securimage.php を解析してみる。
L:618行目付近 ”function check($code)”
1 | function check( $code ) |
2 | { |
3 | // 考えながら検証する |
4 | // $code: POSTしたデータ |
5 | // echo $code; // ←POSTしたデータ |
6 | |
7 | $this ->code_entered = $code ; |
8 | $this ->validate(); |
9 | return $this ->correct_code; |
10 | } |
L:1170付近 ”function validate()”
1 | function validate() |
2 | { |
3 | // retrieve code from session, if no code exists check sqlite database if supported. |
4 | $code = '' ; |
5 |
6 | if (isset( $_SESSION [ 'securimage_code_value' ]) && trim( $_SESSION [ 'securimage_code_value' ]) != '' ) { |
7 | if ( $this ->isCodeExpired( $_SESSION [ 'securimage_code_ctime' ]) == false) { |
8 | $code = $_SESSION [ 'securimage_code_value' ]; |
9 | } |
10 | } else if ( $this ->use_sqlite_db == true && function_exists( 'sqlite_open' )) { // no code in session - may mean user has cookies turned off |
11 | $this ->openDatabase(); |
12 | $code = $this ->getCodeFromDatabase(); |
13 | } else { /* session code invalid or non-existant and code not found in sqlite db or sqlite is not available */ } |
14 | |
15 | $code = trim( strtolower ( $code )); |
16 | $code_entered = trim( strtolower ( $this ->code_entered)); |
17 | $this ->correct_code = false; |
18 | |
19 | // echo '----------------'.$code_entered .'------------------'; |
20 | //$code_entered: 入力したデータを小文字にしたもの |
21 | // echo $_SESSION['securimage_code_value']; |
22 | // echo '==================='; |
23 | // echo $_SESSION['securimage_code_ctime']; |
24 | |
25 | |
26 | if ( $code != '' ) { |
27 | if ( $code == $code_entered ) { |
28 | $this ->correct_code = true; |
29 | $_SESSION [ 'securimage_code_value' ] = '' ; // ← 照合する元データ |
30 | $_SESSION [ 'securimage_code_ctime' ] = '' ; // ← 照合する元データの生成時刻 |
31 | $this ->clearCodeFromDatabase(); |
32 | } |
33 | } |
34 | } |