1<?php 2 3declare(strict_types=0); 4 5/** 6 * @deprecated Replace by a captcha library or at least move to global constants into a config 7 * Requiring this file shouldn't be necessary 8 */ 9 10/* 11 * vim:set softtabstop=4 shiftwidth=4 expandtab: 12 * 13 * LICENSE: GNU Affero General Public License, version 3 (AGPL-3.0-or-later) 14 * Copyright 2001 - 2020 Ampache.org 15 * 16 * This program is free software: you can redistribute it and/or modify 17 * it under the terms of the GNU Affero General Public License as published by 18 * the Free Software Foundation, either version 3 of the License, or 19 * (at your option) any later version. 20 * 21 * This program is distributed in the hope that it will be useful, 22 * but WITHOUT ANY WARRANTY; without even the implied warranty of 23 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 24 * GNU Affero General Public License for more details. 25 * 26 * You should have received a copy of the GNU Affero General Public License 27 * along with this program. If not, see <https://www.gnu.org/licenses/>. 28 * 29 */ 30 31/** 32 * ##################################################################### 33 * # Warning # 34 * # ####### # 35 * # This external file is Ampache-adapted and probably unsynced with # 36 * # origin because abandoned by its original authors. # 37 * # # 38 * ##################################################################### 39 * 40 * api: php 41 * title: Easy_CAPTCHA 42 * description: highly configurable, user-friendly and accessible CAPTCHA 43 * version: 2.3 44 * author: milki 45 * url: http://freshmeat.net/projects/captchaphp 46 * config: 47 * <const name="CAPTCHA_PERSISTENT" value="1" type="boolean" title="persistent cookie" description="sets a cookie after user successfully solved it, spares further captchas for a few days" /> 48 * <const name="CAPTCHA_NEW_URLS" value="0" type="boolean" title="new URLs only Javascript" description="uses Javascript detection to engage CAPTCHA only if a new URL was entered into any input box" /> 49 * <const name="CAPTCHA_AJAX" value="1" type="boolean" title="AJAX quickcheck" description="verifies the solution (visually) while user enters it" /> 50 * <const name="CAPTCHA_IMAGE_SIZE" value="200x60" type="string" regex="\d+x\d+" title="image size" description="height x width of CAPTCHA image" /> 51 * <const name="CAPTCHA_INVERSE" value="1" type="boolean" title="inverse color" description="make captcha white on black" /> 52 * <const name="CAPTCHA_PIXEL" value="1" type="multi" multi="1=single pixel|2=greyscale 2x2|3=smooth color" title="smooth drawing" description="image pixel assembly method and speed" /> 53 * <const name="CAPTCHA_ONCLICK_HIRES" value="1" type="boolean" title="onClick-HiRes" description="reloads a finer resolution version of the CAPTCHA if user clicks on it" /> 54 * <const name="CAPTCHA_TIMEOUT" value="5000" type="string" regex="\d+" title="verification timeout" description="in seconds, maximum time to elapse from CAPTCHA display to verification" /> 55 * type: intercept 56 * category: antispam 57 * priority: optional 58 * 59 * 60 * This library provides a CAPTCHA for safeguarding form submissions from 61 * spam bots and alike. It is easy to hook into existing web sites and 62 * scripts. And it comes with "smart" defaults, and some user-friendliness 63 * built in. 64 * 65 * While the operation logic and identifier processing are extremley safe, 66 * this is a "weak" implementation. Specifically targetted and tweaked OCR 67 * software could overcome the visual riddle. And if enabled, the textual 68 * or mathematical riddles are rather simple to overcome, if attacked. 69 * Generic spambots are however blocked already with the default settings. 