captcha.inc 11.9 KB
Newer Older
1 2
<?php

3 4 5 6 7
/**
 * @file
 * General CAPTCHA functionality and helper functions.
 */

8
use Drupal\captcha\Entity\CaptchaPoint;
9
use Drupal\Component\Utility\Xss;
tonnosf's avatar
tonnosf committed
10
use Drupal\Core\Render\Element;
11

12 13 14
/**
 * Helper function for adding/updating a CAPTCHA point.
 *
15 16 17 18
 * @param string $form_id
 *   the form ID to configure.
 * @param string $captcha_type
 *   The setting for the given form_id, can be:
19 20 21
 *   - 'default' to use the default challenge type
 *   - NULL to remove the entry for the CAPTCHA type
 *   - something of the form 'image_captcha/Image'
22 23
 *   - an object with attributes $captcha_type->module
 *   and $captcha_type->captcha_type.
24 25
 */
function captcha_set_form_id_setting($form_id, $captcha_type) {
26 27 28 29 30
  /* @var CaptchaPoint $captcha_point */
  $captcha_point = CaptchaPoint::load($form_id);

  if ($captcha_point) {
    $captcha_point->setCaptchaType($captcha_type);
31 32
  }
  else {
33 34 35 36
    $captcha_point = new CaptchaPoint([
      'formId' => $form_id,
      'captchaType' => $captcha_type,
    ], 'captcha_point');
37
  }
38
  $captcha_point->enable();
39 40

  $captcha_point->save();
41 42 43 44 45
}

/**
 * Get the CAPTCHA setting for a given form_id.
 *
46 47 48 49
 * @param string $form_id
 *   The form_id to query for.
 * @param bool $symbolic
 *   Flag to return as (symbolic) strings instead of object.
50
 *
51
 * @return null|CaptchaPoint
52 53
 *   NULL if no setting is known
 *   captcha point object with fields 'module' and 'captcha_type'.
54 55
 *   If argument $symbolic is true, returns 'default' or in the
 *   form 'captcha/Math'.
56
 */
57 58 59 60 61 62
function captcha_get_form_id_setting($form_id, $symbolic = FALSE) {
  /* @var CaptchaPoint $captchaPoint */
  $captcha_point = CaptchaPoint::load($form_id);

  if ($symbolic) {
    $captcha_point = $captcha_point->getCaptchaType();
63
  }
64

65 66 67
  return $captcha_point;
}

68
/**
69 70
 * Helper function for generating a new CAPTCHA session.
 *
71 72 73 74 75 76 77
 * @param string $form_id
 *   The form_id of the form to add a CAPTCHA to.
 * @param int $status
 *   The initial status of the CAPTHCA session.
 *
 * @return string
 *   The session ID of the new CAPTCHA session.
78
 */
79 80
function _captcha_generate_captcha_session($form_id = NULL, $status = CAPTCHA_STATUS_UNSOLVED) {
  $user = \Drupal::currentUser();
wundo's avatar
wundo committed
81

82
  // Initialize solution with random data.
83
  $solution = hash('sha256', mt_rand());
wundo's avatar
wundo committed
84

85 86
  // Insert an entry and thankfully receive the value
  // of the autoincrement field 'csid'.
87
  $captcha_sid = \Drupal::database()->insert('captcha_sessions')
88
    ->fields([
89 90
      'uid' => $user->id(),
      'sid' => session_id(),
91 92
      'ip_address' => \Drupal::request()->getClientIp(),
      'timestamp' => \Drupal::time()->getRequestTime(),
93 94 95 96
      'form_id' => $form_id,
      'solution' => $solution,
      'status' => $status,
      'attempts' => 0,
97
    ])
98
    ->execute();
99 100 101 102 103 104
  return $captcha_sid;
}

/**
 * Helper function for updating the solution in the CAPTCHA session table.
 *
105 106 107 108
 * @param string $captcha_sid
 *   The CAPTCHA session ID to update.
 * @param string $solution
 *   The new solution to associate with the given CAPTCHA session.
109 110
 */
function _captcha_update_captcha_session($captcha_sid, $solution) {
111
  \Drupal::database()->update('captcha_sessions')
112
    ->condition('csid', $captcha_sid)
113
    ->fields([
114
      'timestamp' => \Drupal::time()->getRequestTime(),
115
      'solution' => $solution,
116
    ])
117
    ->execute();
118 119 120
}

/**
121 122 123 124
 * Helper function for checking if CAPTCHA is required for user.
 *
 * Based on the CAPTCHA persistence setting, the CAPTCHA session
 * ID and user session info.
125 126
 */
function _captcha_required_for_user($captcha_sid, $form_id) {
127
  // Get the CAPTCHA persistence setting.
128 129
  $captcha_persistence = \Drupal::config('captcha.settings')
    ->get('persistence');
130

131 132 133 134
  // First check: should we always add a CAPTCHA?
  if ($captcha_persistence == CAPTCHA_PERSISTENCE_SHOW_ALWAYS) {
    return TRUE;
  }
135

