Closes #1011: Added basic captcha support.

git-svn-id: https://code.elgg.org/elgg/trunk@3270 36083f99-b078-4883-b0ff-0f9b5a30f544

15 files changed, 236 insertions, 2 deletions

diff --git a/actions/systemsettings/install.php b/actions/systemsettings/install.php
index 69d321477..48d672552 100644
--- a/actions/systemsettings/install.php
+++ b/actions/systemsettings/install.php
@@ -105,7 +105,8 @@
 				enable_plugin('logbrowser', $site->getGUID());

 				enable_plugin('diagnostics', $site->getGUID());

 				enable_plugin('uservalidationbyemail', $site->getGUID());
-				enable_plugin('kses', $site->getGUID());

+				enable_plugin('kses', $site->getGUID());
+				enable_plugin('captcha', $site->getGUID());

 			}

 				

 			// Now ping home

diff --git a/engine/lib/upgrades/2009050801.php b/engine/lib/upgrades/2009050801.php
new file mode 100644
index 000000000..17fb9a18c
--- /dev/null
+++ b/engine/lib/upgrades/2009050801.php
@@ -0,0 +1,10 @@
+<?php
+
+	global $CONFIG;
+	
+	/// Activate captcha
+	/**
+	 * Elgg now has a basic captcha service built in, enable it by default
+	 */	
+	enable_plugin('captcha', $CONFIG->site->guid);
+?>
\ No newline at end of file
diff --git a/mod/captcha/backgrounds/bg1.jpg b/mod/captcha/backgrounds/bg1.jpg
new file mode 100644
index 000000000..0e16b2265
--- /dev/null
+++ b/mod/captcha/backgrounds/bg1.jpg
diff --git a/mod/captcha/backgrounds/bg2.jpg b/mod/captcha/backgrounds/bg2.jpg
new file mode 100644
index 000000000..3357164a6
--- /dev/null
+++ b/mod/captcha/backgrounds/bg2.jpg
diff --git a/mod/captcha/backgrounds/bg3.jpg b/mod/captcha/backgrounds/bg3.jpg
new file mode 100644
index 000000000..96610abf4
--- /dev/null
+++ b/mod/captcha/backgrounds/bg3.jpg
diff --git a/mod/captcha/backgrounds/bg4.jpg b/mod/captcha/backgrounds/bg4.jpg
new file mode 100644
index 000000000..5123ed70e
--- /dev/null
+++ b/mod/captcha/backgrounds/bg4.jpg
diff --git a/mod/captcha/backgrounds/bg5.jpg b/mod/captcha/backgrounds/bg5.jpg
new file mode 100644
index 000000000..7ae7e6c22
--- /dev/null
+++ b/mod/captcha/backgrounds/bg5.jpg
diff --git a/mod/captcha/captcha.php b/mod/captcha/captcha.php
new file mode 100644
index 000000000..5693b89ac
--- /dev/null
+++ b/mod/captcha/captcha.php
@@ -0,0 +1,41 @@
+<?php
+	/**
+	 * Elgg captcha plugin graphics file generator
+	 * 
+	 * @package ElggCaptcha
+	 * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
+	 * @author Curverider Ltd
+	 * @copyright Curverider Ltd 2008-2009
+	 * @link http://elgg.com/
+	 */
+
+	global $CONFIG;
+	$token = get_input('captcha_token');
+
+	// 	Output captcha
+	if ($token)
+	{ 
+		// Set correct header
+		header("Content-type: image/jpeg");
+	
+		// Generate captcha
+		$captcha = captcha_generate_captcha($token);
+		
+		// Pick a random background image
+		$n = rand(1, $CONFIG->captcha_num_bg);
+		$image = imagecreatefromjpeg($CONFIG->pluginspath . "captcha/backgrounds/bg$n.jpg");	
+		
+		// Create a colour (black so its not a simple matter of masking out one colour and ocring the rest)
+		$colour = imagecolorallocate($image, 0,0,0);
+		
+		// Write captcha to image
+		//imagestring($image, 5, 30, 4, $captcha, $black);
+		imagettftext($image, 30, 0, 10, 30, $colour, $CONFIG->pluginspath . "captcha/fonts/1.ttf", $captcha);
+		
+		// Output image
+		imagejpeg($image);
+		
+		// Free memory
