Gitiles
Code Review Sign In
www.giggi.me / code-igniter-v3-giggi / ec9e96eb09caa9d024c89a8bdb1b00bf6540278a / . / system / helpers / captcha_helper.php
blob: 3c1e006f8b51e70a6e5f50f2c0ed8a8ac5bca17c [file] [log] [blame]
Andrey Andreevc5536aa2012-11-01 17:33:58 +0200[diff] [blame]1<?php
Derek Jonesb41032d2010-03-05 11:22:45 -0600[diff] [blame]2/**
3 * CodeIgniter
4 *
Andrey Andreevfe9309d2015-01-09 17:48:58 +0200[diff] [blame]5 * An open source application development framework for PHP
Derek Jonesb41032d2010-03-05 11:22:45 -0600[diff] [blame]6 *
Andrey Andreevbdb96ca2014-10-28 00:13:31 +0200[diff] [blame]7 * This content is released under the MIT License (MIT)
Andrey Andreevf1b43d42012-01-06 14:41:50 +0200[diff] [blame]8 *
Andrey Andreev125ef472016-01-11 12:33:00 +0200[diff] [blame]9 * Copyright (c) 2014 - 2016, British Columbia Institute of Technology
Andrey Andreevf1b43d42012-01-06 14:41:50 +0200[diff] [blame]10 *
Andrey Andreevbdb96ca2014-10-28 00:13:31 +0200[diff] [blame]11 * Permission is hereby granted, free of charge, to any person obtaining a copy
12 * of this software and associated documentation files (the "Software"), to deal
13 * in the Software without restriction, including without limitation the rights
14 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
15 * copies of the Software, and to permit persons to whom the Software is
16 * furnished to do so, subject to the following conditions:
Derek Jonesf4a4bd82011-10-20 12:18:42 -0500[diff] [blame]17 *
Andrey Andreevbdb96ca2014-10-28 00:13:31 +0200[diff] [blame]18 * The above copyright notice and this permission notice shall be included in
19 * all copies or substantial portions of the Software.
20 *
21 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
22 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
23 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
24 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
25 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
26 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
27 * THE SOFTWARE.
28 *
29 * @package CodeIgniter
30 * @author EllisLab Dev Team
Andrey Andreev1924e872016-01-11 12:55:34 +0200[diff] [blame]31 * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/)
Andrey Andreev125ef472016-01-11 12:33:00 +0200[diff] [blame]32 * @copyright Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/)
Andrey Andreevbdb96ca2014-10-28 00:13:31 +0200[diff] [blame]33 * @license http://opensource.org/licenses/MIT MIT License
Andrey Andreevbd202c92016-01-11 12:50:18 +0200[diff] [blame]34 * @link https://codeigniter.com
Andrey Andreevbdb96ca2014-10-28 00:13:31 +0200[diff] [blame]35 * @since Version 1.0.0
Derek Jonesb41032d2010-03-05 11:22:45 -0600[diff] [blame]36 * @filesource
37 */
Andrey Andreevc5536aa2012-11-01 17:33:58 +0200[diff] [blame]38defined('BASEPATH') OR exit('No direct script access allowed');
Derek Jonesb41032d2010-03-05 11:22:45 -0600[diff] [blame]39
Derek Jonesb41032d2010-03-05 11:22:45 -0600[diff] [blame]40/**
41 * CodeIgniter CAPTCHA Helper
42 *
43 * @package CodeIgniter
44 * @subpackage Helpers
45 * @category Helpers
Derek Jonesf4a4bd82011-10-20 12:18:42 -0500[diff] [blame]46 * @author EllisLab Dev Team
Andrey Andreevbd202c92016-01-11 12:50:18 +0200[diff] [blame]47 * @link https://codeigniter.com/user_guide/helpers/captcha_helper.html
Derek Jonesb41032d2010-03-05 11:22:45 -0600[diff] [blame]48 */
49
50// ------------------------------------------------------------------------
51
Derek Jonesb41032d2010-03-05 11:22:45 -0600[diff] [blame]52if ( ! function_exists('create_captcha'))
53{
Timothy Warren01b129a2012-04-27 11:36:50 -0400[diff] [blame]54 /**
55 * Create CAPTCHA
56 *
Andrey Andreev8963f402013-07-18 16:02:47 +0300[diff] [blame]57 * @param array $data data for the CAPTCHA
