/**
* XoopsCaptchaMethod::loadConfig()
*
* @param string $name
*
* @return array
*/
public function loadConfig($name = '')
{
if (!is_object($this->handler)) {
$this->config = array();
} else {
$this->config = empty($name) ? $this->handler->config : array_merge($this->handler->config, $this->handler->loadConfig($name));
}
}
public function __construct()
{
$this->captchaHandler = XoopsCaptcha::getInstance();
$this->config = $this->loadConfig();
$this->plugin_List = $this->getPluginList();
$this->plugin_config = $this->loadConfigPlugin();
$this->xcaptcha_path_plugin = \XoopsBaseConfig::get('root-path') . '/modules/xcaptcha/plugins';
}
/**
* @covers Xoops\Form\Captcha::setConfig
*/
public function testSetConfig()
{
$value = $this->object->setConfig('dummy_name', 'dummy_value');
$this->assertTrue($value);
$handler = \XoopsCaptcha::getInstance();
$configs = $handler->config;
$this->assertTrue(is_array($configs));
$this->assertSame('dummy_value', $configs['dummy_name']);
}
/**
* @covers XoopsCaptcha::readConfig
*/
public function testReadConfig()
{
$x = $this->object->readConfig('captcha.config');
$this->assertTrue(is_array($x));
$this->assertTrue(isset($x['disabled']));
$this->assertTrue(isset($x['mode']));
$this->assertTrue(isset($x['name']));
$this->assertTrue(isset($x['skipmember']));
$this->assertTrue(isset($x['maxattempts']));
}
/**
* @param string $caption Caption of the form element, default value is defined in captcha/language/
* @param string $name Name for the input box
* @param boolean $skipmember Skip CAPTCHA check for members
* @param int $numchar Number of characters in image mode, and input box size for text mode
* @param int $minfontsize Minimum font-size of characters in image mode
* @param int $maxfontsize Maximum font-size of characters in image mode
* @param int $backgroundtype Background type in image mode: 0 - bar; 1 - circle; 2 - line; 3 - rectangle; 4 - ellipse; 5 - polygon; 100 - generated from files
* @param int $backgroundnum Number of background images in image mode
*
*/
function XoopsFormCaptcha($caption = '', $name = 'xoopscaptcha', $skipmember = null, $numchar = null, $minfontsize = null, $maxfontsize = null, $backgroundtype = null, $backgroundnum = null)
{
if (!class_exists("XoopsCaptcaha")) {
require_once SMARTOBJECT_ROOT_PATH . "/include/captcha/captcha.php";
}
$this->_captchaHandler =& XoopsCaptcha::instance();
$this->_captchaHandler->init($name, $skipmember, $numchar, $minfontsize, $maxfontsize, $backgroundtype, $backgroundnum);
if (!$this->_captchaHandler->active) {
$this->setHidden();
} else {
$caption = !empty($caption) ? $caption : $this->_captchaHandler->getCaption();
$this->setCaption($caption);
}
}
/**
*
* @param string $caption Caption of the form element, default value is defined in captcha/language/
* @param string $name Name for the input box
* @param boolean $skipmember Skip CAPTCHA check for members
*/
function XoopsFormCaptcha($caption = '', $name = 'xoopscaptcha', $skipmember = true, $configs = array())
{
xoops_load('XoopsCaptcha');
$this->captchaHandler =& XoopsCaptcha::getInstance();
$configs['name'] = $name;
$configs['skipmember'] = $skipmember;
$this->captchaHandler->setConfigs($configs);
if (!$this->captchaHandler->isActive()) {
$this->setHidden();
} else {
$caption = !empty($caption) ? $caption : $this->captchaHandler->getCaption();
$this->setCaption($caption);
$this->setName($name);
}
}
/**
* Create Code
*
* @return bool
*/
public function generateCode()
{
if ($this->invalid) {
return false;
}
if ($this->mode === "bmp") {
$this->config["num_chars"] = 4;
