|
1
|
|
|
<?php |
|
2
|
|
|
/** |
|
3
|
|
|
* This file is part of the O2System Framework package. |
|
4
|
|
|
* |
|
5
|
|
|
* For the full copyright and license information, please view the LICENSE |
|
6
|
|
|
* file that was distributed with this source code. |
|
7
|
|
|
* |
|
8
|
|
|
* @author Steeve Andrian Salim |
|
9
|
|
|
* @copyright Copyright (c) Steeve Andrian Salim |
|
10
|
|
|
*/ |
|
11
|
|
|
|
|
12
|
|
|
// ------------------------------------------------------------------------ |
|
13
|
|
|
|
|
14
|
|
|
namespace O2System\Security\Protections; |
|
15
|
|
|
|
|
16
|
|
|
// ------------------------------------------------------------------------ |
|
17
|
|
|
|
|
18
|
|
|
use O2System\Spl\Exceptions\RuntimeException; |
|
19
|
|
|
|
|
20
|
|
|
/** |
|
21
|
|
|
* Class Captcha |
|
22
|
|
|
* |
|
23
|
|
|
* @package O2System\Security\Protections |
|
24
|
|
|
*/ |
|
25
|
|
|
class Captcha |
|
26
|
|
|
{ |
|
27
|
|
|
/** |
|
28
|
|
|
* Captcha::$token |
|
29
|
|
|
* |
|
30
|
|
|
* Active CAPTCHA protection token. |
|
31
|
|
|
* |
|
32
|
|
|
* @var string |
|
33
|
|
|
*/ |
|
34
|
|
|
private $token; |
|
35
|
|
|
|
|
36
|
|
|
// ------------------------------------------------------------------------ |
|
37
|
|
|
|
|
38
|
|
|
/** |
|
39
|
|
|
* Captcha::__construct |
|
40
|
|
|
*/ |
|
41
|
|
|
public function __construct() |
|
42
|
|
|
{ |
|
43
|
|
|
language() |
|
44
|
|
|
->addFilePath(str_replace('Protections', '', __DIR__) . DIRECTORY_SEPARATOR) |
|
45
|
|
|
->loadFile('captcha'); |
|
46
|
|
|
|
|
47
|
|
|
if (false === ($this->token = $this->getToken())) { |
|
|
|
|
|
|
48
|
|
|
$this->regenerate(); |
|
49
|
|
|
} |
|
50
|
|
|
} |
|
51
|
|
|
|
|
52
|
|
|
// ------------------------------------------------------------------------ |
|
53
|
|
|
|
|
54
|
|
|
/** |
|
55
|
|
|
* Captcha::getToken |
|
56
|
|
|
* |
|
57
|
|
|
* Gets CAPTCHA protection token string. |
|
58
|
|
|
* |
|
59
|
|
|
* @return string|bool Returns FALSE if not set. |
|
60
|
|
|
*/ |
|
61
|
|
|
protected function getToken() |
|
62
|
|
|
{ |
|
63
|
|
|
if (isset($_SESSION[ 'captchaToken' ])) { |
|
64
|
|
|
return $_SESSION[ 'captchaToken' ]; |
|
65
|
|
|
} |
|
66
|
|
|
|
|
67
|
|
|
return false; |
|
68
|
|
|
} |
|
69
|
|
|
|
|
70
|
|
|
// ------------------------------------------------------------------------ |
|
71
|
|
|
|
|
72
|
|
|
/** |
|
73
|
|
|
* Captcha::regenerate |
|
74
|
|
|
* |
|
75
|
|
|
* Regenerate CAPTCHA protection token. |
|
76
|
|
|
* |
|
77
|
|
|
* @return string Base64 image string. |
|
78
|
|
|
*/ |
|
79
|
|
|
public function regenerate() |
|
80
|
|
|
{ |
|
81
|
|
|
$_SESSION[ 'captchaToken' ] = $this->token = strtoupper( |
|
82
|
|
|
substr( |
|
83
|
|
|
md5( |
|
84
|
|
|
uniqid( |
|
85
|
|
|
mt_rand(), |
|
86
|
|
|
true |
|
87
|
|
|
) . 'CAPTCHA' |
|
88
|
|
|
), |
|
89
|
|
|
2, |
|
90
|
|
|
6 |
|
91
|
|
|
) |
|
92
|
|
|
); |
|
93
|
|
|
|
|
94
|
|
|
return $this->getImage(); |
|
95
|
|
|
} |
|
96
|
|
|
|
|
97
|
|
|
// ------------------------------------------------------------------------ |
|
98
|
|
|
|
|
99
|
|
|
/** |
|
100
|
|
|
* Captcha::getImage |
|
101
|
|
|
* |
|
102
|
|
|
* Gets CAPTCHA protection token image. |
|
103
|
|
|
* |
|
104
|
|
|
* @return string Base64 image string. |
|
105
|
|
|
* @throws \O2System\Spl\Exceptions\RuntimeException |