58 * @param string $img_path path to create the image in
59 * @param string $img_url URL to the CAPTCHA image folder
60 * @param string $font_path server path to font
Timothy Warren01b129a2012-04-27 11:36:50 -0400[diff] [blame]61 * @return string
62 */
Derek Jonesb41032d2010-03-05 11:22:45 -0600[diff] [blame]63 function create_captcha($data = '', $img_path = '', $img_url = '', $font_path = '')
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]64 {
Andrey Andreev8963f402013-07-18 16:02:47 +0300[diff] [blame]65 $defaults = array(
66 'word' => '',
67 'img_path' => '',
68 'img_url' => '',
69 'img_width' => '150',
70 'img_height' => '30',
71 'font_path' => '',
72 'expiration' => 7200,
73 'word_length' => 8,
Preethambfa16442014-11-12 10:26:24 -0500[diff] [blame]74 'font_size' => 16,
Preethame2913652014-12-04 21:01:52 -0500[diff] [blame]75 'img_id' => '',
Andrey Andreev8963f402013-07-18 16:02:47 +0300[diff] [blame]76 'pool' => '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ',
77 'colors' => array(
78 'background' => array(255,255,255),
79 'border' => array(153,102,102),
80 'text' => array(204,153,153),
81 'grid' => array(255,182,182)
82 )
83 );
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]84
Derek Jonesb41032d2010-03-05 11:22:45 -0600[diff] [blame]85 foreach ($defaults as $key => $val)
86 {
Andrey Andreeva7209612012-03-26 21:55:43 +0300[diff] [blame]87 if ( ! is_array($data) && empty($$key))
Derek Jonesb41032d2010-03-05 11:22:45 -0600[diff] [blame]88 {
Andrey Andreevf1b43d42012-01-06 14:41:50 +0200[diff] [blame]89 $$key = $val;
Derek Jonesb41032d2010-03-05 11:22:45 -0600[diff] [blame]90 }
91 else
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]92 {
Andrey Andreeva7209612012-03-26 21:55:43 +0300[diff] [blame]93 $$key = isset($data[$key]) ? $data[$key] : $val;
Derek Jonesb41032d2010-03-05 11:22:45 -0600[diff] [blame]94 }
95 }
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]96
Alex Bilbie773ccc32012-06-02 11:11:08 +0100[diff] [blame]97 if ($img_path === '' OR $img_url === ''
Andrey Andreev382b5132014-02-26 18:41:59 +0200[diff] [blame]98 OR ! is_dir($img_path) OR ! is_really_writable($img_path)
Andrey Andreev4f2933d2012-01-08 06:49:49 +0200[diff] [blame]99 OR ! extension_loaded('gd'))
Derek Jonesb41032d2010-03-05 11:22:45 -0600[diff] [blame]100 {
101 return FALSE;
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]102 }
103
Derek Jonesb41032d2010-03-05 11:22:45 -0600[diff] [blame]104 // -----------------------------------
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]105 // Remove old images
Derek Jonesb41032d2010-03-05 11:22:45 -0600[diff] [blame]106 // -----------------------------------
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]107
Michiel Vugteveenc2659b82012-03-07 21:34:52 +0100[diff] [blame]108 $now = microtime(TRUE);
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]109
Derek Jonesb41032d2010-03-05 11:22:45 -0600[diff] [blame]110 $current_dir = @opendir($img_path);
Pascal Kriete45e3cdf2011-02-14 13:26:20 -0500[diff] [blame]111 while ($filename = @readdir($current_dir))
Derek Jonesb41032d2010-03-05 11:22:45 -0600[diff] [blame]112 {
vlakoff5f385d02012-09-02 23:00:25 +0200[diff] [blame]113 if (substr($filename, -4) === '.jpg' && (str_replace('.jpg', '', $filename) + $expiration) < $now)
Derek Jonesb41032d2010-03-05 11:22:45 -0600[diff] [blame]114 {
Andrey Andreevf1b43d42012-01-06 14:41:50 +0200[diff] [blame]115 @unlink($img_path.$filename);
Derek Jonesb41032d2010-03-05 11:22:45 -0600[diff] [blame]116 }
117 }
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]118
Derek Jonesb41032d2010-03-05 11:22:45 -0600[diff] [blame]119 @closedir($current_dir);
120
121 // -----------------------------------
122 // Do we have a "word" yet?
