framework/main/classes/filter/verifier/class_GraphicalCodeCaptchaVerifierFilter.php

   1 <?php
   2 // Own namespace
   3 namespace Org\Mxchange\CoreFramework\Filter\Verifier\Captcha;
   4
   5 // Import framework stuff
   6 use Org\Mxchange\CoreFramework\Bootstrap\FrameworkBootstrap;
   7 use Org\Mxchange\CoreFramework\Factory\Object\ObjectFactory;
   8 use Org\Mxchange\CoreFramework\Filter\BaseFilter;
   9 use Org\Mxchange\CoreFramework\Filter\Chain\FilterChainException;
  10 use Org\Mxchange\CoreFramework\Filter\Filterable;
  11 use Org\Mxchange\CoreFramework\Helper\Crypto\CryptoHelper;
  12 use Org\Mxchange\CoreFramework\Request\Requestable;
  13 use Org\Mxchange\CoreFramework\Response\Responseable;
  14
  15 /**
  16  * A concrete filter for validating code graphical CAPTCHAs with hashes
  17  *
  18  * @author              Roland Haeder <webmaster@shipsimu.org>
  19  * @version             0.0.0
  20  * @copyright   Copyright (c) 2007, 2008 Roland Haeder, 2009 - 2023 Core Developer Team
  21  * @license             GNU GPL 3.0 or any newer version
  22  * @link                http://www.shipsimu.org
  23  *
  24  * This program is free software: you can redistribute it and/or modify
  25  * it under the terms of the GNU General Public License as published by
  26  * the Free Software Foundation, either version 3 of the License, or
  27  * (at your option) any later version.
  28  *
  29  * This program is distributed in the hope that it will be useful,
  30  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  31  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  32  * GNU General Public License for more details.
  33  *
  34  * You should have received a copy of the GNU General Public License
  35  * along with this program. If not, see <http://www.gnu.org/licenses/>.
  36  */
  37 class GraphicalCodeCaptchaVerifierFilter extends BaseFilter implements Filterable {
  38         /**
  39          * Protected constructor
  40          *
  41          * @return      void
  42          */
  43         private function __construct () {
  44                 // Call parent constructor
  45                 parent::__construct(__CLASS__);
  46         }
  47
  48         /**
  49          * Creates an instance of this filter class
  50          *
  51          * @return      $filterInstance         An instance of this filter class
  52          */
  53         public static final function createGraphicalCodeCaptchaVerifierFilter () {
  54                 // Get a new instance
  55                 $filterInstance = new GraphicalCodeCaptchaVerifierFilter();
  56
  57                 // Return the instance
  58                 return $filterInstance;
  59         }
  60
  61         /**
  62          * Executes the filter with given request and response objects
  63          *
  64          * @param       $requestInstance        An instance of a class with an Requestable interface
  65          * @param       $responseInstance       An instance of a class with an Responseable interface
  66          * @return      void
  67          * @throws      FilterChainException    If this filter fails to operate
  68          */
  69         public function execute (Requestable $requestInstance, Responseable $responseInstance) {
  70                 // Is the form set?
  71                 if (($requestInstance->getRequestElement('command') !== 'do_form') || (!$requestInstance->isRequestElementSet('form'))) {
  72                         // Required field not set
  73                         $requestInstance->setIsRequestValid(FALSE);
  74
  75                         // Add fatal message
  76                         $responseInstance->addFatalMessage('command_form_invalid');
  77
  78                         // Skip further processing
  79                         throw new FilterChainException($this, self::EXCEPTION_FILTER_CHAIN_INTERCEPTED);
  80                 }
  81
  82                 // Create config entry
  83                 $configKey = sprintf('%s_captcha_secured', $requestInstance->getRequestElement('form'));
  84
  85                 // Is the CAPTCHA enabled?
  86                 if (FrameworkBootstrap::getConfigurationInstance()->isEnabled($configKey)) {
  87                         // Not enabled, so don't check
  88                         return;
  89                 }
  90
  91                 // Get the captcha code
  92                 $captchaCode = $requestInstance->getRequestElement('c_code');
  93
  94                 // Is this set?
  95                 if (is_null($captchaCode)) {
  96                         // Not set so request is invalid
  97                         $requestInstance->setIsRequestValid(FALSE);
  98
  99                         // Add fatal message
 100                         $responseInstance->addFatalMessage('captcha_code_unset');
 101
 102                         // Skip further processing
 103                         throw new FilterChainException($this, self::EXCEPTION_FILTER_CHAIN_INTERCEPTED);
 104                 } elseif (empty($captchaCode)) {
 105                         // Empty value so request is invalid
 106                         $requestInstance->setIsRequestValid(FALSE);
 107
 108                         // Add fatal message
 109                         $responseInstance->addFatalMessage('captcha_code_empty');
 110
 111                         // Skip further processing
 112                         throw new FilterChainException($this, self::EXCEPTION_FILTER_CHAIN_INTERCEPTED);
 113                 }
 114
 115                 // Get the hash as well
 116                 $captchaHash = $requestInstance->getRequestElement('hash');
 117
 118                 // Is this set?
 119                 if (is_null($captchaHash)) {
 120                         // Not set so request is invalid
 121                         $requestInstance->setIsRequestValid(FALSE);
 122
 123                         // Add fatal message
 124                         $responseInstance->addFatalMessage('captcha_hash_unset');
 125
 126                         // Skip further processing
 127                         throw new FilterChainException($this, self::EXCEPTION_FILTER_CHAIN_INTERCEPTED);
 128                 } elseif (empty($captchaHash)) {
 129                         // Empty value so request is invalid
 130                         $requestInstance->setIsRequestValid(FALSE);
 131
 132                         // Add fatal message
 133                         $responseInstance->addFatalMessage('captcha_hash_empty');
 134
 135                         // Skip further processing
 136                         throw new FilterChainException($this, self::EXCEPTION_FILTER_CHAIN_INTERCEPTED);
 137                 }
 138
 139                 // Now, both are set hash the given one. First get a crypto instance
 140                 $cryptoInstance = CryptoHelper::getSelfInstance();
 141
 142                 // Then hash the code
 143                 $hashedCode = $cryptoInstance->hashString($captchaCode, $captchaHash);
 144
 145                 // Is this CAPTCHA valid?
 146                 if ($hashedCode != $captchaHash) {
 147                         // Not the same so request is invalid
 148                         $requestInstance->setIsRequestValid(FALSE);
 149
 150                         // Add fatal message
 151                         $responseInstance->addFatalMessage('captcha_hash_mismatch');
 152
 153                         // Skip further processing
 154                         throw new FilterChainException($this, self::EXCEPTION_FILTER_CHAIN_INTERCEPTED);
 155                 }
 156         }
 157
 158 }