1 files changed, 112 insertions, 0 deletions

diff --git a/mod/captcha/start.php b/mod/captcha/start.php
new file mode 100644
index 000000000..26e8671d2
--- /dev/null
+++ b/mod/captcha/start.php
@@ -0,0 +1,112 @@
+<?php
+	/**
+	 * Elgg captcha plugin
+	 * 
+	 * @package ElggCaptcha
+	 * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
+	 * @author Curverider Ltd
+	 * @copyright Curverider Ltd 2008-2009
+	 * @link http://elgg.com/
+	 */
+
+	function captcha_init()
+	{
+		global $CONFIG;
+		
+		// Register page handler for captcha functionality
+		register_page_handler('captcha','captcha_page_handler');
+		
+		// Extend CSS
+		extend_view('css','captcha/css');
+		
+		// Number of background images
+		$CONFIG->captcha_num_bg = 5;
+		
+		// Default length
+		$CONFIG->captcha_length = 5;
+		
+		// Right, these actions require captcha validation TODO: Put this in config somehow
+		register_plugin_hook("action", "register", "captcha_verify_action_hook");
+		register_plugin_hook("action", "user/requestnewpassword", "captcha_verify_action_hook");
+	}
+	
+	function captcha_page_handler($page) 
+	{
+		global $CONFIG;
+		
+		if (isset($page[0])) {
+			set_input('captcha_token',$page[0]);
+		}
+
+		include($CONFIG->pluginspath . "captcha/captcha.php");
+	}
+	
+	/**
+	 * Generate a token to act as a seed value for the captcha algorithm.
+	 */
+	function captcha_generate_token()
+	{
+		return md5(generate_action_token(time()).rand()); // Use action token plus some random for uniqueness
+	}
+	
+	/**
+	 * Generate a captcha based on the given seed value and length.
+	 *
+	 * @param string $seed_token
+	 * @return string
+	 */
+	function captcha_generate_captcha($seed_token)
+	{
+		global $CONFIG;
+		
+		/*
+		 * We generate a token out of the random seed value + some session data, 
+		 * this means that solving via pr0n site or indian cube farm becomes
+		 * significantly more tricky (we hope).
+		 * 
+		 * We also add the site secret, which is unavailable to the client and so should
+		 * make it very very hard to guess values before hand.
+		 * 
+		 */
+		
+		return strtolower(substr(md5(generate_action_token(0) . $seed_token), 0, $CONFIG->captcha_length));
+	}
+	
+	/**
+	 * Verify a captcha based on the input value entered by the user and the seed token passed.
+	 *
+	 * @param string $input_value
+	 * @param string $seed_token
+	 * @return bool
+	 */
+	function captcha_verify_captcha($input_value, $seed_token)
+	{
+		if (strcasecmp($input_value, captcha_generate_captcha($seed_token)) == 0)
+			return true;
+			
+		return false;
+	}
+	
+	/**
+	 * Listen to the action plugin hook and check the captcha.
+	 *
+	 * @param unknown_type $hook
+	 * @param unknown_type $entity_type
+	 * @param unknown_type $returnvalue
+	 * @param unknown_type $params
+	 */
+	function captcha_verify_action_hook($hook, $entity_type, $returnvalue, $params)
+	{
+		$token = get_input('captcha_token');
+		$input = get_input('captcha_input');
+		
+		if (($token) && (captcha_verify_captcha($input, $token)))
+			return true;
+		
+		register_error(elgg_echo('captcha:captchafail'));
+			
+		return false;
+	}
+	
+	register_elgg_event_handler('init','system','captcha_init');
+?>
\ No newline at end of file