Code Coverage for /data/phpBB/phpbb/captcha/plugins/captcha

	Code Coverage
	Lines			Functions and Methods				Classes and Traits
Total	10.60% covered (danger)	10.60%	16 / 151	5.00% covered (danger)	5.00%	1 / 20	CRAP	0.00% covered (danger)	0.00%	0 / 1
captcha_abstract	10.60% covered (danger)	10.60%	16 / 151	5.00% covered (danger)	5.00%	1 / 20	1427.49	0.00% covered (danger)	0.00%	0 / 1
init	0.00% covered (danger)	0.00%	0 / 9	0.00% covered (danger)	0.00%	0 / 1	30
execute_demo	0.00% covered (danger)	0.00%	0 / 7	0.00% covered (danger)	0.00%	0 / 1	2
execute	0.00% covered (danger)	0.00%	0 / 7	0.00% covered (danger)	0.00%	0 / 1	12
get_template	0.00% covered (danger)	0.00%	0 / 17	0.00% covered (danger)	0.00%	0 / 1	42
get_demo_template	0.00% covered (danger)	0.00%	0 / 10	0.00% covered (danger)	0.00%	0 / 1	12
get_hidden_fields	0.00% covered (danger)	0.00%	0 / 5	0.00% covered (danger)	0.00%	0 / 1	6
garbage_collect	100.00% covered (success)	100.00%	16 / 16	100.00% covered (success)	100.00%	1 / 1	4
validate	0.00% covered (danger)	0.00%	0 / 13	0.00% covered (danger)	0.00%	0 / 1	30
generate_code	0.00% covered (danger)	0.00%	0 / 14	0.00% covered (danger)	0.00%	0 / 1	2
regenerate_code	0.00% covered (danger)	0.00%	0 / 11	0.00% covered (danger)	0.00%	0 / 1	2
new_attempt	0.00% covered (danger)	0.00%	0 / 11	0.00% covered (danger)	0.00%	0 / 1	2
load_code	0.00% covered (danger)	0.00%	0 / 15	0.00% covered (danger)	0.00%	0 / 1	6
check_code	0.00% covered (danger)	0.00%	0 / 1	0.00% covered (danger)	0.00%	0 / 1	2
get_attempt_count	0.00% covered (danger)	0.00%	0 / 1	0.00% covered (danger)	0.00%	0 / 1	2
reset	0.00% covered (danger)	0.00%	0 / 6	0.00% covered (danger)	0.00%	0 / 1	2
is_solved	0.00% covered (danger)	0.00%	0 / 4	0.00% covered (danger)	0.00%	0 / 1	12
has_config	0.00% covered (danger)	0.00%	0 / 1	0.00% covered (danger)	0.00%	0 / 1	2
get_service_name	0.00% covered (danger)	0.00%	0 / 1	0.00% covered (danger)	0.00%	0 / 1	2
set_name	0.00% covered (danger)	0.00%	0 / 1	0.00% covered (danger)	0.00%	0 / 1	2
get_generator_class		n/a	0 / 0		n/a	0 / 0	0
get_login_error_attempts	0.00% covered (danger)	0.00%	0 / 1	0.00% covered (danger)	0.00%	0 / 1	2

1	<?php
2	/**
3	*
4	* This file is part of the phpBB Forum Software package.
5	*
6	* @copyright (c) phpBB Limited <https://www.phpbb.com>
7	* @license GNU General Public License, version 2 (GPL-2.0)
8	*
9	* For full copyright and license information, please see
10	* the docs/CREDITS.txt file.
11	*
12	*/
13
14	namespace phpbb\captcha\plugins;
15
16	/**
17	* This class holds the code shared by the two default 3.0.x CAPTCHAs.
18	*/
19	abstract class captcha_abstract
20	{
21	var $confirm_id;
22	var $confirm_code;
23	var $code;
24	var $seed;
25	var $attempts = 0;
26	var $type;
27	var $solved = 0;
28	var $captcha_vars = false;
29
30	/**
31	* @var string name of the service.