123 // -----------------------------------
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]124
Andrey Andreev97088552013-02-08 21:53:20 +0200[diff] [blame]125 if (empty($word))
Andrey Andreevf1b43d42012-01-06 14:41:50 +0200[diff] [blame]126 {
Andrey Andreevf1b43d42012-01-06 14:41:50 +0200[diff] [blame]127 $word = '';
Andrey Andreevf8deea52015-10-23 13:49:21 +0300[diff] [blame]128 $pool_length = strlen($pool);
129 $rand_max = $pool_length - 1;
130
131 // PHP7 or a suitable polyfill
132 if (function_exists('random_int'))
Derek Jonesb41032d2010-03-05 11:22:45 -0600[diff] [blame]133 {
Andrey Andreevf8deea52015-10-23 13:49:21 +0300[diff] [blame]134 try
135 {
136 for ($i = 0; $i < $word_length; $i++)
137 {
138 $word .= $pool[random_int(0, $rand_max)];
139 }
140 }
141 catch (Exception $e)
142 {
143 // This means fallback to the next possible
144 // alternative to random_int()
145 $word = '';
146 }
147 }
148 }
149
150 if (empty($word))
151 {
152 // Nobody will have a larger character pool than
153 // 256 characters, but let's handle it just in case ...
154 //
155 // No, I do not care that the fallback to mt_rand() can
156 // handle it; if you trigger this, you're very obviously
157 // trying to break it. -- Narf
158 if ($pool_length > 256)
159 {
160 return FALSE;
161 }
162
163 // We'll try using the operating system's PRNG first,
164 // which we can access through CI_Security::get_random_bytes()
165 $security = get_instance()->security;
166
167 // To avoid numerous get_random_bytes() calls, we'll
168 // just try fetching as much bytes as we need at once.
169 if (($bytes = $security->get_random_bytes($pool_length)) !== FALSE)
170 {
171 $byte_index = $word_index = 0;
172 while ($word_index < $word_length)
173 {
Andrey Andreevec9e96e2016-02-04 14:43:46 +0200[diff] [blame^]174 // Do we have more random data to use?
175 // It could be exhausted by previous iterations
176 // ignoring bytes higher than $rand_max.
177 if ($byte_index === $pool_length)
178 {
179 // No failures should be possible if the
180 // first get_random_bytes() call didn't
181 // return FALSE, but still ...
182 for ($i = 0; $i < 5; $i++)
183 {
184 if (($bytes = $security->get_random_bytes($pool_length)) === FALSE)
185 {
186 continue;
187 }
188
189 $byte_index = 0;
190 break;
191 }
192
193 if ($bytes === FALSE)
194 {
195 // Sadly, this means fallback to mt_rand()
196 $word = '';
197 break;
198 }
199 }
200
Andrey Andreev2fe1a232015-11-09 11:24:19 +0200[diff] [blame]201 list(, $rand_index) = unpack('C', $bytes[$byte_index++]);
202 if ($rand_index > $rand_max)
Andrey Andreevf8deea52015-10-23 13:49:21 +0300[diff] [blame]203 {
Andrey Andreevf8deea52015-10-23 13:49:21 +0300[diff] [blame]204 continue;
205 }
206
207 $word .= $pool[$rand_index];
208 $word_index++;
209 }
210 }
211 }
212
213 if (empty($word))
214 {
215 for ($i = 0; $i < $word_length; $i++)
216 {
217 $word .= $pool[mt_rand(0, $rand_max)];
Derek Jonesb41032d2010-03-05 11:22:45 -0600[diff] [blame]218 }
Andrey Andreevf1b43d42012-01-06 14:41:50 +0200[diff] [blame]219 }
Andrey Andreev97088552013-02-08 21:53:20 +0200[diff] [blame]220 elseif ( ! is_string($word))
221 {
222 $word = (string) $word;
223 }
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]224
Derek Jonesb41032d2010-03-05 11:22:45 -0600[diff] [blame]225 // -----------------------------------
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]226 // Determine angle and position
Derek Jonesb41032d2010-03-05 11:22:45 -0600[diff] [blame]227 // -----------------------------------
Derek Jonesb41032d2010-03-05 11:22:45 -0600[diff] [blame]228 $length = strlen($word);
vlakoff3a3d5f62013-10-17 22:22:16 +0200[diff] [blame]229 $angle = ($length >= 6) ? mt_rand(-($length-6), ($length-6)) : 0;
230 $x_axis = mt_rand(6, (360/$length)-16);