136
  // Get the status of the current CAPTCHA session.
137 138 139 140 141 142 143
  $captcha_session_status = \Drupal::database()
    ->select('captcha_sessions', 'cs')
    ->fields('cs', ['status'])
    ->condition('csid', $captcha_sid)
    ->execute()
    ->fetchField();

144 145
  // Second check: if the current session is already
  // solved: omit further CAPTCHAs.
146 147
  if ($captcha_session_status == CAPTCHA_STATUS_SOLVED) {
    return FALSE;
148
  }
149

150 151
  // Third check: look at the persistence level
  // (per form instance, per form or per user).
152 153 154 155
  if ($captcha_persistence == CAPTCHA_PERSISTENCE_SKIP_ONCE_SUCCESSFUL_PER_FORM_INSTANCE) {
    return TRUE;
  }
  else {
156
    $captcha_success_form_ids = isset($_SESSION['captcha_success_form_ids']) ? (array) ($_SESSION['captcha_success_form_ids']) : [];
157 158 159
    switch ($captcha_persistence) {
      case CAPTCHA_PERSISTENCE_SKIP_ONCE_SUCCESSFUL:
        return (count($captcha_success_form_ids) == 0);
160

161 162 163 164 165 166 167
      case CAPTCHA_PERSISTENCE_SKIP_ONCE_SUCCESSFUL_PER_FORM_TYPE:
        return !isset($captcha_success_form_ids[$form_id]);
    }
  }

  // We should never get to this point, but to be sure, we return TRUE.
  return TRUE;
168
}
169

170
/**
171
 * Get the CAPTCHA description.
172
 *
173
 * @return string
tonnosf's avatar
tonnosf committed
174
 *   CAPTCHA description.
175
 */
tonnosf's avatar
tonnosf committed
176 177
function _captcha_get_description() {
  $description = \Drupal::config('captcha.settings')->get('description');
178
  return Xss::filter($description);
179 180 181 182
}

/**
 * Parse or interpret the given captcha_type.
183 184 185
 *
 * @param string $captcha_type
 *   representation of the CAPTCHA type,
186
 *   e.g. 'default', 'captcha/Math', 'image_captcha/Image'.
187 188 189
 *
 * @return array
 *   list($captcha_module, $captcha_type).
190 191 192
 */
function _captcha_parse_captcha_type($captcha_type) {
  if ($captcha_type == 'default') {
193 194
    $captcha_type = \Drupal::config('captcha.settings')
      ->get('default_challenge', 'captcha/Math');
195 196 197
  }
  return explode('/', $captcha_type);
}
198 199 200 201 202 203 204 205

/**
 * Helper function to get placement information for a given form_id.
 */
function _captcha_get_captcha_placement($form_id, $form) {
  // Get CAPTCHA placement map from cache. Two levels of cache:
  // static variable in this function and storage in the variables table.
  static $placement_map = NULL;
tonnosf's avatar
tonnosf committed
206 207 208

  $write_cache = FALSE;

209 210 211
  // Try first level cache.
  if ($placement_map === NULL) {
    // If first level cache missed: try second level cache.
tonnosf's avatar
tonnosf committed
212 213 214 215
    if ($cache = \Drupal::cache()->get('captcha_placement_map_cache')) {
      $placement_map = $cache->data;
    }
    else {
216
      // If second level cache missed: initialize the placement map
217 218 219 220 221
      // and let other modules hook into this with the
      // hook_captcha_placement_map hook.
      // By default however, probably all Drupal core forms
      // are already correctly handled with the best effort guess
      // based on the 'actions' element (see below).
222 223
      $placement_map = \Drupal::moduleHandler()
        ->invokeAll('captcha_placement_map');
tonnosf's avatar
tonnosf committed
224
      $write_cache = TRUE;
225
    }
226 227
  }

228 229 230 231
  // Query the placement map.
  if (array_key_exists($form_id, $placement_map)) {
    $placement = $placement_map[$form_id];
  }
232 233
  // If no placement info is available in placement map:
  // make a best effort guess.
234
  else {
235 236
    // If there is an "actions" button group, a good placement
    // is just before that.
237
    if (isset($form['actions']) && isset($form['actions']['#type']) && $form['actions']['#type'] === 'actions') {
238 239
      $placement = [
        'path' => [],
240 241 242
        'key' => 'actions',
        // #type 'actions' defaults to 100.
        'weight' => (isset($form['actions']['#weight']) ? $form['actions']['#weight'] - 1 : 99),
243
      ];
244 245
    }
    else {
246 247 248 249 250
      // Search the form for buttons and guess placement from it.
      $buttons = _captcha_search_buttons($form);
      if (count($buttons)) {
        // Pick first button.
        // TODO: make this more sofisticated? Use cases needed.
251
        $placement = (isset($buttons[count($buttons) - 1])) ? $buttons[count($buttons) - 1] : $buttons[0];
252 253 254 255 256
      }
      else {
        // Use NULL when no buttons were found.
        $placement = NULL;
      }
257 258
    }

