1<?php
2
3declare(strict_types=0);
4
5/**
6 * @deprecated Replace by a captcha library or at least move to global constants into a config
7 * Requiring this file shouldn't be necessary
8 */
9
10/*
11 * vim:set softtabstop=4 shiftwidth=4 expandtab:
12 *
13 * LICENSE: GNU Affero General Public License, version 3 (AGPL-3.0-or-later)
14 * Copyright 2001 - 2020 Ampache.org
15 *
16 * This program is free software: you can redistribute it and/or modify
17 * it under the terms of the GNU Affero General Public License as published by
18 * the Free Software Foundation, either version 3 of the License, or
19 * (at your option) any later version.
20 *
21 * This program is distributed in the hope that it will be useful,
22 * but WITHOUT ANY WARRANTY; without even the implied warranty of
23 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
24 * GNU Affero General Public License for more details.
25 *
26 * You should have received a copy of the GNU Affero General Public License
27 * along with this program.  If not, see <https://www.gnu.org/licenses/>.
28 *
29 */
30
31/**
32 * #####################################################################
33 * #                               Warning                             #
34 * #                               #######                             #
35 * # This external file is Ampache-adapted and probably unsynced with  #
36 * # origin because abandoned by its original authors.                #
37 * #                                                                   #
38 * #####################################################################
39 *
40 * api: php
41 * title: Easy_CAPTCHA
42 * description: highly configurable, user-friendly and accessible CAPTCHA
43 * version: 2.3
44 * author: milki
45 * url: http://freshmeat.net/projects/captchaphp
46 * config:
47 * <const name="CAPTCHA_PERSISTENT" value="1"  type="boolean" title="persistent cookie" description="sets a cookie after user successfully solved it, spares further captchas for a few days" />
48 * <const name="CAPTCHA_NEW_URLS" value="0"  type="boolean" title="new URLs only Javascript" description="uses Javascript detection to engage CAPTCHA only if a new URL was entered into any input box" />
49 * <const name="CAPTCHA_AJAX" value="1" type="boolean" title="AJAX quickcheck" description="verifies the solution (visually) while user enters it" />
50 * <const name="CAPTCHA_IMAGE_SIZE" value="200x60" type="string" regex="\d+x\d+" title="image size" description="height x width of CAPTCHA image" />
51 * <const name="CAPTCHA_INVERSE" value="1"  type="boolean" title="inverse color" description="make captcha white on black" />
52 * <const name="CAPTCHA_PIXEL" value="1" type="multi" multi="1=single pixel|2=greyscale 2x2|3=smooth color" title="smooth drawing" description="image pixel assembly method and speed" />
53 * <const name="CAPTCHA_ONCLICK_HIRES" value="1" type="boolean" title="onClick-HiRes" description="reloads a finer resolution version of the CAPTCHA if user clicks on it" />
54 * <const name="CAPTCHA_TIMEOUT" value="5000" type="string" regex="\d+" title="verification timeout" description="in seconds, maximum time to elapse from CAPTCHA display to verification" />
55 * type: intercept
56 * category: antispam
57 * priority: optional
58 *
59 *
60 * This library provides a CAPTCHA for safeguarding form submissions from
61 * spam bots and alike. It is easy to hook into existing web sites and
62 * scripts. And it comes with "smart" defaults, and some user-friendliness
63 * built in.
64 *
65 * While the operation logic and identifier processing are extremley safe,
66 * this is a "weak" implementation. Specifically targetted and tweaked OCR
67 * software could overcome the visual riddle. And if enabled, the textual
68 * or mathematical riddles are rather simple to overcome, if attacked.
69 * Generic spambots are however blocked already with the default settings.
70 *
71 * PRINT captcha::form()
72 * emits the img and input fields for inclusion into your submit <form>
73 *
74 * IF (captcha::solved())
75 * tests for a correctly entered solution on submit, returns true if ok
76 *
77 * Temporary files are created for tracking, verification and basic data
78 * storage, but will get automatically removed once a CAPTCHA was solved
79 * to prevent replay attacks. Additionally this library has "AJAX" super
80 * powers to enhance user interaction. And a short-lasting session cookie
81 * is also added site-wide, so users may only have to solve the captcha
82 * once (can be disabled, because that's also just security by obscurity).
83 *
84 * This code is Public Domain.