$this->code = mt_rand(pow(10, $this->config["num_chars"] - 1), (int) str_pad("9", $this->config["num_chars"], "9"));
} else {
$raw_code = md5(uniqid(mt_rand(), 1));
if (!empty($this->config["skip_characters"])) {
$valid_code = str_replace($this->config["skip_characters"], "", $raw_code);
$this->code = substr($valid_code, 0, $this->config["num_chars"]);
} else {
$this->code = substr($raw_code, 0, $this->config["num_chars"]);
}
if (!$this->config["casesensitive"]) {
$this->code = strtoupper($this->code);
}
}
$this->captcha_handler->setCode($this->code);
return true;
}
/**
* XoopsCaptchaRecaptcha2::verify()
*
* @param string|null $sessionName unused for recaptcha
*
* @return bool
*/
public function verify($sessionName = null)
{
$isValid = false;
$recaptchaResponse = Request::getString('g-recaptcha-response', '');
$recaptchaVerifyURL = 'https://www.google.com/recaptcha/api/siteverify?secret=' . $this->config['secret_key'] . '&response=' . $recaptchaResponse . '&remoteip=' . IPAddress::fromRequest()->asReadable();
$usedCurl = false;
if (function_exists('curl_init') && false !== ($curlHandle = curl_init())) {
curl_setopt($curlHandle, CURLOPT_URL, $recaptchaVerifyURL);
curl_setopt($curlHandle, CURLOPT_FAILONERROR, true);
curl_setopt($curlHandle, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curlHandle, CURLOPT_CONNECTTIMEOUT, 5);
$curlReturn = curl_exec($curlHandle);
if (false === $curlReturn) {
trigger_error(curl_error($curlHandle));
} else {
$usedCurl = true;
$recaptchaCheck = json_decode($curlReturn, true);
}
curl_close($curlHandle);
}
if (false === $usedCurl) {
$recaptchaCheck = file_get_contents($recaptchaVerifyURL);
$recaptchaCheck = json_decode($recaptchaCheck, true);
}
if (isset($recaptchaCheck['success']) && $recaptchaCheck['success'] === true) {
$isValid = true;
} else {
/** @var \XoopsCaptcha $captchaInstance */
$captchaInstance = \XoopsCaptcha::getInstance();
/** @var array $recaptchaCheck */
foreach ($recaptchaCheck['error-codes'] as $msg) {
$captchaInstance->message[] = $msg;
}
}
return $isValid;
}
echo "<input type='hidden' name='user_viewemail' value='" . $user_viewemail . "' />\n <input type='hidden' name='timezone_offset' value='" . (double) $timezone_offset . "' />\n <input type='hidden' name='url' value='" . $myts->htmlSpecialChars($url) . "' />\n <input type='hidden' name='pass' value='" . $myts->htmlSpecialChars($pass) . "' />\n <input type='hidden' name='vpass' value='" . $myts->htmlSpecialChars($vpass) . "' />\n <input type='hidden' name='user_mailok' value='" . $user_mailok . "' />\n <br /><br /><input type='hidden' name='op' value='finish' />" . $GLOBALS['xoopsSecurity']->getTokenHTML() . "<input type='submit' value='" . _US_FINISH . "' /></form>";
} else {
echo "<span style='color:#ff0000;'>{$stop}</span>";
include 'include/registerform.php';
$reg_form->display();
}
include 'footer.php';
break;
case 'finish':
include 'header.php';
$stop = XoopsUserUtility::validate($uname, $email, $pass, $vpass);
if (!$GLOBALS['xoopsSecurity']->check()) {
$stop .= implode('<br />', $GLOBALS['xoopsSecurity']->getErrors()) . "<br />";
}
xoops_load("captcha");
$xoopsCaptcha = XoopsCaptcha::getInstance();
if (!$xoopsCaptcha->verify()) {
$stop .= $xoopsCaptcha->getMessage() . "<br />";
}
if (empty($stop)) {
$member_handler =& xoops_gethandler('member');
$newuser =& $member_handler->createUser();
$newuser->setVar('user_viewemail', $user_viewemail, true);
$newuser->setVar('uname', $uname, true);
$newuser->setVar('email', $email, true);
if ($url != '') {
$newuser->setVar('url', formatURL($url), true);
}
