Issues (994)

src/MVC/captcha.php (10 issues)

1
<?php
2
3
namespace MVC;
4
5
class captcha extends router
6
{
7
  public $key = null;
8
  private $request_headers = [];
9
  private $cors = null;
10
11
  public function __construct()
12
  {
13
    $_SESSION['md5-useragent'] = md5($_SERVER['HTTP_USER_AGENT']);
14
    $this->key = 'captcha' . md5(\MVC\helper::get_client_ip() . $_SERVER['HTTP_USER_AGENT']);
15
    $this->cors = \MVC\helper::cors();
16
17
    if (!function_exists('getallheaders')) {
18
      foreach ($_SERVER as $name => $value) {
19
        /* RFC2616 (HTTP/1.1) defines header fields as case-insensitive entities. */
20
        if ('http_' == strtolower(substr($name, 0, 5))) {
21
          $headers[str_replace(' ', '-', ucwords(strtolower(str_replace('_', ' ', substr($name, 5)))))] = $value;
22
        }
23
      }
24
      $this->request_headers = $headers;
0 ignored issues
show
Comprehensibility Best Practice introduced by
The variable $headers does not seem to be defined for all execution paths leading up to this point.
Loading history...
25
    } else {
26
      $this->request_headers = getallheaders();
27
    }
28
  }
29
30
  /**
31
   * Receiver (Create captcha).
32
   *
33
   * @param string $header_name javascript function name in header format
34
   *
35
   * @return void
36
   */
37
  public function receiver(string $header_name = 'hname')
38
  {
39
    return $this->receiver2($header_name);
0 ignored issues
show
Are you sure the usage of $this->receiver2($header_name) targeting MVC\captcha::receiver2() seems to always return null.

This check looks for function or method calls that always return null and whose return value is used.

class A
{
    function getObject()
    {
        return null;
    }

}

$a = new A();
if ($a->getObject()) {

The method getObject() can return nothing but null, so it makes no sense to use the return value.

The reason is most likely that a function or method is imcomplete or has been reduced for debug purposes.

Loading history...
40
  }
41
42
  public function receiver2(string $header_name = null)
43
  {
44
    if (!$this->cors) {
45
      return;
46
    }
47
    if (!$header_name) {
48
      $header_name = str_rot13(\MVC\helper::getRequestIP());
49
    }
50
    $allow = isset($this->request_headers[$header_name]);
51
52
    if ($allow) {
53
      $header = $this->request_headers[$header_name];
54
      $header_match = str_rot13($header) == $_SESSION['md5-useragent'];
55
      if ($header_match) {
56
        if (isset($_REQUEST['callback'])) {
57
          header('Content-Type: application/javascript');
58
          $create = $this->create();
0 ignored issues
show
Are you sure the assignment to $create is correct as $this->create() targeting MVC\captcha::create() seems to always return null.

This check looks for function or method calls that always return null and whose return value is assigned to a variable.

class A
{
    function getObject()
    {
        return null;
    }

}

$a = new A();
$object = $a->getObject();

The method getObject() can return nothing but null, so it makes no sense to assign that value to a variable.

The reason is most likely that a function or method is imcomplete or has been reduced for debug purposes.

Loading history...
59
          $gen = json_encode(['captcha' => str_rot13($create)]);
0 ignored issues
show
$create of type void is incompatible with the type string expected by parameter $string of str_rot13(). ( Ignorable by Annotation )

If this is a false-positive, you can also ignore this issue in your code via the ignore-type  annotation

59
          $gen = json_encode(['captcha' => str_rot13(/** @scrutinizer ignore-type */ $create)]);
Loading history...
60
          echo "{$_REQUEST['callback']}($gen)";
61
          exit;
0 ignored issues
show
Using exit here is not recommended.

In general, usage of exit should be done with care and only when running in a scripting context like a CLI script.

Loading history...
62
        }
63
      }
64
    }
65
  }
66
67
  private function delete_headers(int $http_code = 200)
0 ignored issues
show
The method delete_headers() is not used, and could be removed.

This check looks for private methods that have been defined, but are not used inside the class.

Loading history...
68
  {
69
    if (ob_get_level()) {
70
      ob_end_clean();
71
      ob_start();
72
    }
73
    http_response_code($http_code);
74
  }
75
76
  /**
77
   * Create captcha ids.
78
   *
79
   * @return void
80
   */
81
  public function create()
82
  {
83
    $random_alpha = md5(rand());
84
    $captcha_code = (string) substr($random_alpha, 0, 6);
85
    \Cookie\helper::mins($this->key, $captcha_code, 1, '/');
86
87
    return $captcha_code;
0 ignored issues
show
Bug Best Practice introduced by
The expression return $captcha_code returns the type string which is incompatible with the documented return type void.
Loading history...
88
  }
89
90
  /**
91
   * Validate coupon codes.
92
   *
93
   * @param string $captcha
94
   *
95
   * @return void
96
   */
97
  public function validate(string $captcha)
98
  {
99
    if (\Cookie\helper::has($this->key)) {
100
      return \Cookie\helper::get($this->key) == $captcha;
0 ignored issues
show
Bug Best Practice introduced by
The expression return Cookie\helper::get($this->key) == $captcha returns the type boolean which is incompatible with the documented return type void.
Loading history...
101
    } else {
102
      if (\MVC\helper::cors()) {
103
        exit(\JSON\json::json(['message' => "Session {$this->key} not exists", 'error' => true]));
0 ignored issues
show
Using exit here is not recommended.

In general, usage of exit should be done with care and only when running in a scripting context like a CLI script.

Loading history...
Are you sure the usage of JSON\json::json(array('m...sts', 'error' => true)) targeting JSON\json::json() seems to always return null.

This check looks for function or method calls that always return null and whose return value is used.

class A
{
    function getObject()
    {
        return null;
    }

}

$a = new A();
if ($a->getObject()) {

The method getObject() can return nothing but null, so it makes no sense to use the return value.

The reason is most likely that a function or method is imcomplete or has been reduced for debug purposes.

Loading history...
104
      } else {
105
        throw new Exception("Session {$this->key} not exists", 1);
106
      }
107
    }
108
  }
109
110
  public function jpeg(string $captcha_code)
111
  {
112
    $target_layer = imagecreatetruecolor(70, 30);
113
    $captcha_background = imagecolorallocate($target_layer, 255, 160, 119);
114
    imagefill($target_layer, 0, 0, $captcha_background);
115
    $captcha_text_color = imagecolorallocate($target_layer, 0, 0, 0);
116
    imagestring($target_layer, 5, 5, 5, str_rot13($captcha_code), $captcha_text_color);
117
    header('Content-type: image/jpeg');
118
    imagejpeg($target_layer);
119
  }
120
}
121