blob: db708e894ad420bf05e793703a4eb435b750e6df [file] [log] [blame]
Andrey Andreevc5536aa2012-11-01 17:33:58 +02001<?php
Derek Jonesb41032d2010-03-05 11:22:45 -06002/**
3 * CodeIgniter
4 *
Andrey Andreevfe9309d2015-01-09 17:48:58 +02005 * An open source application development framework for PHP
Derek Jonesb41032d2010-03-05 11:22:45 -06006 *
Andrey Andreevbdb96ca2014-10-28 00:13:31 +02007 * This content is released under the MIT License (MIT)
Andrey Andreevf1b43d42012-01-06 14:41:50 +02008 *
Andrey Andreev125ef472016-01-11 12:33:00 +02009 * Copyright (c) 2014 - 2016, British Columbia Institute of Technology
Andrey Andreevf1b43d42012-01-06 14:41:50 +020010 *
Andrey Andreevbdb96ca2014-10-28 00:13:31 +020011 * Permission is hereby granted, free of charge, to any person obtaining a copy
12 * of this software and associated documentation files (the "Software"), to deal
13 * in the Software without restriction, including without limitation the rights
14 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
15 * copies of the Software, and to permit persons to whom the Software is
16 * furnished to do so, subject to the following conditions:
Derek Jonesf4a4bd82011-10-20 12:18:42 -050017 *
Andrey Andreevbdb96ca2014-10-28 00:13:31 +020018 * The above copyright notice and this permission notice shall be included in
19 * all copies or substantial portions of the Software.
20 *
21 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
22 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
23 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
24 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
25 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
26 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
27 * THE SOFTWARE.
28 *
29 * @package CodeIgniter
30 * @author EllisLab Dev Team
darwinel871754a2014-02-11 17:34:57 +010031 * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (http://ellislab.com/)
Andrey Andreev125ef472016-01-11 12:33:00 +020032 * @copyright Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/)
Andrey Andreevbdb96ca2014-10-28 00:13:31 +020033 * @license http://opensource.org/licenses/MIT MIT License
Andrey Andreevbd202c92016-01-11 12:50:18 +020034 * @link https://codeigniter.com
Andrey Andreevbdb96ca2014-10-28 00:13:31 +020035 * @since Version 1.0.0
Derek Jonesb41032d2010-03-05 11:22:45 -060036 * @filesource
37 */
Andrey Andreevc5536aa2012-11-01 17:33:58 +020038defined('BASEPATH') OR exit('No direct script access allowed');
Derek Jonesb41032d2010-03-05 11:22:45 -060039
Derek Jonesb41032d2010-03-05 11:22:45 -060040/**
41 * CodeIgniter CAPTCHA Helper
42 *
43 * @package CodeIgniter
44 * @subpackage Helpers
45 * @category Helpers
Derek Jonesf4a4bd82011-10-20 12:18:42 -050046 * @author EllisLab Dev Team
Andrey Andreevbd202c92016-01-11 12:50:18 +020047 * @link https://codeigniter.com/user_guide/helpers/captcha_helper.html
Derek Jonesb41032d2010-03-05 11:22:45 -060048 */
49
50// ------------------------------------------------------------------------
51
Derek Jonesb41032d2010-03-05 11:22:45 -060052if ( ! function_exists('create_captcha'))
53{
Timothy Warren01b129a2012-04-27 11:36:50 -040054 /**
55 * Create CAPTCHA
56 *
Andrey Andreev8963f402013-07-18 16:02:47 +030057 * @param array $data data for the CAPTCHA
