really-simple-captcha.php — Contact Form 7 5.1.1

contact-form-7 / modules / really-simple-captcha.php

contact-form-7 / modules Last commit date

acceptance.php 7 years ago akismet.php 7 years ago checkbox.php 7 years ago constant-contact.php 7 years ago count.php 7 years ago date.php 7 years ago file.php 7 years ago flamingo.php 7 years ago hidden.php 7 years ago listo.php 9 years ago number.php 7 years ago quiz.php 7 years ago really-simple-captcha.php 7 years ago recaptcha.php 7 years ago response.php 7 years ago select.php 7 years ago submit.php 7 years ago text.php 7 years ago textarea.php 7 years ago

really-simple-captcha.php

656 lines

1	<?php
2	/**
3	** A base module for [captchac] and [captchar]
4	**/
5
6	/* form_tag handler */
7
8	add_action( 'wpcf7_init', 'wpcf7_add_form_tag_captcha', 10, 0 );
9
10	function wpcf7_add_form_tag_captcha() {
11	// CAPTCHA-Challenge (image)
12	wpcf7_add_form_tag( 'captchac',
13	'wpcf7_captchac_form_tag_handler',
14	array(
15	'name-attr' => true,
16	'zero-controls-container' => true,
17	'not-for-mail' => true,
18	)
19	);
20
21	// CAPTCHA-Response (input)
22	wpcf7_add_form_tag( 'captchar',
23	'wpcf7_captchar_form_tag_handler',
24	array(
25	'name-attr' => true,
26	'do-not-store' => true,
27	'not-for-mail' => true,
28	)
29	);
30	}
31
32	function wpcf7_captchac_form_tag_handler( $tag ) {
33	if ( ! class_exists( 'ReallySimpleCaptcha' ) ) {
34	$error = sprintf(
35	/* translators: %s: link labeled 'Really Simple CAPTCHA' */
36	esc_html( __( "To use CAPTCHA, you need %s plugin installed.", 'contact-form-7' ) ),
37	wpcf7_link( 'https://wordpress.org/plugins/really-simple-captcha/', 'Really Simple CAPTCHA' ) );
38
39	return sprintf( '<em>%s</em>', $error );
40	}
41
42	if ( empty( $tag->name ) ) {
43	return '';
44	}
45
46	$class = wpcf7_form_controls_class( $tag->type );
47	$class .= ' wpcf7-captcha-' . $tag->name;
48
49	$atts = array();
50	$atts['class'] = $tag->get_class_option( $class );
51	$atts['id'] = $tag->get_id_option();
52
53	$op = array( // Default
54	'img_size' => array( 72, 24 ),
55	'base' => array( 6, 18 ),
56	'font_size' => 14,
57	'font_char_width' => 15,
58	);
59
60	$op = array_merge( $op, wpcf7_captchac_options( $tag->options ) );
61
62	if ( ! $filename = wpcf7_generate_captcha( $op ) ) {
63	return '';
64	}
65
66	if ( ! empty( $op['img_size'] ) ) {
67	if ( isset( $op['img_size'][0] ) ) {
68	$atts['width'] = $op['img_size'][0];
69	}
70
71	if ( isset( $op['img_size'][1] ) ) {
72	$atts['height'] = $op['img_size'][1];
73	}
74	}
75
76	$atts['alt'] = 'captcha';
77	$atts['src'] = wpcf7_captcha_url( $filename );
78
79	$atts = wpcf7_format_atts( $atts );
80
81	$prefix = substr( $filename, 0, strrpos( $filename, '.' ) );
82
83	$html = sprintf(
84	'<input type="hidden" name="_wpcf7_captcha_challenge_%1$s" value="%2$s" /><img %3$s />',
85	$tag->name, esc_attr( $prefix ), $atts );
86
87	return $html;
88	}
89
90	function wpcf7_captchar_form_tag_handler( $tag ) {
91	if ( empty( $tag->name ) ) {
92	return '';
93	}
94
95	$validation_error = wpcf7_get_validation_error( $tag->name );
96
97	$class = wpcf7_form_controls_class( $tag->type );
98
99	if ( $validation_error ) {
100	$class .= ' wpcf7-not-valid';