|
106
|
|
|
*/ |
|
107
|
|
|
public function getImage() |
|
108
|
|
|
{ |
|
109
|
|
|
if (class_exists('O2System\Framework') or class_exists('\O2System\Reactor', false)) { |
|
110
|
|
|
$tempFilePath = @tempnam(PATH_CACHE, 'captcha'); |
|
|
|
|
|
|
111
|
|
|
} else { |
|
112
|
|
|
$tempFilePath = @tempnam( |
|
113
|
|
|
sys_get_temp_dir() . DIRECTORY_SEPARATOR . 'o2system' . DIRECTORY_SEPARATOR, |
|
114
|
|
|
'captcha' |
|
115
|
|
|
); |
|
116
|
|
|
} |
|
117
|
|
|
|
|
118
|
|
|
if ($image = imagecreatetruecolor(200, 50)) { |
|
119
|
|
|
$backgroundColor = imagecolorallocate($image, 255, 255, 255); |
|
120
|
|
|
$lineColor = imagecolorallocate($image, 64, 64, 64); |
|
121
|
|
|
$pixelColor = imagecolorallocate($image, 0, 0, 255); |
|
122
|
|
|
|
|
123
|
|
|
imagefilledrectangle($image, 0, 0, 200, 50, $backgroundColor); |
|
124
|
|
|
|
|
125
|
|
|
for ($i = 0; $i < 3; $i++) { |
|
126
|
|
|
imageline($image, 0, rand() % 50, 200, rand() % 50, $lineColor); |
|
127
|
|
|
} |
|
128
|
|
|
|
|
129
|
|
|
for ($i = 0; $i < 1000; $i++) { |
|
130
|
|
|
imagesetpixel($image, rand() % 200, rand() % 50, $pixelColor); |
|
131
|
|
|
} |
|
132
|
|
|
|
|
133
|
|
|
$textColor = imagecolorallocate($image, 0, 0, 0); |
|
134
|
|
|
|
|
135
|
|
|
for ($i = 0; $i < 6; $i++) { |
|
136
|
|
|
imagestring($image, 10, 20 + ($i * 30), 20, substr($this->getToken(), $i, 1), $textColor); |
|
137
|
|
|
} |
|
138
|
|
|
|
|
139
|
|
|
imagepng($image, $tempFilePath); |
|
140
|
|
|
|
|
141
|
|
|
$base64Image = base64_encode(file_get_contents($tempFilePath)); |
|
142
|
|
|
@unlink($tempFilePath); |
|
|
|
|
|
|
143
|
|
|
|
|
144
|
|
|
return 'data:image/png;base64,' . $base64Image; |
|
145
|
|
|
} |
|
146
|
|
|
|
|
147
|
|
|
// Cannot Initialize new GD image stream |
|
148
|
|
|
throw new RuntimeException('SECURITY_E_CAPTCHA_GD_IMAGE_STREAM'); |
|
149
|
|
|
} |
|
150
|
|
|
|
|
151
|
|
|
// ------------------------------------------------------------------------ |
|
152
|
|
|
|
|
153
|
|
|
/** |
|
154
|
|
|
* Captcha::isValid |
|
155
|
|
|
* |
|
156
|
|
|
* Checks if the posted CAPTCHA protection token is valid. |
|
157
|
|
|
* |
|
158
|
|
|
* @param string $token Captcha token. |
|
159
|
|
|
* |
|
160
|
|
|
* @return bool |
|
161
|
|
|
*/ |
|
162
|
|
|
public function verify($token = null) |
|
163
|
|
|
{ |
|
164
|
|
|
$token = isset($token) |
|
165
|
|
|
? $token |
|
166
|
|
|
: input()->postGet('captchaToken'); |
|
|
|
|
|
|
167
|
|
|
|
|
168
|
|
|
if (is_string($token)) { |
|
169
|
|
|
return hash_equals($this->getToken(), $token); |
|
170
|
|
|
} |
|
171
|
|
|
|
|
172
|
|
|
return false; |
|
173
|
|
|
} |
|
174
|
|
|
} |
o2system /
security
Steeve Andrian Salim
Loading history...
Our type inference engine has found a suspicous assignment of a value to a property. This check raises an issue when a value that can be of a mixed type is assigned to a property that is type hinted more strictly.
For example, imagine you have a variable
$accountIdthat can either hold an Id object or false (if there is no account id yet). Your code now assigns that value to theidproperty of an instance of theAccountclass. This class holds a proper account, so the id value must no longer be false.Either this assignment is in error or a type check should be added for that assignment.