+		imagedestroy($image);
+	}
+?>
\ No newline at end of file
diff --git a/mod/captcha/fonts/1.ttf b/mod/captcha/fonts/1.ttf
new file mode 100644
index 000000000..f5534f943
--- /dev/null
+++ b/mod/captcha/fonts/1.ttf
diff --git a/mod/captcha/languages/en.php b/mod/captcha/languages/en.php
new file mode 100644
index 000000000..c7b91d1d3
--- /dev/null
+++ b/mod/captcha/languages/en.php
@@ -0,0 +1,20 @@
+<?php
+	/**
+	 * Elgg diagnostics language pack.
+	 * 
+	 * @package ElggDiagnostics
+	 * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
+	 * @author Curverider Ltd
+	 * @copyright Curverider Ltd 2008-2009
+	 * @link http://elgg.com/
+	 */
+
+	$english = array(
+	
+		'captcha:entercaptcha' => 'Enter text from image',
+		'captcha:captchafail' => 'Sorry, the text that you entered didn\'t match the text in the image.',
+	
+	);
+					
+	add_translation("en",$english);
+?>
\ No newline at end of file
diff --git a/mod/captcha/manifest.xml b/mod/captcha/manifest.xml
new file mode 100644
index 000000000..191941c30
--- /dev/null
+++ b/mod/captcha/manifest.xml
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<plugin_manifest>
+	<field key="author" value="Curverider Ltd" />
+	<field key="version" value="1.0" />
+	<field key="description" value="Provides captcha support." />
+	<field key="website" value="http://www.elgg.org/" />
+	<field key="copyright" value="(C) Curverider 2008-2009" />
+	<field key="licence" value="GNU Public License version 2" />
+	<field key="elgg_version" value="2009050801" />
+</plugin_manifest>
\ No newline at end of file
diff --git a/mod/captcha/start.php b/mod/captcha/start.php
new file mode 100644
index 000000000..26e8671d2
--- /dev/null
+++ b/mod/captcha/start.php
@@ -0,0 +1,112 @@
+<?php
+	/**
+	 * Elgg captcha plugin
+	 * 
+	 * @package ElggCaptcha
+	 * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
+	 * @author Curverider Ltd
+	 * @copyright Curverider Ltd 2008-2009
+	 * @link http://elgg.com/
+	 */
+
+	function captcha_init()
+	{
+		global $CONFIG;
+		
+		// Register page handler for captcha functionality
+		register_page_handler('captcha','captcha_page_handler');
+		
+		// Extend CSS
+		extend_view('css','captcha/css');
+		
+		// Number of background images
+		$CONFIG->captcha_num_bg = 5;
+		
+		// Default length
+		$CONFIG->captcha_length = 5;
+		
+		// Right, these actions require captcha validation TODO: Put this in config somehow
+		register_plugin_hook("action", "register", "captcha_verify_action_hook");
+		register_plugin_hook("action", "user/requestnewpassword", "captcha_verify_action_hook");
+	}
+	
+	function captcha_page_handler($page) 
+	{
+		global $CONFIG;
+		
+		if (isset($page[0])) {
+			set_input('captcha_token',$page[0]);
+		}
+
+		include($CONFIG->pluginspath . "captcha/captcha.php");
+	}
+	
+	/**
+	 * Generate a token to act as a seed value for the captcha algorithm.
+	 */
+	function captcha_generate_token()
+	{
+		return md5(generate_action_token(time()).rand()); // Use action token plus some random for uniqueness
+	}
+	
+	/**
+	 * Generate a captcha based on the given seed value and length.
+	 *
+	 * @param string $seed_token
+	 * @return string
+	 */
+	function captcha_generate_captcha($seed_token)
+	{
+		global $CONFIG;
+		
+		/*
+		 * We generate a token out of the random seed value + some session data, 