101	}
102
103	$atts = array();
104
105	$atts['size'] = $tag->get_size_option( '40' );
106	$atts['maxlength'] = $tag->get_maxlength_option();
107	$atts['minlength'] = $tag->get_minlength_option();
108
109	if ( $atts['maxlength'] and $atts['minlength']
110	and $atts['maxlength'] < $atts['minlength'] ) {
111	unset( $atts['maxlength'], $atts['minlength'] );
112	}
113
114	$atts['class'] = $tag->get_class_option( $class );
115	$atts['id'] = $tag->get_id_option();
116	$atts['tabindex'] = $tag->get_option( 'tabindex', 'signed_int', true );
117	$atts['autocomplete'] = 'off';
118	$atts['aria-invalid'] = $validation_error ? 'true' : 'false';
119
120	$value = (string) reset( $tag->values );
121
122	if ( wpcf7_is_posted() ) {
123	$value = '';
124	}
125
126	if ( $tag->has_option( 'placeholder' )
127	or $tag->has_option( 'watermark' ) ) {
128	$atts['placeholder'] = $value;
129	$value = '';
130	}
131
132	$atts['value'] = $value;
133	$atts['type'] = 'text';
134	$atts['name'] = $tag->name;
135
136	$atts = wpcf7_format_atts( $atts );
137
138	$html = sprintf(
139	'<span class="wpcf7-form-control-wrap %1$s"><input %2$s />%3$s</span>',
140	sanitize_html_class( $tag->name ), $atts, $validation_error );
141
142	return $html;
143	}
144
145
146	/* Validation filter */
147
148	add_filter( 'wpcf7_validate_captchar',
149	'wpcf7_captcha_validation_filter', 10, 2 );
150
151	function wpcf7_captcha_validation_filter( $result, $tag ) {
152	$type = $tag->type;
153	$name = $tag->name;
154
155	$captchac = '_wpcf7_captcha_challenge_' . $name;
156
157	$prefix = isset( $_POST[$captchac] ) ? (string) $_POST[$captchac] : '';
158	$response = isset( $_POST[$name] ) ? (string) $_POST[$name] : '';
159	$response = wpcf7_canonicalize( $response );
160
161	if ( 0 == strlen( $prefix )
162	or ! wpcf7_check_captcha( $prefix, $response ) ) {
163	$result->invalidate( $tag, wpcf7_get_message( 'captcha_not_match' ) );
164	}
165
166	if ( 0 != strlen( $prefix ) ) {
167	wpcf7_remove_captcha( $prefix );
168	}
169
170	return $result;
171	}
172
173
174	/* Ajax echo filter */
175
176	add_filter( 'wpcf7_ajax_onload', 'wpcf7_captcha_ajax_refill', 10, 1 );
177	add_filter( 'wpcf7_ajax_json_echo', 'wpcf7_captcha_ajax_refill', 10, 1 );
178
179	function wpcf7_captcha_ajax_refill( $items ) {
180	if ( ! is_array( $items ) ) {
181	return $items;
182	}
183
184	$tags = wpcf7_scan_form_tags( array( 'type' => 'captchac' ) );
185
186	if ( empty( $tags ) ) {
187	return $items;
188	}
189
190	$refill = array();
191
192	foreach ( $tags as $tag ) {
193	$name = $tag->name;
194	$options = $tag->options;
195
196	if ( empty( $name ) ) {
197	continue;
198	}
199
200	$op = wpcf7_captchac_options( $options );
201
202	if ( $filename = wpcf7_generate_captcha( $op ) ) {
203	$captcha_url = wpcf7_captcha_url( $filename );
204	$refill[$name] = $captcha_url;
205	}
206	}
207
208	if ( ! empty( $refill ) ) {
209	$items['captcha'] = $refill;
210	}
211
212	return $items;
213	}
214
215
216	/* Messages */
217
218	add_filter( 'wpcf7_messages', 'wpcf7_captcha_messages', 10, 1 );
219
220	function wpcf7_captcha_messages( $messages ) {
221	$messages = array_merge( $messages, array(
222	'captcha_not_match' => array(
