aboutsummaryrefslogtreecommitdiff
path: root/mod/captcha
diff options
context:
space:
mode:
authorSilvio Rhatto <rhatto@riseup.net>2014-03-15 14:53:35 -0300
committerSilvio Rhatto <rhatto@riseup.net>2014-03-15 14:53:35 -0300
commite10b0bd1f9403d38568173d76a93f93a484d9646 (patch)
tree9f0e5fb09d4a6281810a1d54928f6308bdce0672 /mod/captcha
parent75d2225cd98feafd5e5e75df5505914295f569ff (diff)
parentcb346ff43a63f93ff5275502638c51a4653fac7d (diff)
downloadelgg-e10b0bd1f9403d38568173d76a93f93a484d9646.tar.gz
elgg-e10b0bd1f9403d38568173d76a93f93a484d9646.tar.bz2
Merge commit 'cb346ff43a63f93ff5275502638c51a4653fac7d' as 'mod/captcha'
Diffstat (limited to 'mod/captcha')
-rw-r--r--mod/captcha/backgrounds/bg1.jpgbin0 -> 2542 bytes
-rw-r--r--mod/captcha/backgrounds/bg2.jpgbin0 -> 2561 bytes
-rw-r--r--mod/captcha/backgrounds/bg3.jpgbin0 -> 2494 bytes
-rw-r--r--mod/captcha/backgrounds/bg4.jpgbin0 -> 2277 bytes
-rw-r--r--mod/captcha/backgrounds/bg5.jpgbin0 -> 2338 bytes
-rw-r--r--mod/captcha/captcha.php34
-rw-r--r--mod/captcha/fonts/1.ttfbin0 -> 100392 bytes
-rw-r--r--mod/captcha/fonts/Liberation_serif_License.txt77
-rw-r--r--mod/captcha/languages/ca.php13
-rw-r--r--mod/captcha/languages/en.php13
-rw-r--r--mod/captcha/languages/es.php13
-rw-r--r--mod/captcha/manifest.xml19
-rw-r--r--mod/captcha/start.php101
-rw-r--r--mod/captcha/views/default/captcha/css.php4
-rw-r--r--mod/captcha/views/default/input/captcha.php19
15 files changed, 293 insertions, 0 deletions
diff --git a/mod/captcha/backgrounds/bg1.jpg b/mod/captcha/backgrounds/bg1.jpg
new file mode 100644
index 000000000..0e16b2265
--- /dev/null
+++ b/mod/captcha/backgrounds/bg1.jpg
Binary files differ
diff --git a/mod/captcha/backgrounds/bg2.jpg b/mod/captcha/backgrounds/bg2.jpg
new file mode 100644
index 000000000..3357164a6
--- /dev/null
+++ b/mod/captcha/backgrounds/bg2.jpg
Binary files differ
diff --git a/mod/captcha/backgrounds/bg3.jpg b/mod/captcha/backgrounds/bg3.jpg
new file mode 100644
index 000000000..96610abf4
--- /dev/null
+++ b/mod/captcha/backgrounds/bg3.jpg
Binary files differ
diff --git a/mod/captcha/backgrounds/bg4.jpg b/mod/captcha/backgrounds/bg4.jpg
new file mode 100644
index 000000000..5123ed70e
--- /dev/null
+++ b/mod/captcha/backgrounds/bg4.jpg
Binary files differ
diff --git a/mod/captcha/backgrounds/bg5.jpg b/mod/captcha/backgrounds/bg5.jpg
new file mode 100644
index 000000000..7ae7e6c22
--- /dev/null
+++ b/mod/captcha/backgrounds/bg5.jpg
Binary files differ
diff --git a/mod/captcha/captcha.php b/mod/captcha/captcha.php
new file mode 100644
index 000000000..085641c79
--- /dev/null
+++ b/mod/captcha/captcha.php
@@ -0,0 +1,34 @@
+<?php
+/**
+ * Elgg captcha plugin graphics file generator
+ *
+ * @package ElggCaptcha
+ */
+
+$token = get_input('captcha_token');
+
+// Output captcha
+if ($token) {
+ // Set correct header
+ header("Content-type: image/jpeg");
+
+ // Generate captcha
+ $captcha = captcha_generate_captcha($token);
+
+ // Pick a random background image
+ $n = rand(1, elgg_get_config('captcha_num_bg'));
+ $image = imagecreatefromjpeg(elgg_get_plugins_path() . "captcha/backgrounds/bg$n.jpg");
+
+ // Create a colour (black so its not a simple matter of masking out one colour and ocring the rest)
+ $colour = imagecolorallocate($image, 0,0,0);
+
+ // Write captcha to image
+ //imagestring($image, 5, 30, 4, $captcha, $black);
+ imagettftext($image, 30, 0, 10, 30, $colour, elgg_get_plugins_path() . "captcha/fonts/1.ttf", $captcha);
+
+ // Output image
+ imagejpeg($image);
+
+ // Free memory
+ imagedestroy($image);
+}
diff --git a/mod/captcha/fonts/1.ttf b/mod/captcha/fonts/1.ttf
new file mode 100644
index 000000000..f5534f943
--- /dev/null
+++ b/mod/captcha/fonts/1.ttf
Binary files differ
diff --git a/mod/captcha/fonts/Liberation_serif_License.txt b/mod/captcha/fonts/Liberation_serif_License.txt
new file mode 100644
index 000000000..41751f278
--- /dev/null
