diff options
Diffstat (limited to 'mod/captcha/start.php')
-rw-r--r-- | mod/captcha/start.php | 112 |
1 files changed, 112 insertions, 0 deletions
diff --git a/mod/captcha/start.php b/mod/captcha/start.php new file mode 100644 index 000000000..26e8671d2 --- /dev/null +++ b/mod/captcha/start.php @@ -0,0 +1,112 @@ +<?php + /** + * Elgg captcha plugin + * + * @package ElggCaptcha + * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2 + * @author Curverider Ltd + * @copyright Curverider Ltd 2008-2009 + * @link http://elgg.com/ + */ + + function captcha_init() + { + global $CONFIG; + + // Register page handler for captcha functionality + register_page_handler('captcha','captcha_page_handler'); + + // Extend CSS + extend_view('css','captcha/css'); + + // Number of background images + $CONFIG->captcha_num_bg = 5; + + // Default length + $CONFIG->captcha_length = 5; + + // Right, these actions require captcha validation TODO: Put this in config somehow + register_plugin_hook("action", "register", "captcha_verify_action_hook"); + register_plugin_hook("action", "user/requestnewpassword", "captcha_verify_action_hook"); + } + + function captcha_page_handler($page) + { + global $CONFIG; + + if (isset($page[0])) { + set_input('captcha_token',$page[0]); + } + + include($CONFIG->pluginspath . "captcha/captcha.php"); + } + + /** + * Generate a token to act as a seed value for the captcha algorithm. + */ + function captcha_generate_token() + { + return md5(generate_action_token(time()).rand()); // Use action token plus some random for uniqueness + } + + /** + * Generate a captcha based on the given seed value and length. + * + * @param string $seed_token + * @return string + */ + function captcha_generate_captcha($seed_token) + { + global $CONFIG; + + /* + * We generate a token out of the random seed value + some session data, + * this means that solving via pr0n site or indian cube farm becomes + * significantly more tricky (we hope). + * + * We also add the site secret, which is unavailable to the client and so should + * make it very very hard to guess values before hand. + * + */ + + return strtolower(substr(md5(generate_action_token(0) . $seed_token), 0, $CONFIG->captcha_length)); + } + + /** + * Verify a captcha based on the input value entered by the user and the seed token passed. + * + * @param string $input_value + * @param string $seed_token + * @return bool + */ + function captcha_verify_captcha($input_value, $seed_token) + { + if (strcasecmp($input_value, captcha_generate_captcha($seed_token)) == 0) + return true; + + return false; + } + + /** + * Listen to the action plugin hook and check the captcha. + * + * @param unknown_type $hook + * @param unknown_type $entity_type + * @param unknown_type $returnvalue + * @param unknown_type $params + */ + function captcha_verify_action_hook($hook, $entity_type, $returnvalue, $params) + { + $token = get_input('captcha_token'); + $input = get_input('captcha_input'); + + if (($token) && (captcha_verify_captcha($input, $token))) + return true; + + register_error(elgg_echo('captcha:captchafail')); + + return false; + } + + register_elgg_event_handler('init','system','captcha_init'); +?>
\ No newline at end of file |