231 $y_axis = ($angle >= 0) ? mt_rand($img_height, $img_width) : mt_rand(6, $img_height);
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]232
Derek Jonesb41032d2010-03-05 11:22:45 -0600[diff] [blame]233 // Create image
Derek Jonesb41032d2010-03-05 11:22:45 -0600[diff] [blame]234 // PHP.net recommends imagecreatetruecolor(), but it isn't always available
Andrey Andreev4f2933d2012-01-08 06:49:49 +0200[diff] [blame]235 $im = function_exists('imagecreatetruecolor')
236 ? imagecreatetruecolor($img_width, $img_height)
237 : imagecreate($img_width, $img_height);
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]238
Derek Jonesb41032d2010-03-05 11:22:45 -0600[diff] [blame]239 // -----------------------------------
Derek Jones37f4b9c2011-07-01 17:56:50 -0500[diff] [blame]240 // Assign colors
Andrey Andreev8963f402013-07-18 16:02:47 +0300[diff] [blame]241 // ----------------------------------
Derek Jonesb41032d2010-03-05 11:22:45 -0600[diff] [blame]242
Andrey Andreev8963f402013-07-18 16:02:47 +0300[diff] [blame]243 is_array($colors) OR $colors = $defaults['colors'];
244
Andrey Andreev53fd6882013-07-26 02:14:09 +0300[diff] [blame]245 foreach (array_keys($defaults['colors']) as $key)
Andrey Andreev8963f402013-07-18 16:02:47 +0300[diff] [blame]246 {
247 // Check for a possible missing value
248 is_array($colors[$key]) OR $colors[$key] = $defaults['colors'][$key];
249 $colors[$key] = imagecolorallocate($im, $colors[$key][0], $colors[$key][1], $colors[$key][2]);
250 }
251
252 // Create the rectangle
253 ImageFilledRectangle($im, 0, 0, $img_width, $img_height, $colors['background']);
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]254
Derek Jonesb41032d2010-03-05 11:22:45 -0600[diff] [blame]255 // -----------------------------------
Derek Jones37f4b9c2011-07-01 17:56:50 -0500[diff] [blame]256 // Create the spiral pattern
Derek Jonesb41032d2010-03-05 11:22:45 -0600[diff] [blame]257 // -----------------------------------
Derek Jonesb41032d2010-03-05 11:22:45 -0600[diff] [blame]258 $theta = 1;
259 $thetac = 7;
260 $radius = 16;
261 $circles = 20;
262 $points = 32;
263
Andrey Andreev3419db12012-03-26 22:00:07 +0300[diff] [blame]264 for ($i = 0, $cp = ($circles * $points) - 1; $i < $cp; $i++)
Derek Jonesb41032d2010-03-05 11:22:45 -0600[diff] [blame]265 {
Andrey Andreevf1b43d42012-01-06 14:41:50 +0200[diff] [blame]266 $theta += $thetac;
267 $rad = $radius * ($i / $points);
Derek Jonesb41032d2010-03-05 11:22:45 -0600[diff] [blame]268 $x = ($rad * cos($theta)) + $x_axis;
269 $y = ($rad * sin($theta)) + $y_axis;
Andrey Andreevf1b43d42012-01-06 14:41:50 +0200[diff] [blame]270 $theta += $thetac;
Derek Jonesb41032d2010-03-05 11:22:45 -0600[diff] [blame]271 $rad1 = $radius * (($i + 1) / $points);
272 $x1 = ($rad1 * cos($theta)) + $x_axis;
Andrey Andreevf1b43d42012-01-06 14:41:50 +0200[diff] [blame]273 $y1 = ($rad1 * sin($theta)) + $y_axis;
Andrey Andreev8963f402013-07-18 16:02:47 +0300[diff] [blame]274 imageline($im, $x, $y, $x1, $y1, $colors['grid']);
Andrey Andreevf1b43d42012-01-06 14:41:50 +0200[diff] [blame]275 $theta -= $thetac;
Derek Jonesb41032d2010-03-05 11:22:45 -0600[diff] [blame]276 }
277
278 // -----------------------------------
Derek Jones37f4b9c2011-07-01 17:56:50 -0500[diff] [blame]279 // Write the text
Derek Jonesb41032d2010-03-05 11:22:45 -0600[diff] [blame]280 // -----------------------------------
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]281
Alex Bilbie773ccc32012-06-02 11:11:08 +0100[diff] [blame]282 $use_font = ($font_path !== '' && file_exists($font_path) && function_exists('imagettftext'));
Andrey Andreev7203d542012-03-08 01:42:59 +0200[diff] [blame]283 if ($use_font === FALSE)
Derek Jonesb41032d2010-03-05 11:22:45 -0600[diff] [blame]284 {
