form-manager /FormProcessor.php

Language PHP Lines 149
MD5 Hash 5bf264bd6e56194487a772f98ae0a8dc Estimated Cost $2,611 (why?)
Repository https://bitbucket.org/afrosoft/form-manager View Raw File View Project SPDX
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
<?php

/*
 * To change this template, choose Tools | Templates
 * and open the template in the editor.
 */

class FormStatus {
    const VALID     = 1;
    const INVALID   = 2;
    const UNSURE    = 3;
}

/**
 * The class that processes form.
 */
class FormProcessor {
    private $raw = array();
    public $processed = array();
    private $secret = null;
    private $captcha = 'CAPTCHA PRIVATE KEY HERE';
    private $valid = null;
    
    public function __construct($secret) {
        $this->secret = $secret;
    }
    
    public function pipe($raw) {
        $this->raw = array_merge($this->raw, $raw);
        return $this;
    }
    
    public function valid() {
        if (isset($this->valid)) {
            return $this->valid;
        } else {
            $this->process();
            return $this->valid();
        }
    }
    
    public function process($alloted_time = 900000, $kill = false) {
        require_once 'Encryption\TW_Encryption.php';
        
        $crypt = new TW_Encryption();
        
        if (!isset($this->raw['spinner'])) {
            $this->valid = FormStatus::INVALID;
            return false;
        }
        
        $timestamp_label = $this->_hash_name('timestamp', $this->raw['spinner']);
        if (!isset($this->raw[$timestamp_label])) {
            $this->valid = FormStatus::INVALID;
            return false;
        }
        
        if (($this->raw[$timestamp_label] + $alloted_time) < time()) {
            if ($kill) {
                $this->valid = FormStatus::INVALID;
                return false;
            }
            $this->valid = FormStatus::UNSURE;
        }
        
        $calc_spinner = $this->_calculate_spinner($this->raw[$timestamp_label]);
        if ($calc_spinner != $this->raw['spinner']) {
            $this->valid = FormStatus::INVALID;
            return false;
        }
        
        if (isset($this->raw['recaptcha_challenge_field']) && isset($this->raw['recaptcha_challenge_field'])) {
            if (!$this->_check_recaptcha($this->raw['recaptcha_challenge_field'], $this->raw['recaptcha_response_field'])) {
                $this->valid = FormStatus::INVALID;
                return false;
            }
        }
        
        
        foreach($this->raw as $key => $value) {
            if ($key == $timestamp_label || $key == 'spinner' || $key == 'recaptcha_challenge_field' || $key == 'recaptcha_response_field') {
                continue;
            }
            $pKey = $this->_unhash_name($key, $this->raw['spinner']);
            $this->processed[$pKey] = $value;
        }
        
        
        
        $this->valid = FormStatus::VALID;
        return true;
    }
    
    private function _calculate_spinner($timestamp) {
        return hash('sha256', $timestamp . $this->secret);
    }
    
    function _hash_name($name, $spinner) {
        require_once 'Encryption\TW_Encryption.php';
        $array = false;
        
        if (strstr($name, '[]')) {
            $array = true;
        }
        
        $crypt = new TW_Encryption();
        $encoded = $this->_encode_name($crypt->encrypt($spinner, $name . $this->secret));
        
        return $encoded;
    }
    
    private function _encode_name($name) {
        return strtr(base64_encode($name), array('+' => '-', '/' => '_', '=' => ''));
    }
    
    private function _unhash_name($hash, $spinner) {
        require_once 'Encryption\TW_Encryption.php';
        
        $crypt = new TW_Encryption();
        if (strstr($hash, '_x')) {
            return strtr($crypt->decrypt($spinner, substr($this->_decode_name($hash), 0, -2)), array($this->secret => '')) . '_x';
        }
        if (strstr($hash, '_y')) {
            return strtr($crypt->decrypt($spinner, substr($this->_decode_name($hash), 0, -2)), array($this->secret => '')) . '_y';
        }
        return strtr($crypt->decrypt($spinner, $this->_decode_name($hash)), array($this->secret => ''));
    }
    
    private function _decode_name($name) {
        if(strstr($name, '_x')) {
            return base64_decode(str_pad(strtr(substr($name, 0, -2), array('-' => '+', '_' => '/')), strlen($name) % 4, '=')) . '_x';
        }
        if(strstr($name, '_y')) {
            return base64_decode(str_pad(strtr(substr($name, 0, -2), array('-' => '+', '_' => '/')), strlen($name) % 4, '=')) . '_y';
        }
        return base64_decode(str_pad(strtr($name, array('-' => '+', '_' => '/')), strlen($name) % 4, '='));
    }
    
    private function _check_recaptcha($challenge, $response) {
        require_once 'ReCAPTCHA\recaptchalib.php';
        
         $resp = recaptcha_check_answer ($this->captcha, $_SERVER["REMOTE_ADDR"], $challenge, $response);

         return $resp->is_valid;
    }
}

?>
Back to Top