2016-01-19 15:30:55 +01:00
|
|
|
<?php
|
|
|
|
/**
|
|
|
|
* #PHPHEADER_OECAPTCHA_LICENSE_INFORMATION#
|
|
|
|
*/
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Class handling CAPTCHA image
|
|
|
|
* This class requires utility file utils/verificationimg.php as image generator
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
class oeCaptcha extends oxSuperCfg
|
|
|
|
{
|
|
|
|
/**
|
|
|
|
* CAPTCHA length
|
|
|
|
*
|
|
|
|
* @var int
|
|
|
|
*/
|
|
|
|
protected $macLength = 5;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Captcha text
|
|
|
|
*
|
|
|
|
* @var string
|
|
|
|
*/
|
|
|
|
protected $text = null;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Possible CAPTCHA chars, no ambiguities
|
|
|
|
*
|
|
|
|
* @var string
|
|
|
|
*/
|
|
|
|
protected $macChars = 'abcdefghijkmnpqrstuvwxyz23456789';
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Captcha timeout 60 * 5 = 5 minutes
|
|
|
|
*
|
|
|
|
* @var int
|
|
|
|
*/
|
|
|
|
protected $timeout = 300;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Returns text
|
|
|
|
*
|
|
|
|
* @return string
|
|
|
|
*/
|
|
|
|
public function getText()
|
|
|
|
{
|
|
|
|
if (!$this->text) {
|
|
|
|
$this->text = '';
|
|
|
|
for ($i = 0; $i < $this->macLength; $i++) {
|
|
|
|
$this->text .= strtolower($this->macChars{rand(0, strlen($this->macChars) - 1)});
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return $this->text;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Returns text hash
|
|
|
|
*
|
|
|
|
* @param string $text User supplie text
|
|
|
|
*
|
|
|
|
* @return string
|
|
|
|
*/
|
|
|
|
public function getHash($text = null)
|
|
|
|
{
|
|
|
|
// inserting captcha record
|
|
|
|
$time = time() + $this->timeout;
|
|
|
|
$textHash = $this->getTextHash($text);
|
|
|
|
|
|
|
|
// if session is started - storing captcha info here
|
|
|
|
$session = $this->getSession();
|
|
|
|
if ($session->isSessionStarted()) {
|
|
|
|
$hash = oxUtilsObject::getInstance()->generateUID();
|
|
|
|
$hashArray = $session->getVariable('captchaHashes');
|
|
|
|
$hashArray[$hash] = array($textHash => $time);
|
|
|
|
$session->setVariable('captchaHashes', $hashArray);
|
|
|
|
} else {
|
|
|
|
$database = oxDb::getDb();
|
|
|
|
$query = "insert into oecaptcha (oxhash, oxtime) values (" .
|
|
|
|
$database->quote($textHash) . ", " . $database->quote($time) . ")";
|
|
|
|
$database->execute($query);
|
|
|
|
$hash = $database->getOne('select LAST_INSERT_ID()', false, false);
|
|
|
|
}
|
|
|
|
|
|
|
|
return $hash;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Returns given string captcha hash
|
|
|
|
*
|
|
|
|
* @param string $text string to hash
|
|
|
|
*
|
|
|
|
* @return string
|
|
|
|
*/
|
|
|
|
public function getTextHash($text)
|
|
|
|
{
|
|
|
|
if (!$text) {
|
|
|
|
$text = $this->getText();
|
|
|
|
}
|
|
|
|
$text = strtolower($text);
|
|
|
|
|
|
|
|
return md5('ox' . $text);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Returns url to CAPTCHA image generator.
|
|
|
|
*
|
|
|
|
* @return string
|
|
|
|
*/
|
|
|
|
public function getImageUrl()
|
|
|
|
{
|
2017-11-10 09:26:32 +01:00
|
|
|
$config = \OxidEsales\Eshop\Core\Registry::getConfig();
|
|
|
|
$url = $config->getCurrentShopUrl() . 'modules/oe/captcha/core/utils/verificationimg.php?e_mac=';
|
|
|
|
$key = $config->getConfigParam('oecaptchakey');
|
|
|
|
|
|
|
|
$key = $key ? $key : $config->getConfigParam('sConfigKey');
|
|
|
|
|
|
|
|
$encryptor = new \OxidEsales\Eshop\Core\Encryptor();
|
|
|
|
$url .= $encryptor->encrypt($this->getText(), $key);
|
2016-01-19 15:30:55 +01:00
|
|
|
|
|
|
|
return $url;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Checks if image could be generated
|
|
|
|
*
|
|
|
|
* @return bool
|
|
|
|
*/
|
|
|
|
public function isImageVisible()
|
|
|
|
{
|
|
|
|
return ((function_exists('imagecreatetruecolor') || function_exists('imagecreate')) && $this->getConfig()->getConfigParam('iUseGDVersion') > 1);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Check if captcha is passed.
