inc/main/classes/filter/verifier/class_GraphicalCodeCaptchaVerifierFilter.php

   1 <?php
   2 /**
   3  * A concrete filter for validating code graphical CAPTCHAs with hashes
   4  *
   5  * @author              Roland Haeder <webmaster@shipsimu.org>
   6  * @version             0.0.0
   7  * @copyright   Copyright (c) 2007, 2008 Roland Haeder, 2009 - 2017 Core Developer Team
   8  * @license             GNU GPL 3.0 or any newer version
   9  * @link                http://www.shipsimu.org
  10  *
  11  * This program is free software: you can redistribute it and/or modify
  12  * it under the terms of the GNU General Public License as published by
  13  * the Free Software Foundation, either version 3 of the License, or
  14  * (at your option) any later version.
  15  *
  16  * This program is distributed in the hope that it will be useful,
  17  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  18  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  19  * GNU General Public License for more details.
  20  *
  21  * You should have received a copy of the GNU General Public License
  22  * along with this program. If not, see <http://www.gnu.org/licenses/>.
  23  */
  24 class GraphicalCodeCaptchaVerifierFilter extends BaseFilter implements Filterable {
  25         /**
  26          * Protected constructor
  27          *
  28          * @return      void
  29          */
  30         protected function __construct () {
  31                 // Call parent constructor
  32                 parent::__construct(__CLASS__);
  33         }
  34
  35         /**
  36          * Creates an instance of this filter class
  37          *
  38          * @return      $filterInstance         An instance of this filter class
  39          */
  40         public static final function createGraphicalCodeCaptchaVerifierFilter () {
  41                 // Get a new instance
  42                 $filterInstance = new GraphicalCodeCaptchaVerifierFilter();
  43
  44                 // Return the instance
  45                 return $filterInstance;
  46         }
  47
  48         /**
  49          * Executes the filter with given request and response objects
  50          *
  51          * @param       $requestInstance        An instance of a class with an Requestable interface
  52          * @param       $responseInstance       An instance of a class with an Responseable interface
  53          * @return      void
  54          * @throws      FilterChainException    If this filter fails to operate
  55          */
  56         public function execute (Requestable $requestInstance, Responseable $responseInstance) {
  57                 // Is the form set?
  58                 if (($requestInstance->getRequestElement('command') !== 'do_form') ||  (!$requestInstance->isRequestElementSet('form'))) {
  59                         // Required field not set
  60                         $requestInstance->requestIsValid(FALSE);
  61
  62                         // Add fatal message
  63                         $responseInstance->addFatalMessage('command_form_invalid');
  64
  65                         // Skip further processing
  66                         throw new FilterChainException($this, self::EXCEPTION_FILTER_CHAIN_INTERCEPTED);
  67                 } // END - if
  68
  69                 // Create config entry
  70                 $configKey = sprintf('%s_captcha_secured',
  71                         $requestInstance->getRequestElement('form')
  72                 );
  73
  74                 // Is the CAPTCHA enabled?
  75                 if ($this->getConfigInstance()->getConfigEntry($configKey) != 'Y') {
  76                         // Not enabled, so don't check
  77                         return;
  78                 } // END - if
  79
  80                 // Get the captcha code
  81                 $captchaCode = $requestInstance->getRequestElement('c_code');
  82
  83                 // Is this set?
  84                 if (is_null($captchaCode)) {
  85                         // Not set so request is invalid
  86                         $requestInstance->requestIsValid(FALSE);
  87
  88                         // Add fatal message
  89                         $responseInstance->addFatalMessage('captcha_code_unset');
  90
  91                         // Skip further processing
  92                         throw new FilterChainException($this, self::EXCEPTION_FILTER_CHAIN_INTERCEPTED);
  93                 } elseif (empty($captchaCode)) {
  94                         // Empty value so request is invalid
  95                         $requestInstance->requestIsValid(FALSE);
  96
  97                         // Add fatal message
  98                         $responseInstance->addFatalMessage('captcha_code_empty');
  99
 100                         // Skip further processing
 101                         throw new FilterChainException($this, self::EXCEPTION_FILTER_CHAIN_INTERCEPTED);
 102                 }
 103
 104                 // Get the hash as well
 105                 $captchaHash = $requestInstance->getRequestElement('hash');
 106
 107                 // Is this set?
 108                 if (is_null($captchaHash)) {
 109                         // Not set so request is invalid
 110                         $requestInstance->requestIsValid(FALSE);
 111
 112                         // Add fatal message
 113                         $responseInstance->addFatalMessage('captcha_hash_unset');
 114
 115                         // Skip further processing
 116                         throw new FilterChainException($this, self::EXCEPTION_FILTER_CHAIN_INTERCEPTED);
 117                 } elseif (empty($captchaHash)) {
 118                         // Empty value so request is invalid
 119                         $requestInstance->requestIsValid(FALSE);
 120
 121                         // Add fatal message
 122                         $responseInstance->addFatalMessage('captcha_hash_empty');
 123
 124                         // Skip further processing
 125                         throw new FilterChainException($this, self::EXCEPTION_FILTER_CHAIN_INTERCEPTED);
 126                 }
 127
 128                 // Now, both are set hash the given one. First get a crypto instance
 129                 $cryptoInstance = ObjectFactory::createObjectByConfiguredName('crypto_class');
 130
 131                 // Then hash the code
 132                 $hashedCode = $cryptoInstance->hashString($captchaCode, $captchaHash);
 133
 134                 // Is this CAPTCHA valid?
 135                 if ($hashedCode != $captchaHash) {
 136                         // Not the same so request is invalid
 137                         $requestInstance->requestIsValid(FALSE);
 138
 139                         // Add fatal message
 140                         $responseInstance->addFatalMessage('captcha_hash_mismatch');
 141
 142                         // Skip further processing
 143                         throw new FilterChainException($this, self::EXCEPTION_FILTER_CHAIN_INTERCEPTED);
 144                 } // END - not the same!
 145         }
 146 }
 147
 148 // [EOF]
 149 ?>