PageRenderTime 40ms CodeModel.GetById 12ms RepoModel.GetById 0ms app.codeStats 0ms

/system/helpers/captcha_helper.php

http://github.com/EllisLab/CodeIgniter
PHP | 384 lines | 237 code | 43 blank | 104 comment | 36 complexity | 08b2e492c3155686c889ac0248e093e2 MD5 | raw file
Possible License(s): CC-BY-SA-3.0 
    

  1. <?php
    2. 

  2. /**
    3. 

  3.  * CodeIgniter
    4. 

  4.  *
    5. 

  5.  * An open source application development framework for PHP
    6. 

  6.  *
    7. 

  7.  * This content is released under the MIT License (MIT)
    8. 

  8.  *
    9. 

  9.  * Copyright (c) 2014 - 2019, British Columbia Institute of Technology
    10. 

  10.  *
    11. 

  11.  * Permission is hereby granted, free of charge, to any person obtaining a copy
    12. 

  12.  * of this software and associated documentation files (the "Software"), to deal
    13. 

  13.  * in the Software without restriction, including without limitation the rights
    14. 

  14.  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
    15. 

  15.  * copies of the Software, and to permit persons to whom the Software is
    16. 

  16.  * furnished to do so, subject to the following conditions:
    17. 

  17.  *
    18. 

  18.  * The above copyright notice and this permission notice shall be included in
    19. 

  19.  * all copies or substantial portions of the Software.
    20. 

  20.  *
    21. 

  21.  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
    22. 

  22.  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
    23. 

  23.  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
    24. 

  24.  * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
    25. 

  25.  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
    26. 

  26.  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
    27. 

  27.  * THE SOFTWARE.
    28. 

  28.  *
    29. 

  29.  * @package	CodeIgniter
    30. 

  30.  * @author	EllisLab Dev Team
    31. 

  31.  * @copyright	Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/)
    32. 

  32.  * @copyright	Copyright (c) 2014 - 2019, British Columbia Institute of Technology (https://bcit.ca/)
    33. 

  33.  * @license	https://opensource.org/licenses/MIT	MIT License
    34. 

  34.  * @link	https://codeigniter.com
    35. 

  35.  * @since	Version 1.0.0
    36. 

  36.  * @filesource
    37. 

  37.  */
    38. 

  38. defined('BASEPATH') OR exit('No direct script access allowed');
    39. 

  39. 

  40. /**
    41. 

  41.  * CodeIgniter CAPTCHA Helper
    42. 

  42.  *
    43. 

  43.  * @package		CodeIgniter
    44. 

  44.  * @subpackage	Helpers
    45. 

  45.  * @category	Helpers
    46. 

  46.  * @author		EllisLab Dev Team
    47. 

  47.  * @link		https://codeigniter.com/userguide3/helpers/captcha_helper.html
    48. 

  48.  */
    49. 

  49. 

  50. // ------------------------------------------------------------------------
    51. 

  51. 

  52. if ( ! function_exists('create_captcha'))
    53. 

  53. {
    54. 

  54. 	/**
    55. 

  55. 	 * Create CAPTCHA
    56. 

  56. 	 *
    57. 

  57. 	 * @param	array	$data		Data for the CAPTCHA
    58. 

  58. 	 * @param	string	$img_path	Path to create the image in (deprecated)
    59. 

  59. 	 * @param	string	$img_url	URL to the CAPTCHA image folder (deprecated)
    60. 

  60. 	 * @param	string	$font_path	Server path to font (deprecated)
    61. 

  61. 	 * @return	string
    62. 

  62. 	 */
    63. 

  63. 	function create_captcha($data = '', $img_path = '', $img_url = '', $font_path = '')
    64. 

  64. 	{
    65. 

  65. 		$defaults = array(
    66. 

  66. 			'word'		=> '',
    67. 

  67. 			'img_path'	=> '',
    68. 

  68. 			'img_url'	=> '',
    69. 

  69. 			'img_width'	=> '150',
    70. 

