PageRenderTime 42ms CodeModel.GetById 16ms RepoModel.GetById 0ms app.codeStats 0ms

/wp-content/plugins/jetpack/modules/protect/math-fallback.php

https://gitlab.com/juanito.abelo/nlmobile
PHP | 113 lines | 82 code | 11 blank | 20 comment | 13 complexity | 4f32bb52ce84c6515c0123d0d7aa28b9 MD5 | raw file
    

  1. <?php

    2. 

  2. 

    3. 

  3. if ( ! class_exists( 'Jetpack_Protect_Math_Authenticate' ) ) {

    4. 

  4. 	/*

    5. 

  5. 	 * The math captcha fallback if we can't talk to the Protect API

    6. 

  6. 	 */

    7. 

  7. 	class Jetpack_Protect_Math_Authenticate {

    8. 

  8. 

    9. 

  9. 		function __construct() {

    10. 

  10. 			add_action( 'login_form', array( $this, 'math_form' ) );

    11. 

  11. 			if( isset( $_POST[ 'jetpack_protect_process_math_form' ] ) ) {

    12. 

  12. 				add_action( 'init', array( $this, 'process_generate_math_page' ) );

    13. 

  13. 			}

    14. 

  14. 		}

    15. 

  15. 

    16. 

  16. 		/**

    17. 

  17. 		 * Verifies that a user answered the math problem correctly while logging in.

    18. 

  18. 		 *

    19. 

  19. 		 * @return bool Returns true if the math is correct

    20. 

  20. 		 * @throws Error if insuffient $_POST variables are present.

    21. 

  21. 		 * @throws Error message if the math is wrong

    22. 

  22. 		 */

    23. 

  23. 		static function math_authenticate() {

    24. 

  24. 			$salt        = get_site_option( 'jetpack_protect_key' ) . get_site_option( 'admin_email' );

    25. 

  25. 			$ans         = (int)$_POST['jetpack_protect_num'];

    26. 

  26. 			$salted_ans  = sha1( $salt . $ans );

    27. 

  27. 			$correct_ans = $_POST[ 'jetpack_protect_answer' ];

    28. 

  28. 			

    29. 

  29. 			if( isset( $_COOKIE[ 'jpp_math_pass' ] ) ) {

    30. 

  30. 				$transient = Jetpack_Protect_Module::get_transient( 'jpp_math_pass_' . $_COOKIE[ 'jpp_math_pass' ] );

    31. 

  31. 				if( !$transient || $transient < 1 ) {

    32. 

  32. 					Jetpack_Protect_Math_Authenticate::generate_math_page();

    33. 

  33. 				}

    34. 

  34. 				return true;

    35. 

  35. 			}

    36. 

  36. 

    37. 

  37. 			if ( ! $correct_ans || !$_POST['jetpack_protect_num'] ) {

    38. 

  38. 				Jetpack_Protect_Math_Authenticate::generate_math_page();

    39. 

  39. 			} elseif ( $salted_ans != $correct_ans ) {

    40. 

  40. 				wp_die( __( '<strong>You failed to correctly answer the math problem.</strong>  This is used to combat spam when the Jetpack Protect API is unavailable.  Please use your browser\'s back button to return to the login form, press the "refresh" button to generate a new math problem, and try to log in again.', 'jetpack' ) );

    41. 

  41. 			} else {

    42. 

  42. 				return true;

    43. 

  43. 			}

    44. 

  44. 		}

    45. 

  45. 

    46. 

  46. 		/**

    47. 

  47. 		 * Creates an interim page to collect answers to a math captcha

    48. 

  48. 		 *

    49. 

  49. 		 * @return none, execution stopped

    50. 

  50. 		 */

    51. 

  51. 		static function generate_math_page( $error = false ) {

    52. 

  52. 			$salt = get_site_option( 'jetpack_protect_key' ) . get_site_option( 'admin_email' );

    53. 

  53. 			$num1 = rand( 0, 10 );

    54. 

  54. 			$num2 = rand( 1, 10 );

    55. 

