PageRenderTime 59ms CodeModel.GetById 16ms RepoModel.GetById 0ms app.codeStats 0ms

/FormProcessor.php

https://bitbucket.org/afrosoft/form-manager
PHP | 148 lines | 110 code | 31 blank | 7 comment | 24 complexity | 5bf264bd6e56194487a772f98ae0a8dc MD5 | raw file
    

  1. <?php
    2. 

  2. 

  3. /*
    4. 

  4.  * To change this template, choose Tools | Templates
    5. 

  5.  * and open the template in the editor.
    6. 

  6.  */
    7. 

  7. 

  8. class FormStatus {
    9. 

  9.     const VALID     = 1;
    10. 

  10.     const INVALID   = 2;
    11. 

  11.     const UNSURE    = 3;
    12. 

  12. }
    13. 

  13. 

  14. /**
    15. 

  15.  * The class that processes form.
    16. 

  16.  */
    17. 

  17. class FormProcessor {
    18. 

  18.     private $raw = array();
    19. 

  19.     public $processed = array();
    20. 

  20.     private $secret = null;
    21. 

  21.     private $captcha = 'CAPTCHA PRIVATE KEY HERE';
    22. 

  22.     private $valid = null;
    23. 

  23.     
    24. 

  24.     public function __construct($secret) {
    25. 

  25.         $this->secret = $secret;
    26. 

  26.     }
    27. 

  27.     
    28. 

  28.     public function pipe($raw) {
    29. 

  29.         $this->raw = array_merge($this->raw, $raw);
    30. 

  30.         return $this;
    31. 

  31.     }
    32. 

  32.     
    33. 

  33.     public function valid() {
    34. 

  34.         if (isset($this->valid)) {
    35. 

  35.             return $this->valid;
    36. 

  36.         } else {
    37. 

  37.             $this->process();
    38. 

  38.             return $this->valid();
    39. 

  39.         }
    40. 

  40.     }
    41. 

  41.     
    42. 

  42.     public function process($alloted_time = 900000, $kill = false) {
    43. 

  43.         require_once 'Encryption\TW_Encryption.php';
    44. 

  44.         
    45. 

  45.         $crypt = new TW_Encryption();
    46. 

  46.         
    47. 

  47.         if (!isset($this->raw['spinner'])) {
    48. 

  48.             $this->valid = FormStatus::INVALID;
    49. 

  49.             return false;
    50. 

  50.         }
    51. 

  51.         
    52. 

  52.         $timestamp_label = $this->_hash_name('timestamp', $this->raw['spinner']);
    53. 

  53.         if (!isset($this->raw[$timestamp_label])) {
    54. 

  54.             $this->valid = FormStatus::INVALID;
    55. 

  55.             return false;
    56. 

  56.         }
    57. 

  57.         
    58. 

  58.         if (($this->raw[$timestamp_label] + $alloted_time) < time()) {
    59. 

  59.             if ($kill) {
    60. 

  60.                 $this->valid = FormStatus::INVALID;
    61. 

  61.                 return false;
    62. 

  62.             }
    63. 

  63.             $this->valid = FormStatus::UNSURE;
    64. 

  64.         }
    65. 

  65.         
    66. 

  66.         $calc_spinner = $this->_calculate_spinner($this->raw[$timestamp_label]);
    67. 

  67.         if ($calc_spinner != $this->raw['spinner']) {
    68. 

  68.             $this->valid = FormStatus::INVALID;
    69. 

  69.             return false;
    70. 

  70.         }
    71. 

  71.         
    72. 

  72.         if (isset($this->raw['recaptcha_challenge_field']) && isset($this->raw['recaptcha_challenge_field'])) {
    73. 

  73.             if (!$this->_check_recaptcha($this->raw['recaptcha_challenge_field'], $this->raw['recaptcha_response_field'])) {
    74. 

  74.                 $this->valid = FormStatus::INVALID;
    75. 

  75.                 return false;
    76. 

  76.             }
    77. 

  77.         }
    78. 

  78.         
    79. 

