1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
|
<?php
/**
* Elgg captcha plugin
*
* @package ElggCaptcha
* @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
* @author Curverider Ltd
* @copyright Curverider Ltd 2008-2009
* @link http://elgg.com/
*/
function captcha_init()
{
global $CONFIG;
// Register page handler for captcha functionality
register_page_handler('captcha','captcha_page_handler');
// Extend CSS
extend_view('css','captcha/css');
// Number of background images
$CONFIG->captcha_num_bg = 5;
// Default length
$CONFIG->captcha_length = 5;
// Right, these actions require captcha validation TODO: Put this in config somehow
register_plugin_hook("action", "register", "captcha_verify_action_hook");
register_plugin_hook("action", "user/requestnewpassword", "captcha_verify_action_hook");
}
function captcha_page_handler($page)
{
global $CONFIG;
if (isset($page[0])) {
set_input('captcha_token',$page[0]);
}
include($CONFIG->pluginspath . "captcha/captcha.php");
}
/**
* Generate a token to act as a seed value for the captcha algorithm.
*/
function captcha_generate_token()
{
return md5(generate_action_token(time()).rand()); // Use action token plus some random for uniqueness
}
/**
* Generate a captcha based on the given seed value and length.
*
* @param string $seed_token
* @return string
*/
function captcha_generate_captcha($seed_token)
{
global $CONFIG;
/*
* We generate a token out of the random seed value + some session data,
* this means that solving via pr0n site or indian cube farm becomes
* significantly more tricky (we hope).
*
* We also add the site secret, which is unavailable to the client and so should
* make it very very hard to guess values before hand.
*
*/
return strtolower(substr(md5(generate_action_token(0) . $seed_token), 0, $CONFIG->captcha_length));
}
/**
* Verify a captcha based on the input value entered by the user and the seed token passed.
*
* @param string $input_value
* @param string $seed_token
* @return bool
*/
function captcha_verify_captcha($input_value, $seed_token)
{
if (strcasecmp($input_value, captcha_generate_captcha($seed_token)) == 0)
return true;
return false;
}
/**
* Listen to the action plugin hook and check the captcha.
*
* @param unknown_type $hook
* @param unknown_type $entity_type
* @param unknown_type $returnvalue
* @param unknown_type $params
*/
function captcha_verify_action_hook($hook, $entity_type, $returnvalue, $params)
{
$token = get_input('captcha_token');
$input = get_input('captcha_input');
if (($token) && (captcha_verify_captcha($input, $token)))
return true;
register_error(elgg_echo('captcha:captchafail'));
return false;
}
register_elgg_event_handler('init','system','captcha_init');
?>
|
