/**
* Validate widget input
*
* @access public
* @return Mixed
*/
function validate($args, $options, $preview)
{
// don't bother validating for preview
if ($preview) {
return NULL;
}
extract($args);
$output = "";
if (empty($args['recaptcha_response_field'])) {
return __('Please complete the reCAPTCHA.', 'tdomf');
}
if (!function_exists('recaptcha_check_answer')) {
@(require_once TDOMF_RECAPTCHALIB_PATH);
}
$response = recaptcha_check_answer($options['privatekey'], $_SERVER['REMOTE_ADDR'], $args['recaptcha_challenge_field'], $args['recaptcha_response_field']);
if (!$response->is_valid) {
$form_data = tdomf_get_form_data($args['tdomf_form_id']);
$form_data['recaptcha_error'] = $response->error;
tdomf_save_form_data($args['tdomf_form_id'], $form_data);
if ($response->error == 'incorrect-captcha-sol') {
return __('That reCAPTCHA was incorrect.', 'tdomf');
} else {
tdomf_log_message('reCAPTCHA error ' . $response->error . '. Please refer to <a href="http://recaptcha.net/apidocs/captcha/">reCaptcha docs</a> for more information', TDOMF_LOG_ERROR);
return __('Invalid reCAPTCHA configuration.', 'tdomf');
}
}
return NULL;
}
function preview($args, $options, $postfix = '')
{
extract($args);
$form_data = tdomf_get_form_data($tdomf_form_id);
// preview key
//
$tdomf_verify = get_option(TDOMF_OPTION_VERIFICATION_METHOD);
if ($tdomf_verify == 'wordpress_nonce' && function_exists('wp_create_nonce')) {
$nonce_string = wp_create_nonce('tdomf-form-upload-preview-' . $tdomf_form_id . '-' . $postfix);
$form_data["tdomf_upload_preview_key_" . $tdomf_form_id . '_' . $postfix] = $nonce_string;
} else {
if ($tdomf_verify == 'none') {
unset($form_data["tdomf_upload_preview_key_" . $tdomf_form_id . '_' . $postfix]);
} else {
$upload_key = tdomf_random_string(100);
$form_data["tdomf_upload_preview_key_" . $tdomf_form_id . '_' . $postfix] = $upload_key;
}
}
tdomf_save_form_data($tdomf_form_id, $form_data);
$output = '';
$theirfiles = $form_data['uploadfiles_' . $tdomf_form_id . '_' . $postfix];
for ($i = 0; $i < $options['max']; $i++) {
if (file_exists($theirfiles[$i]['path'])) {
if (isset($form_data["tdomf_upload_preview_key_" . $tdomf_form_id . '_' . $postfix])) {
$uri = get_bloginfo('wpurl') . '/?tdomf_upload_preview=' . $i . "&key=" . $form_data["tdomf_upload_preview_key_" . $tdomf_form_id . '_' . $postfix] . "&form=" . $tdomf_form_id . '&index=' . $postfix;
} else {
$uri = get_bloginfo('wpurl') . '/?tdomf_upload_preview=' . $i . "&form=" . $tdomf_form_id . '&index=' . $postfix;
}
if ($options['a']) {
$output .= "<p><a href=\"{$uri}\">" . $theirfiles[$i]['name'] . " (" . tdomf_filesize_format(filesize($theirfiles[$i]['path'])) . ")</a></p>";
}
if ($options['img']) {
$output .= "<p><img src=\"{$uri}\" /></p>";
}
}
}
return $output;
}
$word .= $vowels[$rand_func(0, strlen($vowels) - 1)];
} else {
$word .= $consonants[$rand_func(0, strlen($consonants) - 1)];
}
}
}
// save hash of word for comparison
// using hash so that if there's an insecurity elsewhere (eg on the form processor),
// an attacker could only get the hash
// also, shared servers usually give all users access to the session files
// echo `ls /tmp`; and echo `more /tmp/someone_elses_session_file`; usually work
// so even if your site is 100% secure, someone else's site on your server might not be
// hence, even if attackers can read the session file, they can't get the freeCap word
// (though most hashes are easy to brute force for simple strings)
$form_data['freecap_word_hash_' . $form_tag] = $hash_func($word);
tdomf_save_form_data($form_id, $form_data);
//////////////////////////////////////////////////////
////// Fill BGs and Allocate Colours:
//////////////////////////////////////////////////////
// set tag colour
// have to do this before any distortion
// (otherwise colour allocation fails when bg type is 1)
$tag_col = ImageColorAllocate($im, 10, 10, 10);
$site_tag_col2 = ImageColorAllocate($im2, 0, 0, 0);
// set debug colours (text colours are set later)
$debug = ImageColorAllocate($im, 255, 0, 0);
$debug2 = ImageColorAllocate($im2, 255, 0, 0);
// set background colour (can change to any colour not in possible $text_col range)
// it doesn't matter as it'll be transparent or coloured over.
// if you're using bg_type 3, you might want to try to ensure that the color chosen
// below doesn't appear too much in any of your background images.
/**
* Validate widget input
*
* @access public
* @return Mixed
*/
function validate($args, $options, $preview)
{
if ($preview) {
return NULL;
}
extract($args);
$form_data = tdomf_get_form_data($tdomf_form_id);
$form_tag = $tdomf_form_id;
if (TDOMF_Widget::isEditForm($mode, $tdomf_form_id)) {
$form_tag = $tdomf_form_id . '_' . $tdomf_post_id;
}
// all freeCap words are lowercase.
// font #4 looks uppercase, but trust me, it's not...
if ($form_data['hash_func_' . $form_tag](strtolower($args["imagecaptcha_" . $form_tag])) == $form_data['freecap_word_hash_' . $form_tag]) {
// reset freeCap session vars
// cannot stress enough how important it is to do this
// defeats re-use of known image with spoofed session id
$form_data['freecap_attempts_' . $form_tag] = 0;
$form_data['freecap_word_hash_' . $form_tag] = false;
tdomf_save_form_data($tdomf_form_id, $form_data);
} else {
return __("You must enter the word in the image as you see it.", "tdomf");
}
return NULL;
}
