really-simple-captcha.php — Contact Form 7 5.0.2

contact-form-7 / modules / really-simple-captcha.php

contact-form-7 / modules Last commit date

acceptance.php 8 years ago akismet.php 8 years ago checkbox.php 8 years ago count.php 8 years ago date.php 8 years ago file.php 8 years ago flamingo.php 8 years ago hidden.php 9 years ago listo.php 9 years ago number.php 8 years ago quiz.php 8 years ago really-simple-captcha.php 8 years ago recaptcha.php 8 years ago response.php 9 years ago select.php 8 years ago submit.php 8 years ago text.php 8 years ago textarea.php 8 years ago

really-simple-captcha.php

647 lines

1	<?php
2	/**
3	** A base module for [captchac] and [captchar]
4	**/
5
6	/* form_tag handler */
7
8	add_action( 'wpcf7_init', 'wpcf7_add_form_tag_captcha' );
9
10	function wpcf7_add_form_tag_captcha() {
11	// CAPTCHA-Challenge (image)
12	wpcf7_add_form_tag( 'captchac',
13	'wpcf7_captchac_form_tag_handler',
14	array(
15	'name-attr' => true,
16	'zero-controls-container' => true,
17	'not-for-mail' => true,
18	)
19	);
20
21	// CAPTCHA-Response (input)
22	wpcf7_add_form_tag( 'captchar',
23	'wpcf7_captchar_form_tag_handler',
24	array(
25	'name-attr' => true,
26	'do-not-store' => true,
27	'not-for-mail' => true,
28	)
29	);
30	}
31
32	function wpcf7_captchac_form_tag_handler( $tag ) {
33	if ( ! class_exists( 'ReallySimpleCaptcha' ) ) {
34	$error = sprintf(
35	/* translators: %s: link labeled 'Really Simple CAPTCHA' */
36	esc_html( __( "To use CAPTCHA, you need %s plugin installed.", 'contact-form-7' ) ),
37	wpcf7_link( 'https://wordpress.org/plugins/really-simple-captcha/', 'Really Simple CAPTCHA' ) );
38
39	return sprintf( '<em>%s</em>', $error );
40	}
41
42	if ( empty( $tag->name ) ) {
43	return '';
44	}
45
46	$class = wpcf7_form_controls_class( $tag->type );
47	$class .= ' wpcf7-captcha-' . $tag->name;
48
49	$atts = array();
50	$atts['class'] = $tag->get_class_option( $class );
51	$atts['id'] = $tag->get_id_option();
52
53	$op = array( // Default
54	'img_size' => array( 72, 24 ),
55	'base' => array( 6, 18 ),
56	'font_size' => 14,
57	'font_char_width' => 15,
58	);
59
60	$op = array_merge( $op, wpcf7_captchac_options( $tag->options ) );
61
62	if ( ! $filename = wpcf7_generate_captcha( $op ) ) {
63	return '';
64	}
65
66	if ( ! empty( $op['img_size'] ) ) {
67	if ( isset( $op['img_size'][0] ) ) {
68	$atts['width'] = $op['img_size'][0];
69	}
70
71	if ( isset( $op['img_size'][1] ) ) {
72	$atts['height'] = $op['img_size'][1];
73	}
74	}
75
76	$atts['alt'] = 'captcha';
77	$atts['src'] = wpcf7_captcha_url( $filename );
78
79	$atts = wpcf7_format_atts( $atts );
80
81	$prefix = substr( $filename, 0, strrpos( $filename, '.' ) );
82
83	$html = sprintf(
84	'<input type="hidden" name="_wpcf7_captcha_challenge_%1$s" value="%2$s" /><img %3$s />',
85	$tag->name, esc_attr( $prefix ), $atts );
86
87	return $html;
88	}
89
90	function wpcf7_captchar_form_tag_handler( $tag ) {
91	if ( empty( $tag->name ) ) {
92	return '';
93	}
94
95	$validation_error = wpcf7_get_validation_error( $tag->name );
96
97	$class = wpcf7_form_controls_class( $tag->type );
98
99	if ( $validation_error ) {
100	$class .= ' wpcf7-not-valid';