$newuser->setVar('user_avatar', 'blank.gif', true);
$actkey = substr(md5(uniqid(mt_rand(), 1)), 0, 8);
$newuser->setVar('actkey', $actkey, true);
$form->display();
echo "<div>" . _AM_WARN . "</div>";
} else {
echo "<table class='outer' width='100%'><th><center><font size='4'>" . $title . "</font></center></th></table><div style='color: red; font-weight: bold; text-decoration: blink; font-size: x-large; text-align:center'>" . _AM_NOELE . "</div>";
}
include_once XOOPS_ROOT_PATH . '/footer.php';
} else {
// SecurityImage by DuGris
include_once XOOPS_ROOT_PATH . "/class/xoopsformloader.php";
if (defined('SECURITYIMAGE_INCLUDED') && !SecurityImage::CheckSecurityImage()) {
$redirect = XOOPS_URL . "/modules/" . $modversion["dirname"] . "/formulaire.php?id=" . $_GET['id'] . "&qcm=" . $_GET['qcm'];
redirect_header($redirect, 2, _SECURITYIMAGE_ERROR);
exit;
} elseif (!empty($framework)) {
include_once XOOPS_ROOT_PATH . '/Frameworks/captcha/captcha.php';
$security = new XoopsCaptcha();
if (!$security->verify(true)) {
if (!empty($_POST['pical_eventid'])) {
$redirect = XOOPS_URL . "/modules/piCal/?event_id=" . intval($_POST['pical_eventid']);
} else {
$redirect = XOOPS_URL . "/modules/" . $modversion["dirname"] . "/formulaire.php?id=" . $_GET['id'] . "&qcm=" . $_GET['qcm'];
}
redirect_header($redirect, 2, XOOPS_CAPTCHA_INVALID_CODE);
exit;
}
}
// SecurityImage by DuGris
if ($qcm == '1') {
$h = 0;
$tabtemp = $myts->makeTboxData4Save($_POST["tab"]);
$tabval = array();
public function displayPost()
{
$xoops = Xoops::getInstance();
if (Request::getMethod() !== 'POST') {
$xoops->redirect(\XoopsBaseConfig::get('url'), 1, XoopsLocale::E_NO_ACCESS_PERMISSION);
}
$id = Request::getInt('com_id');
$modid = Request::getInt('com_modid');
if (empty($modid)) {
$xoops->redirect(\XoopsBaseConfig::get('url'), 1, XoopsLocale::E_NO_ACCESS_PERMISSION);
}
/* @var $comment CommentsComment */
$comment = $this->getHandlerComment()->get($id);
if (!is_object($comment)) {
$xoops->redirect(\XoopsBaseConfig::get('url'), 1, XoopsLocale::E_NO_ACCESS_PERMISSION);
}
if (!$comment->isNew()) {
$modid = $comment->getVar('modid');
} else {
$comment->setVar('modid', $modid);
}
$module = $xoops->getModuleById($modid);
if (!is_object($module)) {
$xoops->redirect(\XoopsBaseConfig::get('url'), 1, XoopsLocale::E_NO_ACCESS_PERMISSION);
}
$moddir = $module->getVar('dirname');
if ($xoops->isAdminSide) {
if (empty($id)) {
$xoops->redirect(\XoopsBaseConfig::get('url'), 1, XoopsLocale::E_NO_ACCESS_PERMISSION);
}
$redirect_page = $this->url('admin/main.php?com_modid=' . $modid . '&com_itemid');
} else {
if (COMMENTS_APPROVENONE == $xoops->getModuleConfig('com_rule', $module->getVar('dirname'))) {
$xoops->redirect(\XoopsBaseConfig::get('url'), 1, XoopsLocale::E_NO_ACCESS_PERMISSION);
}
$redirect_page = '';
}
/* @var $plugin CommentsPluginInterface */
if ($plugin = \Xoops\Module\Plugin::getPlugin($moddir, 'comments')) {
if (!$xoops->isAdminSide) {
$redirect_page = $xoops->url('modules/' . $moddir . '/' . $plugin->pageName() . '?');
if (is_array($extraParams = $plugin->extraParams())) {
$extra_params = '';
foreach ($extraParams as $extra_param) {
$extra_params .= isset($_POST[$extra_param]) ? $extra_param . '=' . htmlspecialchars($_POST[$extra_param]) . '&' : $extra_param . '=amp;';
}
$redirect_page .= $extra_params;
}
$redirect_page .= $plugin->itemName();
}
$comment_url = $redirect_page;
$op = Request::getBool('com_dopost') ? 'post' : '';
$op = Request::getBool('com_dopreview') ? 'preview' : $op;
$op = Request::getBool('com_dodelete') ? 'delete' : $op;
if ($op === 'preview' || $op === 'post') {