58 * @param string $img_path path to create the image in
59 * @param string $img_url URL to the CAPTCHA image folder
60 * @param string $font_path server path to font
Timothy Warren01b129a2012-04-27 11:36:50 -040061 * @return string
62 */
Derek Jonesb41032d2010-03-05 11:22:45 -060063 function create_captcha($data = '', $img_path = '', $img_url = '', $font_path = '')
Barry Mienydd671972010-10-04 16:33:58 +020064 {
Andrey Andreev8963f402013-07-18 16:02:47 +030065 $defaults = array(
66 'word' => '',
67 'img_path' => '',
68 'img_url' => '',
69 'img_width' => '150',
70 'img_height' => '30',
71 'font_path' => '',
72 'expiration' => 7200,
73 'word_length' => 8,
Preethambfa16442014-11-12 10:26:24 -050074 'font_size' => 16,
Preethame2913652014-12-04 21:01:52 -050075 'img_id' => '',
Andrey Andreev8963f402013-07-18 16:02:47 +030076 'pool' => '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ',
77 'colors' => array(
78 'background' => array(255,255,255),
79 'border' => array(153,102,102),
80 'text' => array(204,153,153),
81 'grid' => array(255,182,182)
82 )
83 );
Barry Mienydd671972010-10-04 16:33:58 +020084
Derek Jonesb41032d2010-03-05 11:22:45 -060085 foreach ($defaults as $key => $val)
86 {
Andrey Andreeva7209612012-03-26 21:55:43 +030087 if ( ! is_array($data) && empty($$key))
Derek Jonesb41032d2010-03-05 11:22:45 -060088 {
Andrey Andreevf1b43d42012-01-06 14:41:50 +020089 $$key = $val;
Derek Jonesb41032d2010-03-05 11:22:45 -060090 }
91 else
Barry Mienydd671972010-10-04 16:33:58 +020092 {
Andrey Andreeva7209612012-03-26 21:55:43 +030093 $$key = isset($data[$key]) ? $data[$key] : $val;
Derek Jonesb41032d2010-03-05 11:22:45 -060094 }
95 }
Barry Mienydd671972010-10-04 16:33:58 +020096
Alex Bilbie773ccc32012-06-02 11:11:08 +010097 if ($img_path === '' OR $img_url === ''
Andrey Andreev382b5132014-02-26 18:41:59 +020098 OR ! is_dir($img_path) OR ! is_really_writable($img_path)
Andrey Andreev4f2933d2012-01-08 06:49:49 +020099 OR ! extension_loaded('gd'))
Derek Jonesb41032d2010-03-05 11:22:45 -0600100 {
101 return FALSE;
Barry Mienydd671972010-10-04 16:33:58 +0200102 }
103
Derek Jonesb41032d2010-03-05 11:22:45 -0600104 // -----------------------------------
Barry Mienydd671972010-10-04 16:33:58 +0200105 // Remove old images
Derek Jonesb41032d2010-03-05 11:22:45 -0600106 // -----------------------------------
Barry Mienydd671972010-10-04 16:33:58 +0200107
Michiel Vugteveenc2659b82012-03-07 21:34:52 +0100108 $now = microtime(TRUE);
Barry Mienydd671972010-10-04 16:33:58 +0200109
Derek Jonesb41032d2010-03-05 11:22:45 -0600110 $current_dir = @opendir($img_path);
Pascal Kriete45e3cdf2011-02-14 13:26:20 -0500111 while ($filename = @readdir($current_dir))
Derek Jonesb41032d2010-03-05 11:22:45 -0600112 {
vlakoff5f385d02012-09-02 23:00:25 +0200113 if (substr($filename, -4) === '.jpg' && (str_replace('.jpg', '', $filename) + $expiration) < $now)
Derek Jonesb41032d2010-03-05 11:22:45 -0600114 {
Andrey Andreevf1b43d42012-01-06 14:41:50 +0200115 @unlink($img_path.$filename);
Derek Jonesb41032d2010-03-05 11:22:45 -0600116 }
117 }
Barry Mienydd671972010-10-04 16:33:58 +0200118
Derek Jonesb41032d2010-03-05 11:22:45 -0600119 @closedir($current_dir);
120
121 // -----------------------------------
122 // Do we have a "word" yet?