223	'description' =>
224	__( "The code that sender entered does not match the CAPTCHA", 'contact-form-7' ),
225	'default' =>
226	__( 'Your entered code is incorrect.', 'contact-form-7' ),
227	),
228	) );
229
230	return $messages;
231	}
232
233
234	/* Tag generator */
235
236	add_action( 'wpcf7_admin_init', 'wpcf7_add_tag_generator_captcha', 46, 0 );
237
238	function wpcf7_add_tag_generator_captcha() {
239	if ( ! wpcf7_use_really_simple_captcha() ) {
240	return;
241	}
242
243	$tag_generator = WPCF7_TagGenerator::get_instance();
244	$tag_generator->add( 'captcha',
245	__( 'CAPTCHA (Really Simple CAPTCHA)', 'contact-form-7' ),
246	'wpcf7_tag_generator_captcha' );
247	}
248
249	function wpcf7_tag_generator_captcha( $contact_form, $args = '' ) {
250	$args = wp_parse_args( $args, array() );
251
252	if ( ! class_exists( 'ReallySimpleCaptcha' ) ) {
253	?>
254	<div class="control-box">
255	<fieldset>
256	<legend><?php
257	echo sprintf(
258	/* translators: %s: link labeled 'Really Simple CAPTCHA' */
259	esc_html( __( "To use CAPTCHA, you first need to install and activate %s plugin.", 'contact-form-7' ) ),
260	wpcf7_link( 'https://wordpress.org/plugins/really-simple-captcha/', 'Really Simple CAPTCHA' )
261	);
262	?></legend>
263	</fieldset>
264	</div>
265	<?php
266
267	return;
268	}
269
270	$description = __( "Generate form-tags for a CAPTCHA image and corresponding response input field. For more details, see %s.", 'contact-form-7' );
271
272	$desc_link = wpcf7_link( __( 'https://contactform7.com/captcha/', 'contact-form-7' ), __( 'CAPTCHA', 'contact-form-7' ) );
273
274	?>
275	<div class="control-box">
276	<fieldset>
277	<legend><?php echo sprintf( esc_html( $description ), $desc_link ); ?></legend>
278
279	<table class="form-table">
280	<tbody>
281	<tr>
282	<th scope="row"><label for="<?php echo esc_attr( $args['content'] . '-name' ); ?>"><?php echo esc_html( __( 'Name', 'contact-form-7' ) ); ?></label></th>
283	<td><input type="text" name="name" class="tg-name oneline" id="<?php echo esc_attr( $args['content'] . '-name' ); ?>" /></td>
284	</tr>
285	</tbody>
286	</table>
287
288	<table class="form-table scope captchac">
289	<caption><?php echo esc_html( __( "Image settings", 'contact-form-7' ) ); ?></caption>
290	<tbody>
291	<tr>
292	<th scope="row"><label for="<?php echo esc_attr( $args['content'] . '-captchac-id' ); ?>"><?php echo esc_html( __( 'Id attribute', 'contact-form-7' ) ); ?></label></th>
293	<td><input type="text" name="id" class="idvalue oneline option" id="<?php echo esc_attr( $args['content'] . '-captchac-id' ); ?>" /></td>
294	</tr>
295
296	<tr>
297	<th scope="row"><label for="<?php echo esc_attr( $args['content'] . '-captchac-class' ); ?>"><?php echo esc_html( __( 'Class attribute', 'contact-form-7' ) ); ?></label></th>
298	<td><input type="text" name="class" class="classvalue oneline option" id="<?php echo esc_attr( $args['content'] . '-captchac-class' ); ?>" /></td>
299	</tr>
300	</tbody>
301	</table>
302
303	<table class="form-table scope captchar">
304	<caption><?php echo esc_html( __( "Input field settings", 'contact-form-7' ) ); ?></caption>
305	<tbody>
306	<tr>
