function captcha_validate in CAPTCHA 6
Same name and namespace in other branches
- 8 captcha.module \captcha_validate()
- 5.3 captcha.module \captcha_validate()
- 6.2 captcha.module \captcha_validate()
- 7 captcha.module \captcha_validate()
Implementation of form #validate.
1 string reference to 'captcha_validate'
- captcha_form_alter in ./
captcha.module - Implementation of hook_form_alter().
File
- ./
captcha.module, line 324 - This module enables basic CAPTCHA functionality: administrators can add a CAPTCHA to desired forms that users without the 'skip CAPTCHA' permission (typically anonymous visitors) have to solve.
Code
function captcha_validate($form, &$form_state) {
// Check if there is CAPTCHA data available in $_SESSION.
// If not, the visitor has most likely disabled cookies.
if (!isset($_SESSION['captcha'])) {
form_set_error('captcha_response', t('Cookies should be enabled in your browser for CAPTCHA validation.'));
return;
}
// Get answer and preprocess if needed
$captcha_response = $form_state['values']['captcha_response'];
$captcha_info = $form_state['values']['captcha_info'];
if ($captcha_info['preprocess']) {
$captcha_response = module_invoke($captcha_info['module'], 'captcha', 'preprocess', $captcha_info['type'], $captcha_response);
}
$form_id = $captcha_info['form_id'];
// not that we use $form_state['clicked_button']['#post']['captcha_token']
// here instead of $form_state['values']['captcha_token'], because the latter
// contains the captcha_token of the new form, while the former contains
// the captcha token of the posted form.
$captcha_token = $form_state['clicked_button']['#post']['captcha_token'];
// Check if captcha_token exists
if (!isset($_SESSION['captcha'][$form_id][$captcha_token])) {
form_set_error('captcha_token', t('Invalid CAPTCHA token.'));
}
elseif ($captcha_response === $_SESSION['captcha'][$form_id][$captcha_token]) {
$_SESSION['captcha'][$form_id]['success'] = TRUE;
$_SESSION['captcha']['success'] = TRUE;
}
else {
// set form error
form_set_error('captcha_response', t('The answer you entered for the CAPTCHA was not correct.'));
// update wrong response counter
variable_set('captcha_wrong_response_counter', variable_get('captcha_wrong_response_counter', 0) + 1);
// log to watchdog if needed
if (variable_get('captcha_log_wrong_responses', FALSE)) {
watchdog('CAPTCHA', '%form_id post blocked by CAPTCHA module: challenge "%challenge" (by module "%module"), user answered "%response", but the solution was "%solution".', array(
'%form_id' => $form_id,
'%response' => $captcha_response,
'%solution' => $_SESSION['captcha'][$form_id][$captcha_token],
'%challenge' => $captcha_info['type'],
'%module' => $captcha_info['module'],
), WATCHDOG_NOTICE);
}
// If CAPTCHA was on a login form: stop validating, quit the current request
// and forward to the current page (like a reload) to prevent loging in.
// We do that because the log in procedure, which happens after
// captcha_validate(), does not check error conditions of extra form
// elements like the CAPTCHA.
if ($form_id == 'user_login' || $form_id == 'user_login_block') {
drupal_goto($_GET['q']);
}
}
// Unset the solution to prevent reuse of the same CAPTCHA solution
// by a spammer that repeats posting a form without requesting
// (and thus rendering) a new form. Note that a new CAPTCHA solution is only
// set at the pre_render phase.
unset($_SESSION['captcha'][$form_id][$captcha_token]);
}