blob: f2ff4dccf143e7e2379155c0e48a1c873fbfd8f2 [file] [log] [blame]
Andrey Andreevc5536aa2012-11-01 17:33:58 +02001<?php
Derek Jonesb41032d2010-03-05 11:22:45 -06002/**
3 * CodeIgniter
4 *
Andrey Andreevfe9309d2015-01-09 17:48:58 +02005 * An open source application development framework for PHP
Derek Jonesb41032d2010-03-05 11:22:45 -06006 *
Andrey Andreevbdb96ca2014-10-28 00:13:31 +02007 * This content is released under the MIT License (MIT)
Andrey Andreevf1b43d42012-01-06 14:41:50 +02008 *
Andrey Andreev125ef472016-01-11 12:33:00 +02009 * Copyright (c) 2014 - 2016, British Columbia Institute of Technology
Andrey Andreevf1b43d42012-01-06 14:41:50 +020010 *
Andrey Andreevbdb96ca2014-10-28 00:13:31 +020011 * Permission is hereby granted, free of charge, to any person obtaining a copy
12 * of this software and associated documentation files (the "Software"), to deal
13 * in the Software without restriction, including without limitation the rights
14 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
15 * copies of the Software, and to permit persons to whom the Software is
16 * furnished to do so, subject to the following conditions:
Derek Jonesf4a4bd82011-10-20 12:18:42 -050017 *
Andrey Andreevbdb96ca2014-10-28 00:13:31 +020018 * The above copyright notice and this permission notice shall be included in
19 * all copies or substantial portions of the Software.
20 *
21 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
22 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
23 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
24 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
25 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
26 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
27 * THE SOFTWARE.
28 *
29 * @package CodeIgniter
30 * @author EllisLab Dev Team
Andrey Andreev1924e872016-01-11 12:55:34 +020031 * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/)
Andrey Andreev125ef472016-01-11 12:33:00 +020032 * @copyright Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/)
Andrey Andreevbdb96ca2014-10-28 00:13:31 +020033 * @license http://opensource.org/licenses/MIT MIT License
Andrey Andreevbd202c92016-01-11 12:50:18 +020034 * @link https://codeigniter.com
Andrey Andreevbdb96ca2014-10-28 00:13:31 +020035 * @since Version 1.0.0
Derek Jonesb41032d2010-03-05 11:22:45 -060036 * @filesource
37 */
Andrey Andreevc5536aa2012-11-01 17:33:58 +020038defined('BASEPATH') OR exit('No direct script access allowed');
Derek Jonesb41032d2010-03-05 11:22:45 -060039
Derek Jonesb41032d2010-03-05 11:22:45 -060040/**
41 * CodeIgniter CAPTCHA Helper
42 *
43 * @package CodeIgniter
44 * @subpackage Helpers
45 * @category Helpers
Derek Jonesf4a4bd82011-10-20 12:18:42 -050046 * @author EllisLab Dev Team
Andrey Andreevbd202c92016-01-11 12:50:18 +020047 * @link https://codeigniter.com/user_guide/helpers/captcha_helper.html
Derek Jonesb41032d2010-03-05 11:22:45 -060048 */
49
50// ------------------------------------------------------------------------
51
Derek Jonesb41032d2010-03-05 11:22:45 -060052if ( ! function_exists('create_captcha'))
53{
Timothy Warren01b129a2012-04-27 11:36:50 -040054 /**
55 * Create CAPTCHA
56 *
Andrey Andreev8963f402013-07-18 16:02:47 +030057 * @param array $data data for the CAPTCHA
58 * @param string $img_path path to create the image in
59 * @param string $img_url URL to the CAPTCHA image folder
60 * @param string $font_path server path to font
Timothy Warren01b129a2012-04-27 11:36:50 -040061 * @return string
62 */
Derek Jonesb41032d2010-03-05 11:22:45 -060063 function create_captcha($data = '', $img_path = '', $img_url = '', $font_path = '')
Barry Mienydd671972010-10-04 16:33:58 +020064 {
Andrey Andreev8963f402013-07-18 16:02:47 +030065 $defaults = array(
66 'word' => '',
