/** * Validate widget input * * @access public * @return Mixed */ function validate($args, $options, $preview) { // don't bother validating for preview if ($preview) { return NULL; } extract($args); $output = ""; if (empty($args['recaptcha_response_field'])) { return __('Please complete the reCAPTCHA.', 'tdomf'); } if (!function_exists('recaptcha_check_answer')) { @(require_once TDOMF_RECAPTCHALIB_PATH); } $response = recaptcha_check_answer($options['privatekey'], $_SERVER['REMOTE_ADDR'], $args['recaptcha_challenge_field'], $args['recaptcha_response_field']); if (!$response->is_valid) { $form_data = tdomf_get_form_data($args['tdomf_form_id']); $form_data['recaptcha_error'] = $response->error; tdomf_save_form_data($args['tdomf_form_id'], $form_data); if ($response->error == 'incorrect-captcha-sol') { return __('That reCAPTCHA was incorrect.', 'tdomf'); } else { tdomf_log_message('reCAPTCHA error ' . $response->error . '. Please refer to <a href="http://recaptcha.net/apidocs/captcha/">reCaptcha docs</a> for more information', TDOMF_LOG_ERROR); return __('Invalid reCAPTCHA configuration.', 'tdomf'); } } return NULL; }
function preview($args, $options, $postfix = '') { extract($args); $form_data = tdomf_get_form_data($tdomf_form_id); // preview key // $tdomf_verify = get_option(TDOMF_OPTION_VERIFICATION_METHOD); if ($tdomf_verify == 'wordpress_nonce' && function_exists('wp_create_nonce')) { $nonce_string = wp_create_nonce('tdomf-form-upload-preview-' . $tdomf_form_id . '-' . $postfix); $form_data["tdomf_upload_preview_key_" . $tdomf_form_id . '_' . $postfix] = $nonce_string; } else { if ($tdomf_verify == 'none') { unset($form_data["tdomf_upload_preview_key_" . $tdomf_form_id . '_' . $postfix]); } else { $upload_key = tdomf_random_string(100); $form_data["tdomf_upload_preview_key_" . $tdomf_form_id . '_' . $postfix] = $upload_key; } } tdomf_save_form_data($tdomf_form_id, $form_data); $output = ''; $theirfiles = $form_data['uploadfiles_' . $tdomf_form_id . '_' . $postfix]; for ($i = 0; $i < $options['max']; $i++) { if (file_exists($theirfiles[$i]['path'])) { if (isset($form_data["tdomf_upload_preview_key_" . $tdomf_form_id . '_' . $postfix])) { $uri = get_bloginfo('wpurl') . '/?tdomf_upload_preview=' . $i . "&key=" . $form_data["tdomf_upload_preview_key_" . $tdomf_form_id . '_' . $postfix] . "&form=" . $tdomf_form_id . '&index=' . $postfix; } else { $uri = get_bloginfo('wpurl') . '/?tdomf_upload_preview=' . $i . "&form=" . $tdomf_form_id . '&index=' . $postfix; } if ($options['a']) { $output .= "<p><a href=\"{$uri}\">" . $theirfiles[$i]['name'] . " (" . tdomf_filesize_format(filesize($theirfiles[$i]['path'])) . ")</a></p>"; } if ($options['img']) { $output .= "<p><img src=\"{$uri}\" /></p>"; } } } return $output; }
$word .= $vowels[$rand_func(0, strlen($vowels) - 1)]; } else { $word .= $consonants[$rand_func(0, strlen($consonants) - 1)]; } } } // save hash of word for comparison // using hash so that if there's an insecurity elsewhere (eg on the form processor), // an attacker could only get the hash // also, shared servers usually give all users access to the session files // echo `ls /tmp`; and echo `more /tmp/someone_elses_session_file`; usually work // so even if your site is 100% secure, someone else's site on your server might not be // hence, even if attackers can read the session file, they can't get the freeCap word // (though most hashes are easy to brute force for simple strings) $form_data['freecap_word_hash_' . $form_tag] = $hash_func($word); tdomf_save_form_data($form_id, $form_data); ////////////////////////////////////////////////////// ////// Fill BGs and Allocate Colours: ////////////////////////////////////////////////////// // set tag colour // have to do this before any distortion // (otherwise colour allocation fails when bg type is 1) $tag_col = ImageColorAllocate($im, 10, 10, 10); $site_tag_col2 = ImageColorAllocate($im2, 0, 0, 0); // set debug colours (text colours are set later) $debug = ImageColorAllocate($im, 255, 0, 0); $debug2 = ImageColorAllocate($im2, 255, 0, 0); // set background colour (can change to any colour not in possible $text_col range) // it doesn't matter as it'll be transparent or coloured over. // if you're using bg_type 3, you might want to try to ensure that the color chosen // below doesn't appear too much in any of your background images.
/** * Validate widget input * * @access public * @return Mixed */ function validate($args, $options, $preview) { if ($preview) { return NULL; } extract($args); $form_data = tdomf_get_form_data($tdomf_form_id); $form_tag = $tdomf_form_id; if (TDOMF_Widget::isEditForm($mode, $tdomf_form_id)) { $form_tag = $tdomf_form_id . '_' . $tdomf_post_id; } // all freeCap words are lowercase. // font #4 looks uppercase, but trust me, it's not... if ($form_data['hash_func_' . $form_tag](strtolower($args["imagecaptcha_" . $form_tag])) == $form_data['freecap_word_hash_' . $form_tag]) { // reset freeCap session vars // cannot stress enough how important it is to do this // defeats re-use of known image with spoofed session id $form_data['freecap_attempts_' . $form_tag] = 0; $form_data['freecap_word_hash_' . $form_tag] = false; tdomf_save_form_data($tdomf_form_id, $form_data); } else { return __("You must enter the word in the image as you see it.", "tdomf"); } return NULL; }