101	}
102
103	$atts = array();
104
105	$atts['size'] = $tag->get_size_option( '40' );
106	$atts['maxlength'] = $tag->get_maxlength_option();
107	$atts['minlength'] = $tag->get_minlength_option();
108
109	if ( $atts['maxlength'] && $atts['minlength']
110	&& $atts['maxlength'] < $atts['minlength'] ) {
111	unset( $atts['maxlength'], $atts['minlength'] );
112	}
113
114	$atts['class'] = $tag->get_class_option( $class );
115	$atts['id'] = $tag->get_id_option();
116	$atts['tabindex'] = $tag->get_option( 'tabindex', 'signed_int', true );
117	$atts['autocomplete'] = 'off';
118	$atts['aria-invalid'] = $validation_error ? 'true' : 'false';
119
120	$value = (string) reset( $tag->values );
121
122	if ( wpcf7_is_posted() ) {
123	$value = '';
124	}
125
126	if ( $tag->has_option( 'placeholder' )
127	\|\| $tag->has_option( 'watermark' ) ) {
128	$atts['placeholder'] = $value;
129	$value = '';
130	}
131
132	$atts['value'] = $value;
133	$atts['type'] = 'text';
134	$atts['name'] = $tag->name;
135
136	$atts = wpcf7_format_atts( $atts );
137
138	$html = sprintf(
139	'<span class="wpcf7-form-control-wrap %1$s"><input %2$s />%3$s</span>',
140	sanitize_html_class( $tag->name ), $atts, $validation_error );
141
142	return $html;
143	}
144
145
146	/* Validation filter */
147
148	add_filter( 'wpcf7_validate_captchar', 'wpcf7_captcha_validation_filter', 10, 2 );
149
150	function wpcf7_captcha_validation_filter( $result, $tag ) {
151	$type = $tag->type;
152	$name = $tag->name;
153
154	$captchac = '_wpcf7_captcha_challenge_' . $name;
155
156	$prefix = isset( $_POST[$captchac] ) ? (string) $_POST[$captchac] : '';
157	$response = isset( $_POST[$name] ) ? (string) $_POST[$name] : '';
158	$response = wpcf7_canonicalize( $response );
159
160	if ( 0 == strlen( $prefix ) \|\| ! wpcf7_check_captcha( $prefix, $response ) ) {
161	$result->invalidate( $tag, wpcf7_get_message( 'captcha_not_match' ) );
162	}
163
164	if ( 0 != strlen( $prefix ) ) {
165	wpcf7_remove_captcha( $prefix );
166	}
167
168	return $result;
169	}
170
171
172	/* Ajax echo filter */
173
174	add_filter( 'wpcf7_ajax_onload', 'wpcf7_captcha_ajax_refill' );
175	add_filter( 'wpcf7_ajax_json_echo', 'wpcf7_captcha_ajax_refill' );
176
177	function wpcf7_captcha_ajax_refill( $items ) {
178	if ( ! is_array( $items ) ) {
179	return $items;
180	}
181
182	$tags = wpcf7_scan_form_tags( array( 'type' => 'captchac' ) );
183
184	if ( empty( $tags ) ) {
185	return $items;
186	}
187
188	$refill = array();
189
190	foreach ( $tags as $tag ) {
191	$name = $tag->name;
192	$options = $tag->options;
193
194	if ( empty( $name ) ) {
195	continue;
196	}
197
198	$op = wpcf7_captchac_options( $options );
199
200	if ( $filename = wpcf7_generate_captcha( $op ) ) {
201	$captcha_url = wpcf7_captcha_url( $filename );
202	$refill[$name] = $captcha_url;
203	}
204	}
205
206	if ( ! empty( $refill ) ) {
207	$items['captcha'] = $refill;
208	}
209
210	return $items;
211	}
212
213
214	/* Messages */
215
216	add_filter( 'wpcf7_messages', 'wpcf7_captcha_messages' );
217
218	function wpcf7_captcha_messages( $messages ) {
219	$messages = array_merge( $messages, array(
220	'captcha_not_match' => array(
221	'description' =>
