--- /dev/null
+<?php
+// Own namespace
+namespace CoreFramework\Filter\Verifier\Captcha;
+
+// Import framework stuff
+use CoreFramework\Factory\ObjectFactory;
+use CoreFramework\Filter\BaseFilter;
+use CoreFramework\Filter\Filterable;
+use CoreFramework\Request\Requestable;
+use CoreFramework\Response\Responseable;
+
+/**
+ * A concrete filter for validating code graphical CAPTCHAs with hashes
+ *
+ * @author Roland Haeder <webmaster@shipsimu.org>
+ * @version 0.0.0
+ * @copyright Copyright (c) 2007, 2008 Roland Haeder, 2009 - 2017 Core Developer Team
+ * @license GNU GPL 3.0 or any newer version
+ * @link http://www.shipsimu.org
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+class GraphicalCodeCaptchaVerifierFilter extends BaseFilter implements Filterable {
+ /**
+ * Protected constructor
+ *
+ * @return void
+ */
+ protected function __construct () {
+ // Call parent constructor
+ parent::__construct(__CLASS__);
+ }
+
+ /**
+ * Creates an instance of this filter class
+ *
+ * @return $filterInstance An instance of this filter class
+ */
+ public static final function createGraphicalCodeCaptchaVerifierFilter () {
+ // Get a new instance
+ $filterInstance = new GraphicalCodeCaptchaVerifierFilter();
+
+ // Return the instance
+ return $filterInstance;
+ }
+
+ /**
+ * Executes the filter with given request and response objects
+ *
+ * @param $requestInstance An instance of a class with an Requestable interface
+ * @param $responseInstance An instance of a class with an Responseable interface
+ * @return void
+ * @throws FilterChainException If this filter fails to operate
+ */
+ public function execute (Requestable $requestInstance, Responseable $responseInstance) {
+ // Is the form set?
+ if (($requestInstance->getRequestElement('command') !== 'do_form') || (!$requestInstance->isRequestElementSet('form'))) {
+ // Required field not set
+ $requestInstance->requestIsValid(FALSE);
+
+ // Add fatal message
+ $responseInstance->addFatalMessage('command_form_invalid');
+
+ // Skip further processing
+ throw new FilterChainException($this, self::EXCEPTION_FILTER_CHAIN_INTERCEPTED);
+ } // END - if
+
+ // Create config entry
+ $configKey = sprintf('%s_captcha_secured',
+ $requestInstance->getRequestElement('form')
+ );
+
+ // Is the CAPTCHA enabled?
+ if ($this->getConfigInstance()->getConfigEntry($configKey) != 'Y') {
+ // Not enabled, so don't check
+ return;
+ } // END - if
+
+ // Get the captcha code
+ $captchaCode = $requestInstance->getRequestElement('c_code');
+
+ // Is this set?
+ if (is_null($captchaCode)) {
+ // Not set so request is invalid
+ $requestInstance->requestIsValid(FALSE);
+
+ // Add fatal message
+ $responseInstance->addFatalMessage('captcha_code_unset');
+
+ // Skip further processing
+ throw new FilterChainException($this, self::EXCEPTION_FILTER_CHAIN_INTERCEPTED);
+ } elseif (empty($captchaCode)) {
+ // Empty value so request is invalid
+ $requestInstance->requestIsValid(FALSE);
+
+ // Add fatal message
+ $responseInstance->addFatalMessage('captcha_code_empty');
+
+ // Skip further processing
+ throw new FilterChainException($this, self::EXCEPTION_FILTER_CHAIN_INTERCEPTED);
+ }
+
+ // Get the hash as well
+ $captchaHash = $requestInstance->getRequestElement('hash');
+
+ // Is this set?
+ if (is_null($captchaHash)) {
+ // Not set so request is invalid
+ $requestInstance->requestIsValid(FALSE);
+
+ // Add fatal message
+ $responseInstance->addFatalMessage('captcha_hash_unset');
+
+ // Skip further processing
+ throw new FilterChainException($this, self::EXCEPTION_FILTER_CHAIN_INTERCEPTED);
+ } elseif (empty($captchaHash)) {
+ // Empty value so request is invalid
+ $requestInstance->requestIsValid(FALSE);
+
+ // Add fatal message
+ $responseInstance->addFatalMessage('captcha_hash_empty');
+
+ // Skip further processing
+ throw new FilterChainException($this, self::EXCEPTION_FILTER_CHAIN_INTERCEPTED);
+ }
+
+ // Now, both are set hash the given one. First get a crypto instance
+ $cryptoInstance = ObjectFactory::createObjectByConfiguredName('crypto_class');
+
+ // Then hash the code
+ $hashedCode = $cryptoInstance->hashString($captchaCode, $captchaHash);
+
+ // Is this CAPTCHA valid?
+ if ($hashedCode != $captchaHash) {
+ // Not the same so request is invalid
+ $requestInstance->requestIsValid(FALSE);
+
+ // Add fatal message
+ $responseInstance->addFatalMessage('captcha_hash_mismatch');
+
+ // Skip further processing
+ throw new FilterChainException($this, self::EXCEPTION_FILTER_CHAIN_INTERCEPTED);
+ } // END - not the same!
+ }
+
+}
projects / core.git / blobdiff