View source
<?php
define('CAPTCHA_UNSOLVED_CHALLENGES_MAX', 20);
define('CAPTCHA_PERSISTENCE_SHOW_ALWAYS', 1);
define('CAPTCHA_PERSISTENCE_SKIP_ONCE_SUCCESSFUL_PER_FORM', 2);
define('CAPTCHA_PERSISTENCE_SKIP_ONCE_SUCCESSFUL', 3);
function captcha_help($path, $arg) {
switch ($path) {
case 'admin/help#captcha':
$output = '<p>' . t('"CAPTCHA" is an acronym for "Completely Automated Public Turing test to tell Computers and Humans Apart". It is typically a challenge-response test to determine whether the user is human. The CAPTCHA module is a tool to fight automated submission by malicious users (spamming) of for example comments forms, user registration forms, guestbook forms, etc. You can extend the desired forms with an additional challenge, which should be easy for a human to solve correctly, but hard enough to keep automated scripts and spam bots out.') . '</p>';
$output .= '<p>' . t('Note that the CAPTCHA module interacts with page caching (see <a href="!performancesettings">performance settings</a>). Because the challenge should be unique for each generated form, the caching of the page it appears on is prevented. Make sure that these forms do not appear on too many pages or you will lose much caching efficiency. For example, if you put a CAPTCHA on the user login block, which typically appears on each page for anonymous visitors, caching will practically be disabled. The comment submission forms are another example. In this case you should set the "%commentlocation" to "%separatepage" in the comment settings of the relevant <a href="!contenttypes">content types</a> for better caching efficiency.', array(
'!performancesettings' => url('admin/settings/performance'),
'%commentlocation' => t('Location of comment submission form'),
'%separatepage' => t('Display on separate page'),
'!contenttypes' => url('admin/content/types'),
)) . '</p>';
$output .= '<p>' . t('CAPTCHA is a trademark of Carnegie Mellon University.') . '</p>';
return $output;
case 'admin/user/captcha':
case 'admin/user/captcha/captcha':
case 'admin/user/captcha/captcha/settings':
$output = '<p>' . t('A CAPTCHA can be added to virtually each Drupal form. Some default forms are already provided in the form list, but arbitrary forms can be easily added and managed when the option "%adminlinks" is enabled.', array(
'%adminlinks' => t('Add CAPTCHA administration links to forms'),
)) . '</p>';
$output .= '<p>' . t('Users with the "%skipcaptcha" <a href="@perm">permission</a> won\'t be offered a challenge. Be sure to grant this permission to the trusted users (e.g. site administrators). If you want to test a protected form, be sure to do it as a user without the "%skipcaptcha" permission (e.g. as anonymous user).', array(
'%skipcaptcha' => t('skip CAPTCHA'),
'@perm' => url('admin/user/permissions'),
)) . '</p>';
return $output;
}
}
function captcha_menu() {
$items = array();
$items['admin/user/captcha'] = array(
'title' => 'CAPTCHA',
'description' => 'Administer how and where CAPTCHAs are used.',
'file' => 'captcha.admin.inc',
'page callback' => 'drupal_get_form',
'page arguments' => array(
'captcha_admin_settings',
),
'access arguments' => array(
'administer CAPTCHA settings',
),
'type' => MENU_NORMAL_ITEM,
);
$items['admin/user/captcha/captcha'] = array(
'title' => 'CAPTCHA',
'access arguments' => array(
'administer CAPTCHA settings',
),
'type' => MENU_DEFAULT_LOCAL_TASK,
'weight' => -20,
);
$items['admin/user/captcha/captcha/settings'] = array(
'title' => 'General settings',
'access arguments' => array(
'administer CAPTCHA settings',
),
'type' => MENU_DEFAULT_LOCAL_TASK,
'weight' => 0,
);
$items['admin/user/captcha/captcha/examples'] = array(
'title' => 'Examples',
'description' => 'An overview of the available challenge types with examples.',
'file' => 'captcha.admin.inc',
'page callback' => 'drupal_get_form',
'page arguments' => array(
'captcha_examples',
5,
6,
),
'access arguments' => array(
'administer CAPTCHA settings',
),
'type' => MENU_LOCAL_TASK,
'weight' => 5,
);
$items['admin/user/captcha/captcha/captcha_point'] = array(
'title' => 'CAPTCHA point administration',
'file' => 'captcha.admin.inc',
'page callback' => 'captcha_point_admin',
'page arguments' => array(
5,
6,
),
'access arguments' => array(
'administer CAPTCHA settings',
),
'type' => MENU_CALLBACK,
);
return $items;
}
function captcha_perm() {
return array(
'administer CAPTCHA settings',
'skip CAPTCHA',
);
}
function captcha_requirements($phase) {