222	__( "The code that sender entered does not match the CAPTCHA", 'contact-form-7' ),
223	'default' =>
224	__( 'Your entered code is incorrect.', 'contact-form-7' ),
225	),
226	) );
227
228	return $messages;
229	}
230
231
232	/* Tag generator */
233
234	add_action( 'wpcf7_admin_init', 'wpcf7_add_tag_generator_captcha', 46 );
235
236	function wpcf7_add_tag_generator_captcha() {
237	if ( ! wpcf7_use_really_simple_captcha() ) {
238	return;
239	}
240
241	$tag_generator = WPCF7_TagGenerator::get_instance();
242	$tag_generator->add( 'captcha',
243	__( 'CAPTCHA (Really Simple CAPTCHA)', 'contact-form-7' ),
244	'wpcf7_tag_generator_captcha' );
245	}
246
247	function wpcf7_tag_generator_captcha( $contact_form, $args = '' ) {
248	$args = wp_parse_args( $args, array() );
249
250	if ( ! class_exists( 'ReallySimpleCaptcha' ) ) {
251	?>
252	<div class="control-box">
253	<fieldset>
254	<legend><?php
255	echo sprintf(
256	/* translators: %s: link labeled 'Really Simple CAPTCHA' */
257	esc_html( __( "To use CAPTCHA, you first need to install and activate %s plugin.", 'contact-form-7' ) ),
258	wpcf7_link( 'https://wordpress.org/plugins/really-simple-captcha/', 'Really Simple CAPTCHA' )
259	);
260	?></legend>
261	</fieldset>
262	</div>
263	<?php
264
265	return;
266	}
267
268	$description = __( "Generate form-tags for a CAPTCHA image and corresponding response input field. For more details, see %s.", 'contact-form-7' );
269
270	$desc_link = wpcf7_link( __( 'https://contactform7.com/captcha/', 'contact-form-7' ), __( 'CAPTCHA', 'contact-form-7' ) );
271
272	?>
273	<div class="control-box">
274	<fieldset>
275	<legend><?php echo sprintf( esc_html( $description ), $desc_link ); ?></legend>
276
277	<table class="form-table">
278	<tbody>
279	<tr>
280	<th scope="row"><label for="<?php echo esc_attr( $args['content'] . '-name' ); ?>"><?php echo esc_html( __( 'Name', 'contact-form-7' ) ); ?></label></th>
281	<td><input type="text" name="name" class="tg-name oneline" id="<?php echo esc_attr( $args['content'] . '-name' ); ?>" /></td>
282	</tr>
283	</tbody>
284	</table>
285
286	<table class="form-table scope captchac">
287	<caption><?php echo esc_html( __( "Image settings", 'contact-form-7' ) ); ?></caption>
288	<tbody>
289	<tr>
290	<th scope="row"><label for="<?php echo esc_attr( $args['content'] . '-captchac-id' ); ?>"><?php echo esc_html( __( 'Id attribute', 'contact-form-7' ) ); ?></label></th>
291	<td><input type="text" name="id" class="idvalue oneline option" id="<?php echo esc_attr( $args['content'] . '-captchac-id' ); ?>" /></td>
292	</tr>
293
294	<tr>
295	<th scope="row"><label for="<?php echo esc_attr( $args['content'] . '-captchac-class' ); ?>"><?php echo esc_html( __( 'Class attribute', 'contact-form-7' ) ); ?></label></th>
296	<td><input type="text" name="class" class="classvalue oneline option" id="<?php echo esc_attr( $args['content'] . '-captchac-class' ); ?>" /></td>
297	</tr>
298	</tbody>
299	</table>
300
301	<table class="form-table scope captchar">
302	<caption><?php echo esc_html( __( "Input field settings", 'contact-form-7' ) ); ?></caption>
303	<tbody>
304	<tr>