if (!$xoops->security()->check()) {
$op = '';
}
}
if ($op === 'post' && !$xoops->isUser()) {
$xoopsCaptcha = XoopsCaptcha::getInstance();
if (!$xoopsCaptcha->verify()) {
$captcha_message = $xoopsCaptcha->getMessage();
$op = 'preview';
}
}
$title = XoopsLocale::trim(Request::getString('com_title'));
$text = XoopsLocale::trim(Request::getString('com_text'));
$mode = XoopsLocale::trim(Request::getString('com_mode', 'flat'));
$order = XoopsLocale::trim(Request::getString('com_order', COMMENTS_OLD1ST));
$itemid = Request::getInt('com_itemid');
$pid = Request::getInt('com_pid');
$rootid = Request::getInt('com_rootid');
$status = Request::getInt('com_status');
$dosmiley = Request::getBool('com_dosmiley');
$doxcode = Request::getBool('com_doxcode');
$dobr = Request::getBool('com_dobr');
$dohtml = Request::getBool('com_html');
$doimage = Request::getBool('com_doimage');
$icon = XoopsLocale::trim(Request::getString('com_icon'));
$comment->setVar('title', $title);
$comment->setVar('text', $text);
$comment->setVar('itemid', $itemid);
$comment->setVar('pid', $pid);
$comment->setVar('rootid', $rootid);
$comment->setVar('status', $status);
$comment->setVar('dosmiley', $dosmiley);
$comment->setVar('doxcode', $doxcode);
$comment->setVar('dobr', $dobr);
$comment->setVar('dohtml', $dohtml);
$comment->setVar('doimage', $doimage);
$comment->setVar('icon', $icon);
switch ($op) {
case "delete":
$this->displayDelete();
break;
case "preview":
$comment->setVar('doimage', 1);
if ($comment->getVar('dohtml') != 0) {
if ($xoops->isUser()) {
if (!$xoops->user->isAdmin($comment->getVar('modid'))) {
$comment->setVar('dohtml', 0);
}
} else {
$comment->setVar('dohtml', 0);
}
}
$xoops->header();
if (!$xoops->isAdminSide && !empty($captcha_message)) {
echo $xoops->alert('error', $captcha_message);
}
echo $this->renderHeader($comment->getVar('title', 'p'), $comment->getVar('text', 'p'), false, time());
$this->displayCommentForm($comment);
$xoops->footer();
break;
case "post":
$comment->setVar('doimage', 1);
$comment_handler = $this->getHandlerComment();
$add_userpost = false;
$call_approvefunc = false;
$call_updatefunc = false;
// RMV-NOTIFY - this can be set to 'comment' or 'comment_submit'
$notify_event = false;
if (!empty($id)) {
$accesserror = false;
if ($xoops->isUser()) {
if ($xoops->user->isAdmin($comment->getVar('modid'))) {
if (!empty($status) && $status != COMMENTS_PENDING) {
$old_status = $comment->getVar('status');
$comment->setVar('status', $status);
// if changing status from pending state, increment user post
if (COMMENTS_PENDING == $old_status) {
$add_userpost = true;
if (COMMENTS_ACTIVE == $status) {
$call_updatefunc = true;
$call_approvefunc = true;
// RMV-NOTIFY
$notify_event = 'comment';
}
} else {
if (COMMENTS_HIDDEN == $old_status && COMMENTS_ACTIVE == $status) {
$call_updatefunc = true;
// Comments can not be directly posted hidden,
// no need to send notification here
} else {
if (COMMENTS_ACTIVE == $old_status && COMMENTS_HIDDEN == $status) {
$call_updatefunc = true;
}
}
}
}
} else {
$comment->setVar('dohtml', 0);
if ($comment->getVar('uid') != $xoops->user->getVar('uid')) {
$accesserror = true;
}
}
} else {
$comment->setVar('dohtml', 0);
$accesserror = true;
}
if (false != $accesserror) {
$xoops->redirect($redirect_page . '=' . $comment->getVar('itemid') . '&com_id=' . $comment->getVar('id') . '&com_mode=' . $mode . '&com_order=' . $order, 1, XoopsLocale::E_NO_ACCESS_PERMISSION);
}
} else {
$comment->setVar('created', time());
$comment->setVar('ip', $xoops->getEnv('REMOTE_ADDR'));
if ($xoops->isUser()) {