  55. 			$sum  = $num1 + $num2;

    56. 

  56. 			$ans  = sha1( $salt . $sum );

    57. 

  57. 			ob_start();

    58. 

  58. 			?>

    59. 

  59. 			<h2><?php _e( 'Please solve this math problem to prove that you are not a bot.  Once you solve it, you will need to log in again.', 'jetpack' ); ?></h2>

    60. 

  60. 			<?php if ($error): ?>

    61. 

  61. 				<h3><?php _e( 'Your answer was incorrect, please try again.', 'jetpack' ); ?></h3>

    62. 

  62. 			<?php endif ?>

    63. 

  63. 			

    64. 

  64. 			<form action="<?php echo home_url(); ?>" method="post" accept-charset="utf-8">

    65. 

  65. 				<?php Jetpack_Protect_Math_Authenticate::math_form(); ?>

    66. 

  66. 				<input type="hidden" name="jetpack_protect_process_math_form" value="1" id="jetpack_protect_process_math_form" />

    67. 

  67. 				<p><input type="submit" value="Continue &rarr;"></p>

    68. 

  68. 			</form>

    69. 

  69. 		<?php

    70. 

  70. 			$mathage = ob_get_contents();

    71. 

  71. 			ob_end_clean();

    72. 

  72. 			wp_die( $mathage );

    73. 

  73. 		}

    74. 

  74. 		

    75. 

  75. 		public function process_generate_math_page() {

    76. 

  76. 			$salt        = get_site_option( 'jetpack_protect_key' ) . get_site_option( 'admin_email' );

    77. 

  77. 			$ans         = (int)$_POST['jetpack_protect_num'];

    78. 

  78. 			$salted_ans  = sha1( $salt . $ans );

    79. 

  79. 			$correct_ans = $_POST[ 'jetpack_protect_answer' ];

    80. 

  80. 			

    81. 

  81. 			if ( $salted_ans != $correct_ans ) {

    82. 

  82. 				Jetpack_Protect_Math_Authenticate::generate_math_page(true);

    83. 

  83. 			} else {

    84. 

  84. 				$temp_pass = substr( sha1( rand( 1, 100000000 ) . get_site_option( 'jetpack_protect_key' ) ), 5, 25 );

    85. 

  85. 				Jetpack_Protect_Module::set_transient( 'jpp_math_pass_' . $temp_pass, 3, DAY_IN_SECONDS );

    86. 

  86. 				setcookie('jpp_math_pass', $temp_pass, time() + DAY_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN, false);

    87. 

  87. 				return true;

    88. 

  88. 			}

    89. 

  89. 		}

    90. 

  90. 

    91. 

  91. 		/**

    92. 

  92. 		 * Requires a user to solve a simple equation. Added to any WordPress login form.

    93. 

  93. 		 *

    94. 

  94. 		 * @return VOID outputs html

    95. 

  95. 		 */

    96. 

  96. 		static function math_form() {

    97. 

  97. 			$salt = get_site_option( 'jetpack_protect_key' ) . get_site_option( 'admin_email' );

    98. 

  98. 			$num1 = rand( 0, 10 );

    99. 

  99. 			$num2 = rand( 1, 10 );

    100. 

  100. 			$sum  = $num1 + $num2;

    101. 

  101. 			$ans  = sha1( $salt . $sum );

    102. 

  102. 			?>

    103. 

  103. 			<div style="margin: 5px 0 20px;">

    104. 

  104. 				<strong>Prove your humanity: </strong>

    105. 

  105. 				<?php echo $num1 ?> &nbsp; + &nbsp; <?php echo $num2 ?> &nbsp; = &nbsp;

    106. 

  106. 				<input type="input" name="jetpack_protect_num" value="" size="2" />

    107. 

  107. 				<input type="hidden" name="jetpack_protect_answer" value="<?php echo $ans; ?>" />

    108. 

  108. 			</div>

    109. 

  109. 		<?php

    110. 

  110. 		}

    111. 

  111. 

    112. 

  112. 	}

    113. 

  113. }
    114.