3 namespace CoreFramework\Filter\Verifier\Captcha;
5 // Import framework stuff
6 use CoreFramework\Factory\ObjectFactory;
9 * A concrete filter for validating code graphical CAPTCHAs with hashes
11 * @author Roland Haeder <webmaster@shipsimu.org>
13 * @copyright Copyright (c) 2007, 2008 Roland Haeder, 2009 - 2017 Core Developer Team
14 * @license GNU GPL 3.0 or any newer version
15 * @link http://www.shipsimu.org
17 * This program is free software: you can redistribute it and/or modify
18 * it under the terms of the GNU General Public License as published by
19 * the Free Software Foundation, either version 3 of the License, or
20 * (at your option) any later version.
22 * This program is distributed in the hope that it will be useful,
23 * but WITHOUT ANY WARRANTY; without even the implied warranty of
24 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
25 * GNU General Public License for more details.
27 * You should have received a copy of the GNU General Public License
28 * along with this program. If not, see <http://www.gnu.org/licenses/>.
30 class GraphicalCodeCaptchaVerifierFilter extends BaseFilter implements Filterable {
32 * Protected constructor
36 protected function __construct () {
37 // Call parent constructor
38 parent::__construct(__CLASS__);
42 * Creates an instance of this filter class
44 * @return $filterInstance An instance of this filter class
46 public static final function createGraphicalCodeCaptchaVerifierFilter () {
48 $filterInstance = new GraphicalCodeCaptchaVerifierFilter();
50 // Return the instance
51 return $filterInstance;
55 * Executes the filter with given request and response objects
57 * @param $requestInstance An instance of a class with an Requestable interface
58 * @param $responseInstance An instance of a class with an Responseable interface
60 * @throws FilterChainException If this filter fails to operate
62 public function execute (Requestable $requestInstance, Responseable $responseInstance) {
64 if (($requestInstance->getRequestElement('command') !== 'do_form') || (!$requestInstance->isRequestElementSet('form'))) {
65 // Required field not set
66 $requestInstance->requestIsValid(FALSE);
69 $responseInstance->addFatalMessage('command_form_invalid');
71 // Skip further processing
72 throw new FilterChainException($this, self::EXCEPTION_FILTER_CHAIN_INTERCEPTED);
75 // Create config entry
76 $configKey = sprintf('%s_captcha_secured',
77 $requestInstance->getRequestElement('form')
80 // Is the CAPTCHA enabled?
81 if ($this->getConfigInstance()->getConfigEntry($configKey) != 'Y') {
82 // Not enabled, so don't check
86 // Get the captcha code
87 $captchaCode = $requestInstance->getRequestElement('c_code');
90 if (is_null($captchaCode)) {
91 // Not set so request is invalid
92 $requestInstance->requestIsValid(FALSE);
95 $responseInstance->addFatalMessage('captcha_code_unset');
97 // Skip further processing
98 throw new FilterChainException($this, self::EXCEPTION_FILTER_CHAIN_INTERCEPTED);
99 } elseif (empty($captchaCode)) {
100 // Empty value so request is invalid
101 $requestInstance->requestIsValid(FALSE);
104 $responseInstance->addFatalMessage('captcha_code_empty');
106 // Skip further processing
107 throw new FilterChainException($this, self::EXCEPTION_FILTER_CHAIN_INTERCEPTED);
110 // Get the hash as well
111 $captchaHash = $requestInstance->getRequestElement('hash');
114 if (is_null($captchaHash)) {
115 // Not set so request is invalid
116 $requestInstance->requestIsValid(FALSE);
119 $responseInstance->addFatalMessage('captcha_hash_unset');
121 // Skip further processing
122 throw new FilterChainException($this, self::EXCEPTION_FILTER_CHAIN_INTERCEPTED);
123 } elseif (empty($captchaHash)) {
124 // Empty value so request is invalid
125 $requestInstance->requestIsValid(FALSE);
128 $responseInstance->addFatalMessage('captcha_hash_empty');
130 // Skip further processing
131 throw new FilterChainException($this, self::EXCEPTION_FILTER_CHAIN_INTERCEPTED);
134 // Now, both are set hash the given one. First get a crypto instance
135 $cryptoInstance = ObjectFactory::createObjectByConfiguredName('crypto_class');
137 // Then hash the code
138 $hashedCode = $cryptoInstance->hashString($captchaCode, $captchaHash);
140 // Is this CAPTCHA valid?
141 if ($hashedCode != $captchaHash) {
142 // Not the same so request is invalid
143 $requestInstance->requestIsValid(FALSE);
146 $responseInstance->addFatalMessage('captcha_hash_mismatch');
148 // Skip further processing
149 throw new FilterChainException($this, self::EXCEPTION_FILTER_CHAIN_INTERCEPTED);
150 } // END - not the same!