function _CheckCaptcha()
{
global $SPECIAL_VALUES, $bReverseCaptchaCompleted, $ATTACK_DETECTION_REVERSE_CAPTCHA;
global $reCaptchaProcessor;
//
// only check for CAPTCHA once
//
if (!$this->_iCaptchaType) {
//
// check for full CAPTCHA attempt
// first, check for reCaptcha
//
if (isset($reCaptchaProcessor) && $SPECIAL_VALUES["arverify"] !== "") {
$this->_iCaptchaType = $this->_iFull;
if ($reCaptchaProcessor->Check($SPECIAL_VALUES["arverify"], $SPECIAL_VALUES, $s_error)) {
$this->_bCaptchaOK = true;
} else {
$this->_bCaptchaOK = false;
//
// report the error
//
WriteARLog($this->_sTo, $this->_sSubject, GetMessage(MSG_LOG_RECAPTCHA, array("ERR" => $s_error), false));
UserError("recaptcha", GetMessage(MSG_RECAPTCHA_MATCH, array("ERR" => $s_error)));
}
} elseif ($SPECIAL_VALUES["arverify"] !== "") {
//
// allow spaces in the user's input, except for reCaptcha
//
$s_arverify = str_replace(" ", "", $SPECIAL_VALUES["arverify"]);
$this->_iCaptchaType = $this->_iFull;
//
// full CAPTCHA has been attempted
// VerifyImgString is from Tectite's simple verifyimg.php CAPTCHA.
// turing_string is from Captcha Creator
//
if (IsSetSession("VerifyImgString") || IsSetSession("turing_string")) {
$b_match = false;
//
// the user's entry must match the value in the session
//
if (IsSetSession("VerifyImgString")) {
if (strtoupper($s_arverify) === strtoupper(GetSession("VerifyImgString"))) {
$b_match = true;
}
} else {
if (strtoupper($s_arverify) === strtoupper(GetSession("turing_string"))) {
$b_match = true;
}
}
if ($b_match) {
$this->_bCaptchaOK = true;
} else {
WriteARLog($this->_sTo, $this->_sSubject, GetMessage(MSG_LOG_NO_MATCH, array(), false));
UserError("ar_verify", GetMessage(MSG_ARESP_NO_MATCH));
}
} else {
//
// ...and it has failed because there's no session data
//
WriteARLog($this->_sTo, $this->_sSubject, GetMessage(MSG_LOG_NO_VERIMG, array(), false));
ErrorWithIgnore("verify_failed", GetMessage(MSG_ARESP_NO_AUTH), true);
}
} elseif (ENABLE_ATTACK_DETECTION && !empty($ATTACK_DETECTION_REVERSE_CAPTCHA)) {
//
// Reverse CAPTCHA has been configured
//
$this->_iCaptchaType = $this->_iRev;
$this->_bCaptchaOK = $bReverseCaptchaCompleted;
}
}
}
function MultiFormLogic()
{
global $bMultiForm, $SPECIAL_VALUES, $aSessionVars, $aServerVars, $aFileVars;
global $sFormMailScript, $bGotGoBack, $bGotNextForm, $iFormIndex;
global $aFieldOrder, $aCleanedValues, $aRawDataValues, $aAllRawValues;
if ($SPECIAL_VALUES["multi_start"] == 1) {
if (empty($SPECIAL_VALUES["this_form"])) {
ErrorWithIgnore("need_this_form", GetMessage(MSG_NEED_THIS_FORM), false, false);
}
$bMultiForm = true;
//
// Start of multi-page form sequence
//
$aSessionVars["FormList"] = array();
$aSessionVars["FormList"][0] = array("URL" => $SPECIAL_VALUES["this_form"], "ORDER" => $aFieldOrder, "CLEAN" => $aCleanedValues, "RAWDATA" => $aRawDataValues, "ALLDATA" => $aAllRawValues, "FILES" => $aFileVars);
$iFormIndex = $aSessionVars["FormIndex"] = 0;
// zero is the first form, which was
// just submitted
} elseif (isset($aSessionVars["FormList"])) {
$bMultiForm = true;
}
if ($bMultiForm) {
if (isset($aServerVars["PHP_SELF"]) && !empty($aServerVars["PHP_SELF"]) && isset($aServerVars["SERVER_NAME"]) && !empty($aServerVars["SERVER_NAME"])) {
if (isset($aServerVars["SERVER_PORT"]) && $aServerVars["SERVER_PORT"] != 80) {
if ($aServerVars["SERVER_PORT"] == 443) {
// SSL port
//
// just use https prefix
//
$sFormMailScript = "https://" . $aServerVars["SERVER_NAME"] . $aServerVars["PHP_SELF"];
} else {
//
// use http with port number
//
$sFormMailScript = "http://" . $aServerVars["SERVER_NAME"] . ":" . $aServerVars["SERVER_PORT"] . $aServerVars["PHP_SELF"];
}
} else {
$sFormMailScript = "http://" . $aServerVars["SERVER_NAME"] . $aServerVars["PHP_SELF"];
}
$iFormIndex = $aSessionVars["FormIndex"];
} else {
Error("no_php_self", GetMessage(MSG_NO_PHP_SELF), false, false);
}
}
//
// If we're going forward in a multi-page form sequence,
// compute a URL to return to the form we're about to display.
//
if ($bMultiForm && !$bGotGoBack) {
//
// record the data that was just submitted by the previous form
//
$iFormIndex = $aSessionVars["FormIndex"];
$aSessionVars["FormList"][$iFormIndex]["ORDER"] = $aFieldOrder;
$aSessionVars["FormList"][$iFormIndex]["CLEAN"] = $aCleanedValues;
$aSessionVars["FormList"][$iFormIndex]["RAWDATA"] = $aRawDataValues;
$aSessionVars["FormList"][$iFormIndex]["ALLDATA"] = $aAllRawValues;
if (count($aFileVars) > 0 && !FILEUPLOADS) {
SendAlert(GetMessage(MSG_FILE_UPLOAD));
} elseif (count($aFileVars) > 0 && !SaveAllUploadedFiles($aFileVars)) {
Error("upload_save_failed", GetMessage(MSG_MULTI_UPLOAD), false, false);
}
$aSessionVars["FormList"][$iFormIndex]["FILES"] = $aFileVars;
$iFormIndex++;
$s_url = GetReturnLink($sFormMailScript, $iFormIndex);
$aSessionVars["FormList"][$iFormIndex] = array("URL" => $s_url, "FORM" => $SPECIAL_VALUES["next_form"], "ORDER" => $aFieldOrder, "CLEAN" => $aCleanedValues, "RAWDATA" => $aRawDataValues, "ALLDATA" => $aAllRawValues, "FILES" => $aFileVars);
$aSessionVars["FormIndex"] = $iFormIndex;
MultiKeep();
}
}
