From 6eb4e9ba3c6db784ec75e319864b81cecf88d252 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Roland=20H=C3=A4der?= <roland@mxchange.org>
Date: Thu, 26 Jun 2008 17:28:56 +0000
Subject: [PATCH] CAPTCHA code now gets validated

---
 ...ass_GraphicalCodeCaptchaVerifierFilter.php | 63 ++++++++++++++++++-
 1 file changed, 62 insertions(+), 1 deletion(-)

diff --git a/inc/classes/main/filter/verifier/class_GraphicalCodeCaptchaVerifierFilter.php b/inc/classes/main/filter/verifier/class_GraphicalCodeCaptchaVerifierFilter.php
index 5a584cb..b0de5d3 100644
--- a/inc/classes/main/filter/verifier/class_GraphicalCodeCaptchaVerifierFilter.php
+++ b/inc/classes/main/filter/verifier/class_GraphicalCodeCaptchaVerifierFilter.php
@@ -59,7 +59,68 @@ class GraphicalCodeCaptchaVerifierFilter extends BaseFilter implements Filterabl
 	 * @return	void
 	 */
 	public function execute (Requestable $requestInstance, Responseable $responseInstance) {
-		$requestInstance->debugInstance();
+		// Get the captcha code
+		$captchaCode = $requestInstance->getRequestElement('c_code');
+
+		// Is this set?
+		if (is_null($captchaCode)) {
+			// Not set so request is invalid
+			$requestInstance->requestIsValid(false);
+
+			// Add fatal message
+			$responseInstance->addFatalMessage('captcha_code_unset');
+
+			// Skip further processing
+			return false;
+		} elseif (empty($captchaCode)) {
+			// Empty value so request is invalid
+			$requestInstance->requestIsValid(false);
+
+			// Add fatal message
+			$responseInstance->addFatalMessage('captcha_code_empty');
+
+			// Skip further processing
+			return false;
+		}
+
+		// Get the hash as well
+		$captchaHash = $requestInstance->getRequestElement('hash');
+
+		// Is this set?
+		if (is_null($captchaHash)) {
+			// Not set so request is invalid
+			$requestInstance->requestIsValid(false);
+
+			// Add fatal message
+			$responseInstance->addFatalMessage('captcha_hash_unset');
+
+			// Skip further processing
+			return false;
+		} elseif (empty($captchaHash)) {
+			// Empty value so request is invalid
+			$requestInstance->requestIsValid(false);
+
+			// Add fatal message
+			$responseInstance->addFatalMessage('captcha_hash_empty');
+
+			// Skip further processing
+			return false;
+		}
+
+		// Now, both are set hash the given one. First get a crypto instance
+		$cryptoInstance = ObjectFactory::createObjectByConfiguredName('crypto_class');
+
+		// Then hash the code
+		$hashedCode = $cryptoInstance->hashString($captchaCode, $captchaHash);
+
+		// Is this CAPTCHA valid?
+		if ($hashedCode != $captchaHash) {
+			// Not the same so request is invalid
+			$requestInstance->requestIsValid(false);
+
+			// Add fatal message
+			$responseInstance->addFatalMessage('captcha_hash_mismatch');
+		} // END - not the same!
 	}
 }
 
-- 
2.30.2