32	*/
33	protected $service_name;
34
35	function init($type)
36	{
37	global $config, $request;
38
39	// read input
40	$this->confirm_id = $request->variable('confirm_id', '');
41	$this->confirm_code = $request->variable('confirm_code', '');
42	$refresh = $request->variable('refresh_vc', false) && $config['confirm_refresh'];
43
44	$this->type = (int) $type;
45
46	if (!strlen($this->confirm_id) \|\| !$this->load_code())
47	{
48	// we have no confirm ID, better get ready to display something
49	$this->generate_code();
50	}
51	else if ($refresh)
52	{
53	$this->regenerate_code();
54	}
55	}
56
57	function execute_demo()
58	{
59	$this->code = gen_rand_string_friendly(mt_rand(CAPTCHA_MIN_CHARS, CAPTCHA_MAX_CHARS));
60	$this->seed = hexdec(substr(unique_id(), 4, 10));
61
62	// compute $seed % 0x7fffffff
63	$this->seed -= 0x7fffffff * floor($this->seed / 0x7fffffff);
64
65	$generator = $this->get_generator_class();
66	$captcha = new $generator();
67	define('IMAGE_OUTPUT', 1);
68	$captcha->execute($this->code, $this->seed);
69	}
70
71	function execute()
72	{
73	if (empty($this->code))
74	{
75	if (!$this->load_code())
76	{
77	// invalid request, bail out
78	return;
79	}
80	}
81	$generator = $this->get_generator_class();
82	$captcha = new $generator();
83	define('IMAGE_OUTPUT', 1);
84	$captcha->execute($this->code, $this->seed);
85	}
86
87	function get_template()
88	{
89	global $config, $user, $template, $phpEx, $phpbb_root_path;
90
91	if ($this->is_solved())
92	{
93	return false;
94	}
95	else
96	{
97	$link = append_sid($phpbb_root_path . 'ucp.' . $phpEx, 'mode=confirm&confirm_id=' . $this->confirm_id . '&type=' . $this->type);
98	$contact_link = phpbb_get_board_contact_link($config, $phpbb_root_path, $phpEx);
99	$explain = $user->lang(($this->type != CONFIRM_POST) ? 'CONFIRM_EXPLAIN' : 'POST_CONFIRM_EXPLAIN', '<a href="' . $contact_link . '">', '</a>');
100
101	$template->assign_vars(array(
102	'CONFIRM_IMAGE_LINK' => $link,
103	'CONFIRM_IMAGE' => '<img src="' . $link . '" />',
104	'CONFIRM_IMG' => '<img src="' . $link . '" />',
105	'CONFIRM_ID' => $this->confirm_id,
106	'S_CONFIRM_CODE' => true,
107	'S_TYPE' => $this->type,
108	'S_CONFIRM_REFRESH' => ($config['enable_confirm'] && $config['confirm_refresh'] && $this->type == CONFIRM_REG) ? true : false,
109	'L_CONFIRM_EXPLAIN' => $explain,
110	));
111
112	return 'captcha_default.html';
113	}
114	}
115
116	function get_demo_template($id)
117	{
118	global $config, $template, $request, $phpbb_admin_path, $phpEx;
119
120	$variables = '';
121
122	if (is_array($this->captcha_vars))
123	{
124	foreach ($this->captcha_vars as $captcha_var => $template_var)
125	{
126	$variables .= '&' . rawurlencode($captcha_var) . '=' . $request->variable($captcha_var, (int) $config[$captcha_var]);
127	}
128	}
129
130	// acp_captcha has a delivery function; let's use it
131	$template->assign_vars(array(
132	'CONFIRM_IMAGE' => append_sid($phpbb_admin_path . 'index.' . $phpEx, 'captcha_demo=1&mode=visual&i=' . $id . '&select_captcha=' . $this->get_service_name()) . $variables,
133	'CONFIRM_ID' => $this->confirm_id,
134	));
135
136	return 'captcha_default_acp_demo.html';
137	}
138
139	function get_hidden_fields()
140	{
141	$hidden_fields = array();
142
143	// this is required for posting.php - otherwise we would forget about the captcha being already solved
144	if ($this->solved)
145	{
146	$hidden_fields['confirm_code'] = $this->confirm_code;
147	}
148	$hidden_fields['confirm_id'] = $this->confirm_id;
149	return $hidden_fields;
150	}
151
152	function garbage_collect($type)
153	{
154	global $db;
