You are here

Home » API reference » CAPTCHA 5.3 » captcha.module

function captcha_validate in CAPTCHA 5.3

Same name and namespace in other branches
  1. 8 captcha.module \captcha_validate()
  2. 6.2 captcha.module \captcha_validate()
  3. 6 captcha.module \captcha_validate()
  4. 7 captcha.module \captcha_validate()

Implementation of form #validate.

File

./captcha.module, line 619
This module enables basic CAPTCHA functionality: administrators can add a CAPTCHA to desired forms that users without the 'skip CAPTCHA' permission (typically anonymous visitors) have to solve.

Code

function captcha_validate($form_values) {

  // Check if there is CAPTCHA data available in $_SESSION
  // If not, the user has most likely disabled cookies
  if (!isset($_SESSION['captcha'])) {
    form_set_error('captcha', t('Cookies should be enabled in your browser for CAPTCHA validation.'));
    return;
  }

  // Get answer and preprocess if needed
  $captcha_response = $form_values['#post']['captcha_response'];
  $validationdata = $form_values['validationdata']['#value'];
  if ($validationdata['preprocess']) {
    $captcha_response = module_invoke($validationdata['module'], 'captcha', 'preprocess', $validationdata['type'], $captcha_response);
  }
  $form_id = $validationdata['form_id'];
  $captcha_token = $form_values['#post']['captcha_token'];

  // Check if captcha_token exists
  if (!isset($_SESSION['captcha'][$form_id][$captcha_token])) {
    form_set_error('captcha_token', t('Invalid CAPTCHA token.'));
  }

  // Check answer
  if ($captcha_response === $_SESSION['captcha'][$form_id][$captcha_token]) {
    $_SESSION['captcha'][$form_id]['success'] = TRUE;
    $_SESSION['captcha']['success'] = TRUE;
  }
  else {

    // set form error
    form_set_error('captcha_response', t('The answer you entered for the CAPTCHA was not correct.'));

    // update wrong response counter
    variable_set('captcha_wrong_response_counter', variable_get('captcha_wrong_response_counter', 0) + 1);

    // log to watchdog if needed
    if (variable_get('captcha_log_wrong_responses', FALSE)) {
      watchdog('CAPTCHA', t('%form_id post blocked by CAPTCHA module: challenge "%challenge" (by module "%module"), user answered "%response", but the solution was "%solution".', array(
        '%form_id' => $form_id,
        '%response' => $captcha_response,
        '%solution' => $_SESSION['captcha'][$form_id][$captcha_token],
        '%challenge' => $validationdata['type'],
        '%module' => $validationdata['module'],
      )), WATCHDOG_NOTICE);
    }

    // If CAPTCHA was on a login form: stop validating, quit the current request
    // and forward to the current page (like a reload) to prevent loging in.
    // We do that because the log in procedure, which happens after
    // captcha_validate(), does not check error conditions of extra form
    // elements like the CAPTCHA.
    if ($form_id == 'user_login' || $form_id == 'user_login_block') {
      drupal_goto($_GET['q']);
    }
  }

  // Unset the solution to prevent reuse of the same CAPTCHA solution
  // by a spammer that repeats posting a form without requesting
  // (and thus rendering) a new form. Note that a new CAPTCHA solution is only
  // set at the pre_render phase.
  unset($_SESSION['captcha'][$form_id][$captcha_token]);
}