[sqwebmail] Patch for vqsignup (validation by generated image)

Wed, 03 Sep 2003 20:31:40 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

Here is the patch for vqsignup I sended it to the maintainer.
Maybe some of you will be interested. 

The easyest way is to replace the var.c file.
Thanks to CYBz for his help !

Guillaume

- --------------------------------------------------------------
*>*>*> Begin forwarded message:

Date: Wed, 3 Sep 2003 20:17:10 -0500
From: Guillaume <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED],[EMAIL PROTECTED]
Subject: Patch for vqsignup (validation by generated image)


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

I added some C code to the 'var.c' file of vqsignup-0.5,
maybe it will be of some interest for you and others.

The goal was to prevent signup 'flood' by web robots and thus
have a more secure way to offer eMail signup to individuals.

To do this, a PHP script is called <img src=img.php> by
the signup page, it generates a random image with 4 characters
and also puts thoses 4 chars in a hidden text file.

The vqsignup.cgi simply compares the input of the user on the
'mage' field with the content of the php-created text file, 
if it is found wrong it returns a the FIELD error.

You can see the demonstration on http://mail.dune2.info/signup
(Enter an username and clic on 'Create' to see the picture-check).

Attached to this eMail are
- - - The new 'var.c' file (the additions are marked '//mage')
- - - The patch file for the old 'var.c'
- - - The slightly modified PHP image-gen lib by Kevin Gilbertson

There is still room for much improvement in the code, like
having the FILENAME path in the configuration file or a specific
html error page...  but as this isn't supposed to be setup by
everyday desktop users it shouldn't be a big problem :)

Take care,
Guillaume

- - -- 
Clef 0x6D525996 |> www.keyserver.net pgp.mit.edu pki.surfnet.nl
Fingerprint = 3B64 5F7C B27B A047 AF4F E5FD A2A3 B0D3 6D52 5996
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE/VpKWoqOw021SWZYRAtetAJ9UDH4V8BcUgnZIjWZtatu7PJrF+wCfVjrZ
K2X4Aqk1q116Dxu98fstUl4=
=Ayts
- -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE/VpW1oqOw021SWZYRAo30AJsH4xngnxepz0GqjgWkY+Ud/iz/PACgj9ZG
oNwj1ZPVxe1GLfE8wzYha6U=
=MWad
-----END PGP SIGNATURE-----

Attachment: var.c
Description: Binary data

Attachment: var.c.patch
Description: Binary data

Attachment: pwgen.tar.gz
Description: Binary data

Reply via email to