/** * Check the hidden captcha's values * * @param string $formId [optional] The id to use to generate input elements (default = "hcptch") * @param integer $minLimit [optional] Submission minimum time limit in seconds (default = 5) * @param integer $maxLimit [optional] Submission maximum time limit in seconds (default = 1200) * @return boolean Return false if the submitter is a robot */ public static function checkCaptcha($formId = 'hcptch', $minLimit = 5, $maxLimit = 1200) { // get posted values $values = Request::getInstance()->post($formId); // Check post values if ($values === null || !isset($values['spinner']) || !isset($values['name'])) { self::$_error = self::$CAPTCHA_VALUES_NOT_SUBMITTED; return false; } // Hidden field is set if ($values['name'] !== '') { self::$_error = self::$CAPTCHA_SPAMBOT_AUTO_FILL; return false; } // Get the spinner values $spinner = Security::decrypt($values['spinner']); $spinner = @unserialize($spinner); // Spinner is null or unserializable if (!$spinner || !is_array($spinner) || empty($spinner)) { self::$_error = self::$CAPTCHA_SPINNER_ERROR; return false; } // Check the random posted field $hField = $values[$spinner['hfield_name']]; if (!isset($spinner['captcha']) && (!isset($hField) || $hField === '')) { self::$_error = self::$CAPTCHA_VALUES_NOT_SUBMITTED; return false; } // Check time limits $now = time(); if ($now - $spinner['timestamp'] < $minLimit || $now - $spinner['timestamp'] > $maxLimit) { self::$_error = self::$CAPTCHA_TIME_LIMIT_ERROR; return false; } // We have a classic captcha with an image if (isset($spinner['captcha'])) { if (strtolower($hField) !== $spinner['captcha']) { self::$_error = self::$CAPTCHA_IMAGE_ERROR; return false; } } else { // Check if the random field value is similar to the spinner value if (!ctype_digit($hField) || $spinner['timestamp'] != $hField) { self::$_error = self::$CAPTCHA_HFIELD_ERROR; return false; } } // Check spinner values if (!isset($spinner['session_id'], $spinner['ip'], $spinner['user_agent']) && $spinner['session_id'] !== session_id && $spinner['ip'] !== self::_getIp() && $spinner['user_agent'] !== $_SERVER['HTTP_USER_AGENT']) { self::$_error = self::$CAPTCHA_SPINNER_ERROR; return false; } // Unset post values if (isset($_POST[$formId])) { unset($_POST[$formId]); } // everything is ok, return true return true; }
/** * Check a posted hidden captcha made with getCaptchaTags * * @param string $fieldId [optional] The id to use to generate input elements (default = "hcptch") * @param integer $minLimit [optional] Submission minimum time limit in seconds (default = 5) * @param integer $maxLimit [optional] Submission maximum time limit in seconds (default = 1200) * @return boolean Return false if the submitter is a robot */ public function checkCaptcha($fieldId = 'hcptch', $minLimit = 2, $maxLimit = 1200) { if (f_form_Captcha::checkCaptcha($fieldId, $minLimit, $maxLimit)) { unset($this->_post->{$fieldId}); return true; } // set error and reset posted values $this->_errors['captcha'] = f_form_Captcha::getError(); // if error is critical, remove post values if ($this->_errors['captcha'] >= 20) { $this->_post = array(); } return false; }