User-Agent: reCAPTCHA/PHP\r\n"; + $http_request .= "\r\n"; + $http_request .= $req; + + $response = ''; + if( false == ( $fs = @fsockopen($host, $port, $errno, $errstr, 10) ) ) { + die ('Could not open socket'); + } + + fwrite($fs, $http_request); + + while ( !feof($fs) ) + $response .= fgets($fs, 1160); // One TCP-IP packet + fclose($fs); + $response = explode("\r\n\r\n", $response, 2); + + return $response; +} + + + +/** + * Gets the challenge HTML (javascript and non-javascript version). + * This is called from the browser, and the resulting reCAPTCHA HTML widget + * is embedded within the HTML form it was called from. + * @param string $pubkey A public key for reCAPTCHA + * @param string $error The error given by reCAPTCHA (optional, default is null) + * @param boolean $use_ssl Should the request be made over ssl? (optional, default is false) + + * @return string - The HTML to be embedded in the user's form. + */ +function recaptcha_get_html ($pubkey, $error = null, $use_ssl = false) +{ + if ($pubkey == null || $pubkey == '') { + die ("To use reCAPTCHA you must get an API key from <a href='http://recaptcha.net/api/getkey'>http://recaptcha.net/api/getkey</a>"); + } + + if ($use_ssl) { + $server = RECAPTCHA_API_SECURE_SERVER; + } else { + $server = RECAPTCHA_API_SERVER; + } + + $errorpart = ""; + if ($error) { + $errorpart = "&error=" . $error; + } + return '<script type="text/javascript" src="'. $server . '/challenge?k=' . $pubkey . $errorpart . '"></script> + + <noscript> + <iframe src="'. $server . '/noscript?k=' . $pubkey . $errorpart . '" height="300" width="500" frameborder="0"></iframe><br/> + <textarea name="recaptcha_challenge_field" rows="3" cols="40"></textarea> + <input type="hidden" name="recaptcha_response_field" value="manual_challenge"/> + </noscript>'; +} + + + + +/** + * A ReCaptchaResponse is returned from recaptcha_check_answer() + */ +class ReCaptchaResponse { + var $is_valid; + var $error; +} + + +/** + * Calls an HTTP POST function to verify if the user's guess was correct + * @param string $privkey + * @param string $remoteip + * @param string $challenge + * @param string $response + * @param array $extra_params an array of extra variables to post to the server + * @return ReCaptchaResponse + */ +function recaptcha_check_answer ($privkey, $remoteip, $challenge, $response, $extra_params = array()) +{ + if ($privkey == null || $privkey == '') { + die ("To use reCAPTCHA you must get an API key from <a href='http://recaptcha.net/api/getkey'>http://recaptcha.net/api/getkey</a>"); + } + + if ($remoteip == null || $remoteip == '') { + die ("For security reasons, you must pass the remote ip to reCAPTCHA"); + } + + + + //discard spam submissions + if ($challenge == null || strlen($challenge) == 0 || $response == null || strlen($response) == 0) { + $recaptcha_response = new ReCaptchaResponse(); + $recaptcha_response->is_valid = false; + $recaptcha_response->error = 'incorrect-captcha-sol'; + return $recaptcha_response; + } + + $response = _recaptcha_http_post (RECAPTCHA_VERIFY_SERVER, "/verify", + array ( + 'privatekey' => $privkey, + 'remoteip' => $remoteip, + 'challenge' => $challenge, + 'response' => $response + ) + $extra_params + ); + + $answers = explode ("\n", $response [1]); + $recaptcha_response = new ReCaptchaResponse(); + + if (trim ($answers [0]) == 'true') { + $recaptcha_response->is_valid = true; + } + else { + $recaptcha_response->is_valid = false; + $recaptcha_response->error = $answers [1]; + } + return $recaptcha_response; + +} + +/** + * gets a URL where the user can sign up for reCAPTCHA. If your application + * has a configuration page where you enter a key, you should provide a link + * using this function. + * @param string $domain The domain where the page is hosted + * @param string $appname The name of your application + */ +function recaptcha_get_signup_url ($domain = null, $appname = null) { + return "http://recaptcha.net/api/getkey?" . _recaptcha_qsencode (array ('domain' => $domain, 'app' => $appname)); +} + +function _recaptcha_aes_pad($val) { + $block_size = 16; + $numpad = $block_size - (strlen ($val) % $block_size); + return str_pad($val, strlen ($val) + $numpad, chr($numpad)); +} + +/* Mailhide related code */ + +function _recaptcha_aes_encrypt($val,$ky) { + if (! function_exists ("mcrypt_encrypt")) { + die ("To use reCAPTCHA Mailhide, you need to have the mcrypt php module