Prado\Web\UI\WebControls\TReCaptcha

Complexity

Total Complexity

47

Size/Duplication

Total Lines	324
Duplicated Lines	0 %

Importance

Changes

0

28 Methods

Rating	Name	Duplication	Size	Complexity
A	getThemeName()	0	3	1
A	setThemeName()	0	3	1
A	setPrivateKey()	0	3	1
A	getPrivateKey()	0	3	1
A	getCustomTranslations()	0	3	1
A	recaptcha_get_html()	0	10	3
A	setIsValid()	0	3	1
B	recaptcha_check_answer()	0	21	6
A	addAttributesToRender()	0	4	1
A	getIsValid()	0	3	1
A	regenerateToken()	0	6	2
A	getResponseFieldName()	0	3	1
A	getPublicKey()	0	3	1
B	recaptcha_http_post()	0	24	3
A	getClientSideOptions()	0	10	4
A	setLanguage()	0	3	1
A	getChallengeFieldName()	0	3	1
A	validate()	0	16	3
B	renderContents()	0	46	2
A	getTagName()	0	3	1
A	getLanguage()	0	3	1
A	setCallbackScript()	0	3	1
A	setCustomTranslations()	0	3	1
A	getCallbackScript()	0	3	1
A	getValidationPropertyValue()	0	3	1
A	onPreRender()	0	13	3
A	setPublicKey()	0	3	1
A	recaptcha_qsencode()	0	8	2

<?php

/**
 * TReCaptcha class file
 *
 * @author Bérczi Gábor <gabor.berczi@devworx.hu>
 * @link http://www.devworx.hu/
 * @copyright Copyright &copy; 2011 DevWorx
 * @license https://github.com/pradosoft/prado/blob/master/LICENSE
 * @package Prado\Web\UI\WebControls
 */

namespace Prado\Web\UI\WebControls;

use Prado\Exceptions\TConfigurationException;
use Prado\TPropertyValue;
use Prado\Web\Javascripts\TJavaScript;
use Prado\Web\Javascripts\TJavaScriptLiteral;

/**
 * TReCaptcha class.
 *
 * TReCaptcha displays a reCAPTCHA (a token displayed as an image) that can be used
 * to determine if the input is entered by a real user instead of some program. It can
 * also prevent multiple submits of the same form either by accident, or on purpose (ie. spamming).
 *
 * The reCAPTCHA to solve (a string consisting of two separate words) displayed is automatically
 * generated by the reCAPTCHA system at recaptcha.net. However, in order to use the services
 * of the site you will need to register and get a public and a private API key pair, and
 * supply those to the reCAPTCHA control through setting the {@link setPrivateKey PrivateKey}
 * and {@link setPublicKey PublicKey} properties.
 *
 * Currently the reCAPTCHA API supports only one reCAPTCHA field per page, so you MUST make sure that all
 * your input is protected and validated by a single reCAPTCHA control. Placing more than one reCAPTCHA
 * control on the page will lead to unpredictable results, and the user will most likely unable to solve
 * any of them successfully.
 *
 * Upon postback, user input can be validated by calling {@link validate()}.
 * The {@link TReCaptchaValidator} control can also be used to do validation, which provides
 * server-side validation. Calling (@link validate()) will invalidate the token supplied, so all consecutive
 * calls to the method - without solving a new captcha - will return false. Therefore if implementing a multi-stage
 * input process, you must make sure that you call validate() only once, either at the end of the input process, or
 * you store the result till the end of the processing.
 *
 * The following template shows a typical use of TReCaptcha control:
 * <code>
 * <com:TReCaptcha ID="Captcha"
 *                 PublicKey="..."
 *                 PrivateKey="..."
 * />
 * <com:TReCaptchaValidator ControlToValidate="Captcha"
 *                          ErrorMessage="You are challenged!" />
 * </code>
 *
 * @author Bérczi Gábor <gabor.berczi@devworx.hu>
 * @package Prado\Web\UI\WebControls
 * @since 3.2
 */
class TReCaptcha extends \Prado\Web\UI\WebControls\TWebControl implements \Prado\Web\UI\IValidatable
{
	private $_isValid = true;