  79.         
    80. 

  80.         foreach($this->raw as $key => $value) {
    81. 

  81.             if ($key == $timestamp_label || $key == 'spinner' || $key == 'recaptcha_challenge_field' || $key == 'recaptcha_response_field') {
    82. 

  82.                 continue;
    83. 

  83.             }
    84. 

  84.             $pKey = $this->_unhash_name($key, $this->raw['spinner']);
    85. 

  85.             $this->processed[$pKey] = $value;
    86. 

  86.         }
    87. 

  87.         
    88. 

  88.         
    89. 

  89.         
    90. 

  90.         $this->valid = FormStatus::VALID;
    91. 

  91.         return true;
    92. 

  92.     }
    93. 

  93.     
    94. 

  94.     private function _calculate_spinner($timestamp) {
    95. 

  95.         return hash('sha256', $timestamp . $this->secret);
    96. 

  96.     }
    97. 

  97.     
    98. 

  98.     function _hash_name($name, $spinner) {
    99. 

  99.         require_once 'Encryption\TW_Encryption.php';
    100. 

  100.         $array = false;
    101. 

  101.         
    102. 

  102.         if (strstr($name, '[]')) {
    103. 

  103.             $array = true;
    104. 

  104.         }
    105. 

  105.         
    106. 

  106.         $crypt = new TW_Encryption();
    107. 

  107.         $encoded = $this->_encode_name($crypt->encrypt($spinner, $name . $this->secret));
    108. 

  108.         
    109. 

  109.         return $encoded;
    110. 

  110.     }
    111. 

  111.     
    112. 

  112.     private function _encode_name($name) {
    113. 

  113.         return strtr(base64_encode($name), array('+' => '-', '/' => '_', '=' => ''));
    114. 

  114.     }
    115. 

  115.     
    116. 

  116.     private function _unhash_name($hash, $spinner) {
    117. 

  117.         require_once 'Encryption\TW_Encryption.php';
    118. 

  118.         
    119. 

  119.         $crypt = new TW_Encryption();
    120. 

  120.         if (strstr($hash, '_x')) {
    121. 

  121.             return strtr($crypt->decrypt($spinner, substr($this->_decode_name($hash), 0, -2)), array($this->secret => '')) . '_x';
    122. 

  122.         }
    123. 

  123.         if (strstr($hash, '_y')) {
    124. 

  124.             return strtr($crypt->decrypt($spinner, substr($this->_decode_name($hash), 0, -2)), array($this->secret => '')) . '_y';
    125. 

  125.         }
    126. 

  126.         return strtr($crypt->decrypt($spinner, $this->_decode_name($hash)), array($this->secret => ''));
    127. 

  127.     }
    128. 

  128.     
    129. 

  129.     private function _decode_name($name) {
    130. 

  130.         if(strstr($name, '_x')) {
    131. 

  131.             return base64_decode(str_pad(strtr(substr($name, 0, -2), array('-' => '+', '_' => '/')), strlen($name) % 4, '=')) . '_x';
    132. 

  132.         }
    133. 

  133.         if(strstr($name, '_y')) {
    134. 

  134.             return base64_decode(str_pad(strtr(substr($name, 0, -2), array('-' => '+', '_' => '/')), strlen($name) % 4, '=')) . '_y';
    135. 

  135.         }
    136. 

  136.         return base64_decode(str_pad(strtr($name, array('-' => '+', '_' => '/')), strlen($name) % 4, '='));
    137. 

  137.     }
    138. 

  138.     
    139. 

  139.     private function _check_recaptcha($challenge, $response) {
    140. 

  140.         require_once 'ReCAPTCHA\recaptchalib.php';
    141. 

  141.         
    142. 

  142.          $resp = recaptcha_check_answer ($this->captcha, $_SERVER["REMOTE_ADDR"], $challenge, $response);
    143. 

  143. 

  144.          return $resp->is_valid;
    145. 

  145.     }
    146. 

  146. }
    147. 

  147. 

  148. ?>
    149. 

  149.