70 * 71 * PRINT captcha::form() 72 * emits the img and input fields for inclusion into your submit <form> 73 * 74 * IF (captcha::solved()) 75 * tests for a correctly entered solution on submit, returns true if ok 76 * 77 * Temporary files are created for tracking, verification and basic data 78 * storage, but will get automatically removed once a CAPTCHA was solved 79 * to prevent replay attacks. Additionally this library has "AJAX" super 80 * powers to enhance user interaction. And a short-lasting session cookie 81 * is also added site-wide, so users may only have to solve the captcha 82 * once (can be disabled, because that's also just security by obscurity). 83 * 84 * This code is Public Domain. 85 */ 86 87namespace Ampache\Module\Util\Captcha; 88 89// @define("CAPTCHA_BASE_URL", "http://$_SERVER[SERVER_NAME]:$_SERVER[SERVER_PORT]" . dirname($_SERVER['SCRIPT_NAME']) . '/captcha.php'); 90// @define("C_TRIGGER_URL", (strtok('http://'.$_SERVER['SERVER_NAME'].':'.$_SERVER['SERVER_PORT'].$_SERVER['REQUEST_URI'], '?'))); 91/* 92Mike O'Connell <wb:gm.c> 93 The definition of CAPTCHA_BASE_URL was incorrect, as well as the test to 94 see if the script was being called directly. Here is what worked for 95 me. The Request URI and script name is the URL path rather than the 96 actual server side directory you were using before 97 ($_SERVER['DOCUMENT_ROOT']). 98*/ 99 100define("CAPTCHA_PERSISTENT", 1); // cookie-pass after it's solved once (does not work if headers were already sent on innovocation of captcha::solved() check) 101define("CAPTCHA_NEW_URLS", 0); // force captcha only when URLs submitted 102define("CAPTCHA_AJAX", 1); // visual feedback while entering letters 103define("CAPTCHA_LOG", 0); // create /tmp/captcha/log file 104define("CAPTCHA_NOTEXT", 0); // disables the accessible text/math riddle 105 106#-- look 107define("CAPTCHA_IMAGE_TYPE", 1); // 1=wave, 2=whirly 108#define("CAPTCHA_INVERSE", 0); // white(=0) or black(=1) 109define("CAPTCHA_IMAGE_SIZE", "200x60"); // randomly adapted a little 110define("CAPTCHA_INPUT_STYLE", "height:46px; font-size:34px; font-weight:500;"); 111define("CAPTCHA_PIXEL", 1); // set to 2 for smoother 2x2 grayscale pixel transform 112define("CAPTCHA_ONCLICK_HIRES", 1); // use better/slower drawing mode on reloading 113 114#-- solving 115define("CAPTCHA_FUZZY", 0.65); // easier solving: accept 1 or 2 misguessed letters 116define("CAPTCHA_TRIES", 5); // maximum failures for solving the captcha 117define("CAPTCHA_AJAX_TRIES", 25); // AJAX testing limit (prevents brute-force cracking via check API) 118define("CAPTCHA_MAXPASSES", 2); // 2 passes prevent user annoyment with caching/reload failures 119define("CAPTCHA_TIMEOUT", 5000); // (in seconds/2) = 3:00 hours to solve a displayed captcha 120define("CAPTCHA_MIN_CHARS", 5); // how many letters to use 121define("CAPTCHA_MAX_CHARS", 7); 122 123#-- operation 124define("CAPTCHA_TEMP_DIR", easy_captcha_utility::tmp() . "/captcha/"); // storage directory for captcha handles 125define("CAPTCHA_PARAM_ID", "__ec_i"); 126define("CAPTCHA_PARAM_INPUT", "__ec_s"); 127define("CAPTCHA_BGCOLOR", 0xFFFFFF); // initial background color (non-inverse, white) 128define("CAPTCHA_SALT", ",e?c:7<"); 129#define("CAPTCHA_DATA_URLS", 0); // RFC2397-URLs exclude MSIE users 130define("CAPTCHA_FONT_DIR", __DIR__ . '/../../resources/fonts'); 131#define("CAPTCHA_BASE_URL", 132# (empty($_SERVER['HTTPS']) ? "http" : "https") . "://$_SERVER[SERVER_NAME]:$_SERVER[SERVER_PORT]/" . substr(realpath(__FILE__), 133# strlen(realpath($_SERVER["DOCUMENT_ROOT"])))); 134 135#-- texts 136define("CAPTCHA_PROMPT_TEXT", 'please enter the letters you recognize in the CAPTCHA image to the left'); 137define("CAPTCHA_WHATIS_TEXT", 'What is %s = '); 138define("CAPTCHA_REDRAW_TEXT", 'click on image to redraw'); 139 140#-- init (triggered if *this* script is called directly) 141//if ((basename($_SERVER["SCRIPT_FILENAME"]) == basename(__FILE__)) || (easy_captcha_utility::canonical_path("http://ignored.xxx/$_SERVER[REQUEST_URI]") == easy_captcha_utility::canonical_path(CAPTCHA_BASE_URL))) { 142// //easy_captcha_utility::API(); 143//} 144