307	<th scope="row"><label for="<?php echo esc_attr( $args['content'] . '-captchar-id' ); ?>"><?php echo esc_html( __( 'Id attribute', 'contact-form-7' ) ); ?></label></th>
308	<td><input type="text" name="id" class="idvalue oneline option" id="<?php echo esc_attr( $args['content'] . '-captchar-id' ); ?>" /></td>
309	</tr>
310
311	<tr>
312	<th scope="row"><label for="<?php echo esc_attr( $args['content'] . '-captchar-class' ); ?>"><?php echo esc_html( __( 'Class attribute', 'contact-form-7' ) ); ?></label></th>
313	<td><input type="text" name="class" class="classvalue oneline option" id="<?php echo esc_attr( $args['content'] . '-captchar-class' ); ?>" /></td>
314	</tr>
315	</tbody>
316	</table>
317	</fieldset>
318	</div>
319
320	<div class="insert-box">
321	<input type="text" name="captcha" class="tag code" readonly="readonly" onfocus="this.select()" />
322
323	<div class="submitbox">
324	<input type="button" class="button button-primary insert-tag" value="<?php echo esc_attr( __( 'Insert Tag', 'contact-form-7' ) ); ?>" />
325	</div>
326	</div>
327	<?php
328	}
329
330
331	/* Warning message */
332
333	add_action( 'wpcf7_admin_warnings',
334	'wpcf7_captcha_display_warning_message', 10, 3 );
335
336	function wpcf7_captcha_display_warning_message( $page, $action, $object ) {
337	if ( $object instanceof WPCF7_ContactForm ) {
338	$contact_form = $object;
339	} else {
340	return;
341	}
342
343	$has_tags = (bool) $contact_form->scan_form_tags(
344	array( 'type' => array( 'captchac' ) ) );
345
346	if ( ! $has_tags ) {
347	return;
348	}
349
350	if ( ! class_exists( 'ReallySimpleCaptcha' ) ) {
351	return;
352	}
353
354	$uploads_dir = wpcf7_captcha_tmp_dir();
355	wpcf7_init_captcha();
356
357	if ( ! is_dir( $uploads_dir )
358	or ! wp_is_writable( $uploads_dir ) ) {
359	$message = sprintf( __( 'This contact form contains CAPTCHA fields, but the temporary folder for the files (%s) does not exist or is not writable. You can create the folder or change its permission manually.', 'contact-form-7' ), $uploads_dir );
360
361	echo '<div class="notice notice-warning"><p>' . esc_html( $message ) . '</p></div>';
362	}
363
364	if ( ! function_exists( 'imagecreatetruecolor' )
365	or ! function_exists( 'imagettftext' ) ) {
366	$message = __( "This contact form contains CAPTCHA fields, but the necessary libraries (GD and FreeType) are not available on your server.", 'contact-form-7' );
367
368	echo '<div class="notice notice-warning"><p>' . esc_html( $message ) . '</p></div>';
369	}
370	}
371
372
373	/* CAPTCHA functions */
374
375	function wpcf7_init_captcha() {
376	static $captcha = null;
377
378	if ( $captcha ) {
379	return $captcha;
380	}
381
382	if ( class_exists( 'ReallySimpleCaptcha' ) ) {
383	$captcha = new ReallySimpleCaptcha();
384	} else {
385	return false;
386	}
387
388	$dir = trailingslashit( wpcf7_captcha_tmp_dir() );
389
390	$captcha->tmp_dir = $dir;
391
392	if ( is_callable( array( $captcha, 'make_tmp_dir' ) ) ) {
393	$result = $captcha->make_tmp_dir();
394
395	if ( ! $result ) {
396	return false;
397	}
398
399	return $captcha;
400	}
401
402	if ( wp_mkdir_p( $dir ) ) {
403	$htaccess_file = path_join( $dir, '.htaccess' );
404
405	if ( file_exists( $htaccess_file ) ) {