if ($xoops->user->isAdmin($comment->getVar('modid'))) {
$comment->setVar('status', COMMENTS_ACTIVE);
$add_userpost = true;
$call_approvefunc = true;
$call_updatefunc = true;
// RMV-NOTIFY
$notify_event = 'comment';
} else {
$comment->setVar('dohtml', 0);
switch ($xoops->getModuleConfig('com_rule')) {
case COMMENTS_APPROVEALL:
case COMMENTS_APPROVEUSER:
$comment->setVar('status', COMMENTS_ACTIVE);
$add_userpost = true;
$call_approvefunc = true;
$call_updatefunc = true;
// RMV-NOTIFY
$notify_event = 'comment';
break;
case COMMENTS_APPROVEADMIN:
default:
$comment->setVar('status', COMMENTS_PENDING);
$notify_event = 'comment_submit';
break;
}
}
if ($xoops->getModuleConfig('com_anonpost', $module->getVar('dirname')) && $comment->getVar('noname')) {
$comment->setVar('uid', 0);
} else {
$comment->setVar('uid', $xoops->user->getVar('uid'));
}
} else {
$comment->setVar('dohtml', 0);
$comment->setVar('uid', 0);
if ($xoops->getModuleConfig('com_anonpost', $module->getVar('dirname')) != 1) {
$xoops->redirect($redirect_page . '=' . $comment->getVar('itemid') . '&com_id=' . $comment->getVar('id') . '&com_mode=' . $mode . '&com_order=' . $order, 1, XoopsLocale::E_NO_ACCESS_PERMISSION);
}
}
if ($comment->getVar('uid') == 0) {
switch ($xoops->getModuleConfig('com_rule')) {
case COMMENTS_APPROVEALL:
$comment->setVar('status', COMMENTS_ACTIVE);
$add_userpost = true;
$call_approvefunc = true;
$call_updatefunc = true;
// RMV-NOTIFY
$notify_event = 'comment';
break;
case COMMENTS_APPROVEADMIN:
case COMMENTS_APPROVEUSER:
default:
$comment->setVar('status', COMMENTS_PENDING);
// RMV-NOTIFY
$notify_event = 'comment_submit';
break;
}
}
}
if ($comment->getVar('title') == '') {
$comment->setVar('title', XoopsLocale::NO_TITLE);
}
$comment->setVar('modified', time());
if (isset($extra_params)) {
$comment->setVar('exparams', $extra_params);
}
if (false != $comment_handler->insert($comment)) {
$newcid = $comment->getVar('id');
// set own id as root id if this is a top comment
if ($comment->getVar('rootid') == 0) {
$comment->setVar('rootid', $newcid);
if (!$comment_handler->updateByField($comment, 'rootid', $comment->getVar('rootid'))) {
$comment_handler->delete($comment);
$xoops->header();
echo $xoops->alert('error', $comment->getHtmlErrors());
$xoops->footer();
}
}
// call custom approve function if any
if (false != $call_approvefunc) {
$plugin->approve($comment);
}
if (false != $call_updatefunc) {
$criteria = new CriteriaCompo(new Criteria('modid', $comment->getVar('modid')));
$criteria->add(new Criteria('itemid', $comment->getVar('itemid')));
$criteria->add(new Criteria('status', COMMENTS_ACTIVE));
$comment_count = $comment_handler->getCount($criteria);
$plugin->update($comment->getVar('itemid'), $comment_count);
}
// increment user post if needed
$uid = $comment->getVar('uid');
if ($uid > 0 && false != $add_userpost) {
$member_handler = $xoops->getHandlerMember();
$poster = $member_handler->getUser($uid);
if ($poster instanceof XoopsUser) {
$member_handler->updateUserByField($poster, 'posts', $poster->getVar('posts') + 1);
}
}
// RMV-NOTIFY
// trigger notification event if necessary
if ($notify_event && $xoops->isActiveModule('notifications')) {
$notifications = Notifications::getInstance();
$not_modid = $comment->getVar('modid');
$not_catinfo = $notifications->getCommentsCategory($module->getVar('dirname'));
$not_category = $not_catinfo['name'];
$not_itemid = $comment->getVar('itemid');
$not_event = $notify_event;
// Build an ABSOLUTE URL to view the comment. Make sure we
// point to a viewable page (i.e. not the system administration
// module).