	const ChallengeFieldName = 'recaptcha_challenge_field';
	const ResponseFieldName = 'recaptcha_response_field';
	const RECAPTCHA_API_SERVER = "http://www.google.com/recaptcha/api";
	const RECAPTCHA_API_SECURE_SERVER = "https://www.google.com/recaptcha/api";
	const RECAPTCHA_VERIFY_SERVER = "www.google.com";
	const RECAPTCHA_JS = 'http://www.google.com/recaptcha/api/js/recaptcha_ajax.js';

	public function getTagName()
	{
		return 'span';
	}
	
	/**
	 * Returns true if this control validated successfully.
	 * Defaults to true.
	 * @return bool wether this control validated successfully.
	 */
	public function getIsValid()
	{
		return $this->_isValid;
	}
	/**
	 * @param bool wether this control is valid.

The type Prado\Web\UI\WebControls\wether was not found. Maybe you did not declare it correctly or list all dependencies?

	 */
	public function setIsValid($value)
	{
		$this->_isValid = TPropertyValue::ensureBoolean($value);
	}
	
	public function getValidationPropertyValue()
	{
		return $this->Request[$this->getChallengeFieldName()];

The property Request does not exist on Prado\Web\UI\WebControls\TReCaptcha. Since you implemented __get, consider adding a @property annotation.

	}

	public function getPublicKey()
	{
		return $this->getViewState('PublicKey');
	}

	public function setPublicKey($value)
	{
		return $this->setViewState('PublicKey', TPropertyValue::ensureString($value));

Are you sure the usage of $this->setViewState('PublicKey', Prado\TPropertyValue::ensureString($value)) targeting Prado\Web\UI\TControl::setViewState() seems to always return null.

	}

	public function getPrivateKey()
	{
		return $this->getViewState('PrivateKey');
	}

	public function setPrivateKey($value)
	{
		return $this->setViewState('PrivateKey', TPropertyValue::ensureString($value));

Are you sure the usage of $this->setViewState('PrivateKey', Prado\TPropertyValue::ensureString($value)) targeting Prado\Web\UI\TControl::setViewState() seems to always return null.

	}
	
	public function getThemeName()
	{
		return $this->getViewState('ThemeName');
	}

	public function setThemeName($value)
	{
		return $this->setViewState('ThemeName', TPropertyValue::ensureString($value));

Are you sure the usage of $this->setViewState('ThemeName', Prado\TPropertyValue::ensureString($value)) targeting Prado\Web\UI\TControl::setViewState() seems to always return null.

	}

	public function getCustomTranslations()
	{
		return TPropertyValue::ensureArray($this->getViewState('CustomTranslations'));
	}

	public function setCustomTranslations($value)
	{
		return $this->setViewState('CustomTranslations', TPropertyValue::ensureArray($value));

Are you sure the usage of $this->setViewState('CustomTranslations', Prado\TPropertyValue::ensureArray($value)) targeting Prado\Web\UI\TControl::setViewState() seems to always return null.

	}

	public function getLanguage()
	{
		return $this->getViewState('Language');
	}

	public function setLanguage($value)
	{
		return $this->setViewState('Language', TPropertyValue::ensureString($value));

Are you sure the usage of $this->setViewState('Language', Prado\TPropertyValue::ensureString($value)) targeting Prado\Web\UI\TControl::setViewState() seems to always return null.

	}

	public function getCallbackScript()
	{
		return $this->getViewState('CallbackScript');
	}

	public function setCallbackScript($value)
	{
		return $this->setViewState('CallbackScript', TPropertyValue::ensureString($value));

Are you sure the usage of $this->setViewState('CallbackScript', Prado\TPropertyValue::ensureString($value)) targeting Prado\Web\UI\TControl::setViewState() seems to always return null.

	}

	protected function getChallengeFieldName()
	{
		return /*$this->ClientID.'_'.*/self::ChallengeFieldName;
	}
	
	public function getResponseFieldName()
	{
		return /*$this->ClientID.'_'.*/self::ResponseFieldName;
	}
	
	public function getClientSideOptions()
	{
		$options = [];
		if ($theme = $this->getThemeName())
			$options['theme'] = $theme;
		if ($lang = $this->getLanguage())
			$options['lang'] = $lang;
		if ($trans = $this->getCustomTranslations())
			$options['custom_translations'] = $trans;
		return $options;
	}

	public function validate()
	{
		if (!
			  (
			($challenge = @$_POST[$this->getChallengeFieldName()])
			and

Using logical operators such as and instead of && is generally not recommended.

