You are here

Home » API reference » CAPTCHA 6.2 » captcha.module

function captcha_validate in CAPTCHA 6.2

Same name and namespace in other branches
  1. 8 captcha.module \captcha_validate()
  2. 5.3 captcha.module \captcha_validate()
  3. 6 captcha.module \captcha_validate()
  4. 7 captcha.module \captcha_validate()

CAPTCHA validation handler.

This function is placed in the main captcha.module file to make sure that it is available (even for cached forms, which don't fire captcha_form_alter(), and subsequently don't include additional include files).

1 string reference to 'captcha_validate'
captcha_process in ./captcha.module
Process callback for CAPTCHA form element.

File

./captcha.module, line 597
This module enables basic CAPTCHA functionality: administrators can add a CAPTCHA to desired forms that users without the 'skip CAPTCHA' permission (typically anonymous visitors) have to solve.

Code

function captcha_validate($element, &$form_state) {
  $captcha_info = $form_state['captcha_info'];
  $form_id = $captcha_info['this_form_id'];

  // Get CAPTCHA response.
  $captcha_response = $form_state['values']['captcha_response'];

  // Get CAPTCHA session from CAPTCHA info
  // TODO: is this correct in all cases: see comment and code in previous revisions?
  $csid = $captcha_info['captcha_sid'];
  $solution = db_result(db_query('SELECT solution FROM {captcha_sessions} WHERE csid = %d', $csid));
  if ($solution === FALSE) {

    // Unknown challenge_id.
    // TODO: this probably never happens anymore now that there is detection
    // for CAPTCHA session reuse attacks in _captcha_get_posted_captcha_info().
    form_set_error('captcha', t('CAPTCHA validation error: unknown CAPTCHA session ID. Contact the site administrator if this problem persists.'));
    watchdog('CAPTCHA', 'CAPTCHA validation error: unknown CAPTCHA session ID (%csid).', array(
      '%csid' => var_export($csid, TRUE),
    ), WATCHDOG_ERROR);
  }
  else {

    // Get CAPTCHA validate function or fall back on strict equality.
    $captcha_validate = $element['#captcha_validate'];
    if (!function_exists($captcha_validate)) {
      $captcha_validate = 'captcha_validate_strict_equality';
    }

    // Check the response with the CAPTCHA validation function.
    // Apart from the traditional expected $solution and received $response,
    // we also provide the CAPTCHA $element and $form_state arrays for more advanced use cases.
    if ($captcha_validate($solution, $captcha_response, $element, $form_state)) {

      // Correct answer.
      $_SESSION['captcha_success_form_ids'][$form_id] = $form_id;

      // Record success.
      db_query("UPDATE {captcha_sessions} SET status=%d, attempts=attempts+1 WHERE csid=%d", CAPTCHA_STATUS_SOLVED, $csid);
    }
    else {

      // Wrong answer.
      db_query("UPDATE {captcha_sessions} SET attempts=attempts+1 WHERE csid=%d", $csid);

      // set form error
      form_set_error('captcha_response', t('The answer you entered for the CAPTCHA was not correct.'));

      // update wrong response counter
      variable_set('captcha_wrong_response_counter', variable_get('captcha_wrong_response_counter', 0) + 1);

      // log to watchdog if needed
      if (variable_get('captcha_log_wrong_responses', FALSE)) {
        watchdog('CAPTCHA', '%form_id post blocked by CAPTCHA module: challenge "%challenge" (by module "%module"), user answered "%response", but the solution was "%solution".', array(
          '%form_id' => $form_id,
          '%response' => $captcha_response,
          '%solution' => $solution,
          '%challenge' => $captcha_info['captcha_type'],
          '%module' => $captcha_info['module'],
        ), WATCHDOG_NOTICE);
      }
    }
  }
}