Added captcha to registration process.

api.php

@@ -75,16 +75,24 @@
 										'id'=>'register'
 									)
 								);
-								if(isset($_GET['username'])&&isset($_GET['password'])&&isset($_GET['email'])){
-									if(addUser($_GET['username'],$_GET['password'],$_GET['email'])){
-										$key = login($_GET['username'],$_GET['password']);
-										$_SESSION['username'] = $_GET['username'];
-										sendMail('welcome','Welcome!',$_GET['email'],get('email'),Array($_GET['username'],$_GET['password'],get('email')));
+								if(isvalid('username')&&isvalid('password')&&isvalid('password1')&&isvalid('email')&&isvalid('captcha')){
+									if($_GET['password']==$_GET['password1']){
+										if(compare_captcha($_GET['captcha'])){
+											if(addUser($_GET['username'],$_GET['password'],$_GET['email'])){
+												$key = login($_GET['username'],$_GET['password']);
+												$_SESSION['username'] = $_GET['username'];
+												sendMail('welcome','Welcome!',$_GET['email'],get('email'),Array($_GET['username'],$_GET['password'],get('email')));
+											}else{
+												$ret['error'] = "Could not add user. ".$mysqli->error;
+											}
+										}else{
+											$ret['error'] = "Captcha did not match.";
+										}
 									}else{
-										$ret['error'] = "Could not add user. ".$mysqli->error;
+										$ret['error'] = "Passwords didn't match.";
 									}
 								}else{
-									$ret['error'] = "That username already exists!";
+									$ret['error'] = "Please fill in all the fields.";
 								}
 								retj($ret,$id);
 							break;

data/pages/register.template

@@ -14,15 +14,17 @@
 	<div>
 		Verify Password: <input name="password1" type="password"/>
 	</div>
+	<div>
+		<image id="captcha" src="index.php?get=captcha"/>
+		<br/>
+		Captcha: <input name="captcha" type="text"/>
+	</div>
 	<input type="submit" value="register"/>
 	<input type="button" value="cancel" class="cancel"/>
 </form>
 <script>
 	$('form#register').submit(function(){
-		var p0 = $(this).find('input[name=password]').val(),
-			p1 = $(this).find('input[name=password1]').val();
-		if(p0!=''&&p1!=''&&p0==p1){
-			var data = $(this).serializeObject(),
+		var data = $(this).serializeObject(),
 				State = History.getState();
 			for(var i in State.data){
 				data[i] = State.data;
@@ -35,12 +37,10 @@
 					loadState('page-index');
 				}else{
 					setKey(null);
-					loadState('page-register');
+					$('#captcha').attr('src','index.php?get=captcha&timestamp='+new Date);
+					$('#loading').hide();
 				}
 			});
-		}else{
-			alert('The password must match!');
-		}
 		return false;
 	}).children('.cancel').click(function(){
 		loadState('page-index');

index.php

@@ -47,6 +47,9 @@
 				}
 				die(json_encode($settings));
 			break;
+			case 'captcha':
+				generate_captcha();
+			break;
 		}
 	}
 ?>

php/captcha.php

@@ -0,0 +1,35 @@
+<?php
+    require_once(realpath(dirname(__FILE__)).'/config.php');
+    require_once(PATH_PHP.'security.php');
+    function generate_captcha(){
+		$captcha = substr(md5(rand()),0,7);
+		$_SESSION['captcha'] = $captcha;
+		//Set the image width and height
+		$width = 100;
+		$height = 20; 
+		//Create the image resource 
+		$image = ImageCreate($width, $height);  
+		//We are making three colors, white, black and gray
+		$white = ImageColorAllocate($image, 255, 255, 255);
+		$black = ImageColorAllocate($image, 0, 0, 0);
+		$grey = ImageColorAllocate($image, 204, 204, 204);
+		//Make the background black 
+		ImageFill($image, 0, 0, $black); 
+		//Add randomly generated string in white to the image
+		ImageString($image, 3, 30, 3, $captcha, $white); 
+		//Throw in some lines to make it a little bit harder for any bots to break 
+		ImageRectangle($image,0,0,$width-1,$height-1,$grey); 
+		imageline($image, 0, $height/2, $width, $height/2, $grey); 
+		imageline($image, $width/2, 0, $width/2, $height, $grey); 
+		//Tell the browser what kind of file is come in 
+		header("Content-Type: image/jpeg"); 
+		//Output the newly created image in jpeg format 
+		ImageJpeg($image);
+		//Free up resources
+		ImageDestroy($image);
+		exit();
+	}
+	function compare_captcha($captcha){
+		return isset($_SESSION['captcha'])&&$captcha == $_SESSION['captcha'];
+	}
+?>

php/config.php

@@ -1,4 +1,5 @@
 <?php
+	@session_start();
 	define('PATH_ROOT',realpath(dirname(__FILE__)).'/../');
 	define('PATH_CONFIG',PATH_ROOT.'config.json');
 	define('PATH_DEFAULT_CONFIG',PATH_ROOT.'config.default.json');

php/functions.php

@@ -51,4 +51,10 @@
 		);
 		die(json_encode($json));
 	}
+	function isvalid($col,$v=null){
+		if($v == null){
+			$v = $_GET;
+		}
+		return isset($v[$col]) && !empty($v[$col]);
+	}
 ?>

php/include.php

@@ -9,6 +9,7 @@
 	require_once(PATH_PHP.'database.php');
 	require_once(PATH_PHP.'functions.php');
 	require_once(PATH_PHP.'security.php');
+	require_once(PATH_PHP.'captcha.php');
 	require_once(PATH_PHP.'user.php');
 	require_once(PATH_PHP.'emails.php');
 	authenticate();

php/security.php

@@ -1,6 +1,6 @@
 <?php
 	function salt(){
-		return uniqid(mt_rand(0,61), true);
+		return uniqid(mt_rand(0,61),true);
 	}
 	function saltedHash($pass,$salt){
 		$hash = $pass.$salt;