			($response = @$_POST[$this->getResponseFieldName()])
			  )
				   )
		   return false;

		return $this->recaptcha_check_answer(
			$this->getPrivateKey(),
			$_SERVER["REMOTE_ADDR"],
			$challenge,
			$response
		);
	}

	/**
	 * Checks for API keys
	 * @param mixed event parameter

The type Prado\Web\UI\WebControls\event was not found. Maybe you did not declare it correctly or list all dependencies?

	 */
	public function onPreRender($param)
	{
		parent::onPreRender($param);

		if("" == $this->getPublicKey())
			throw new TConfigurationException('recaptcha_publickey_unknown');
		if("" == $this->getPrivateKey())
			throw new TConfigurationException('recaptcha_privatekey_unknown');

		// need to register captcha fields so they will be sent back also in callbacks
		$page = $this->getPage();
		$page->registerRequiresPostData($this->getChallengeFieldName());
		$page->registerRequiresPostData($this->getResponseFieldName());
	}

	protected function addAttributesToRender($writer)
	{
		parent::addAttributesToRender($writer);
		$writer->addAttribute('id', $this->getClientID());
	}

	public function regenerateToken()
	{
		// if we're in a callback, then schedule re-rendering of the control
		// if not, don't do anything, because a new challenge will be rendered anyway
		if ($this->Page->IsCallback)

The property Page does not exist on Prado\Web\UI\WebControls\TReCaptcha. Since you implemented __get, consider adding a @property annotation.

			$this->Page->CallbackClient->jQuery($this->getClientID() . ' #recaptcha_reload', 'click');
	}

	public function renderContents($writer)
	{
		$readyscript = 'jQuery(document).trigger(' . TJavaScript::quoteString('captchaready:' . $this->getClientID()) . ')';
		$cs = $this->Page->ClientScript;

The property Page does not exist on Prado\Web\UI\WebControls\TReCaptcha. Since you implemented __get, consider adding a @property annotation.

		$id = $this->getClientID();
		$divid = $id . '_1_recaptchadiv';
		$writer->write('<div id="' . htmlspecialchars($divid) . '">');
	
		if (!$this->Page->IsCallback)
			{
				$writer->write(TJavaScript::renderScriptBlock(
					'var RecaptchaOptions = ' . TJavaScript::jsonEncode($this->getClientSideOptions()) . ';'
				));
	
				$html = $this->recaptcha_get_html($this->getPublicKey());
				/*
				reCAPTCHA currently does not support multiple validations per page
				$html = str_replace(
					array(self::ChallengeFieldName,self::ResponseFieldName),
					array($this->getChallengeFieldName(),$this->getResponseFieldName()),
					$html
				);
				*/
				$writer->write($html);

				$cs->registerEndScript('ReCaptcha::EventScript', 'jQuery(document).ready(function() { ' . $readyscript . '; } );');
			}
		else
			{
				$options = $this->getClientSideOptions();
				$options['callback'] = new TJavaScriptLiteral('function() { ' . $readyscript . '; ' . $this->getCallbackScript() . '; }');
				$cs->registerScriptFile('ReCaptcha::AjaxScript', self::RECAPTCHA_JS);
				$cs->registerEndScript('ReCaptcha::CreateScript::' . $id, implode(' ', [
					'if (!jQuery(' . TJavaScript::quoteString('#' . $this->getResponseFieldName()) . '))',
					'{',
					'Recaptcha.destroy();',
					'Recaptcha.create(',
						TJavaScript::quoteString($this->getPublicKey()) . ', ',
						TJavaScript::quoteString($divid) . ', ',
						TJavaScript::encode($options),
					');',
					'}',
				]));
			}
			