305	<th scope="row"><label for="<?php echo esc_attr( $args['content'] . '-captchar-id' ); ?>"><?php echo esc_html( __( 'Id attribute', 'contact-form-7' ) ); ?></label></th>
306	<td><input type="text" name="id" class="idvalue oneline option" id="<?php echo esc_attr( $args['content'] . '-captchar-id' ); ?>" /></td>
307	</tr>
308
309	<tr>
310	<th scope="row"><label for="<?php echo esc_attr( $args['content'] . '-captchar-class' ); ?>"><?php echo esc_html( __( 'Class attribute', 'contact-form-7' ) ); ?></label></th>
311	<td><input type="text" name="class" class="classvalue oneline option" id="<?php echo esc_attr( $args['content'] . '-captchar-class' ); ?>" /></td>
312	</tr>
313	</tbody>
314	</table>
315	</fieldset>
316	</div>
317
318	<div class="insert-box">
319	<input type="text" name="captcha" class="tag code" readonly="readonly" onfocus="this.select()" />
320
321	<div class="submitbox">
322	<input type="button" class="button button-primary insert-tag" value="<?php echo esc_attr( __( 'Insert Tag', 'contact-form-7' ) ); ?>" />
323	</div>
324	</div>
325	<?php
326	}
327
328
329	/* Warning message */
330
331	add_action( 'wpcf7_admin_warnings', 'wpcf7_captcha_display_warning_message' );
332
333	function wpcf7_captcha_display_warning_message() {
334	if ( ! $contact_form = wpcf7_get_current_contact_form() ) {
335	return;
336	}
337
338	$has_tags = (bool) $contact_form->scan_form_tags(
339	array( 'type' => array( 'captchac' ) ) );
340
341	if ( ! $has_tags ) {
342	return;
343	}
344
345	if ( ! class_exists( 'ReallySimpleCaptcha' ) ) {
346	return;
347	}
348
349	$uploads_dir = wpcf7_captcha_tmp_dir();
350	wpcf7_init_captcha();
351
352	if ( ! is_dir( $uploads_dir ) \|\| ! wp_is_writable( $uploads_dir ) ) {
353	$message = sprintf( __( 'This contact form contains CAPTCHA fields, but the temporary folder for the files (%s) does not exist or is not writable. You can create the folder or change its permission manually.', 'contact-form-7' ), $uploads_dir );
354
355	echo '<div class="notice notice-warning"><p>' . esc_html( $message ) . '</p></div>';
356	}
357
358	if ( ! function_exists( 'imagecreatetruecolor' )
359	\|\| ! function_exists( 'imagettftext' ) ) {
360	$message = __( "This contact form contains CAPTCHA fields, but the necessary libraries (GD and FreeType) are not available on your server.", 'contact-form-7' );
361
362	echo '<div class="notice notice-warning"><p>' . esc_html( $message ) . '</p></div>';
363	}
364	}
365
366
367	/* CAPTCHA functions */
368
369	function wpcf7_init_captcha() {
370	static $captcha = null;
371
372	if ( $captcha ) {
373	return $captcha;
374	}
375
376	if ( class_exists( 'ReallySimpleCaptcha' ) ) {
377	$captcha = new ReallySimpleCaptcha();
378	} else {
379	return false;
380	}
381
382	$dir = trailingslashit( wpcf7_captcha_tmp_dir() );
383
384	$captcha->tmp_dir = $dir;
385
386	if ( is_callable( array( $captcha, 'make_tmp_dir' ) ) ) {
387	$result = $captcha->make_tmp_dir();
388
389	if ( ! $result ) {
390	return false;
391	}
392
393	return $captcha;
394	}
395
396	if ( wp_mkdir_p( $dir ) ) {
397	$htaccess_file = path_join( $dir, '.htaccess' );
398
399	if ( file_exists( $htaccess_file ) ) {
400	return $captcha;
401	}
402