123 // -----------------------------------
Barry Mienydd671972010-10-04 16:33:58 +0200124
Andrey Andreev97088552013-02-08 21:53:20 +0200125 if (empty($word))
Andrey Andreevf1b43d42012-01-06 14:41:50 +0200126 {
Andrey Andreevf1b43d42012-01-06 14:41:50 +0200127 $word = '';
Andrey Andreevf8deea52015-10-23 13:49:21 +0300128 $pool_length = strlen($pool);
129 $rand_max = $pool_length - 1;
130
131 // PHP7 or a suitable polyfill
132 if (function_exists('random_int'))
Derek Jonesb41032d2010-03-05 11:22:45 -0600133 {
Andrey Andreevf8deea52015-10-23 13:49:21 +0300134 try
135 {
136 for ($i = 0; $i < $word_length; $i++)
137 {
138 $word .= $pool[random_int(0, $rand_max)];
139 }
140 }
141 catch (Exception $e)
142 {
143 // This means fallback to the next possible
144 // alternative to random_int()
145 $word = '';
146 }
147 }
148 }
149
150 if (empty($word))
151 {
152 // Nobody will have a larger character pool than
153 // 256 characters, but let's handle it just in case ...
154 //
155 // No, I do not care that the fallback to mt_rand() can
156 // handle it; if you trigger this, you're very obviously
157 // trying to break it. -- Narf
158 if ($pool_length > 256)
159 {
160 return FALSE;
161 }
162
163 // We'll try using the operating system's PRNG first,
164 // which we can access through CI_Security::get_random_bytes()
165 $security = get_instance()->security;
166
167 // To avoid numerous get_random_bytes() calls, we'll
168 // just try fetching as much bytes as we need at once.
169 if (($bytes = $security->get_random_bytes($pool_length)) !== FALSE)
170 {
171 $byte_index = $word_index = 0;
172 while ($word_index < $word_length)
173 {
Andrey Andreev2fe1a232015-11-09 11:24:19 +0200174 list(, $rand_index) = unpack('C', $bytes[$byte_index++]);
175 if ($rand_index > $rand_max)
Andrey Andreevf8deea52015-10-23 13:49:21 +0300176 {
177 // Was this the last byte we have?
178 // If so, try to fetch more.
179 if ($byte_index === $pool_length)
180 {
181 // No failures should be possible if
182 // the first get_random_bytes() call
183 // didn't return FALSE, but still ...
184 for ($i = 0; $i < 5; $i++)
185 {
186 if (($bytes = $security->get_random_bytes($pool_length)) === FALSE)
187 {
188 continue;
189 }
190
191 $byte_index = 0;
192 break;
193 }
194
195 if ($bytes === FALSE)
196 {
197 // Sadly, this means fallback to mt_rand()
198 $word = '';
199 break;
200 }
201 }
202
203 continue;
204 }
205
206 $word .= $pool[$rand_index];
207 $word_index++;
208 }
209 }
210 }
211
212 if (empty($word))
213 {
214 for ($i = 0; $i < $word_length; $i++)
215 {
216 $word .= $pool[mt_rand(0, $rand_max)];
Derek Jonesb41032d2010-03-05 11:22:45 -0600217 }
Andrey Andreevf1b43d42012-01-06 14:41:50 +0200218 }
Andrey Andreev97088552013-02-08 21:53:20 +0200219 elseif ( ! is_string($word))
220 {
221 $word = (string) $word;
222 }
Barry Mienydd671972010-10-04 16:33:58 +0200223
Derek Jonesb41032d2010-03-05 11:22:45 -0600224 // -----------------------------------
Barry Mienydd671972010-10-04 16:33:58 +0200225 // Determine angle and position
Derek Jonesb41032d2010-03-05 11:22:45 -0600226 // -----------------------------------
Derek Jonesb41032d2010-03-05 11:22:45 -0600227 $length = strlen($word);
vlakoff3a3d5f62013-10-17 22:22:16 +0200228 $angle = ($length >= 6) ? mt_rand(-($length-6), ($length-6)) : 0;