406	return $captcha;
407	}
408
409	if ( $handle = fopen( $htaccess_file, 'w' ) ) {
410	fwrite( $handle, 'Order deny,allow' . "\n" );
411	fwrite( $handle, 'Deny from all' . "\n" );
412	fwrite( $handle, '<Files ~ "^[0-9A-Za-z]+\\.(jpeg\|gif\|png)$">' . "\n" );
413	fwrite( $handle, ' Allow from all' . "\n" );
414	fwrite( $handle, '</Files>' . "\n" );
415	fclose( $handle );
416	}
417	} else {
418	return false;
419	}
420
421	return $captcha;
422	}
423
424	function wpcf7_captcha_tmp_dir() {
425	if ( defined( 'WPCF7_CAPTCHA_TMP_DIR' ) ) {
426	return WPCF7_CAPTCHA_TMP_DIR;
427	} else {
428	return path_join( wpcf7_upload_dir( 'dir' ), 'wpcf7_captcha' );
429	}
430	}
431
432	function wpcf7_captcha_tmp_url() {
433	if ( defined( 'WPCF7_CAPTCHA_TMP_URL' ) ) {
434	return WPCF7_CAPTCHA_TMP_URL;
435	} else {
436	return path_join( wpcf7_upload_dir( 'url' ), 'wpcf7_captcha' );
437	}
438	}
439
440	function wpcf7_captcha_url( $filename ) {
441	$url = path_join( wpcf7_captcha_tmp_url(), $filename );
442
443	if ( is_ssl()
444	and 'http:' == substr( $url, 0, 5 ) ) {
445	$url = 'https:' . substr( $url, 5 );
446	}
447
448	return apply_filters( 'wpcf7_captcha_url', esc_url_raw( $url ) );
449	}
450
451	function wpcf7_generate_captcha( $options = null ) {
452	if ( ! $captcha = wpcf7_init_captcha() ) {
453	return false;
454	}
455
456	if ( ! is_dir( $captcha->tmp_dir )
457	or ! wp_is_writable( $captcha->tmp_dir ) ) {
458	return false;
459	}
460
461	$img_type = imagetypes();
462
463	if ( $img_type & IMG_PNG ) {
464	$captcha->img_type = 'png';
465	} elseif ( $img_type & IMG_GIF ) {
466	$captcha->img_type = 'gif';
467	} elseif ( $img_type & IMG_JPG ) {
468	$captcha->img_type = 'jpeg';
469	} else {
470	return false;
471	}
472
473	if ( is_array( $options ) ) {
474	if ( isset( $options['img_size'] ) ) {
475	$captcha->img_size = $options['img_size'];
476	}
477
478	if ( isset( $options['base'] ) ) {
479	$captcha->base = $options['base'];
480	}
481
482	if ( isset( $options['font_size'] ) ) {
483	$captcha->font_size = $options['font_size'];
484	}
485
486	if ( isset( $options['font_char_width'] ) ) {
487	$captcha->font_char_width = $options['font_char_width'];
488	}
489
490	if ( isset( $options['fg'] ) ) {
491	$captcha->fg = $options['fg'];
492	}
493
494	if ( isset( $options['bg'] ) ) {
495	$captcha->bg = $options['bg'];
496	}
497	}
498
499	$prefix = wp_rand();
500	$captcha_word = $captcha->generate_random_word();
501	return $captcha->generate_image( $prefix, $captcha_word );
502	}
503
504	function wpcf7_check_captcha( $prefix, $response ) {
505	if ( ! $captcha = wpcf7_init_captcha() ) {
506	return false;
507	}
508
509	return $captcha->check( $prefix, $response );
510	}
511
512	function wpcf7_remove_captcha( $prefix ) {
513	if ( ! $captcha = wpcf7_init_captcha() ) {
514	return false;
515	}
516
517	// Contact Form 7 generates $prefix with wp_rand()
518	if ( preg_match( '/[^0-9]/', $prefix ) ) {
519	return false;
520	}
521
522	$captcha->remove( $prefix );
523	}
524
525	add_action( 'template_redirect', 'wpcf7_cleanup_captcha_files', 20, 0 );
526
527	function wpcf7_cleanup_captcha_files() {
528	if ( ! $captcha = wpcf7_init_captcha() ) {
529	return false;
530	}