  70. 			'img_height'	=> '30',
    71. 

  71. 			'img_alt'	=> 'captcha',
    72. 

  72. 			'img_class'	=> '',
    73. 

  73. 			'font_path'	=> '',
    74. 

  74. 			'font_size'	=> 16,
    75. 

  75. 			'expiration'	=> 7200,
    76. 

  76. 			'word_length'	=> 8,
    77. 

  77. 			'img_id'	=> '',
    78. 

  78. 			'pool'		=> '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ',
    79. 

  79. 			'colors'	=> array(
    80. 

  80. 				'background'	=> array(255,255,255),
    81. 

  81. 				'border'	=> array(153,102,102),
    82. 

  82. 				'text'		=> array(204,153,153),
    83. 

  83. 				'grid'		=> array(255,182,182)
    84. 

  84. 			)
    85. 

  85. 		);
    86. 

  86. 

  87. 		$now = microtime(TRUE);
    88. 

  88. 

  89. 		foreach ($defaults as $key => $val)
    90. 

  90. 		{
    91. 

  91. 			if ( ! is_array($data) && empty($$key))
    92. 

  92. 			{
    93. 

  93. 				$$key = $val;
    94. 

  94. 			}
    95. 

  95. 			else
    96. 

  96. 			{
    97. 

  97. 				$$key = isset($data[$key]) ? $data[$key] : $val;
    98. 

  98. 			}
    99. 

  99. 		}
    100. 

  100. 

  101. 		if ( ! extension_loaded('gd'))
    102. 

  102. 		{
    103. 

  103. 			log_message('error', 'create_captcha(): GD extension is not loaded.');
    104. 

  104. 			return FALSE;
    105. 

  105. 		}
    106. 

  106. 

  107. 		if ($img_path === '' OR $img_url === '')
    108. 

  108. 		{
    109. 

  109. 			log_message('error', 'create_captcha(): $img_path and $img_url are required.');
    110. 

  110. 			return FALSE;
    111. 

  111. 		}
    112. 

  112. 

  113. 		if ( ! is_dir($img_path) OR ! is_really_writable($img_path))
    114. 

  114. 		{
    115. 

  115. 			log_message('error', "create_captcha(): '{$img_path}' is not a dir, nor is it writable.");
    116. 

  116. 			return FALSE;
    117. 

  117. 		}
    118. 

  118. 

  119. 		if ($img_url !== '' OR $img_path !== '')
    120. 

  120. 		{
    121. 

  121. 			if ($img_path === '' OR $img_url === '')
    122. 

  122. 			{
    123. 

  123. 				log_message('error', 'create_captcha(): $img_path and $img_url are required.');
    124. 

  124. 				return FALSE;
    125. 

  125. 			}
    126. 

  126. 

  127. 			if ( ! is_dir($img_path) OR ! is_really_writable($img_path))
    128. 

  128. 			{
    129. 

  129. 				log_message('error', "create_captcha(): '{$img_path}' is not a dir, nor is it writable.");
    130. 

  130. 				return FALSE;
    131. 

  131. 			}
    132. 

  132. 

  133. 			/**
    134. 

  134. 			 * Remove old images
    135. 

  135. 			 */
    136. 

  136. 			$current_dir = @opendir($img_path);
    137. 

  137. 			while ($filename = @readdir($current_dir))
    138. 

  138. 			{
    139. 

  139. 				if (preg_match('#^(?<ts>\d{10})\.png$#', $filename, $match) && ($match['ts'] + $expiration) < $now)
    140. 

  140. 				{
    141. 

  141. 					@unlink($img_path.$filename);
    142. 

  142. 				}
    143. 

  143. 			}
    144. 

  144. 

  145. 			@closedir($current_dir);
    146. 

  146. 

  147. 			// This variable will later be used later to determine whether we write to disk or output a data:image URI
    148. 

  148. 			$img_filename = $now.'.png';
    149. 

  149. 		}
    150. 

  150. 		else
    151. 

  151. 		{
    152. 