|
|
|
|
*
|
|
|
|
* @return bool
|
|
|
|
*/
|
|
|
|
public function passCaptcha($displayError = true)
|
|
|
|
{
|
|
|
|
$return = true;
|
|
|
|
|
|
|
|
// spam spider prevention
|
|
|
|
$mac = $this->getConfig()->getRequestParameter('c_mac');
|
|
|
|
$macHash = $this->getConfig()->getRequestParameter('c_mach');
|
|
|
|
|
|
|
|
if (!$this->pass($mac, $macHash)) {
|
|
|
|
$return = false;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!$return && $displayError) {
|
|
|
|
// even if there is no exception, use this as a default display method
|
|
|
|
oxRegistry::get('oxUtilsView')->addErrorToDisplay('MESSAGE_WRONG_VERIFICATION_CODE');
|
|
|
|
}
|
|
|
|
|
|
|
|
return $return;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Verifies captcha input vs supplied hash. Returns true on success.
|
|
|
|
*
|
|
|
|
* @param string $mac User supplied text
|
|
|
|
* @param string $macHash Generated hash
|
|
|
|
*
|
|
|
|
* @return bool
|
|
|
|
*/
|
|
|
|
protected function pass($mac, $macHash)
|
|
|
|
{
|
|
|
|
$time = time();
|
|
|
|
$hash = $this->getTextHash($mac);
|
|
|
|
$pass = $this->passFromSession($macHash, $hash, $time);
|
|
|
|
|
|
|
|
// if captcha info was NOT stored in session
|
|
|
|
if ($pass === null) {
|
|
|
|
$pass = $this->passFromDb((int) $macHash, $hash, $time);
|
|
|
|
}
|
|
|
|
|
|
|
|
return (bool) $pass;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Checks for session captcha hash validity
|
|
|
|
*
|
|
|
|
* @param string $macHash hash key
|
|
|
|
* @param string $hash captcha hash
|
|
|
|
* @param int $time check time
|
|
|
|
*
|
|
|
|
* @return bool
|
|
|
|
*/
|
|
|
|
protected function passFromSession($macHash, $hash, $time)
|
|
|
|
{
|
|
|
|
$pass = null;
|
|
|
|
$session = $this->getSession();
|
|
|
|
|
|
|
|
if (($hashArray = $session->getVariable('captchaHashes'))) {
|
|
|
|
$pass = (isset($hashArray[$macHash][$hash]) && $hashArray[$macHash][$hash] >= $time) ? true : false;
|
|
|
|
unset($hashArray[$macHash]);
|
|
|
|
if (!empty($hashArray)) {
|
|
|
|
$session->setVariable('captchaHashes', $hashArray);
|
|
|
|
} else {
|
|
|
|
$session->deleteVariable('captchaHashes');
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return $pass;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Checks for DB captcha hash validity
|
|
|
|
*
|
|
|
|
* @param int $macHash hash key
|
|
|
|
* @param string $hash captcha hash
|
|
|
|
* @param int $time check time
|
|
|
|
*
|
|
|
|
* @return bool
|
|
|
|
*/
|
|
|
|
protected function passFromDb($macHash, $hash, $time)
|
|
|
|
{
|
|
|
|
$database = oxDb::getDb();
|
|
|
|
$where = "where oxid = " . $database->quote($macHash) . " and oxhash = " . $database->quote($hash);
|
|
|
|
$query = "select 1 from oecaptcha " . $where;
|
|
|
|
$pass = (bool) $database->getOne($query, false, false);
|
|
|
|
|
|
|
|
if ($pass) {
|
|
|
|
// cleanup
|
|
|
|
$query = "delete from oecaptcha " . $where;
|
|
|
|
$database->execute($query);
|
|
|
|
}
|
|
|
|
|
|
|
|
// garbage cleanup
|
|
|
|
$query = "delete from oecaptcha where oxtime < $time";
|
|
|
|
$database->execute($query);
|
|
|
|
|
|
|
|
return $pass;
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|