+++ b/mod/captcha/fonts/Liberation_serif_License.txt
@@ -0,0 +1,77 @@
+LICENSE AGREEMENT AND LIMITED PRODUCT WARRANTY LIBERATION FONT SOFTWARE
+This agreement governs the use of the Software and any updates to the
+Software, regardless of the delivery mechanism. Subject to the following
+terms, Red Hat, Inc. ("Red Hat") grants to the user ("Client") a license to
+this collective work pursuant to the GNU General Public License v.2 with the
+exceptions set forth below and such other terms as our set forth in this End
+User License Agreement.
+1. The Software and License Exception. LIBERATION font software (the
+"Software") consists of TrueType-OpenType formatted font software for
+rendering LIBERATION typefaces in sans serif, serif, and monospaced character
+styles. You are licensed to use, modify, copy, and distribute the Software
+pursuant to the GNU General Public License v.2 with the following exceptions:
+1) As a special exception, if you create a document which uses this font, and
+embed this font or unaltered portions of this font into the document, this
+font does not by itself cause the resulting document to be covered by the GNU
+General Public License.  This exception does not however invalidate any other
+reasons why the document might be covered by the GNU General Public License. 
+If you modify this font, you may extend this exception to your version of the
+font, but you are not obligated to do so. If you do not wish to do so, delete
+this exception statement from your version.
+
+2) As a further exception, any distribution of the object code of the Software
+in a physical product must provide you the right to access and modify the
+source code for the Software and to reinstall that modified version of the
+Software in object code form on the same physical product on which you
+received it.
+2. Intellectual Property Rights. The Software and each of its components,
+including the source code, documentation, appearance, structure and
+organization are owned by Red Hat and others and are protected under copyright
+and other laws. Title to the Software and any component, or to any copy,
+modification, or merged portion shall remain with the aforementioned, subject
+to the applicable license. The "LIBERATION" trademark is a trademark of Red
+Hat, Inc. in the U.S. and other countries. This agreement does not permit
+Client to distribute modified versions of the Software using Red Hat's
+trademarks. If Client makes a redistribution of a modified version of the
+Software, then Client must modify the files names to remove any reference to
+the Red Hat trademarks and must not use the Red Hat trademarks in any way to
+reference or promote the modified Software.
+3. Limited Warranty. To the maximum extent permitted under applicable law, the
+Software is provided and licensed "as is" without warranty of any kind,
+expressed or implied, including the implied warranties of merchantability,
+non-infringement or fitness for a particular purpose. Red Hat does not warrant
+that the functions contained in the Software will meet Client's requirements
+or that the operation of the Software will be entirely error free or appear
+precisely as described in the accompanying documentation.
+4. Limitation of Remedies and Liability. To the maximum extent permitted by
+applicable law, Red Hat or any Red Hat authorized dealer will not be liable to
+Client for any incidental or consequential damages, including lost profits or
+lost savings arising out of the use or inability to use the Software, even if
+Red Hat or such dealer has been advised of the possibility of such damages.
+5. Export Control. As required by U.S. law, Client represents and warrants
+that it: (a) understands that the Software is subject to export controls under
+the U.S. Commerce Department's Export Administration Regulations ("EAR"); (b)
+is not located in a prohibited destination country under the EAR or U.S.