67 'img_path' => '',
68 'img_url' => '',
69 'img_width' => '150',
70 'img_height' => '30',
71 'font_path' => '',
72 'expiration' => 7200,
73 'word_length' => 8,
Preethambfa16442014-11-12 10:26:24 -050074 'font_size' => 16,
Preethame2913652014-12-04 21:01:52 -050075 'img_id' => '',
Andrey Andreev8963f402013-07-18 16:02:47 +030076 'pool' => '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ',
77 'colors' => array(
78 'background' => array(255,255,255),
79 'border' => array(153,102,102),
80 'text' => array(204,153,153),
81 'grid' => array(255,182,182)
82 )
83 );
Barry Mienydd671972010-10-04 16:33:58 +020084
Derek Jonesb41032d2010-03-05 11:22:45 -060085 foreach ($defaults as $key => $val)
86 {
Andrey Andreeva7209612012-03-26 21:55:43 +030087 if ( ! is_array($data) && empty($$key))
Derek Jonesb41032d2010-03-05 11:22:45 -060088 {
Andrey Andreevf1b43d42012-01-06 14:41:50 +020089 $$key = $val;
Derek Jonesb41032d2010-03-05 11:22:45 -060090 }
91 else
Barry Mienydd671972010-10-04 16:33:58 +020092 {
Andrey Andreeva7209612012-03-26 21:55:43 +030093 $$key = isset($data[$key]) ? $data[$key] : $val;
Derek Jonesb41032d2010-03-05 11:22:45 -060094 }
95 }
Barry Mienydd671972010-10-04 16:33:58 +020096
Alex Bilbie773ccc32012-06-02 11:11:08 +010097 if ($img_path === '' OR $img_url === ''
Andrey Andreev382b5132014-02-26 18:41:59 +020098 OR ! is_dir($img_path) OR ! is_really_writable($img_path)
Andrey Andreev4f2933d2012-01-08 06:49:49 +020099 OR ! extension_loaded('gd'))
Derek Jonesb41032d2010-03-05 11:22:45 -0600100 {
101 return FALSE;
Barry Mienydd671972010-10-04 16:33:58 +0200102 }
103
Derek Jonesb41032d2010-03-05 11:22:45 -0600104 // -----------------------------------
Barry Mienydd671972010-10-04 16:33:58 +0200105 // Remove old images
Derek Jonesb41032d2010-03-05 11:22:45 -0600106 // -----------------------------------
Barry Mienydd671972010-10-04 16:33:58 +0200107
Michiel Vugteveenc2659b82012-03-07 21:34:52 +0100108 $now = microtime(TRUE);
Barry Mienydd671972010-10-04 16:33:58 +0200109
Derek Jonesb41032d2010-03-05 11:22:45 -0600110 $current_dir = @opendir($img_path);
Pascal Kriete45e3cdf2011-02-14 13:26:20 -0500111 while ($filename = @readdir($current_dir))
Derek Jonesb41032d2010-03-05 11:22:45 -0600112 {
Andrey Andreev7e669e62016-09-30 12:23:03 +0300113 if (in_array(substr($filename, -4), array('.jpg', '.png'))
114 && (str_replace(array('.jpg', '.png'), '', $filename) + $expiration) < $now)
Derek Jonesb41032d2010-03-05 11:22:45 -0600115 {
Andrey Andreevf1b43d42012-01-06 14:41:50 +0200116 @unlink($img_path.$filename);
Derek Jonesb41032d2010-03-05 11:22:45 -0600117 }
118 }
Barry Mienydd671972010-10-04 16:33:58 +0200119
Derek Jonesb41032d2010-03-05 11:22:45 -0600120 @closedir($current_dir);
121
122 // -----------------------------------
123 // Do we have a "word" yet?
124 // -----------------------------------
Barry Mienydd671972010-10-04 16:33:58 +0200125
Andrey Andreev97088552013-02-08 21:53:20 +0200126 if (empty($word))
Andrey Andreevf1b43d42012-01-06 14:41:50 +0200127 {
Andrey Andreevf1b43d42012-01-06 14:41:50 +0200128 $word = '';
Andrey Andreevf8deea52015-10-23 13:49:21 +0300129 $pool_length = strlen($pool);
130 $rand_max = $pool_length - 1;
131
132 // PHP7 or a suitable polyfill
133 if (function_exists('random_int'))
Derek Jonesb41032d2010-03-05 11:22:45 -0600134 {
Andrey Andreevf8deea52015-10-23 13:49:21 +0300135 try
136 {
137 for ($i = 0; $i < $word_length; $i++)
138 {
139 $word .= $pool[random_int(0, $rand_max)];
140 }
141 }
142 catch (Exception $e)
143 {
144 // This means fallback to the next possible
145 // alternative to random_int()
146 $word = '';
147 }
148 }
149 }
150
151 if (empty($word))
152 {
153 // Nobody will have a larger character pool than
154 // 256 characters, but let's handle it just in case ...