155
156	$sql = 'SELECT DISTINCT c.session_id
157	FROM ' . CONFIRM_TABLE . ' c
158	LEFT JOIN ' . SESSIONS_TABLE . ' s ON (c.session_id = s.session_id)
159	WHERE s.session_id IS NULL' .
160	((empty($type)) ? '' : ' AND c.confirm_type = ' . (int) $type);
161	$result = $db->sql_query_limit($sql, 100000); // Prevent possible timeouts
162
163	if ($row = $db->sql_fetchrow($result))
164	{
165	$sql_in = array();
166	do
167	{
168	$sql_in[] = (string) $row['session_id'];
169	}
170	while ($row = $db->sql_fetchrow($result));
171
172	if (count($sql_in))
173	{
174	$sql = 'DELETE FROM ' . CONFIRM_TABLE . '
175	WHERE ' . $db->sql_in_set('session_id', $sql_in);
176	$db->sql_query($sql);
177	}
178	}
179	$db->sql_freeresult($result);
180	}
181
182	function validate()
183	{
184	global $user;
185
186	if (!$user->is_setup())
187	{
188	$user->setup();
189	}
190
191	$error = '';
192	if (!$this->confirm_id)
193	{
194	$error = $user->lang['CONFIRM_CODE_WRONG'];
195	}
196	else
197	{
198	if ($this->check_code())
199	{
200	$this->solved = true;
201	}
202	else
203	{
204	$error = $user->lang['CONFIRM_CODE_WRONG'];
205	}
206	}
207
208	if (strlen($error))
209	{
210	// okay, incorrect answer. Let's ask a new question.
211	$this->new_attempt();
212	return $error;
213	}
214	else
215	{
216	return false;
217	}
218	}
219
220	/**
221	* The old way to generate code, suitable for GD and non-GD. Resets the internal state.
222	*/
223	function generate_code()
224	{
225	global $db, $user;
226
227	$this->code = gen_rand_string_friendly(mt_rand(CAPTCHA_MIN_CHARS, CAPTCHA_MAX_CHARS));
228	$this->confirm_id = md5(unique_id());
229	$this->seed = hexdec(substr(unique_id(), 4, 10));
230	$this->solved = 0;
231	// compute $seed % 0x7fffffff
232	$this->seed -= 0x7fffffff * floor($this->seed / 0x7fffffff);
233
234	$sql = 'INSERT INTO ' . CONFIRM_TABLE . ' ' . $db->sql_build_array('INSERT', array(
235	'confirm_id' => (string) $this->confirm_id,
236	'session_id' => (string) $user->session_id,
237	'confirm_type' => (int) $this->type,
238	'code' => (string) $this->code,
239	'seed' => (int) $this->seed)
240	);
241	$db->sql_query($sql);
242	}
243
244	/**
245	* New Question, if desired.
246	*/
247	function regenerate_code()
248	{
249	global $db, $user;
250
251	$this->code = gen_rand_string_friendly(mt_rand(CAPTCHA_MIN_CHARS, CAPTCHA_MAX_CHARS));
252	$this->seed = hexdec(substr(unique_id(), 4, 10));
253	$this->solved = 0;
254	// compute $seed % 0x7fffffff
255	$this->seed -= 0x7fffffff * floor($this->seed / 0x7fffffff);
256
257	$sql = 'UPDATE ' . CONFIRM_TABLE . ' SET ' . $db->sql_build_array('UPDATE', array(
258	'code' => (string) $this->code,
259	'seed' => (int) $this->seed)) . '
260	WHERE
261	confirm_id = \'' . $db->sql_escape($this->confirm_id) . '\'
262	AND session_id = \'' . $db->sql_escape($user->session_id) . '\'';
263	$db->sql_query($sql);
264	}
265
266	/**
267	* New Question, if desired.
