3 namespace CoreFramework\Filter\Verifier\Captcha;
5 // Import framework stuff
6 use CoreFramework\Factory\ObjectFactory;
7 use CoreFramework\Request\Requestable;
10 * A concrete filter for validating code graphical CAPTCHAs with hashes
12 * @author Roland Haeder <webmaster@shipsimu.org>
14 * @copyright Copyright (c) 2007, 2008 Roland Haeder, 2009 - 2017 Core Developer Team
15 * @license GNU GPL 3.0 or any newer version
16 * @link http://www.shipsimu.org
18 * This program is free software: you can redistribute it and/or modify
19 * it under the terms of the GNU General Public License as published by
20 * the Free Software Foundation, either version 3 of the License, or
21 * (at your option) any later version.
23 * This program is distributed in the hope that it will be useful,
24 * but WITHOUT ANY WARRANTY; without even the implied warranty of
25 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
26 * GNU General Public License for more details.
28 * You should have received a copy of the GNU General Public License
29 * along with this program. If not, see <http://www.gnu.org/licenses/>.
31 class GraphicalCodeCaptchaVerifierFilter extends BaseFilter implements Filterable {
33 * Protected constructor
37 protected function __construct () {
38 // Call parent constructor
39 parent::__construct(__CLASS__);
43 * Creates an instance of this filter class
45 * @return $filterInstance An instance of this filter class
47 public static final function createGraphicalCodeCaptchaVerifierFilter () {
49 $filterInstance = new GraphicalCodeCaptchaVerifierFilter();
51 // Return the instance
52 return $filterInstance;
56 * Executes the filter with given request and response objects
58 * @param $requestInstance An instance of a class with an Requestable interface
59 * @param $responseInstance An instance of a class with an Responseable interface
61 * @throws FilterChainException If this filter fails to operate
63 public function execute (Requestable $requestInstance, Responseable $responseInstance) {
65 if (($requestInstance->getRequestElement('command') !== 'do_form') || (!$requestInstance->isRequestElementSet('form'))) {
66 // Required field not set
67 $requestInstance->requestIsValid(FALSE);
70 $responseInstance->addFatalMessage('command_form_invalid');
72 // Skip further processing
73 throw new FilterChainException($this, self::EXCEPTION_FILTER_CHAIN_INTERCEPTED);
76 // Create config entry
77 $configKey = sprintf('%s_captcha_secured',
78 $requestInstance->getRequestElement('form')
81 // Is the CAPTCHA enabled?
82 if ($this->getConfigInstance()->getConfigEntry($configKey) != 'Y') {
83 // Not enabled, so don't check
87 // Get the captcha code
88 $captchaCode = $requestInstance->getRequestElement('c_code');
91 if (is_null($captchaCode)) {
92 // Not set so request is invalid
93 $requestInstance->requestIsValid(FALSE);
96 $responseInstance->addFatalMessage('captcha_code_unset');
98 // Skip further processing
99 throw new FilterChainException($this, self::EXCEPTION_FILTER_CHAIN_INTERCEPTED);
100 } elseif (empty($captchaCode)) {
101 // Empty value so request is invalid
102 $requestInstance->requestIsValid(FALSE);
105 $responseInstance->addFatalMessage('captcha_code_empty');
107 // Skip further processing
108 throw new FilterChainException($this, self::EXCEPTION_FILTER_CHAIN_INTERCEPTED);
111 // Get the hash as well
112 $captchaHash = $requestInstance->getRequestElement('hash');
115 if (is_null($captchaHash)) {
116 // Not set so request is invalid
117 $requestInstance->requestIsValid(FALSE);
120 $responseInstance->addFatalMessage('captcha_hash_unset');
122 // Skip further processing
123 throw new FilterChainException($this, self::EXCEPTION_FILTER_CHAIN_INTERCEPTED);
124 } elseif (empty($captchaHash)) {
125 // Empty value so request is invalid
126 $requestInstance->requestIsValid(FALSE);
129 $responseInstance->addFatalMessage('captcha_hash_empty');
131 // Skip further processing
132 throw new FilterChainException($this, self::EXCEPTION_FILTER_CHAIN_INTERCEPTED);
135 // Now, both are set hash the given one. First get a crypto instance
136 $cryptoInstance = ObjectFactory::createObjectByConfiguredName('crypto_class');
138 // Then hash the code
139 $hashedCode = $cryptoInstance->hashString($captchaCode, $captchaHash);
141 // Is this CAPTCHA valid?
142 if ($hashedCode != $captchaHash) {
143 // Not the same so request is invalid
144 $requestInstance->requestIsValid(FALSE);
147 $responseInstance->addFatalMessage('captcha_hash_mismatch');
149 // Skip further processing
150 throw new FilterChainException($this, self::EXCEPTION_FILTER_CHAIN_INTERCEPTED);
151 } // END - not the same!