229 $x_axis = mt_rand(6, (360/$length)-16);
230 $y_axis = ($angle >= 0) ? mt_rand($img_height, $img_width) : mt_rand(6, $img_height);
Barry Mienydd671972010-10-04 16:33:58 +0200231
Derek Jonesb41032d2010-03-05 11:22:45 -0600232 // Create image
Derek Jonesb41032d2010-03-05 11:22:45 -0600233 // PHP.net recommends imagecreatetruecolor(), but it isn't always available
Andrey Andreev4f2933d2012-01-08 06:49:49 +0200234 $im = function_exists('imagecreatetruecolor')
235 ? imagecreatetruecolor($img_width, $img_height)
236 : imagecreate($img_width, $img_height);
Barry Mienydd671972010-10-04 16:33:58 +0200237
Derek Jonesb41032d2010-03-05 11:22:45 -0600238 // -----------------------------------
Derek Jones37f4b9c2011-07-01 17:56:50 -0500239 // Assign colors
Andrey Andreev8963f402013-07-18 16:02:47 +0300240 // ----------------------------------
Derek Jonesb41032d2010-03-05 11:22:45 -0600241
Andrey Andreev8963f402013-07-18 16:02:47 +0300242 is_array($colors) OR $colors = $defaults['colors'];
243
Andrey Andreev53fd6882013-07-26 02:14:09 +0300244 foreach (array_keys($defaults['colors']) as $key)
Andrey Andreev8963f402013-07-18 16:02:47 +0300245 {
246 // Check for a possible missing value
247 is_array($colors[$key]) OR $colors[$key] = $defaults['colors'][$key];
248 $colors[$key] = imagecolorallocate($im, $colors[$key][0], $colors[$key][1], $colors[$key][2]);
249 }
250
251 // Create the rectangle
252 ImageFilledRectangle($im, 0, 0, $img_width, $img_height, $colors['background']);
Barry Mienydd671972010-10-04 16:33:58 +0200253
Derek Jonesb41032d2010-03-05 11:22:45 -0600254 // -----------------------------------
Derek Jones37f4b9c2011-07-01 17:56:50 -0500255 // Create the spiral pattern
Derek Jonesb41032d2010-03-05 11:22:45 -0600256 // -----------------------------------
Derek Jonesb41032d2010-03-05 11:22:45 -0600257 $theta = 1;
258 $thetac = 7;
259 $radius = 16;
260 $circles = 20;
261 $points = 32;
262
Andrey Andreev3419db12012-03-26 22:00:07 +0300263 for ($i = 0, $cp = ($circles * $points) - 1; $i < $cp; $i++)
Derek Jonesb41032d2010-03-05 11:22:45 -0600264 {
Andrey Andreevf1b43d42012-01-06 14:41:50 +0200265 $theta += $thetac;
266 $rad = $radius * ($i / $points);
Derek Jonesb41032d2010-03-05 11:22:45 -0600267 $x = ($rad * cos($theta)) + $x_axis;
268 $y = ($rad * sin($theta)) + $y_axis;
Andrey Andreevf1b43d42012-01-06 14:41:50 +0200269 $theta += $thetac;
Derek Jonesb41032d2010-03-05 11:22:45 -0600270 $rad1 = $radius * (($i + 1) / $points);
271 $x1 = ($rad1 * cos($theta)) + $x_axis;
Andrey Andreevf1b43d42012-01-06 14:41:50 +0200272 $y1 = ($rad1 * sin($theta)) + $y_axis;
Andrey Andreev8963f402013-07-18 16:02:47 +0300273 imageline($im, $x, $y, $x1, $y1, $colors['grid']);
Andrey Andreevf1b43d42012-01-06 14:41:50 +0200274 $theta -= $thetac;
Derek Jonesb41032d2010-03-05 11:22:45 -0600275 }
276
277 // -----------------------------------
Derek Jones37f4b9c2011-07-01 17:56:50 -0500278 // Write the text
Derek Jonesb41032d2010-03-05 11:22:45 -0600279 // -----------------------------------
Barry Mienydd671972010-10-04 16:33:58 +0200280
Alex Bilbie773ccc32012-06-02 11:11:08 +0100281 $use_font = ($font_path !== '' && file_exists($font_path) && function_exists('imagettftext'));
Andrey Andreev7203d542012-03-08 01:42:59 +0200282 if ($use_font === FALSE)