531
532	if ( is_callable( array( $captcha, 'cleanup' ) ) ) {
533	return $captcha->cleanup();
534	}
535
536	$dir = trailingslashit( wpcf7_captcha_tmp_dir() );
537
538	if ( ! is_dir( $dir )
539	or ! is_readable( $dir )
540	or ! wp_is_writable( $dir ) ) {
541	return false;
542	}
543
544	if ( $handle = opendir( $dir ) ) {
545	while ( false !== ( $file = readdir( $handle ) ) ) {
546	if ( ! preg_match( '/^[0-9]+\.(php\|txt\|png\|gif\|jpeg)$/', $file ) ) {
547	continue;
548	}
549
550	$stat = stat( path_join( $dir, $file ) );
551
552	if ( $stat['mtime'] + 3600 < time() ) { // 3600 secs == 1 hour
553	@unlink( path_join( $dir, $file ) );
554	}
555	}
556
557	closedir( $handle );
558	}
559	}
560
561	function wpcf7_captchac_options( $options ) {
562	if ( ! is_array( $options ) ) {
563	return array();
564	}
565
566	$op = array();
567	$image_size_array = preg_grep( '%^size:[smlSML]$%', $options );
568
569	if ( $image_size = array_shift( $image_size_array ) ) {
570	preg_match( '%^size:([smlSML])$%', $image_size, $is_matches );
571
572	switch ( strtolower( $is_matches[1] ) ) {
573	case 's':
574	$op['img_size'] = array( 60, 20 );
575	$op['base'] = array( 6, 15 );
576	$op['font_size'] = 11;
577	$op['font_char_width'] = 13;
578	break;
579	case 'l':
580	$op['img_size'] = array( 84, 28 );
581	$op['base'] = array( 6, 20 );
582	$op['font_size'] = 17;
583	$op['font_char_width'] = 19;
584	break;
585	case 'm':
586	default:
587	$op['img_size'] = array( 72, 24 );
588	$op['base'] = array( 6, 18 );
589	$op['font_size'] = 14;
590	$op['font_char_width'] = 15;
591	}
592	}
593
594	$fg_color_array = preg_grep(
595	'%^fg:#([0-9a-fA-F]{3}\|[0-9a-fA-F]{6})$%', $options );
596
597	if ( $fg_color = array_shift( $fg_color_array ) ) {
598	preg_match( '%^fg:#([0-9a-fA-F]{3}\|[0-9a-fA-F]{6})$%',
599	$fg_color, $fc_matches );
600
601	if ( 3 == strlen( $fc_matches[1] ) ) {
602	$r = substr( $fc_matches[1], 0, 1 );
603	$g = substr( $fc_matches[1], 1, 1 );
604	$b = substr( $fc_matches[1], 2, 1 );
605
606	$op['fg'] = array(
607	hexdec( $r . $r ),
608	hexdec( $g . $g ),
609	hexdec( $b . $b ),
610	);
611	} elseif ( 6 == strlen( $fc_matches[1] ) ) {
612	$r = substr( $fc_matches[1], 0, 2 );
613	$g = substr( $fc_matches[1], 2, 2 );
614	$b = substr( $fc_matches[1], 4, 2 );
615
616	$op['fg'] = array(
617	hexdec( $r ),
618	hexdec( $g ),
619	hexdec( $b ),
620	);
621	}
622	}
623
624	$bg_color_array = preg_grep(
625	'%^bg:#([0-9a-fA-F]{3}\|[0-9a-fA-F]{6})$%', $options );
626
627	if ( $bg_color = array_shift( $bg_color_array ) ) {
628	preg_match( '%^bg:#([0-9a-fA-F]{3}\|[0-9a-fA-F]{6})$%',
629	$bg_color, $bc_matches );
630
631	if ( 3 == strlen( $bc_matches[1] ) ) {
632	$r = substr( $bc_matches[1], 0, 1 );
633	$g = substr( $bc_matches[1], 1, 1 );
634	$b = substr( $bc_matches[1], 2, 1 );
635
636	$op['bg'] = array(
637	hexdec( $r . $r ),
638	hexdec( $g . $g ),
639	hexdec( $b . $b ),
640	);
641	} elseif ( 6 == strlen( $bc_matches[1] ) ) {
642	$r = substr( $bc_matches[1], 0, 2 );
643	$g = substr( $bc_matches[1], 2, 2 );
644	$b = substr( $bc_matches[1], 4, 2 );
645
646	$op['bg'] = array(
647	hexdec( $r ),
648	hexdec( $g ),
649	hexdec( $b ),
650	);
651	}
652	}
653
654	return $op;
655	}
656