installed."); + } + $mode=MCRYPT_MODE_CBC; + $enc=MCRYPT_RIJNDAEL_128; + $val=_recaptcha_aes_pad($val); + return mcrypt_encrypt($enc, $ky, $val, $mode, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"); +} + + +function _recaptcha_mailhide_urlbase64 ($x) { + return strtr(base64_encode ($x), '+/', '-_'); +} + +/* gets the reCAPTCHA Mailhide url for a given email, public key and private key */ +function recaptcha_mailhide_url($pubkey, $privkey, $email) { + if ($pubkey == '' || $pubkey == null || $privkey == "" || $privkey == null) { + die ("To use reCAPTCHA Mailhide, you have to sign up for a public and private key, " . + "you can do so at <a href='http://mailhide.recaptcha.net/apikey'>http://mailhide.recaptcha.net/apikey</a>"); + } + + + $ky = pack('H*', $privkey); + $cryptmail = _recaptcha_aes_encrypt ($email, $ky); + + return "http://mailhide.recaptcha.net/d?k=" . $pubkey . "&c=" . _recaptcha_mailhide_urlbase64 ($cryptmail); +} + +/** + * gets the parts of the email to expose to the user. + * eg, given johndoe@example,com return ["john", "example.com"]. + * the email is then displayed as john...@example.com + */ +function _recaptcha_mailhide_email_parts ($email) { + $arr = preg_split("/@/", $email ); + + if (strlen ($arr[0]) <= 4) { + $arr[0] = substr ($arr[0], 0, 1); + } else if (strlen ($arr[0]) <= 6) { + $arr[0] = substr ($arr[0], 0, 3); + } else { + $arr[0] = substr ($arr[0], 0, 4); + } + return $arr; +} + +/** + * Gets html to display an email address given a public an private key. + * to get a key, go to: + * + * http://mailhide.recaptcha.net/apikey + */ +function recaptcha_mailhide_html($pubkey, $privkey, $email) { + $emailparts = _recaptcha_mailhide_email_parts ($email); + $url = recaptcha_mailhide_url ($pubkey, $privkey, $email); + + return htmlentities($emailparts[0]) . "<a href='" . htmlentities ($url) . + "' onclick=\"window.open('" . htmlentities ($url) . "', '', 'toolbar=0,scrollbars=0,location=0,statusbar=0,menubar=0,resizable=0,width=500,height=300'); return false;\" title=\"Reveal this e-mail address\">...</a>@" . htmlentities ($emailparts [1]); + +} + + +?>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/themes/default/style.css Thu May 13 09:31:01 2010 -0500 @@ -0,0 +1,50 @@ + body + { + font-family: Helvetica,Verdana,sans-serif; + background-color:#eeeeee; + text-align:center; + margin:0; + padding:0; + } + #box + { + background-color:#aaaaaa; + display:block; + border: solid #555555 1px; + width:450px; + margin-left:auto; + margin-right:auto; + margin-top:4%; + padding:10px; + text-align:center; + } + table + { + margin-left:auto; + margin-right:auto; + } + /* td { border: solid black 1px; } */ + + .label + { + text-align:right; + width:33%; + } + + input.edit + { + border: solid #888888 1px; + } + h2 + { + text-align:center; + } + + #captcha + { + display:block; + margin-left:auto; + margin-right:auto; + width:315px; + text-align:center; + }
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/themes/jabberdotorg/header.php Thu May 13 09:31:01 2010 -0500 @@ -0,0 +1,4 @@ +<div id="header"> + <a href="http://jabber.org/"><img src="http://www.jabber.org/wp-content/themes/carrington-blog/images/logo.png" alt="Jabber logo" /></a> +</div> +<br/>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/themes/jabberdotorg/style.css Thu May 13 09:31:01 2010 -0500 @@ -0,0 +1,73 @@ + body + { + font-family: Helvetica,Verdana,sans-serif; + background-color:#860400; + text-align:center; + margin:0; + padding:0; + } + #box + { + background-color:#eeeeee; + display:block; + border: solid #cccccc 1px; + width:450px; + margin-left:auto; + margin-right:auto; + margin-top:4%; + padding:10px; + text-align:center; + } + table + { + margin-left:auto; + margin-right:auto; + /* table-layout:fixed; + border:solid black 1px; */ + } + /* td { border: solid black 1px; } */ + + .label + { + text-align:right; + width:33%; + } + + input.edit + { + border: solid #c80000 1px; + } + input.username + { + /* text-align:right; */ + } + h2 + { + text-align:center; + } + + #captcha + { + display:block; + margin-left:auto; + margin-right:auto; + width:315px; + text-align:center; + } + #header + { + display:block; + width:100%; + height:86px; + background-color:#ffffff; + /* border-bottom: solid #c80000 1px; */ + border-bottom: solid #cccccc 2px; + } + #header img + { + display:block; + float:left; + border-style:none; + height:104px; + width:268px; + }