/**
* Check the hidden captcha's values
*
* @param string $formId [optional] The id to use to generate input elements (default = "hcptch")
* @param integer $minLimit [optional] Submission minimum time limit in seconds (default = 5)
* @param integer $maxLimit [optional] Submission maximum time limit in seconds (default = 1200)
* @return boolean Return false if the submitter is a robot
*/
public static function checkCaptcha($formId = 'hcptch', $minLimit = 5, $maxLimit = 1200)
{
// get posted values
$values = Request::getInstance()->post($formId);
// Check post values
if ($values === null || !isset($values['spinner']) || !isset($values['name'])) {
self::$_error = self::$CAPTCHA_VALUES_NOT_SUBMITTED;
return false;
}
// Hidden field is set
if ($values['name'] !== '') {
self::$_error = self::$CAPTCHA_SPAMBOT_AUTO_FILL;
return false;
}
// Get the spinner values
$spinner = Security::decrypt($values['spinner']);
$spinner = @unserialize($spinner);
// Spinner is null or unserializable
if (!$spinner || !is_array($spinner) || empty($spinner)) {
self::$_error = self::$CAPTCHA_SPINNER_ERROR;
return false;
}
// Check the random posted field
$hField = $values[$spinner['hfield_name']];
if (!isset($spinner['captcha']) && (!isset($hField) || $hField === '')) {
self::$_error = self::$CAPTCHA_VALUES_NOT_SUBMITTED;
return false;
}
// Check time limits
$now = time();
if ($now - $spinner['timestamp'] < $minLimit || $now - $spinner['timestamp'] > $maxLimit) {
self::$_error = self::$CAPTCHA_TIME_LIMIT_ERROR;
return false;
}
// We have a classic captcha with an image
if (isset($spinner['captcha'])) {
if (strtolower($hField) !== $spinner['captcha']) {
self::$_error = self::$CAPTCHA_IMAGE_ERROR;
return false;
}
} else {
// Check if the random field value is similar to the spinner value
if (!ctype_digit($hField) || $spinner['timestamp'] != $hField) {
self::$_error = self::$CAPTCHA_HFIELD_ERROR;
return false;
}
}
// Check spinner values
if (!isset($spinner['session_id'], $spinner['ip'], $spinner['user_agent']) && $spinner['session_id'] !== session_id && $spinner['ip'] !== self::_getIp() && $spinner['user_agent'] !== $_SERVER['HTTP_USER_AGENT']) {
self::$_error = self::$CAPTCHA_SPINNER_ERROR;
return false;
}
// Unset post values
if (isset($_POST[$formId])) {
unset($_POST[$formId]);
}
// everything is ok, return true
return true;
}
/**
* Check a posted hidden captcha made with getCaptchaTags
*
* @param string $fieldId [optional] The id to use to generate input elements (default = "hcptch")
* @param integer $minLimit [optional] Submission minimum time limit in seconds (default = 5)
* @param integer $maxLimit [optional] Submission maximum time limit in seconds (default = 1200)
* @return boolean Return false if the submitter is a robot
*/
public function checkCaptcha($fieldId = 'hcptch', $minLimit = 2, $maxLimit = 1200)
{
if (f_form_Captcha::checkCaptcha($fieldId, $minLimit, $maxLimit)) {
unset($this->_post->{$fieldId});
return true;
}
// set error and reset posted values
$this->_errors['captcha'] = f_form_Captcha::getError();
// if error is critical, remove post values
if ($this->_errors['captcha'] >= 20) {
$this->_post = array();
}
return false;
}