Derek Jonesb41032d2010-03-05 11:22:45 -0600283 {
Preethambfa16442014-11-12 10:26:24 -0500284 ($font_size > 5) && $font_size = 5;
vlakoff3a3d5f62013-10-17 22:22:16 +0200285 $x = mt_rand(0, $img_width / ($length / 3));
Derek Jonesb41032d2010-03-05 11:22:45 -0600286 $y = 0;
287 }
288 else
289 {
Preetham83aeef12014-11-12 08:36:35 -0500290 ($font_size > 30) && $font_size = 30;
vlakoff3a3d5f62013-10-17 22:22:16 +0200291 $x = mt_rand(0, $img_width / ($length / 1.5));
Andrey Andreev7203d542012-03-08 01:42:59 +0200292 $y = $font_size + 2;
Derek Jonesb41032d2010-03-05 11:22:45 -0600293 }
294
Andrey Andreevf1b43d42012-01-06 14:41:50 +0200295 for ($i = 0; $i < $length; $i++)
Derek Jonesb41032d2010-03-05 11:22:45 -0600296 {
Andrey Andreev7203d542012-03-08 01:42:59 +0200297 if ($use_font === FALSE)
Derek Jonesb41032d2010-03-05 11:22:45 -0600298 {
vlakoff3a3d5f62013-10-17 22:22:16 +0200299 $y = mt_rand(0 , $img_height / 2);
Andrey Andreev8963f402013-07-18 16:02:47 +0300300 imagestring($im, $font_size, $x, $y, $word[$i], $colors['text']);
Andrey Andreev7203d542012-03-08 01:42:59 +0200301 $x += ($font_size * 2);
Derek Jonesb41032d2010-03-05 11:22:45 -0600302 }
303 else
Barry Mienydd671972010-10-04 16:33:58 +0200304 {
vlakoff3a3d5f62013-10-17 22:22:16 +0200305 $y = mt_rand($img_height / 2, $img_height - 3);
Andrey Andreev8963f402013-07-18 16:02:47 +0300306 imagettftext($im, $font_size, $angle, $x, $y, $colors['text'], $font_path, $word[$i]);
Derek Jonesb41032d2010-03-05 11:22:45 -0600307 $x += $font_size;
308 }
309 }
Barry Mienydd671972010-10-04 16:33:58 +0200310
Andrey Andreev63a21002012-01-19 15:13:32 +0200311 // Create the border
Andrey Andreev8963f402013-07-18 16:02:47 +0300312 imagerectangle($im, 0, 0, $img_width - 1, $img_height - 1, $colors['border']);
Derek Jonesb41032d2010-03-05 11:22:45 -0600313
314 // -----------------------------------
Derek Jones37f4b9c2011-07-01 17:56:50 -0500315 // Generate the image
Derek Jonesb41032d2010-03-05 11:22:45 -0600316 // -----------------------------------
egig225f53b2014-05-08 10:34:35 +0700317 $img_url = rtrim($img_url, '/').'/';
ET-NiK6854f872014-08-08 18:43:02 +0400318
Andrey Andreev09546ed2014-08-11 00:11:36 +0300319 if (function_exists('imagejpeg'))
ET-NiK6854f872014-08-08 18:43:02 +0400320 {
321 $img_filename = $now.'.jpg';
Andrey Andreev09546ed2014-08-11 00:11:36 +0300322 imagejpeg($im, $img_path.$img_filename);
ET-NiK6854f872014-08-08 18:43:02 +0400323 }
Andrey Andreev09546ed2014-08-11 00:11:36 +0300324 elseif (function_exists('imagepng'))
ET-NiK6854f872014-08-08 18:43:02 +0400325 {
326 $img_filename = $now.'.png';
Andrey Andreev09546ed2014-08-11 00:11:36 +0300327 imagepng($im, $img_path.$img_filename);
ET-NiK6854f872014-08-08 18:43:02 +0400328 }
329 else
330 {
331 return FALSE;
332 }
333
Preetham6157e522014-12-05 12:19:09 -0500334 $img = '<img '.($img_id === '' ? '' : 'id="'.$img_id.'"').' src="'.$img_url.$img_filename.'" style="width: '.$img_width.'; height: '.$img_height .'; border: 0;" alt=" " />';
Derek Jonesb41032d2010-03-05 11:22:45 -0600335 ImageDestroy($im);
Barry Mienydd671972010-10-04 16:33:58 +0200336
Andrey Andreev72b4b3c2013-10-21 14:44:57 +0300337 return array('word' => $word, 'time' => $now, 'image' => $img, 'filename' => $img_filename);
Derek Jonesb41032d2010-03-05 11:22:45 -0600338 }
339}