diff options
Diffstat (limited to 'framework/Web/UI/WebControls/TCaptchaValidator.php')
-rw-r--r-- | framework/Web/UI/WebControls/TCaptchaValidator.php | 254 |
1 files changed, 127 insertions, 127 deletions
diff --git a/framework/Web/UI/WebControls/TCaptchaValidator.php b/framework/Web/UI/WebControls/TCaptchaValidator.php index 9eca42fb..23943971 100644 --- a/framework/Web/UI/WebControls/TCaptchaValidator.php +++ b/framework/Web/UI/WebControls/TCaptchaValidator.php @@ -1,127 +1,127 @@ -<?php
-/**
- * TCaptchaValidator class file
- *
- * @author Qiang Xue <qiang.xue@gmail.com>
- * @link http://www.pradosoft.com/
- * @copyright Copyright © 2005-2012 PradoSoft
- * @license http://www.pradosoft.com/license/
- * @version $Id$
- * @package System.Web.UI.WebControls
- */
-
-Prado::using('System.Web.UI.WebControls.TBaseValidator');
-Prado::using('System.Web.UI.WebControls.TCaptcha');
-
-/**
- * TCaptchaValidator class
- *
- * Notice: while this class is easy to use and implement, it does not provide full security.
- * In fact, it's easy to bypass the checks reusing old, already-validated tokens (reply attack).
- * A better alternative is provided by {@link TReCaptchaValidator}.
- *
- * TCaptchaValidator validates user input against a CAPTCHA represented by
- * a {@link TCaptcha} control. The input control fails validation if its value
- * is not the same as the token displayed in CAPTCHA. Note, if the user does
- * not enter any thing, it is still considered as failing the validation.
- *
- * To use TCaptchaValidator, specify the {@link setControlToValidate ControlToValidate}
- * to be the ID path of the input control (usually a {@link TTextBox} control}.
- * Also specify the {@link setCaptchaControl CaptchaControl} to be the ID path of
- * the CAPTCHA control that the user input should be compared with.
- *
- * @author Qiang Xue <qiang.xue@gmail.com>
- * @version $Id$
- * @package System.Web.UI.WebControls
- * @since 3.1.1
- */
-class TCaptchaValidator extends TBaseValidator
-{
- /**
- * Gets the name of the javascript class responsible for performing validation for this control.
- * This method overrides the parent implementation.
- * @return string the javascript class name
- */
- protected function getClientClassName()
- {
- return 'Prado.WebUI.TCaptchaValidator';
- }
-
- /**
- * @return string the ID path of the CAPTCHA control to validate
- */
- public function getCaptchaControl()
- {
- return $this->getViewState('CaptchaControl','');
- }
-
- /**
- * Sets the ID path of the CAPTCHA control to validate.
- * The ID path is the dot-connected IDs of the controls reaching from
- * the validator's naming container to the target control.
- * @param string the ID path
- */
- public function setCaptchaControl($value)
- {
- $this->setViewState('CaptchaControl',TPropertyValue::ensureString($value),'');
- }
-
- /**
- * This method overrides the parent's implementation.
- * The validation succeeds if the input control has the same value
- * as the one displayed in the corresponding CAPTCHA control.
- *
- * @return boolean whether the validation succeeds
- */
- protected function evaluateIsValid()
- {
- $value=$this->getValidationValue($this->getValidationTarget());
- $control=$this->findCaptchaControl();
- return $control->validate(trim($value));
- }
-
- /**
- * @return TCaptchaControl the CAPTCHA control to be validated against
- * @throws TConfigurationException if the CAPTCHA cannot be found according to {@link setCaptchaControl CaptchaControl}
- */
- protected function findCaptchaControl()
- {
- if(($id=$this->getCaptchaControl())==='')
- throw new TConfigurationException('captchavalidator_captchacontrol_required');
- else if(($control=$this->findControl($id))===null)
- throw new TConfigurationException('captchavalidator_captchacontrol_inexistent',$id);
- else if(!($control instanceof TCaptcha))
- throw new TConfigurationException('captchavalidator_captchacontrol_invalid',$id);
- else
- return $control;
- }
-
- /**
- * Returns an array of javascript validator options.
- * @return array javascript validator options.