403	if ( $handle = fopen( $htaccess_file, 'w' ) ) {
404	fwrite( $handle, 'Order deny,allow' . "\n" );
405	fwrite( $handle, 'Deny from all' . "\n" );
406	fwrite( $handle, '<Files ~ "^[0-9A-Za-z]+\\.(jpeg\|gif\|png)$">' . "\n" );
407	fwrite( $handle, ' Allow from all' . "\n" );
408	fwrite( $handle, '</Files>' . "\n" );
409	fclose( $handle );
410	}
411	} else {
412	return false;
413	}
414
415	return $captcha;
416	}
417
418	function wpcf7_captcha_tmp_dir() {
419	if ( defined( 'WPCF7_CAPTCHA_TMP_DIR' ) ) {
420	return WPCF7_CAPTCHA_TMP_DIR;
421	} else {
422	return path_join( wpcf7_upload_dir( 'dir' ), 'wpcf7_captcha' );
423	}
424	}
425
426	function wpcf7_captcha_tmp_url() {
427	if ( defined( 'WPCF7_CAPTCHA_TMP_URL' ) ) {
428	return WPCF7_CAPTCHA_TMP_URL;
429	} else {
430	return path_join( wpcf7_upload_dir( 'url' ), 'wpcf7_captcha' );
431	}
432	}
433
434	function wpcf7_captcha_url( $filename ) {
435	$url = path_join( wpcf7_captcha_tmp_url(), $filename );
436
437	if ( is_ssl() && 'http:' == substr( $url, 0, 5 ) ) {
438	$url = 'https:' . substr( $url, 5 );
439	}
440
441	return apply_filters( 'wpcf7_captcha_url', esc_url_raw( $url ) );
442	}
443
444	function wpcf7_generate_captcha( $options = null ) {
445	if ( ! $captcha = wpcf7_init_captcha() ) {
446	return false;
447	}
448
449	if ( ! is_dir( $captcha->tmp_dir )
450	\|\| ! wp_is_writable( $captcha->tmp_dir ) ) {
451	return false;
452	}
453
454	$img_type = imagetypes();
455
456	if ( $img_type & IMG_PNG ) {
457	$captcha->img_type = 'png';
458	} elseif ( $img_type & IMG_GIF ) {
459	$captcha->img_type = 'gif';
460	} elseif ( $img_type & IMG_JPG ) {
461	$captcha->img_type = 'jpeg';
462	} else {
463	return false;
464	}
465
466	if ( is_array( $options ) ) {
467	if ( isset( $options['img_size'] ) ) {
468	$captcha->img_size = $options['img_size'];
469	}
470
471	if ( isset( $options['base'] ) ) {
472	$captcha->base = $options['base'];
473	}
474
475	if ( isset( $options['font_size'] ) ) {
476	$captcha->font_size = $options['font_size'];
477	}
478
479	if ( isset( $options['font_char_width'] ) ) {
480	$captcha->font_char_width = $options['font_char_width'];
481	}
482
483	if ( isset( $options['fg'] ) ) {
484	$captcha->fg = $options['fg'];
485	}
486
487	if ( isset( $options['bg'] ) ) {
488	$captcha->bg = $options['bg'];
489	}
490	}
491
492	$prefix = wp_rand();
493	$captcha_word = $captcha->generate_random_word();
494	return $captcha->generate_image( $prefix, $captcha_word );
495	}
496
497	function wpcf7_check_captcha( $prefix, $response ) {
498	if ( ! $captcha = wpcf7_init_captcha() ) {
499	return false;
500	}
501
502	return $captcha->check( $prefix, $response );
503	}
504
505	function wpcf7_remove_captcha( $prefix ) {
506	if ( ! $captcha = wpcf7_init_captcha() ) {
507	return false;
508	}
509
510	// Contact Form 7 generates $prefix with wp_rand()
511	if ( preg_match( '/[^0-9]/', $prefix ) ) {
512	return false;
513	}
514
515	$captcha->remove( $prefix );
516	}
517
518	add_action( 'template_redirect', 'wpcf7_cleanup_captcha_files', 20 );
519
520	function wpcf7_cleanup_captcha_files() {
521	if ( ! $captcha = wpcf7_init_captcha() ) {
522	return false;
523	}
524