+sanctions regulations (currently Cuba, Iran, Iraq, Libya, North Korea, Sudan
+and Syria); (c) will not export, re-export, or transfer the Software to any
+prohibited destination, entity, or individual without the necessary export
+license(s) or authorizations(s) from the U.S. Government; (d) will not use or
+transfer the Software for use in any sensitive nuclear, chemical or biological
+weapons, or missile technology end-uses unless authorized by the U.S.
+Government by regulation or specific license; (e) understands and agrees that
+if it is in the United States and exports or transfers the Software to
+eligible end users, it will, as required by EAR Section 740.17(e), submit
+semi-annual reports to the Commerce Department's Bureau of Industry & Security
+(BIS), which include the name and address (including country) of each
+transferee; and (f) understands that countries other than the United States
+may restrict the import, use, or export of encryption products and that it
+shall be solely responsible for compliance with any such import, use, or
+export restrictions.
+6. General. If any provision of this agreement is held to be unenforceable,
+that shall not affect the enforceability of the remaining provisions. This
+agreement shall be governed by the laws of the State of North Carolina and of
+the United States, without regard to any conflict of laws provisions, except
+that the United Nations Convention on the International Sale of Goods shall
+not apply.
+Copyright © 2007 Red Hat, Inc. All rights reserved. LIBERATION is a trademark
+of Red Hat, Inc.
diff --git a/mod/captcha/languages/ca.php b/mod/captcha/languages/ca.php
new file mode 100644
index 000000000..75b5fea5e
--- /dev/null
+++ b/mod/captcha/languages/ca.php
@@ -0,0 +1,13 @@
+<?php
+/**
+ * Elgg captcha language pack.
+ *
+ * @package ElggCaptcha
+ */
+
+$catalan = array(
+ 'captcha:entercaptcha' => 'Introdueix el text de la imatge',
+ 'captcha:captchafail' => 'Perdona, el text que has introduĂ¯t no correspon al text de la imatge.',
+);
+
+add_translation("ca", $catalan);
diff --git a/mod/captcha/languages/en.php b/mod/captcha/languages/en.php
new file mode 100644
index 000000000..2fdb564a3
--- /dev/null
+++ b/mod/captcha/languages/en.php
@@ -0,0 +1,13 @@
+<?php
+/**
+ * Elgg captcha language pack.
+ *
+ * @package ElggCaptcha
+ */
+
+$english = array(
+ 'captcha:entercaptcha' => 'Enter text from image',
+ 'captcha:captchafail' => 'Sorry, the text that you entered didn\'t match the text in the image.',
+);
+
+add_translation("en", $english);
diff --git a/mod/captcha/languages/es.php b/mod/captcha/languages/es.php
new file mode 100644
index 000000000..34257e908
--- /dev/null
+++ b/mod/captcha/languages/es.php
@@ -0,0 +1,13 @@
+<?php
+/**
+ * Elgg captcha language pack.
+ *
+ * @package ElggCaptcha
+ */
+
+$spanish = array(
+ 'captcha:entercaptcha' => 'Introduce el texto de la imagen',
+ 'captcha:captchafail' => 'Perdona, el texto que has introducido no corresponde con el texto de la imagen.',
+);
+
+add_translation("es", $spanish);
diff --git a/mod/captcha/manifest.xml b/mod/captcha/manifest.xml
new file mode 100644
index 000000000..079d877db
--- /dev/null
+++ b/mod/captcha/manifest.xml
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<plugin_manifest xmlns="http://www.elgg.org/plugin_manifest/1.8">
+ <name>Captcha</name>
+ <author>Core developers, Lorea developers</author>
+ <version>1.8</version>
+ <blurb>Add site-wide categories</blurb>
+ <description>Provides captcha support.</description>
+ <website>https://lorea.org/</website>
+ <copyright>(C) Curverider 2008-2010, Lorea 2012</copyright>
+ <license>GNU General Public License version 2 or higher</license>
+ <requires>
+ <type>elgg_release</type>
+ <version>1.8</version>
+ </requires>
+ <requires>
+ <type>php_extension</type>
+ <name>gd</name>
+ </requires>
+</plugin_manifest>
diff --git a/mod/captcha/start.php b/mod/captcha/start.php
new file mode 100644
index 000000000..f451ffcc6
--- /dev/null
+++ b/mod/captcha/start.php
@@ -0,0 +1,101 @@
+<?php
+/**
+ * Elgg captcha plugin
+ *
+ * @package ElggCaptcha
+ */
+
+
+register_elgg_event_handler('init','system','captcha_init');
+
+function captcha_init() {
+
+ // Register page handler for captcha functionality
+ elgg_register_page_handler('captcha', 'captcha_page_handler');
+
+ // Extend CSS
+ elgg_extend_view('css', 'captcha/css');
+
+ // Number of background images
+ elgg_set_config('captcha_num_bg', 5);
+
+ // Default length
+ elgg_set_config('captcha_length', 5);
+
+ elgg_register_plugin_hook_handler('register', 'user', 'captcha_verify_action_hook');
+ elgg_register_plugin_hook_handler('action', 'user/requestnewpassword', 'captcha_verify_action_hook');
+}
+
+function captcha_page_handler($page) {
+
+ if (isset($page[0])) {
+ set_input('captcha_token', $page[0]);
+ }
+
+ include(elgg_get_plugins_path() . "captcha/captcha.php");
+}
+
+/**
+ * Generate a token to act as a seed value for the captcha algorithm.