155 //
156 // No, I do not care that the fallback to mt_rand() can
157 // handle it; if you trigger this, you're very obviously
158 // trying to break it. -- Narf
159 if ($pool_length > 256)
160 {
161 return FALSE;
162 }
163
164 // We'll try using the operating system's PRNG first,
165 // which we can access through CI_Security::get_random_bytes()
166 $security = get_instance()->security;
167
168 // To avoid numerous get_random_bytes() calls, we'll
169 // just try fetching as much bytes as we need at once.
170 if (($bytes = $security->get_random_bytes($pool_length)) !== FALSE)
171 {
172 $byte_index = $word_index = 0;
173 while ($word_index < $word_length)
174 {
Andrey Andreevec9e96e2016-02-04 14:43:46 +0200175 // Do we have more random data to use?
176 // It could be exhausted by previous iterations
177 // ignoring bytes higher than $rand_max.
178 if ($byte_index === $pool_length)
179 {
180 // No failures should be possible if the
181 // first get_random_bytes() call didn't
182 // return FALSE, but still ...
183 for ($i = 0; $i < 5; $i++)
184 {
185 if (($bytes = $security->get_random_bytes($pool_length)) === FALSE)
186 {
187 continue;
188 }
189
190 $byte_index = 0;
191 break;
192 }
193
194 if ($bytes === FALSE)
195 {
196 // Sadly, this means fallback to mt_rand()
197 $word = '';
198 break;
199 }
200 }
201
Andrey Andreev2fe1a232015-11-09 11:24:19 +0200202 list(, $rand_index) = unpack('C', $bytes[$byte_index++]);
203 if ($rand_index > $rand_max)
Andrey Andreevf8deea52015-10-23 13:49:21 +0300204 {
Andrey Andreevf8deea52015-10-23 13:49:21 +0300205 continue;
206 }
207
208 $word .= $pool[$rand_index];
209 $word_index++;
210 }
211 }
212 }
213
214 if (empty($word))
215 {
216 for ($i = 0; $i < $word_length; $i++)
217 {
218 $word .= $pool[mt_rand(0, $rand_max)];
Derek Jonesb41032d2010-03-05 11:22:45 -0600219 }
Andrey Andreevf1b43d42012-01-06 14:41:50 +0200220 }
Andrey Andreev97088552013-02-08 21:53:20 +0200221 elseif ( ! is_string($word))
222 {
223 $word = (string) $word;
224 }
Barry Mienydd671972010-10-04 16:33:58 +0200225
Derek Jonesb41032d2010-03-05 11:22:45 -0600226 // -----------------------------------
Barry Mienydd671972010-10-04 16:33:58 +0200227 // Determine angle and position
Derek Jonesb41032d2010-03-05 11:22:45 -0600228 // -----------------------------------
Derek Jonesb41032d2010-03-05 11:22:45 -0600229 $length = strlen($word);
vlakoff3a3d5f62013-10-17 22:22:16 +0200230 $angle = ($length >= 6) ? mt_rand(-($length-6), ($length-6)) : 0;
231 $x_axis = mt_rand(6, (360/$length)-16);
232 $y_axis = ($angle >= 0) ? mt_rand($img_height, $img_width) : mt_rand(6, $img_height);
Barry Mienydd671972010-10-04 16:33:58 +0200233
Derek Jonesb41032d2010-03-05 11:22:45 -0600234 // Create image
Derek Jonesb41032d2010-03-05 11:22:45 -0600235 // PHP.net recommends imagecreatetruecolor(), but it isn't always available
Andrey Andreev4f2933d2012-01-08 06:49:49 +0200236 $im = function_exists('imagecreatetruecolor')
237 ? imagecreatetruecolor($img_width, $img_height)
238 : imagecreate($img_width, $img_height);
