3 namespace CoreFramework\Filter\Verifier\Captcha;
6 * A concrete filter for validating code graphical CAPTCHAs with hashes
8 * @author Roland Haeder <webmaster@shipsimu.org>
10 * @copyright Copyright (c) 2007, 2008 Roland Haeder, 2009 - 2017 Core Developer Team
11 * @license GNU GPL 3.0 or any newer version
12 * @link http://www.shipsimu.org
14 * This program is free software: you can redistribute it and/or modify
15 * it under the terms of the GNU General Public License as published by
16 * the Free Software Foundation, either version 3 of the License, or
17 * (at your option) any later version.
19 * This program is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU General Public License for more details.
24 * You should have received a copy of the GNU General Public License
25 * along with this program. If not, see <http://www.gnu.org/licenses/>.
27 class GraphicalCodeCaptchaVerifierFilter extends BaseFilter implements Filterable {
29 * Protected constructor
33 protected function __construct () {
34 // Call parent constructor
35 parent::__construct(__CLASS__);
39 * Creates an instance of this filter class
41 * @return $filterInstance An instance of this filter class
43 public static final function createGraphicalCodeCaptchaVerifierFilter () {
45 $filterInstance = new GraphicalCodeCaptchaVerifierFilter();
47 // Return the instance
48 return $filterInstance;
52 * Executes the filter with given request and response objects
54 * @param $requestInstance An instance of a class with an Requestable interface
55 * @param $responseInstance An instance of a class with an Responseable interface
57 * @throws FilterChainException If this filter fails to operate
59 public function execute (Requestable $requestInstance, Responseable $responseInstance) {
61 if (($requestInstance->getRequestElement('command') !== 'do_form') || (!$requestInstance->isRequestElementSet('form'))) {
62 // Required field not set
63 $requestInstance->requestIsValid(FALSE);
66 $responseInstance->addFatalMessage('command_form_invalid');
68 // Skip further processing
69 throw new FilterChainException($this, self::EXCEPTION_FILTER_CHAIN_INTERCEPTED);
72 // Create config entry
73 $configKey = sprintf('%s_captcha_secured',
74 $requestInstance->getRequestElement('form')
77 // Is the CAPTCHA enabled?
78 if ($this->getConfigInstance()->getConfigEntry($configKey) != 'Y') {
79 // Not enabled, so don't check
83 // Get the captcha code
84 $captchaCode = $requestInstance->getRequestElement('c_code');
87 if (is_null($captchaCode)) {
88 // Not set so request is invalid
89 $requestInstance->requestIsValid(FALSE);
92 $responseInstance->addFatalMessage('captcha_code_unset');
94 // Skip further processing
95 throw new FilterChainException($this, self::EXCEPTION_FILTER_CHAIN_INTERCEPTED);
96 } elseif (empty($captchaCode)) {
97 // Empty value so request is invalid
98 $requestInstance->requestIsValid(FALSE);
101 $responseInstance->addFatalMessage('captcha_code_empty');
103 // Skip further processing
104 throw new FilterChainException($this, self::EXCEPTION_FILTER_CHAIN_INTERCEPTED);
107 // Get the hash as well
108 $captchaHash = $requestInstance->getRequestElement('hash');
111 if (is_null($captchaHash)) {
112 // Not set so request is invalid
113 $requestInstance->requestIsValid(FALSE);
116 $responseInstance->addFatalMessage('captcha_hash_unset');
118 // Skip further processing
119 throw new FilterChainException($this, self::EXCEPTION_FILTER_CHAIN_INTERCEPTED);
120 } elseif (empty($captchaHash)) {
121 // Empty value so request is invalid
122 $requestInstance->requestIsValid(FALSE);
125 $responseInstance->addFatalMessage('captcha_hash_empty');
127 // Skip further processing
128 throw new FilterChainException($this, self::EXCEPTION_FILTER_CHAIN_INTERCEPTED);
131 // Now, both are set hash the given one. First get a crypto instance
132 $cryptoInstance = ObjectFactory::createObjectByConfiguredName('crypto_class');
134 // Then hash the code
135 $hashedCode = $cryptoInstance->hashString($captchaCode, $captchaHash);
137 // Is this CAPTCHA valid?
138 if ($hashedCode != $captchaHash) {
139 // Not the same so request is invalid
140 $requestInstance->requestIsValid(FALSE);
143 $responseInstance->addFatalMessage('captcha_hash_mismatch');
145 // Skip further processing
146 throw new FilterChainException($this, self::EXCEPTION_FILTER_CHAIN_INTERCEPTED);
147 } // END - not the same!