259
    // Store calculated placement in cache.
260
    $placement_map[$form_id] = $placement;
tonnosf's avatar
tonnosf committed
261
    $write_cache = TRUE;
262
  }
263

tonnosf's avatar
tonnosf committed
264 265 266
  if ($write_cache) {
    \Drupal::cache()->set('captcha_placement_map_cache', $placement_map);
  }
267 268
  return $placement;
}
269

270 271 272
/**
 * Helper function for searching the buttons in a form.
 *
273 274 275 276 277
 * @param array $form
 *   The form to search button elements in.
 *
 * @return array
 *   Array of paths to the buttons.
278 279 280 281
 *   A path is an array of keys leading to the button, the last
 *   item in the path is the weight of the button element
 *   (or NULL if undefined).
 */
282
function _captcha_search_buttons(array $form) {
283
  $buttons = [];
284

tonnosf's avatar
tonnosf committed
285
  foreach (Element::children($form, FALSE) as $key) {
286 287 288
    // Look for submit or button type elements.
    if (isset($form[$key]['#type']) && ($form[$key]['#type'] == 'submit' || $form[$key]['#type'] == 'button')) {
      $weight = isset($form[$key]['#weight']) ? $form[$key]['#weight'] : NULL;
289 290
      $buttons[] = [
        'path' => [],
291 292
        'key' => $key,
        'weight' => $weight,
293
      ];
294
    }
295
    // Process children recursively.
296 297
    $children_buttons = _captcha_search_buttons($form[$key]);
    foreach ($children_buttons as $b) {
298
      $b['path'] = array_merge([$key], $b['path']);
299
      $buttons[] = $b;
300
    }
301
  }
302

303 304
  return $buttons;
}
305

306
/**
307 308 309 310 311 312
 * Helper function to insert a CAPTCHA element before a given form element.
 *
 * @param array $form
 *   the form to add the CAPTCHA element to.
 * @param array $placement
 *   information where the CAPTCHA element should be inserted.
313
 *   $placement should be an associative array with fields:
314 315
 *     - 'path': path (array of path items) of the container in
 *       the form where the CAPTCHA element should be inserted.
316
 *     - 'key': the key of the element before which the CAPTCHA element
317
 *       should be inserted. If the field 'key' is undefined or NULL,
318
 *       the CAPTCHA will just be appended in the container.
319 320 321 322 323
 *     - 'weight': if 'key' is not NULL: should be the weight of the
 *       element defined by 'key'. If 'key' is NULL and weight is not NULL:
 *       set the weight property of the CAPTCHA element to this value.
 * @param array $captcha_element
 *   the CAPTCHA element to insert.
324
 */
325
function _captcha_insert_captcha_element(array &$form, array $placement, array $captcha_element) {
326 327 328
  // Get path, target and target weight or use defaults if not available.
  $target_key = isset($placement['key']) ? $placement['key'] : NULL;
  $target_weight = isset($placement['weight']) ? $placement['weight'] : NULL;
329
  $path = isset($placement['path']) ? $placement['path'] : [];
330 331 332 333 334

  // Walk through the form along the path.
  $form_stepper = &$form;
  foreach ($path as $step) {
    if (isset($form_stepper[$step])) {
335
      $form_stepper = &$form_stepper[$step];
336 337
    }
    else {
338 339 340 341
      // Given path is invalid: stop stepping and
      // continue in best effort (append instead of insert).
      $target_key = NULL;
      break;
342 343 344
    }
  }

345 346
  // If no target is available: just append the CAPTCHA element
  // to the container.
347 348 349 350 351
  if ($target_key == NULL || !array_key_exists($target_key, $form_stepper)) {
    // Optionally, set weight of CAPTCHA element.
    if ($target_weight != NULL) {
      $captcha_element['#weight'] = $target_weight;
    }
352
    $form_stepper['captcha'] = $captcha_element;
353
  }
354 355
  // If there is a target available: make sure the CAPTCHA element
  // comes right before it.
356 357 358 359 360
  else {
    // If target has a weight: set weight of CAPTCHA element a bit smaller
    // and just append the CAPTCHA: sorting will fix the ordering anyway.
    if ($target_weight != NULL) {
      $captcha_element['#weight'] = $target_weight - .1;
361
      $form_stepper['captcha'] = $captcha_element;
362 363
    }
    else {
364 365 366 367 368
      // If we can't play with weights: insert the CAPTCHA element
      // at the right position. Because PHP lacks a function for
      // this (array_splice() comes close, but it does not preserve
      // the key of the inserted element), we do it by hand: chop of
      // the end, append the CAPTCHA element and put the end back.
369 370
      $offset = array_search($target_key, array_keys($form_stepper));
      $end = array_splice($form_stepper, $offset);
371
      $form_stepper['captcha'] = $captcha_element;
372
      foreach ($end as $k => $v) {
373 374 375 376
        $form_stepper[$k] = $v;
      }
    }
  }
377
}