From 6eb4e9ba3c6db784ec75e319864b81cecf88d252 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Roland=20H=C3=A4der?= Date: Thu, 26 Jun 2008 17:28:56 +0000 Subject: [PATCH] CAPTCHA code now gets validated --- ...ass_GraphicalCodeCaptchaVerifierFilter.php | 63 ++++++++++++++++++- 1 file changed, 62 insertions(+), 1 deletion(-) diff --git a/inc/classes/main/filter/verifier/class_GraphicalCodeCaptchaVerifierFilter.php b/inc/classes/main/filter/verifier/class_GraphicalCodeCaptchaVerifierFilter.php index 5a584cb..b0de5d3 100644 --- a/inc/classes/main/filter/verifier/class_GraphicalCodeCaptchaVerifierFilter.php +++ b/inc/classes/main/filter/verifier/class_GraphicalCodeCaptchaVerifierFilter.php @@ -59,7 +59,68 @@ class GraphicalCodeCaptchaVerifierFilter extends BaseFilter implements Filterabl * @return void */ public function execute (Requestable $requestInstance, Responseable $responseInstance) { - $requestInstance->debugInstance(); + // Get the captcha code + $captchaCode = $requestInstance->getRequestElement('c_code'); + + // Is this set? + if (is_null($captchaCode)) { + // Not set so request is invalid + $requestInstance->requestIsValid(false); + + // Add fatal message + $responseInstance->addFatalMessage('captcha_code_unset'); + + // Skip further processing + return false; + } elseif (empty($captchaCode)) { + // Empty value so request is invalid + $requestInstance->requestIsValid(false); + + // Add fatal message + $responseInstance->addFatalMessage('captcha_code_empty'); + + // Skip further processing + return false; + } + + // Get the hash as well + $captchaHash = $requestInstance->getRequestElement('hash'); + + // Is this set? + if (is_null($captchaHash)) { + // Not set so request is invalid + $requestInstance->requestIsValid(false); + + // Add fatal message + $responseInstance->addFatalMessage('captcha_hash_unset'); + + // Skip further processing + return false; + } elseif (empty($captchaHash)) { + // Empty value so request is invalid + $requestInstance->requestIsValid(false); + + // Add fatal message + $responseInstance->addFatalMessage('captcha_hash_empty'); + + // Skip further processing + return false; + } + + // Now, both are set hash the given one. First get a crypto instance + $cryptoInstance = ObjectFactory::createObjectByConfiguredName('crypto_class'); + + // Then hash the code + $hashedCode = $cryptoInstance->hashString($captchaCode, $captchaHash); + + // Is this CAPTCHA valid? + if ($hashedCode != $captchaHash) { + // Not the same so request is invalid + $requestInstance->requestIsValid(false); + + // Add fatal message + $responseInstance->addFatalMessage('captcha_hash_mismatch'); + } // END - not the same! } } -- 2.39.5