  152. 			$img_filename = NULL;
    153. 

  153. 		}
    154. 

  154. 

  155. 		// -----------------------------------
    156. 

  156. 		// Do we have a "word" yet?
    157. 

  157. 		// -----------------------------------
    158. 

  158. 

  159. 		if (empty($word))
    160. 

  160. 		{
    161. 

  161. 			$word = '';
    162. 

  162. 			$pool_length = strlen($pool);
    163. 

  163. 			$rand_max = $pool_length - 1;
    164. 

  164. 

  165. 			// PHP7 or a suitable polyfill
    166. 

  166. 			if (function_exists('random_int'))
    167. 

  167. 			{
    168. 

  168. 				try
    169. 

  169. 				{
    170. 

  170. 					for ($i = 0; $i < $word_length; $i++)
    171. 

  171. 					{
    172. 

  172. 						$word .= $pool[random_int(0, $rand_max)];
    173. 

  173. 					}
    174. 

  174. 				}
    175. 

  175. 				catch (Exception $e)
    176. 

  176. 				{
    177. 

  177. 					// This means fallback to the next possible
    178. 

  178. 					// alternative to random_int()
    179. 

  179. 					$word = '';
    180. 

  180. 				}
    181. 

  181. 			}
    182. 

  182. 		}
    183. 

  183. 

  184. 		if (empty($word))
    185. 

  185. 		{
    186. 

  186. 			// Nobody will have a larger character pool than
    187. 

  187. 			// 256 characters, but let's handle it just in case ...
    188. 

  188. 			//
    189. 

  189. 			// No, I do not care that the fallback to mt_rand() can
    190. 

  190. 			// handle it; if you trigger this, you're very obviously
    191. 

  191. 			// trying to break it. -- Narf
    192. 

  192. 			if ($pool_length > 256)
    193. 

  193. 			{
    194. 

  194. 				return FALSE;
    195. 

  195. 			}
    196. 

  196. 

  197. 			// We'll try using the operating system's PRNG first,
    198. 

  198. 			// which we can access through CI_Security::get_random_bytes()
    199. 

  199. 			$security = get_instance()->security;
    200. 

  200. 

  201. 			// To avoid numerous get_random_bytes() calls, we'll
    202. 

  202. 			// just try fetching as much bytes as we need at once.
    203. 

  203. 			if (($bytes = $security->get_random_bytes($pool_length)) !== FALSE)
    204. 

  204. 			{
    205. 

  205. 				$byte_index = $word_index = 0;
    206. 

  206. 				while ($word_index < $word_length)
    207. 

  207. 				{
    208. 

  208. 					// Do we have more random data to use?
    209. 

  209. 					// It could be exhausted by previous iterations
    210. 

  210. 					// ignoring bytes higher than $rand_max.
    211. 

  211. 					if ($byte_index === $pool_length)
    212. 

  212. 					{
    213. 

  213. 						// No failures should be possible if the
    214. 

  214. 						// first get_random_bytes() call didn't
    215. 

  215. 						// return FALSE, but still ...
    216. 

  216. 						for ($i = 0; $i < 5; $i++)
    217. 

  217. 						{
    218. 

  218. 							if (($bytes = $security->get_random_bytes($pool_length)) === FALSE)
    219. 

  219. 							{
    220. 

  220. 								continue;
    221. 

  221. 							}
    222. 

  222. 

  223. 							$byte_index = 0;
    224. 

  224. 							break;
    225. 

  225. 						}
    226. 

  226. 

  227. 						if ($bytes === FALSE)
    228. 

  228. 						{
    229. 

  229. 							// Sadly, this means fallback to mt_rand()
    230. 

  230. 							$word = '';
    231. 

  231. 							break;
    232. 

  232. 						}
    233. 

  233. 					}
    234. 

  234. 

  235. 					list(, $rand_index) = unpack('C', $bytes[$byte_index++]);
    236. 

  236. 					if ($rand_index > $rand_max)
    237. 

  237. 					{
    238. 