525	if ( is_callable( array( $captcha, 'cleanup' ) ) ) {
526	return $captcha->cleanup();
527	}
528
529	$dir = trailingslashit( wpcf7_captcha_tmp_dir() );
530
531	if ( ! is_dir( $dir ) \|\| ! is_readable( $dir ) \|\| ! wp_is_writable( $dir ) ) {
532	return false;
533	}
534
535	if ( $handle = opendir( $dir ) ) {
536	while ( false !== ( $file = readdir( $handle ) ) ) {
537	if ( ! preg_match( '/^[0-9]+\.(php\|txt\|png\|gif\|jpeg)$/', $file ) ) {
538	continue;
539	}
540
541	$stat = stat( path_join( $dir, $file ) );
542
543	if ( $stat['mtime'] + 3600 < time() ) { // 3600 secs == 1 hour
544	unlink( path_join( $dir, $file ) );
545	}
546	}
547
548	closedir( $handle );
549	}
550	}
551
552	function wpcf7_captchac_options( $options ) {
553	if ( ! is_array( $options ) ) {
554	return array();
555	}
556
557	$op = array();
558	$image_size_array = preg_grep( '%^size:[smlSML]$%', $options );
559
560	if ( $image_size = array_shift( $image_size_array ) ) {
561	preg_match( '%^size:([smlSML])$%', $image_size, $is_matches );
562
563	switch ( strtolower( $is_matches[1] ) ) {
564	case 's':
565	$op['img_size'] = array( 60, 20 );
566	$op['base'] = array( 6, 15 );
567	$op['font_size'] = 11;
568	$op['font_char_width'] = 13;
569	break;
570	case 'l':
571	$op['img_size'] = array( 84, 28 );
572	$op['base'] = array( 6, 20 );
573	$op['font_size'] = 17;
574	$op['font_char_width'] = 19;
575	break;
576	case 'm':
577	default:
578	$op['img_size'] = array( 72, 24 );
579	$op['base'] = array( 6, 18 );
580	$op['font_size'] = 14;
581	$op['font_char_width'] = 15;
582	}
583	}
584
585	$fg_color_array = preg_grep(
586	'%^fg:#([0-9a-fA-F]{3}\|[0-9a-fA-F]{6})$%', $options );
587
588	if ( $fg_color = array_shift( $fg_color_array ) ) {
589	preg_match( '%^fg:#([0-9a-fA-F]{3}\|[0-9a-fA-F]{6})$%',
590	$fg_color, $fc_matches );
591
592	if ( 3 == strlen( $fc_matches[1] ) ) {
593	$r = substr( $fc_matches[1], 0, 1 );
594	$g = substr( $fc_matches[1], 1, 1 );
595	$b = substr( $fc_matches[1], 2, 1 );
596
597	$op['fg'] = array(
598	hexdec( $r . $r ),
599	hexdec( $g . $g ),
600	hexdec( $b . $b ),
601	);
602	} elseif ( 6 == strlen( $fc_matches[1] ) ) {
603	$r = substr( $fc_matches[1], 0, 2 );
604	$g = substr( $fc_matches[1], 2, 2 );
605	$b = substr( $fc_matches[1], 4, 2 );
606
607	$op['fg'] = array(
608	hexdec( $r ),
609	hexdec( $g ),
610	hexdec( $b ),
611	);
612	}
613	}
614
615	$bg_color_array = preg_grep(
616	'%^bg:#([0-9a-fA-F]{3}\|[0-9a-fA-F]{6})$%', $options );
617
618	if ( $bg_color = array_shift( $bg_color_array ) ) {
619	preg_match( '%^bg:#([0-9a-fA-F]{3}\|[0-9a-fA-F]{6})$%',
620	$bg_color, $bc_matches );
621
622	if ( 3 == strlen( $bc_matches[1] ) ) {
623	$r = substr( $bc_matches[1], 0, 1 );
624	$g = substr( $bc_matches[1], 1, 1 );
625	$b = substr( $bc_matches[1], 2, 1 );
626
627	$op['bg'] = array(
628	hexdec( $r . $r ),
629	hexdec( $g . $g ),
630	hexdec( $b . $b ),
631	);
632	} elseif ( 6 == strlen( $bc_matches[1] ) ) {
633	$r = substr( $bc_matches[1], 0, 2 );
634	$g = substr( $bc_matches[1], 2, 2 );
635	$b = substr( $bc_matches[1], 4, 2 );
636
637	$op['bg'] = array(
638	hexdec( $r ),
639	hexdec( $g ),
640	hexdec( $b ),
641	);
642	}
643	}
644
645	return $op;
646	}
647