Barry Mienydd671972010-10-04 16:33:58 +0200239
Derek Jonesb41032d2010-03-05 11:22:45 -0600240 // -----------------------------------
Derek Jones37f4b9c2011-07-01 17:56:50 -0500241 // Assign colors
Andrey Andreev8963f402013-07-18 16:02:47 +0300242 // ----------------------------------
Derek Jonesb41032d2010-03-05 11:22:45 -0600243
Andrey Andreev8963f402013-07-18 16:02:47 +0300244 is_array($colors) OR $colors = $defaults['colors'];
245
Andrey Andreev53fd6882013-07-26 02:14:09 +0300246 foreach (array_keys($defaults['colors']) as $key)
Andrey Andreev8963f402013-07-18 16:02:47 +0300247 {
248 // Check for a possible missing value
249 is_array($colors[$key]) OR $colors[$key] = $defaults['colors'][$key];
250 $colors[$key] = imagecolorallocate($im, $colors[$key][0], $colors[$key][1], $colors[$key][2]);
251 }
252
253 // Create the rectangle
254 ImageFilledRectangle($im, 0, 0, $img_width, $img_height, $colors['background']);
Barry Mienydd671972010-10-04 16:33:58 +0200255
Derek Jonesb41032d2010-03-05 11:22:45 -0600256 // -----------------------------------
Derek Jones37f4b9c2011-07-01 17:56:50 -0500257 // Create the spiral pattern
Derek Jonesb41032d2010-03-05 11:22:45 -0600258 // -----------------------------------
Derek Jonesb41032d2010-03-05 11:22:45 -0600259 $theta = 1;
260 $thetac = 7;
261 $radius = 16;
262 $circles = 20;
263 $points = 32;
264
Andrey Andreev3419db12012-03-26 22:00:07 +0300265 for ($i = 0, $cp = ($circles * $points) - 1; $i < $cp; $i++)
Derek Jonesb41032d2010-03-05 11:22:45 -0600266 {
Andrey Andreevf1b43d42012-01-06 14:41:50 +0200267 $theta += $thetac;
268 $rad = $radius * ($i / $points);
Derek Jonesb41032d2010-03-05 11:22:45 -0600269 $x = ($rad * cos($theta)) + $x_axis;
270 $y = ($rad * sin($theta)) + $y_axis;
Andrey Andreevf1b43d42012-01-06 14:41:50 +0200271 $theta += $thetac;
Derek Jonesb41032d2010-03-05 11:22:45 -0600272 $rad1 = $radius * (($i + 1) / $points);
273 $x1 = ($rad1 * cos($theta)) + $x_axis;
Andrey Andreevf1b43d42012-01-06 14:41:50 +0200274 $y1 = ($rad1 * sin($theta)) + $y_axis;
Andrey Andreev8963f402013-07-18 16:02:47 +0300275 imageline($im, $x, $y, $x1, $y1, $colors['grid']);
Andrey Andreevf1b43d42012-01-06 14:41:50 +0200276 $theta -= $thetac;
Derek Jonesb41032d2010-03-05 11:22:45 -0600277 }
278
279 // -----------------------------------
Derek Jones37f4b9c2011-07-01 17:56:50 -0500280 // Write the text
Derek Jonesb41032d2010-03-05 11:22:45 -0600281 // -----------------------------------
Barry Mienydd671972010-10-04 16:33:58 +0200282
Alex Bilbie773ccc32012-06-02 11:11:08 +0100283 $use_font = ($font_path !== '' && file_exists($font_path) && function_exists('imagettftext'));
Andrey Andreev7203d542012-03-08 01:42:59 +0200284 if ($use_font === FALSE)
Derek Jonesb41032d2010-03-05 11:22:45 -0600285 {
Preethambfa16442014-11-12 10:26:24 -0500286 ($font_size > 5) && $font_size = 5;
vlakoff3a3d5f62013-10-17 22:22:16 +0200287 $x = mt_rand(0, $img_width / ($length / 3));
Derek Jonesb41032d2010-03-05 11:22:45 -0600288 $y = 0;
289 }