		$writer->write('</div>');
	}


	/**
	 * Gets the challenge HTML (javascript and non-javascript version).
	 * This is called from the browser, and the resulting reCAPTCHA HTML widget
	 * is embedded within the HTML form it was called from.
	 * @param string $pubkey A public key for reCAPTCHA
	 * @param string $error The error given by reCAPTCHA (optional, default is null)
	 * @param boolean $use_ssl Should the request be made over ssl? (optional, default is false)
	 * @return string - The HTML to be embedded in the user's form.
	 */
	private function recaptcha_get_html($pubkey, $error = null, $use_ssl = false)
	{
		$server = $use_ssl ? self::RECAPTCHA_API_SECURE_SERVER : $server = self::RECAPTCHA_API_SERVER;

The assignment to $server is dead and can be removed.

		$errorpart = '';
		if ($error)

The expression $error of type null|string is loosely compared to true; this is ambiguous if the string can be empty. You might want to explicitly use !== null instead.

			$errorpart = "&error=" . $error;

		return '<script type="text/javascript" src="' . $server . '/challenge?k=' . $pubkey . $errorpart . '"></script>
		<noscript>
		<iframe src="' . $server . '/noscript?k=' . $pubkey . $errorpart . '" height="300" width="500" frameborder="0"></iframe><br/>
		<textarea name="recaptcha_challenge_field" rows="3" cols="40"></textarea>
		<input type="hidden" name="recaptcha_response_field" value="manual_challenge"/>
		</noscript>';
	}

	/**
	 * Encodes the given data into a query string format
	 * @param $data - array of string elements to be encoded
	 * @return string - encoded request
	 */

The doc comment - at position 0 could not be parsed: Unknown type name '-' at position 0 in -.

	private function recaptcha_qsencode ($data) {
		$req = "";
		foreach ($data as $key => $value)
			$req .= $key . '=' . urlencode(stripslashes($value)) . '&';

		// Cut the last '&'
		$req = substr($req, 0, strlen($req) - 1);
		return $req;
	}

	/**
	 * Submits an HTTP POST to a reCAPTCHA server
	 * @param string $host
	 * @param string $path
	 * @param array $data
	 * @param int port

The type Prado\Web\UI\WebControls\port was not found. Maybe you did not declare it correctly or list all dependencies?

	 * @return array response
	 */
	private function recaptcha_http_post($host, $path, $data, $port = 80)
	{
		$req = $this->recaptcha_qsencode($data);

		$http_request = "POST $path HTTP/1.0\r\n";
		$http_request .= "Host: $host\r\n";
		$http_request .= "Content-Type: application/x-www-form-urlencoded;\r\n";
		$http_request .= "Content-Length: " . strlen($req) . "\r\n";
		$http_request .= "User-Agent: reCAPTCHA/PHP\r\n";
		$http_request .= "\r\n";
		$http_request .= $req;

		$response = '';
		if(false == ($fs = @fsockopen($host, $port, $errno, $errstr, 10)))

The condition false == $fs = @fsockopen($host, $port, $errno, $errstr, 10) can never be true.

			die('Could not open socket');

Using exit here is not recommended.

		fwrite($fs, $http_request);

		while (!feof($fs))
			$response .= fgets($fs, 1160); // One TCP-IP packet
		fclose($fs);
		$response = explode("\r\n\r\n", $response, 2);

		return $response;
	}

	/**
	 * Calls an HTTP POST function to verify if the user's guess was correct
	 * @param string $privkey
	 * @param string $remoteip
	 * @param string $challenge
	 * @param string $response
	 * @param array $extra_params an array of extra variables to post to the server
	 * @return bool
	 */
	private function recaptcha_check_answer($privkey, $remoteip, $challenge, $response, $extra_params = [])
	{
		//discard spam submissions
		if ($challenge == null || strlen($challenge) == 0 || $response == null || strlen($response) == 0)
			return false;

		$response = $this->recaptcha_http_post(self::RECAPTCHA_VERIFY_SERVER, "/recaptcha/api/verify",
		[
			'privatekey' => $privkey,
			'remoteip' => $remoteip,
			'challenge' => $challenge,
			'response' => $response
			] + $extra_params
		);

		$answers = explode("\n", $response [1]);

		if (trim($answers [0]) == 'true')
			return true;
		else
			return false;
	}
}