+		 * this means that solving via pr0n site or indian cube farm becomes
+		 * significantly more tricky (we hope).
+		 * 
+		 * We also add the site secret, which is unavailable to the client and so should
+		 * make it very very hard to guess values before hand.
+		 * 
+		 */
+		
+		return strtolower(substr(md5(generate_action_token(0) . $seed_token), 0, $CONFIG->captcha_length));
+	}
+	
+	/**
+	 * Verify a captcha based on the input value entered by the user and the seed token passed.
+	 *
+	 * @param string $input_value
+	 * @param string $seed_token
+	 * @return bool
+	 */
+	function captcha_verify_captcha($input_value, $seed_token)
+	{
+		if (strcasecmp($input_value, captcha_generate_captcha($seed_token)) == 0)
+			return true;
+			
+		return false;
+	}
+	
+	/**
+	 * Listen to the action plugin hook and check the captcha.
+	 *
+	 * @param unknown_type $hook
+	 * @param unknown_type $entity_type
+	 * @param unknown_type $returnvalue
+	 * @param unknown_type $params
+	 */
+	function captcha_verify_action_hook($hook, $entity_type, $returnvalue, $params)
+	{
+		$token = get_input('captcha_token');
+		$input = get_input('captcha_input');
+		
+		if (($token) && (captcha_verify_captcha($input, $token)))
+			return true;
+		
+		register_error(elgg_echo('captcha:captchafail'));
+			
+		return false;
+	}
+	
+	register_elgg_event_handler('init','system','captcha_init');
+?>
\ No newline at end of file
diff --git a/mod/captcha/views/default/captcha/css.php b/mod/captcha/views/default/captcha/css.php
new file mode 100644
index 000000000..c0e1fab07
--- /dev/null
+++ b/mod/captcha/views/default/captcha/css.php
@@ -0,0 +1,6 @@
+
+.captcha-input-image {
+	align: center;
+	margin: auto;
+}
+
diff --git a/mod/captcha/views/default/input/captcha.php b/mod/captcha/views/default/input/captcha.php
new file mode 100644
index 000000000..982b23181
--- /dev/null
+++ b/mod/captcha/views/default/input/captcha.php
@@ -0,0 +1,34 @@
+<?php
+	/**
+	 * Elgg captcha plugin captcha hook view override.
+	 * 
+	 * @package ElggCaptcha
+	 * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
+	 * @author Curverider Ltd
+	 * @copyright Curverider Ltd 2008-2009
+	 * @link http://elgg.com/
+	 */
+
+	// Generate a token which is then passed into the captcha algorithm for verification
+	$token = captcha_generate_token();
+?>
+<div class="captcha">
+	<input type="hidden" name="captcha_token" value="<?php echo $token; ?>" />
+	<label>
+		<?php echo elgg_echo('captcha:entercaptcha'); ?><br />
+		
+		<table>
+			<tr>	
+				<td>
+					<div class="captcha-left">
+						<?php echo elgg_view('input/text', array('internalname' => 'captcha_input', 'class' => 'captcha-input-text')); ?>
+					</div>
+				</td>
+				<td width="125">
+					<div class="captcha-right">
+						<img class="captcha-input-image" src="<?php echo $vars['url'] . "pg/captcha/$token"; ?>" /><br />
+					</div>
+				</td>
+		</table>
+	</label>
+</div>
\ No newline at end of file
diff --git a/version.php b/version.php
index 2f32f2ee4..105e270bb 100644
--- a/version.php
+++ b/version.php
@@ -13,7 +13,7 @@
 	 * @link http://elgg.org/

 	 */

 
-	   $version = 2009040701;  // YYYYMMDD   = Elgg Date
+	   $version = 2009050801;  // YYYYMMDD   = Elgg Date
 	                           //         XX = Interim incrementer

 	

 	   $release = '1.5';    // Human-friendly version name