  238. 						continue;
    239. 

  239. 					}
    240. 

  240. 

  241. 					$word .= $pool[$rand_index];
    242. 

  242. 					$word_index++;
    243. 

  243. 				}
    244. 

  244. 			}
    245. 

  245. 		}
    246. 

  246. 

  247. 		if (empty($word))
    248. 

  248. 		{
    249. 

  249. 			for ($i = 0; $i < $word_length; $i++)
    250. 

  250. 			{
    251. 

  251. 				$word .= $pool[mt_rand(0, $rand_max)];
    252. 

  252. 			}
    253. 

  253. 		}
    254. 

  254. 		elseif ( ! is_string($word))
    255. 

  255. 		{
    256. 

  256. 			$word = (string) $word;
    257. 

  257. 		}
    258. 

  258. 

  259. 		// -----------------------------------
    260. 

  260. 		// Determine angle and position
    261. 

  261. 		// -----------------------------------
    262. 

  262. 		$length	= strlen($word);
    263. 

  263. 		$angle	= ($length >= 6) ? mt_rand(-($length - 6), ($length - 6)) : 0;
    264. 

  264. 		$x_axis	= mt_rand(6, (360 / $length)-16);
    265. 

  265. 		$y_axis = ($angle >= 0) ? mt_rand($img_height, $img_width) : mt_rand(6, $img_height);
    266. 

  266. 

  267. 		// Create image
    268. 

  268. 		// PHP.net recommends imagecreatetruecolor(), but it isn't always available
    269. 

  269. 		$im = function_exists('imagecreatetruecolor')
    270. 

  270. 			? imagecreatetruecolor($img_width, $img_height)
    271. 

  271. 			: imagecreate($img_width, $img_height);
    272. 

  272. 

  273. 		// -----------------------------------
    274. 

  274. 		//  Assign colors
    275. 

  275. 		// ----------------------------------
    276. 

  276. 

  277. 		is_array($colors) OR $colors = $defaults['colors'];
    278. 

  278. 

  279. 		foreach (array_keys($defaults['colors']) as $key)
    280. 

  280. 		{
    281. 

  281. 			// Check for a possible missing value
    282. 

  282. 			is_array($colors[$key]) OR $colors[$key] = $defaults['colors'][$key];
    283. 

  283. 			$colors[$key] = imagecolorallocate($im, $colors[$key][0], $colors[$key][1], $colors[$key][2]);
    284. 

  284. 		}
    285. 

  285. 

  286. 		// Create the rectangle
    287. 

  287. 		ImageFilledRectangle($im, 0, 0, $img_width, $img_height, $colors['background']);
    288. 

  288. 

  289. 		// -----------------------------------
    290. 

  290. 		//  Create the spiral pattern
    291. 

  291. 		// -----------------------------------
    292. 

  292. 		$theta		= 1;
    293. 

  293. 		$thetac		= 7;
    294. 

  294. 		$radius		= 16;
    295. 

  295. 		$circles	= 20;
    296. 

  296. 		$points		= 32;
    297. 

  297. 

  298. 		for ($i = 0, $cp = ($circles * $points) - 1; $i < $cp; $i++)
    299. 

  299. 		{
    300. 

  300. 			$theta += $thetac;
    301. 

  301. 			$rad = $radius * ($i / $points);
    302. 

  302. 			$x = ($rad * cos($theta)) + $x_axis;
    303. 

  303. 			$y = ($rad * sin($theta)) + $y_axis;
    304. 

  304. 			$theta += $thetac;
    305. 

  305. 			$rad1 = $radius * (($i + 1) / $points);
    306. 

  306. 			$x1 = ($rad1 * cos($theta)) + $x_axis;
    307. 

  307. 			$y1 = ($rad1 * sin($theta)) + $y_axis;
    308. 

  308. 			imageline($im, $x, $y, $x1, $y1, $colors['grid']);
    309. 

  309. 			$theta -= $thetac;
    310. 

  310. 		}
    311. 

