+++ /dev/null
-<?php
-/**
- * A concrete filter for validating code graphical CAPTCHAs with hashes
- *
- * @author Roland Haeder <webmaster@shipsimu.org>
- * @version 0.0.0
- * @copyright Copyright (c) 2007, 2008 Roland Haeder, 2009 - 2015 Core Developer Team
- * @license GNU GPL 3.0 or any newer version
- * @link http://www.shipsimu.org
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- */
-class GraphicalCodeCaptchaVerifierFilter extends BaseFilter implements Filterable {
- /**
- * Protected constructor
- *
- * @return void
- */
- protected function __construct () {
- // Call parent constructor
- parent::__construct(__CLASS__);
- }
-
- /**
- * Creates an instance of this filter class
- *
- * @return $filterInstance An instance of this filter class
- */
- public static final function createGraphicalCodeCaptchaVerifierFilter () {
- // Get a new instance
- $filterInstance = new GraphicalCodeCaptchaVerifierFilter();
-
- // Return the instance
- return $filterInstance;
- }
-
- /**
- * Executes the filter with given request and response objects
- *
- * @param $requestInstance An instance of a class with an Requestable interface
- * @param $responseInstance An instance of a class with an Responseable interface
- * @return void
- * @throws FilterChainException If this filter fails to operate
- */
- public function execute (Requestable $requestInstance, Responseable $responseInstance) {
- // Is the form set?
- if (($requestInstance->getRequestElement('command') !== 'do_form') || (!$requestInstance->isRequestElementSet('form'))) {
- // Required field not set
- $requestInstance->requestIsValid(FALSE);
-
- // Add fatal message
- $responseInstance->addFatalMessage('command_form_invalid');
-
- // Skip further processing
- throw new FilterChainException($this, self::EXCEPTION_FILTER_CHAIN_INTERCEPTED);
- } // END - if
-
- // Create config entry
- $configKey = sprintf('%s_captcha_secured',
- $requestInstance->getRequestElement('form')
- );
-
- // Is the CAPTCHA enabled?
- if ($this->getConfigInstance()->getConfigEntry($configKey) != 'Y') {
- // Not enabled, so don't check
- return;
- } // END - if
-
- // Get the captcha code
- $captchaCode = $requestInstance->getRequestElement('c_code');
-
- // Is this set?
- if (is_null($captchaCode)) {
- // Not set so request is invalid
- $requestInstance->requestIsValid(FALSE);
-
- // Add fatal message
- $responseInstance->addFatalMessage('captcha_code_unset');
-
- // Skip further processing
- throw new FilterChainException($this, self::EXCEPTION_FILTER_CHAIN_INTERCEPTED);
- } elseif (empty($captchaCode)) {
- // Empty value so request is invalid
- $requestInstance->requestIsValid(FALSE);
-
- // Add fatal message
- $responseInstance->addFatalMessage('captcha_code_empty');
-
- // Skip further processing
- throw new FilterChainException($this, self::EXCEPTION_FILTER_CHAIN_INTERCEPTED);
- }
-
- // Get the hash as well
- $captchaHash = $requestInstance->getRequestElement('hash');
-
- // Is this set?
- if (is_null($captchaHash)) {
- // Not set so request is invalid
- $requestInstance->requestIsValid(FALSE);
-
- // Add fatal message
- $responseInstance->addFatalMessage('captcha_hash_unset');
-
- // Skip further processing
- throw new FilterChainException($this, self::EXCEPTION_FILTER_CHAIN_INTERCEPTED);
- } elseif (empty($captchaHash)) {
- // Empty value so request is invalid
- $requestInstance->requestIsValid(FALSE);
-
- // Add fatal message
- $responseInstance->addFatalMessage('captcha_hash_empty');
-
- // Skip further processing
- throw new FilterChainException($this, self::EXCEPTION_FILTER_CHAIN_INTERCEPTED);
- }
-
- // Now, both are set hash the given one. First get a crypto instance
- $cryptoInstance = ObjectFactory::createObjectByConfiguredName('crypto_class');
-
- // Then hash the code
- $hashedCode = $cryptoInstance->hashString($captchaCode, $captchaHash);
-
- // Is this CAPTCHA valid?
- if ($hashedCode != $captchaHash) {
- // Not the same so request is invalid
- $requestInstance->requestIsValid(FALSE);
-
- // Add fatal message
- $responseInstance->addFatalMessage('captcha_hash_mismatch');
-
- // Skip further processing
- throw new FilterChainException($this, self::EXCEPTION_FILTER_CHAIN_INTERCEPTED);
- } // END - not the same!
- }
-}
-
-// [EOF]
-?>