3
* $RCSfile: CaptchaValidationPlugin.inc,v $
5
* Gallery - a web based photo album viewer and editor
6
* Copyright (C) 2000-2006 Bharat Mediratta
8
* This program is free software; you can redistribute it and/or modify
9
* it under the terms of the GNU General Public License as published by
10
* the Free Software Foundation; either version 2 of the License, or (at
11
* your option) any later version.
13
* This program is distributed in the hope that it will be useful, but
14
* WITHOUT ANY WARRANTY; without even the implied warranty of
15
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16
* General Public License for more details.
18
* You should have received a copy of the GNU General Public License
19
* along with this program; if not, write to the Free Software
20
* Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
24
* @version $Revision: 1.3 $ $Date: 2006/01/30 22:52:14 $
26
* @author Stefan Ioachim <stefanioachim@gmail.com>
27
* @author Bharat Mediratta <bharat@menalto.com>
28
* @author Alan Harder <alan.harder@sun.com>
31
GalleryCoreApi::requireOnce('modules/core/classes/GalleryValidationPlugin.class');
34
* Implement ValidationPlugin to present the HTML for the captcha image
35
* and an input box for the user to type in the correct value.
40
class CaptchaValidationPlugin extends GalleryValidationPlugin {
43
* @see GalleryValidationPlugin::performValidation
45
function performValidation(&$form, $options=array()) {
47
$session =& $gallery->getSession();
49
list ($ret, $useCaptcha, $failedAttempts) = $this->_shouldValidate($options);
51
return array($ret->wrap(__FILE__, __LINE__), null, null);
57
$code = $session->get('captcha.key');
59
if (empty($form['CaptchaValidationPlugin']['word'])) {
60
$error[] = 'form[error][CaptchaValidationPlugin][missing]';
62
} else if ($form['CaptchaValidationPlugin']['word'] != $code) {
63
$error[] = 'form[error][CaptchaValidationPlugin][invalid]';
68
if (isset($options['pass']) && !$options['pass']) {
69
/* Increment failure count either in db or session */
70
if (!empty($options['key'])) {
71
$ret = GalleryCoreApi::setPluginParameter(
72
'module', 'captcha', 'failCount-' . $options['key'], $failedAttempts + 1);
74
return array($ret->wrap(__FILE__, __LINE__), null, null);
77
$session->put('captcha.failedAttempts', $failedAttempts + 1);
79
} else if (isset($options['pass']) && $options['pass']
80
&& $success && $failedAttempts > 0 && !empty($options['key'])) {
81
$ret = GalleryCoreApi::removePluginParameter(
82
'module', 'captcha', 'failCount-' . $options['key']);
84
return array($ret->wrap(__FILE__, __LINE__), null, null);
88
return array(null, $error, $success);
92
* @see GalleryValidationPlugin::loadTemplate
94
function loadTemplate(&$form, $options=array()) {
95
list ($ret, $useCaptcha) = $this->_shouldValidate($options);
97
return array($ret->wrap(__FILE__, __LINE__), null, null);
101
/* Generate a new code */
103
list ($usec, $sec) = explode(' ', microtime());
104
srand((float)$sec + ((float)$usec * 100000));
105
$random_num = rand();
106
$datekey = date('H i s');
107
$rcode = hexdec(md5(GalleryUtilities::getServerVar('HTTP_USER_AGENT')
108
. $random_num . $datekey));
109
$code = substr($rcode, 2, 6);
110
$session =& $gallery->getSession();
111
$session->put('captcha.key', $code);
114
'modules/captcha/templates/CaptchaValidationPlugin.tpl',
118
return array(null, null, null);
122
* Determine if captcha validation should be enforced
124
* @param array options
125
* @return array object GalleryStatus a status code
126
* boolean true to validate
127
* int current failure count, if applicable
130
function _shouldValidate($options) {
133
$securityLevel = empty($options['level']) ? 'HIGH' : $options['level'];
135
switch ($securityLevel) {
137
/* Always require captcha to be enabled */
144
* Use the captcha when the number of failed attempts exceeds the module's
145
* failedAttemptThreshold parameter. Track failed attempts in db via a given
146
* unique key (MEDIUM level) or in the session (LOW level).
148
list ($ret, $failedAttemptThreshold) = GalleryCoreApi::getPluginParameter(
149
'module', 'captcha', 'failedAttemptThreshold');
151
return array($ret->wrap(__FILE__, __LINE__), null, null);
154
if ($securityLevel == 'LOW') {
156
$session =& $gallery->getSession();
157
$failedAttempts = $session->get('captcha.failedAttempts');
158
} else if (!empty($options['key'])) {
159
list ($ret, $failedAttempts) = GalleryCoreApi::getPluginParameter(
160
'module', 'captcha', 'failCount-' . $options['key']);
162
return array($ret->wrap(__FILE__, __LINE__), null, null);
166
if ($failedAttempts > $failedAttemptThreshold) {
173
return array(GalleryCoreApi::error(ERROR_BAD_PARAMETER, __FILE__, __LINE__),
177
return array(null, $useCaptcha, (int)$failedAttempts);