  311. 

  312. 		// -----------------------------------
    313. 

  313. 		//  Write the text
    314. 

  314. 		// -----------------------------------
    315. 

  315. 

  316. 		$use_font = ($font_path !== '' && file_exists($font_path) && function_exists('imagettftext'));
    317. 

  317. 		if ($use_font === FALSE)
    318. 

  318. 		{
    319. 

  319. 			($font_size > 5) && $font_size = 5;
    320. 

  320. 			$x = mt_rand(0, $img_width / ($length / 3));
    321. 

  321. 			$y = 0;
    322. 

  322. 		}
    323. 

  323. 		else
    324. 

  324. 		{
    325. 

  325. 			($font_size > 30) && $font_size = 30;
    326. 

  326. 			$x = mt_rand(0, $img_width / ($length / 1.5));
    327. 

  327. 			$y = $font_size + 2;
    328. 

  328. 		}
    329. 

  329. 

  330. 		for ($i = 0; $i < $length; $i++)
    331. 

  331. 		{
    332. 

  332. 			if ($use_font === FALSE)
    333. 

  333. 			{
    334. 

  334. 				$y = mt_rand(0 , $img_height / 2);
    335. 

  335. 				imagestring($im, $font_size, $x, $y, $word[$i], $colors['text']);
    336. 

  336. 				$x += ($font_size * 2);
    337. 

  337. 			}
    338. 

  338. 			else
    339. 

  339. 			{
    340. 

  340. 				$y = mt_rand($img_height / 2, $img_height - 3);
    341. 

  341. 				imagettftext($im, $font_size, $angle, $x, $y, $colors['text'], $font_path, $word[$i]);
    342. 

  342. 				$x += $font_size;
    343. 

  343. 			}
    344. 

  344. 		}
    345. 

  345. 

  346. 		// Create the border
    347. 

  347. 		imagerectangle($im, 0, 0, $img_width - 1, $img_height - 1, $colors['border']);
    348. 

  348. 

  349. 		// -----------------------------------
    350. 

  350. 		//  Generate the image
    351. 

  351. 		// -----------------------------------
    352. 

  352. 

  353. 		if (isset($img_filename))
    354. 

  354. 		{
    355. 

  355. 			$img_src = rtrim($img_url, '/').'/'.$img_filename;
    356. 

  356. 			imagepng($im, $img_path.$img_filename);
    357. 

  357. 		}
    358. 

  358. 		else
    359. 

  359. 		{
    360. 

  360. 			// I don't see an easier way to get the image contents without writing to file
    361. 

  361. 			$buffer = fopen('php://memory', 'wb+');
    362. 

  362. 			imagepng($im, $buffer);
    363. 

  363. 			rewind($buffer);
    364. 

  364. 			$img_src = '';
    365. 

  365. 

  366. 			// fread() will return an empty string (not FALSE) after the entire contents are read
    367. 

  367. 			while (strlen($read = fread($buffer, 4096)))
    368. 

  368. 			{
    369. 

  369. 				$img_src .= $read;
    370. 

  370. 			}
    371. 

  371. 

  372. 			fclose($buffer);
    373. 

  373. 			$img_src = 'data:image/png;base64,'.base64_encode($img_src);
    374. 

  374. 		}
    375. 

  375. 

  376. 		$img_class = trim($img_class);
    377. 

  377. 		$img_class = (bool) strlen($img_class) ? 'class="'.$img_class.'" ' : '';
    378. 

  378. 

  379. 		$img = '<img '.($img_id === '' ? '' : 'id="'.$img_id.'"').' src="'.$img_src.'" style="width: '.$img_width.'px; height: '.$img_height .'px; border: 0;" '.$img_class.'alt="'.$img_alt.'" />';
    380. 

  380. 		ImageDestroy($im);
    381. 

  381. 

  382. 		return array('word' => $word, 'time' => $now, 'image' => $img, 'filename' => $img_filename);
    383. 

  383. 	}
    384. 

  384. }
    385. 

  385.