$comment_tags = array();
$comment_tags['X_COMMENT_URL'] = $comment_url . '=' . $comment->getVar('itemid') . '&com_id=' . $comment->getVar('id') . '&com_rootid=' . $comment->getVar('rootid') . '&com_mode=' . $mode . '&com_order=' . $order . '#comment' . $comment->getVar('id');
if ($xoops->isActiveModule('notifications')) {
Notifications::getInstance()->getHandlerNotification()->triggerEvent($not_category, $not_itemid, $not_event, $comment_tags, false, $not_modid);
}
}
if (!isset($comment_post_results)) {
// if the comment is active, redirect to posted comment
if ($comment->getVar('status') == COMMENTS_ACTIVE) {
$xoops->redirect($redirect_page . '=' . $comment->getVar('itemid') . '&com_id=' . $comment->getVar('id') . '&com_rootid=' . $comment->getVar('rootid') . '&com_mode=' . $mode . '&com_order=' . $order . '#comment' . $comment->getVar('id'), 1, _MD_COMMENTS_THANKSPOST);
} else {
// not active, so redirect to top comment page
$xoops->redirect($redirect_page . '=' . $comment->getVar('itemid') . '&com_mode=' . $mode . '&com_order=' . $order . '#comment' . $comment->getVar('id'), 1, _MD_COMMENTS_THANKSPOST);
}
}
} else {
if (!isset($purge_comment_post_results)) {
$xoops->header();
echo $xoops->alert('error', $comment->getHtmlErrors());
$xoops->footer();
} else {
$comment_post_results = $comment->getErrors();
}
}
break;
default:
$xoops->redirect(\XoopsBaseConfig::get('url') . '/', 1, implode('<br />', $xoops->security()->getErrors()));
break;
}
}
}
function __construct()
{
xoops_load('XoopsCaptcha');
$this->captcha_handler = XoopsCaptcha::getInstance();
$this->config = $this->captcha_handler->loadConfig("image");
}
/**
* renderValidationJS
*
* @return string
*/
public function renderValidationJS()
{
return $this->captchaHandler->renderValidationJS();
}
$_SESSION['xoopsUserGroups'] = $user->getGroups();
if ($xoopsConfig['use_mysession'] && $xoopsConfig['session_name'] != '') {
setcookie($xoopsConfig['session_name'], session_id(), time() + 60 * $xoopsConfig['session_expire'], '/', '', 0);
}
$user_theme = $user->getVar('theme');
if (in_array($user_theme, $xoopsConfig['theme_set_allowed'])) {
$_SESSION['xoopsUserTheme'] = $user_theme;
}
}
$xoopsUser =& $user;
$xoopsUserIsAdmin = $xoopsUser->isAdmin($xoopsModule->getVar('mid'));
}
}
if (!is_object($xoopsUser)) {
xoops_load("captcha");
$xoopsCaptcha = XoopsCaptcha::instance();
if (!$xoopsCaptcha->verify()) {
$captcha_invalid = true;
$error_message[] = $xoopsCaptcha->getMessage();
}
}
$isadmin = newbb_isAdmin($forum_obj);
$time_valid = true;
if (!$isadmin && !empty($xoopsModuleConfig['post_timelimit'])) {
$last_post = newbb_getsession('LP');
if (time() - $last_post < $xoopsModuleConfig['post_timelimit']) {
$time_valid = false;
}
}
if ($captcha_invalid || !$token_valid || !$time_valid) {
$_POST['contents_preview'] = 1;