85 */
86
87namespace Ampache\Module\Util\Captcha;
88
89// @define("CAPTCHA_BASE_URL", "http://$_SERVER[SERVER_NAME]:$_SERVER[SERVER_PORT]" . dirname($_SERVER['SCRIPT_NAME']) . '/captcha.php');
90// @define("C_TRIGGER_URL", (strtok('http://'.$_SERVER['SERVER_NAME'].':'.$_SERVER['SERVER_PORT'].$_SERVER['REQUEST_URI'], '?')));
91/*
92Mike O'Connell <wb:gm.c>
93  The definition of CAPTCHA_BASE_URL was incorrect, as well as the test to
94  see if the script was being called directly.  Here is what worked for
95  me.  The Request URI and script name is the URL path rather than the
96  actual server side directory you were using before
97  ($_SERVER['DOCUMENT_ROOT']).
98*/
99
100define("CAPTCHA_PERSISTENT", 1);     // cookie-pass after it's solved once (does not work if headers were already sent on innovocation of captcha::solved() check)
101define("CAPTCHA_NEW_URLS", 0);       // force captcha only when URLs submitted
102define("CAPTCHA_AJAX", 1);           // visual feedback while entering letters
103define("CAPTCHA_LOG", 0);            // create /tmp/captcha/log file
104define("CAPTCHA_NOTEXT", 0);         // disables the accessible text/math riddle
105
106#-- look
107define("CAPTCHA_IMAGE_TYPE", 1);     // 1=wave, 2=whirly
108#define("CAPTCHA_INVERSE", 0);        // white(=0) or black(=1)
109define("CAPTCHA_IMAGE_SIZE", "200x60");  // randomly adapted a little
110define("CAPTCHA_INPUT_STYLE", "height:46px; font-size:34px; font-weight:500;");
111define("CAPTCHA_PIXEL", 1);          // set to 2 for smoother 2x2 grayscale pixel transform
112define("CAPTCHA_ONCLICK_HIRES", 1);  // use better/slower drawing mode on reloading
113
114#-- solving
115define("CAPTCHA_FUZZY", 0.65);       // easier solving: accept 1 or 2 misguessed letters
116define("CAPTCHA_TRIES", 5);          // maximum failures for solving the captcha
117define("CAPTCHA_AJAX_TRIES", 25);    // AJAX testing limit (prevents brute-force cracking via check API)
118define("CAPTCHA_MAXPASSES", 2);      // 2 passes prevent user annoyment with caching/reload failures
119define("CAPTCHA_TIMEOUT", 5000);     // (in seconds/2) = 3:00 hours to solve a displayed captcha
120define("CAPTCHA_MIN_CHARS", 5);      // how many letters to use
121define("CAPTCHA_MAX_CHARS", 7);
122
123#-- operation
124define("CAPTCHA_TEMP_DIR", easy_captcha_utility::tmp() . "/captcha/");    // storage directory for captcha handles
125define("CAPTCHA_PARAM_ID", "__ec_i");
126define("CAPTCHA_PARAM_INPUT", "__ec_s");
127define("CAPTCHA_BGCOLOR", 0xFFFFFF);   // initial background color (non-inverse, white)
128define("CAPTCHA_SALT", ",e?c:7<");
129#define("CAPTCHA_DATA_URLS", 0);     // RFC2397-URLs exclude MSIE users
130define("CAPTCHA_FONT_DIR", __DIR__ . '/../../resources/fonts');
131#define("CAPTCHA_BASE_URL",
132#    (empty($_SERVER['HTTPS']) ? "http" : "https") . "://$_SERVER[SERVER_NAME]:$_SERVER[SERVER_PORT]/" . substr(realpath(__FILE__),
133#        strlen(realpath($_SERVER["DOCUMENT_ROOT"]))));
134
135#-- texts
136define("CAPTCHA_PROMPT_TEXT", 'please enter the letters you recognize in the CAPTCHA image to the left');
137define("CAPTCHA_WHATIS_TEXT", 'What is %s = ');
138define("CAPTCHA_REDRAW_TEXT", 'click on image to redraw');
139
140#-- init (triggered if *this* script is called directly)
141//if ((basename($_SERVER["SCRIPT_FILENAME"]) == basename(__FILE__)) || (easy_captcha_utility::canonical_path("http://ignored.xxx/$_SERVER[REQUEST_URI]") == easy_captcha_utility::canonical_path(CAPTCHA_BASE_URL))) {
142//    //easy_captcha_utility::API();
143//}
144