- */
- protected function getClientScriptOptions()
- {
- $options=parent::getClientScriptOptions();
- $control=$this->findCaptchaControl();
- if($control->getCaseSensitive())
- {
- $options['TokenHash']=$this->generateTokenHash($control->getToken());
- $options['CaseSensitive']=true;
- }
- else
- {
- $options['TokenHash']=$this->generateTokenHash(strtoupper($control->getToken()));
- $options['CaseSensitive']=false;
- }
- return $options;
- }
-
- private function generateTokenHash($token)
- {
- for($h=0,$i=strlen($token)-1;$i>=0;--$i)
- $h+=ord($token[$i]);
- return $h;
- }
-}
-
+<?php +/** + * TCaptchaValidator class file + * + * @author Qiang Xue <qiang.xue@gmail.com> + * @link http://www.pradosoft.com/ + * @copyright Copyright © 2005-2012 PradoSoft + * @license http://www.pradosoft.com/license/ + * @version $Id$ + * @package System.Web.UI.WebControls + */ + +Prado::using('System.Web.UI.WebControls.TBaseValidator'); +Prado::using('System.Web.UI.WebControls.TCaptcha'); + +/** + * TCaptchaValidator class + * + * Notice: while this class is easy to use and implement, it does not provide full security. + * In fact, it's easy to bypass the checks reusing old, already-validated tokens (reply attack). + * A better alternative is provided by {@link TReCaptchaValidator}. + * + * TCaptchaValidator validates user input against a CAPTCHA represented by + * a {@link TCaptcha} control. The input control fails validation if its value + * is not the same as the token displayed in CAPTCHA. Note, if the user does + * not enter any thing, it is still considered as failing the validation. + * + * To use TCaptchaValidator, specify the {@link setControlToValidate ControlToValidate} + * to be the ID path of the input control (usually a {@link TTextBox} control}. + * Also specify the {@link setCaptchaControl CaptchaControl} to be the ID path of + * the CAPTCHA control that the user input should be compared with. + * + * @author Qiang Xue <qiang.xue@gmail.com> + * @version $Id$ + * @package System.Web.UI.WebControls + * @since 3.1.1 + */ +class TCaptchaValidator extends TBaseValidator +{ + /** + * Gets the name of the javascript class responsible for performing validation for this control. + * This method overrides the parent implementation. + * @return string the javascript class name + */ + protected function getClientClassName() + { + return 'Prado.WebUI.TCaptchaValidator'; + } + + /** + * @return string the ID path of the CAPTCHA control to validate + */ + public function getCaptchaControl() + { + return $this->getViewState('CaptchaControl',''); + } + + /** + * Sets the ID path of the CAPTCHA control to validate. + * The ID path is the dot-connected IDs of the controls reaching from + * the validator's naming container to the target control. + * @param string the ID path + */ + public function setCaptchaControl($value) + { + $this->setViewState('CaptchaControl',TPropertyValue::ensureString($value),''); + } + + /** + * This method overrides the parent's implementation. + * The validation succeeds if the input control has the same value + * as the one displayed in the corresponding CAPTCHA control. + * + * @return boolean whether the validation succeeds + */ + protected function evaluateIsValid() + { + $value=$this->getValidationValue($this->getValidationTarget()); + $control=$this->findCaptchaControl(); + return $control->validate(trim($value)); + } + + /** + * @return TCaptchaControl the CAPTCHA control to be validated against + * @throws TConfigurationException if the CAPTCHA cannot be found according to {@link setCaptchaControl CaptchaControl} + */ + protected function findCaptchaControl() + { + if(($id=$this->getCaptchaControl())==='') + throw new TConfigurationException('captchavalidator_captchacontrol_required'); + else if(($control=$this->findControl($id))===null) + throw new TConfigurationException('captchavalidator_captchacontrol_inexistent',$id); + else if(!($control instanceof TCaptcha)) + throw new TConfigurationException('captchavalidator_captchacontrol_invalid',$id); + else + return $control; + } + + /** + * Returns an array of javascript validator options. + * @return array javascript validator options. + */ + protected function getClientScriptOptions() + { + $options=parent::getClientScriptOptions(); + $control=$this->findCaptchaControl(); + if($control->getCaseSensitive()) + { + $options['TokenHash']=$this->generateTokenHash($control->getToken()); + $options['CaseSensitive']=true; + } + else + { + $options['TokenHash']=$this->generateTokenHash(strtoupper($control->getToken())); + $options['CaseSensitive']=false; + } + return $options; + } + + private function generateTokenHash($token) + { + for($h=0,$i=strlen($token)-1;$i>=0;--$i) + $h+=ord($token[$i]); + return $h; + } +} + |