$requirements = array();
$t = get_t();
if ($phase == 'runtime') {
$requirements['captcha_wrong_response_counter'] = array(
'title' => $t('CAPTCHA'),
'value' => $t('Already @counter blocked form submissions', array(
'@counter' => variable_get('captcha_wrong_response_counter', 0),
)),
'severity' => REQUIREMENT_INFO,
);
if (!db_result(db_query('SELECT COUNT(*) FROM {users} WHERE uid=%d', 0))) {
$requirements['captcha_no_sessions_for_anonymous'] = array(
'title' => $t('CAPTCHA'),
'value' => $t('No sessions for anonymous users.'),
'description' => $t('There is no entry for uid 0 in the %users table of the database. This disables persistent session data for anonymous users. Because the CAPTCHA module depends on this session data, CAPTCHAs will not work for anonymous users. Add a row for uid 0 to the %users table to resolve this.', array(
'%users' => 'users',
)),
'severity' => REQUIREMENT_ERROR,
);
}
}
return $requirements;
}
function captcha_theme() {
return array(
'captcha_admin_settings_captcha_points' => array(
'arguments' => array(
'form' => NULL,
),
),
);
}
function _captcha_get_description($lang_code = NULL) {
$default = t('This question is for testing whether you are a human visitor and to prevent automated spam submissions.');
if (module_exists('locale')) {
if ($lang_code == NULL) {
global $language;
$lang_code = $language->language;
}
$description = variable_get("captcha_description_{$lang_code}", $default);
}
else {
$description = variable_get('captcha_description', $default);
}
return $description;
}
function _captcha_persistence_skip($form_id) {
switch (variable_get('captcha_persistence', CAPTCHA_PERSISTENCE_SHOW_ALWAYS)) {
case CAPTCHA_PERSISTENCE_SKIP_ONCE_SUCCESSFUL:
return isset($_SESSION['captcha']['success']) && $_SESSION['captcha']['success'] === TRUE;
case CAPTCHA_PERSISTENCE_SKIP_ONCE_SUCCESSFUL_PER_FORM:
return isset($_SESSION['captcha'][$form_id]['success']) && $_SESSION['captcha'][$form_id]['success'] === TRUE;
default:
return FALSE;
}
}
function captcha_form_alter(&$form, $form_state, $form_id) {
if (!user_access('skip CAPTCHA')) {
$result = db_query("SELECT module, type FROM {captcha_points} WHERE form_id = '%s'", $form_id);
if (!$result) {
return;
}
$captcha_point = db_fetch_object($result);
if (!$captcha_point || !$captcha_point->type) {
return;
}
global $conf;
$conf['cache'] = FALSE;
if (_captcha_persistence_skip($form_id)) {
return;
}
$captcha = module_invoke($captcha_point->module, 'captcha', 'generate', $captcha_point->type);
if (!$captcha) {
watchdog('CAPTCHA', 'CAPTCHA problem: hook_captcha() of module %module returned nothing when trying to retrieve challenge type %type for form %form_id.', array(
'%type' => $captcha_point->type,
'%module' => $captcha_point->module,
'%form_id' => $form_id,
), WATCHDOG_ERROR);
return;
}
$captcha_description = _captcha_get_description();
if ($captcha_description) {
$form['captcha'] = array(
'#type' => 'fieldset',
'#title' => t('CAPTCHA'),
'#description' => $captcha_description,
'#attributes' => array(
'class' => 'captcha',
),
);
}
else {
$form['captcha'] = array(
'#type' => 'markup',
'#prefix' => '<div class="captcha">',
'#suffix' => '</div>',
);
}
$form['captcha'] = array_merge($form['captcha'], $captcha['form']);
$form['captcha']['captcha_solution'] = array(
'#type' => 'value',
'#value' => $captcha['solution'],
);
$form['captcha']['captcha_token'] = array(
'#type' => 'hidden',
'#value' => md5(mt_rand()),
);
$form['captcha']['captcha_info'] = array(
'#type' => 'value',
'#value' => array(
'form_id' => $form_id,
'preprocess' => isset($captcha['preprocess']) ? $captcha['preprocess'] : FALSE,
'module' => $captcha_point->module,
'type' => $captcha_point->type,
),
);
$form['#pre_render'][] = 'captcha_pre_render';
$form['#pre_render'][] = 'captcha_pre_render_place_captcha';
$form['captcha']['#element_validate'] = array(
'captcha_validate',
);
}
elseif (user_access('administer CAPTCHA settings') && variable_get('captcha_administration_mode', FALSE) && arg(0) != 'admin') {
$result = db_query("SELECT module, type FROM {captcha_points} WHERE form_id = '%s'", $form_id);
if (!$result) {
return;
}
$captcha_point = db_fetch_object($result);
$form['captcha'] = array(
'#type' => 'fieldset',
'#title' => t('CAPTCHA'),
'#collapsible' => TRUE,
'#collapsed' => TRUE,
);
if ($captcha_point && $captcha_point->type) {
$form['captcha']['#description'] = t('Untrusted users will see a CAPTCHA here (!settings).', array(