268	*/
269	function new_attempt()
270	{
271	global $db, $user;
272
273	$this->code = gen_rand_string_friendly(mt_rand(CAPTCHA_MIN_CHARS, CAPTCHA_MAX_CHARS));
274	$this->seed = hexdec(substr(unique_id(), 4, 10));
275	$this->solved = 0;
276	// compute $seed % 0x7fffffff
277	$this->seed -= 0x7fffffff * floor($this->seed / 0x7fffffff);
278
279	$sql = 'UPDATE ' . CONFIRM_TABLE . ' SET ' . $db->sql_build_array('UPDATE', array(
280	'code' => (string) $this->code,
281	'seed' => (int) $this->seed)) . '
282	, attempts = attempts + 1
283	WHERE
284	confirm_id = \'' . $db->sql_escape($this->confirm_id) . '\'
285	AND session_id = \'' . $db->sql_escape($user->session_id) . '\'';
286	$db->sql_query($sql);
287	}
288
289	/**
290	* Look up everything we need for painting&checking.
291	*/
292	function load_code()
293	{
294	global $db, $user;
295
296	$sql = 'SELECT code, seed, attempts
297	FROM ' . CONFIRM_TABLE . "
298	WHERE confirm_id = '" . $db->sql_escape($this->confirm_id) . "'
299	AND session_id = '" . $db->sql_escape($user->session_id) . "'
300	AND confirm_type = " . $this->type;
301	$result = $db->sql_query($sql);
302	$row = $db->sql_fetchrow($result);
303	$db->sql_freeresult($result);
304
305	if ($row)
306	{
307	$this->code = $row['code'];
308	$this->seed = $row['seed'];
309	$this->attempts = $row['attempts'];
310	return true;
311	}
312
313	return false;
314	}
315
316	function check_code()
317	{
318	return (strcasecmp($this->code, $this->confirm_code) === 0);
319	}
320
321	function get_attempt_count()
322	{
323	return $this->attempts;
324	}
325
326	function reset()
327	{
328	global $db, $user;
329
330	$sql = 'DELETE FROM ' . CONFIRM_TABLE . "
331	WHERE session_id = '" . $db->sql_escape($user->session_id) . "'
332	AND confirm_type = " . (int) $this->type;
333	$db->sql_query($sql);
334
335	// we leave the class usable by generating a new question
336	$this->generate_code();
337	}
338
339	function is_solved()
340	{
341	global $request;
342
343	if ($request->variable('confirm_code', false) && $this->solved === 0)
344	{
345	$this->validate();
346	}
347	return (bool) $this->solved;
348	}
349
350	/**
351	* API function
352	*/
353	function has_config()
354	{
355	return false;
356	}
357
358	/**
359	* @return string the name of the service corresponding to the plugin
360	*/
361	function get_service_name()
362	{
363	return $this->service_name;
364	}
365
366	/**
367	* Set the name of the plugin
368	*
369	* @param string $name
370	*/
371	public function set_name($name)
372	{
373	$this->service_name = $name;
374	}
375
376	/**
377	* @return string the name of the class used to generate the captcha
378	*/
379	abstract function get_generator_class();
380
381	/**
382	* Get language variable for error message when CAPTCHA is being shown due
383	* to exceeding the maximum number of login attempts
384	*
385	* @return string
386	*/
387	public function get_login_error_attempts(): string
388	{
389	return 'LOGIN_ERROR_ATTEMPTS';
390	}
391	}