Preethambfa16442014-11-12 10:26:24 -0500[diff] [blame]285 ($font_size > 5) && $font_size = 5;
vlakoff3a3d5f62013-10-17 22:22:16 +0200[diff] [blame]286 $x = mt_rand(0, $img_width / ($length / 3));
Derek Jonesb41032d2010-03-05 11:22:45 -0600[diff] [blame]287 $y = 0;
288 }
289 else
290 {
Preetham83aeef12014-11-12 08:36:35 -0500[diff] [blame]291 ($font_size > 30) && $font_size = 30;
vlakoff3a3d5f62013-10-17 22:22:16 +0200[diff] [blame]292 $x = mt_rand(0, $img_width / ($length / 1.5));
Andrey Andreev7203d542012-03-08 01:42:59 +0200[diff] [blame]293 $y = $font_size + 2;
Derek Jonesb41032d2010-03-05 11:22:45 -0600[diff] [blame]294 }
295
Andrey Andreevf1b43d42012-01-06 14:41:50 +0200[diff] [blame]296 for ($i = 0; $i < $length; $i++)
Derek Jonesb41032d2010-03-05 11:22:45 -0600[diff] [blame]297 {
Andrey Andreev7203d542012-03-08 01:42:59 +0200[diff] [blame]298 if ($use_font === FALSE)
Derek Jonesb41032d2010-03-05 11:22:45 -0600[diff] [blame]299 {
vlakoff3a3d5f62013-10-17 22:22:16 +0200[diff] [blame]300 $y = mt_rand(0 , $img_height / 2);
Andrey Andreev8963f402013-07-18 16:02:47 +0300[diff] [blame]301 imagestring($im, $font_size, $x, $y, $word[$i], $colors['text']);
Andrey Andreev7203d542012-03-08 01:42:59 +0200[diff] [blame]302 $x += ($font_size * 2);
Derek Jonesb41032d2010-03-05 11:22:45 -0600[diff] [blame]303 }
304 else
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]305 {
vlakoff3a3d5f62013-10-17 22:22:16 +0200[diff] [blame]306 $y = mt_rand($img_height / 2, $img_height - 3);
Andrey Andreev8963f402013-07-18 16:02:47 +0300[diff] [blame]307 imagettftext($im, $font_size, $angle, $x, $y, $colors['text'], $font_path, $word[$i]);
Derek Jonesb41032d2010-03-05 11:22:45 -0600[diff] [blame]308 $x += $font_size;
309 }
310 }
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]311
Andrey Andreev63a21002012-01-19 15:13:32 +0200[diff] [blame]312 // Create the border
Andrey Andreev8963f402013-07-18 16:02:47 +0300[diff] [blame]313 imagerectangle($im, 0, 0, $img_width - 1, $img_height - 1, $colors['border']);
Derek Jonesb41032d2010-03-05 11:22:45 -0600[diff] [blame]314
315 // -----------------------------------
Derek Jones37f4b9c2011-07-01 17:56:50 -0500[diff] [blame]316 // Generate the image
Derek Jonesb41032d2010-03-05 11:22:45 -0600[diff] [blame]317 // -----------------------------------
egig225f53b2014-05-08 10:34:35 +0700[diff] [blame]318 $img_url = rtrim($img_url, '/').'/';
ET-NiK6854f872014-08-08 18:43:02 +0400[diff] [blame]319
Andrey Andreev09546ed2014-08-11 00:11:36 +0300[diff] [blame]320 if (function_exists('imagejpeg'))
ET-NiK6854f872014-08-08 18:43:02 +0400[diff] [blame]321 {
322 $img_filename = $now.'.jpg';
Andrey Andreev09546ed2014-08-11 00:11:36 +0300[diff] [blame]323 imagejpeg($im, $img_path.$img_filename);
ET-NiK6854f872014-08-08 18:43:02 +0400[diff] [blame]324 }
Andrey Andreev09546ed2014-08-11 00:11:36 +0300[diff] [blame]325 elseif (function_exists('imagepng'))
ET-NiK6854f872014-08-08 18:43:02 +0400[diff] [blame]326 {
327 $img_filename = $now.'.png';
Andrey Andreev09546ed2014-08-11 00:11:36 +0300[diff] [blame]328 imagepng($im, $img_path.$img_filename);
ET-NiK6854f872014-08-08 18:43:02 +0400[diff] [blame]329 }
330 else
331 {
332 return FALSE;
333 }
334
Preetham6157e522014-12-05 12:19:09 -0500[diff] [blame]335 $img = '<img '.($img_id === '' ? '' : 'id="'.$img_id.'"').' src="'.$img_url.$img_filename.'" style="width: '.$img_width.'; height: '.$img_height .'; border: 0;" alt=" " />';
Derek Jonesb41032d2010-03-05 11:22:45 -0600[diff] [blame]336 ImageDestroy($im);
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]337
Andrey Andreev72b4b3c2013-10-21 14:44:57 +0300[diff] [blame]338 return array('word' => $word, 'time' => $now, 'image' => $img, 'filename' => $img_filename);
Derek Jonesb41032d2010-03-05 11:22:45 -0600[diff] [blame]339 }
340}