'!settings' => l(t('general CAPTCHA settings'), 'admin/user/captcha'),
));
$form['captcha']['challenge'] = array(
'#type' => 'item',
'#title' => t('Enabled challenge'),
'#value' => t('"@type" by module "@module" (!change, !disable)', array(
'@type' => $captcha_point->type,
'@module' => $captcha_point->module,
'!change' => l(t('change'), "admin/user/captcha/captcha/captcha_point/{$form_id}", array(
'query' => drupal_get_destination(),
)),
'!disable' => l(t('disable'), "admin/user/captcha/captcha/captcha_point/{$form_id}/disable", array(
'query' => drupal_get_destination(),
)),
)),
);
}
else {
$form['captcha']['add_captcha'] = array(
'#value' => l(t('Place a CAPTCHA here for untrusted users.'), "admin/user/captcha/captcha/captcha_point/{$form_id}", array(
'query' => drupal_get_destination(),
)),
);
}
$form['#pre_render'][] = 'captcha_pre_render_place_captcha';
}
}
function captcha_validate($form, &$form_state) {
if (!isset($_SESSION['captcha'])) {
form_set_error('captcha_response', t('Cookies should be enabled in your browser for CAPTCHA validation.'));
return;
}
$captcha_response = $form_state['values']['captcha_response'];
$captcha_info = $form_state['values']['captcha_info'];
if ($captcha_info['preprocess']) {
$captcha_response = module_invoke($captcha_info['module'], 'captcha', 'preprocess', $captcha_info['type'], $captcha_response);
}
$form_id = $captcha_info['form_id'];
$captcha_token = $form_state['clicked_button']['#post']['captcha_token'];
if (!isset($_SESSION['captcha'][$form_id][$captcha_token])) {
form_set_error('captcha_token', t('Invalid CAPTCHA token.'));
}
elseif ($captcha_response === $_SESSION['captcha'][$form_id][$captcha_token]) {
$_SESSION['captcha'][$form_id]['success'] = TRUE;
$_SESSION['captcha']['success'] = TRUE;
}
else {
form_set_error('captcha_response', t('The answer you entered for the CAPTCHA was not correct.'));
variable_set('captcha_wrong_response_counter', variable_get('captcha_wrong_response_counter', 0) + 1);
if (variable_get('captcha_log_wrong_responses', FALSE)) {
watchdog('CAPTCHA', '%form_id post blocked by CAPTCHA module: challenge "%challenge" (by module "%module"), user answered "%response", but the solution was "%solution".', array(
'%form_id' => $form_id,
'%response' => $captcha_response,
'%solution' => $_SESSION['captcha'][$form_id][$captcha_token],
'%challenge' => $captcha_info['type'],
'%module' => $captcha_info['module'],
), WATCHDOG_NOTICE);
}
if ($form_id == 'user_login' || $form_id == 'user_login_block') {
drupal_goto($_GET['q']);
}
}
unset($_SESSION['captcha'][$form_id][$captcha_token]);
}
function captcha_pre_render($form) {
$form_id = $form['captcha']['captcha_info']['#value']['form_id'];
if (_captcha_persistence_skip($form_id)) {
unset($form['captcha']);
return $form;
}
if (isset($_SESSION['captcha'][$form_id]) && count($_SESSION['captcha'][$form_id]) - 1 > CAPTCHA_UNSOLVED_CHALLENGES_MAX) {
foreach (array_keys($_SESSION['captcha'][$form_id]) as $captcha_token) {
if ($captcha_token != 'success') {
unset($_SESSION['captcha'][$form_id][$captcha_token]);
break;
}
}
}
$captcha_token = $form['captcha']['captcha_token']['#value'];
$_SESSION['captcha'][$form_id][$captcha_token] = $form['captcha']['captcha_solution']['#value'];
$_SESSION['captcha'][$form_id]['success'] = FALSE;
$form['captcha']['captcha_response']['#value'] = '';
return $form;
}
function captcha_pre_render_place_captcha($form) {
$button_weights = array();
foreach (element_children($form) as $key) {
if ($key == 'buttons' || isset($form[$key]['#type']) && ($form[$key]['#type'] == 'submit' || $form[$key]['#type'] == 'button')) {
$button_weights[] = $form[$key]['#weight'];
}
}
if ($button_weights) {
$first_button_weight = min($button_weights);
$form['captcha']['#weight'] = $first_button_weight - 0.5 / 1000.0;
unset($form['#sorted']);
}
return $form;
}
function captcha_captcha($op, $captcha_type = '') {
switch ($op) {
case 'list':
return array(
'Math',
);
case 'generate':
if ($captcha_type == 'Math') {
$result = array();
$answer = mt_rand(1, 20);
$x = mt_rand(1, $answer);
$y = $answer - $x;
$result['solution'] = "{$answer}";
$result['form']['captcha_response'] = array(
'#type' => 'textfield',
'#title' => t('Math Question'),
'#description' => t('Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.'),
'#field_prefix' => t('@x + @y = ', array(
'@x' => $x,
'@y' => $y,
)),
'#size' => 4,
'#maxlength' => 2,
'#required' => TRUE,
);
return $result;
}
}
}