+ */
+function captcha_generate_token() {
+ return md5(generate_action_token(time()).rand()); // Use action token plus some random for uniqueness
+}
+
+/**
+ * Generate a captcha based on the given seed value and length.
+ *
+ * @param string $seed_token
+ * @return string
+ */
+function captcha_generate_captcha($seed_token) {
+ /*
+ * We generate a token out of the random seed value + some session data,
+ * this means that solving via pr0n site or indian cube farm becomes
+ * significantly more tricky (we hope).
+ *
+ * We also add the site secret, which is unavailable to the client and so should
+ * make it very very hard to guess values before hand.
+ *
+ */
+
+ return strtolower(substr(md5(generate_action_token(0) . $seed_token), 0, elgg_get_config('captcha_length')));
+}
+
+/**
+ * Verify a captcha based on the input value entered by the user and the seed token passed.
+ *
+ * @param string $input_value
+ * @param string $seed_token
+ * @return bool
+ */
+function captcha_verify_captcha($input_value, $seed_token) {
+ if (strcasecmp($input_value, captcha_generate_captcha($seed_token)) == 0) {
+ return true;
+ }
+ return false;
+}
+
+/**
+ * Listen to the action plugin hook and check the captcha.
+ *
+ * @param unknown_type $hook
+ * @param unknown_type $entity_type
+ * @param unknown_type $returnvalue
+ * @param unknown_type $params
+ */
+function captcha_verify_action_hook($hook, $entity_type, $returnvalue, $params) {
+ $token = get_input('captcha_token');
+ $input = get_input('captcha_input');
+
+ if (($token) && (captcha_verify_captcha($input, $token))) {
+ return true;
+ }
+
+ register_error(elgg_echo('captcha:captchafail'));
+
+ // forward to referrer or else action code sends to front page
+ forward(REFERER);
+
+ return false;
+}
diff --git a/mod/captcha/views/default/captcha/css.php b/mod/captcha/views/default/captcha/css.php
new file mode 100644
index 000000000..d06a26d7d
--- /dev/null
+++ b/mod/captcha/views/default/captcha/css.php
@@ -0,0 +1,4 @@
+.captcha-input-image {
+ text-align: center;
+ margin: auto;
+}
diff --git a/mod/captcha/views/default/input/captcha.php b/mod/captcha/views/default/input/captcha.php
new file mode 100644
index 000000000..cc78ffb08
--- /dev/null
+++ b/mod/captcha/views/default/input/captcha.php
@@ -0,0 +1,19 @@
+<?php
+/**
+ * Elgg captcha plugin captcha hook view override.
+ *
+ * @package ElggCaptcha
+ */
+
+// Generate a token which is then passed into the captcha algorithm for verification
+$token = captcha_generate_token();
+?>
+<div>
+ <label><?php echo elgg_echo('captcha:entercaptcha'); ?></label>
+ <br />
+ <?php
+ echo elgg_view('input/hidden', array('name' => "captcha_token", 'value' => $token));
+ echo elgg_view('output/img', array('src'=> elgg_get_site_url() . "captcha/$token", 'class' => 'captcha-input-image'));
+ echo elgg_view('input/text', array('name' => 'captcha_input', 'class' => 'captcha-input-text'));
+ ?>
+</div>