290 else
291 {
Preetham83aeef12014-11-12 08:36:35 -0500292 ($font_size > 30) && $font_size = 30;
vlakoff3a3d5f62013-10-17 22:22:16 +0200293 $x = mt_rand(0, $img_width / ($length / 1.5));
Andrey Andreev7203d542012-03-08 01:42:59 +0200294 $y = $font_size + 2;
Derek Jonesb41032d2010-03-05 11:22:45 -0600295 }
296
Andrey Andreevf1b43d42012-01-06 14:41:50 +0200297 for ($i = 0; $i < $length; $i++)
Derek Jonesb41032d2010-03-05 11:22:45 -0600298 {
Andrey Andreev7203d542012-03-08 01:42:59 +0200299 if ($use_font === FALSE)
Derek Jonesb41032d2010-03-05 11:22:45 -0600300 {
vlakoff3a3d5f62013-10-17 22:22:16 +0200301 $y = mt_rand(0 , $img_height / 2);
Andrey Andreev8963f402013-07-18 16:02:47 +0300302 imagestring($im, $font_size, $x, $y, $word[$i], $colors['text']);
Andrey Andreev7203d542012-03-08 01:42:59 +0200303 $x += ($font_size * 2);
Derek Jonesb41032d2010-03-05 11:22:45 -0600304 }
305 else
Barry Mienydd671972010-10-04 16:33:58 +0200306 {
vlakoff3a3d5f62013-10-17 22:22:16 +0200307 $y = mt_rand($img_height / 2, $img_height - 3);
Andrey Andreev8963f402013-07-18 16:02:47 +0300308 imagettftext($im, $font_size, $angle, $x, $y, $colors['text'], $font_path, $word[$i]);
Derek Jonesb41032d2010-03-05 11:22:45 -0600309 $x += $font_size;
310 }
311 }
Barry Mienydd671972010-10-04 16:33:58 +0200312
Andrey Andreev63a21002012-01-19 15:13:32 +0200313 // Create the border
Andrey Andreev8963f402013-07-18 16:02:47 +0300314 imagerectangle($im, 0, 0, $img_width - 1, $img_height - 1, $colors['border']);
Derek Jonesb41032d2010-03-05 11:22:45 -0600315
316 // -----------------------------------
Derek Jones37f4b9c2011-07-01 17:56:50 -0500317 // Generate the image
Derek Jonesb41032d2010-03-05 11:22:45 -0600318 // -----------------------------------
egig225f53b2014-05-08 10:34:35 +0700319 $img_url = rtrim($img_url, '/').'/';
ET-NiK6854f872014-08-08 18:43:02 +0400320
Andrey Andreev09546ed2014-08-11 00:11:36 +0300321 if (function_exists('imagejpeg'))
ET-NiK6854f872014-08-08 18:43:02 +0400322 {
323 $img_filename = $now.'.jpg';
Andrey Andreev09546ed2014-08-11 00:11:36 +0300324 imagejpeg($im, $img_path.$img_filename);
ET-NiK6854f872014-08-08 18:43:02 +0400325 }
Andrey Andreev09546ed2014-08-11 00:11:36 +0300326 elseif (function_exists('imagepng'))
ET-NiK6854f872014-08-08 18:43:02 +0400327 {
328 $img_filename = $now.'.png';
Andrey Andreev09546ed2014-08-11 00:11:36 +0300329 imagepng($im, $img_path.$img_filename);
ET-NiK6854f872014-08-08 18:43:02 +0400330 }
331 else
332 {
333 return FALSE;
334 }
335
Preetham6157e522014-12-05 12:19:09 -0500336 $img = '<img '.($img_id === '' ? '' : 'id="'.$img_id.'"').' src="'.$img_url.$img_filename.'" style="width: '.$img_width.'; height: '.$img_height .'; border: 0;" alt=" " />';
Derek Jonesb41032d2010-03-05 11:22:45 -0600337 ImageDestroy($im);
Barry Mienydd671972010-10-04 16:33:58 +0200338
Andrey Andreev72b4b3c2013-10-21 14:44:57 +0300339 return array('word' => $word, 'time' => $now, 'image' => $img, 'filename' => $img_filename);
Derek Jonesb41032d2010-03-05 11:22:45 -0600340 }
341}