function _CheckCaptcha() { global $SPECIAL_VALUES, $bReverseCaptchaCompleted, $ATTACK_DETECTION_REVERSE_CAPTCHA; global $reCaptchaProcessor; // // only check for CAPTCHA once // if (!$this->_iCaptchaType) { // // check for full CAPTCHA attempt // first, check for reCaptcha // if (isset($reCaptchaProcessor) && $SPECIAL_VALUES["arverify"] !== "") { $this->_iCaptchaType = $this->_iFull; if ($reCaptchaProcessor->Check($SPECIAL_VALUES["arverify"], $SPECIAL_VALUES, $s_error)) { $this->_bCaptchaOK = true; } else { $this->_bCaptchaOK = false; // // report the error // WriteARLog($this->_sTo, $this->_sSubject, GetMessage(MSG_LOG_RECAPTCHA, array("ERR" => $s_error), false)); UserError("recaptcha", GetMessage(MSG_RECAPTCHA_MATCH, array("ERR" => $s_error))); } } elseif ($SPECIAL_VALUES["arverify"] !== "") { // // allow spaces in the user's input, except for reCaptcha // $s_arverify = str_replace(" ", "", $SPECIAL_VALUES["arverify"]); $this->_iCaptchaType = $this->_iFull; // // full CAPTCHA has been attempted // VerifyImgString is from Tectite's simple verifyimg.php CAPTCHA. // turing_string is from Captcha Creator // if (IsSetSession("VerifyImgString") || IsSetSession("turing_string")) { $b_match = false; // // the user's entry must match the value in the session // if (IsSetSession("VerifyImgString")) { if (strtoupper($s_arverify) === strtoupper(GetSession("VerifyImgString"))) { $b_match = true; } } else { if (strtoupper($s_arverify) === strtoupper(GetSession("turing_string"))) { $b_match = true; } } if ($b_match) { $this->_bCaptchaOK = true; } else { WriteARLog($this->_sTo, $this->_sSubject, GetMessage(MSG_LOG_NO_MATCH, array(), false)); UserError("ar_verify", GetMessage(MSG_ARESP_NO_MATCH)); } } else { // // ...and it has failed because there's no session data // WriteARLog($this->_sTo, $this->_sSubject, GetMessage(MSG_LOG_NO_VERIMG, array(), false)); ErrorWithIgnore("verify_failed", GetMessage(MSG_ARESP_NO_AUTH), true); } } elseif (ENABLE_ATTACK_DETECTION && !empty($ATTACK_DETECTION_REVERSE_CAPTCHA)) { // // Reverse CAPTCHA has been configured // $this->_iCaptchaType = $this->_iRev; $this->_bCaptchaOK = $bReverseCaptchaCompleted; } } }
function MultiFormLogic() { global $bMultiForm, $SPECIAL_VALUES, $aSessionVars, $aServerVars, $aFileVars; global $sFormMailScript, $bGotGoBack, $bGotNextForm, $iFormIndex; global $aFieldOrder, $aCleanedValues, $aRawDataValues, $aAllRawValues; if ($SPECIAL_VALUES["multi_start"] == 1) { if (empty($SPECIAL_VALUES["this_form"])) { ErrorWithIgnore("need_this_form", GetMessage(MSG_NEED_THIS_FORM), false, false); } $bMultiForm = true; // // Start of multi-page form sequence // $aSessionVars["FormList"] = array(); $aSessionVars["FormList"][0] = array("URL" => $SPECIAL_VALUES["this_form"], "ORDER" => $aFieldOrder, "CLEAN" => $aCleanedValues, "RAWDATA" => $aRawDataValues, "ALLDATA" => $aAllRawValues, "FILES" => $aFileVars); $iFormIndex = $aSessionVars["FormIndex"] = 0; // zero is the first form, which was // just submitted } elseif (isset($aSessionVars["FormList"])) { $bMultiForm = true; } if ($bMultiForm) { if (isset($aServerVars["PHP_SELF"]) && !empty($aServerVars["PHP_SELF"]) && isset($aServerVars["SERVER_NAME"]) && !empty($aServerVars["SERVER_NAME"])) { if (isset($aServerVars["SERVER_PORT"]) && $aServerVars["SERVER_PORT"] != 80) { if ($aServerVars["SERVER_PORT"] == 443) { // SSL port // // just use https prefix // $sFormMailScript = "https://" . $aServerVars["SERVER_NAME"] . $aServerVars["PHP_SELF"]; } else { // // use http with port number // $sFormMailScript = "http://" . $aServerVars["SERVER_NAME"] . ":" . $aServerVars["SERVER_PORT"] . $aServerVars["PHP_SELF"]; } } else { $sFormMailScript = "http://" . $aServerVars["SERVER_NAME"] . $aServerVars["PHP_SELF"]; } $iFormIndex = $aSessionVars["FormIndex"]; } else { Error("no_php_self", GetMessage(MSG_NO_PHP_SELF), false, false); } } // // If we're going forward in a multi-page form sequence, // compute a URL to return to the form we're about to display. // if ($bMultiForm && !$bGotGoBack) { // // record the data that was just submitted by the previous form // $iFormIndex = $aSessionVars["FormIndex"]; $aSessionVars["FormList"][$iFormIndex]["ORDER"] = $aFieldOrder; $aSessionVars["FormList"][$iFormIndex]["CLEAN"] = $aCleanedValues; $aSessionVars["FormList"][$iFormIndex]["RAWDATA"] = $aRawDataValues; $aSessionVars["FormList"][$iFormIndex]["ALLDATA"] = $aAllRawValues; if (count($aFileVars) > 0 && !FILEUPLOADS) { SendAlert(GetMessage(MSG_FILE_UPLOAD)); } elseif (count($aFileVars) > 0 && !SaveAllUploadedFiles($aFileVars)) { Error("upload_save_failed", GetMessage(MSG_MULTI_UPLOAD), false, false); } $aSessionVars["FormList"][$iFormIndex]["FILES"] = $aFileVars; $iFormIndex++; $s_url = GetReturnLink($sFormMailScript, $iFormIndex); $aSessionVars["FormList"][$iFormIndex] = array("URL" => $s_url, "FORM" => $SPECIAL_VALUES["next_form"], "ORDER" => $aFieldOrder, "CLEAN" => $aCleanedValues, "RAWDATA" => $aRawDataValues, "ALLDATA" => $aAllRawValues, "FILES" => $aFileVars); $aSessionVars["FormIndex"] = $iFormIndex; MultiKeep(); } }