Paladox has uploaded a new change for review. https://gerrit.wikimedia.org/r/257063
Change subject: Update ReCaptcha folder ...................................................................... Update ReCaptcha folder Update recaptchalib.php file. There are some modifications to keep it working with this extension otherwise it would have broke the extension. * Source code = https://github.com/google/recaptcha/tree/1.0.0 The source code repo was changed and is now located at https://github.com/google/recaptcha/ Change-Id: I740d3970f3be2a29db14a9ae40157337e121839c --- M ReCaptcha/ReCaptcha.class.php M ReCaptcha/i18n/en.json M ReCaptcha/recaptchalib.php M includes/ConfirmEditHooks.php 4 files changed, 106 insertions(+), 227 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/ConfirmEdit refs/changes/63/257063/1 diff --git a/ReCaptcha/ReCaptcha.class.php b/ReCaptcha/ReCaptcha.class.php index 8532afe..b08c7e6 100644 --- a/ReCaptcha/ReCaptcha.class.php +++ b/ReCaptcha/ReCaptcha.class.php @@ -19,7 +19,7 @@ return Html::inlineScript( $js - ) . recaptcha_get_html( $wgReCaptchaPublicKey, $this->recaptcha_error, $useHttps ); + ) . ReCaptcha( $wgReCaptchaPublicKey, $this->recaptcha_error, $useHttps ); } /** @@ -47,14 +47,14 @@ $ip = $wgRequest->getIP(); - $recaptcha_response = recaptcha_check_answer( + $recaptchaResponse = verifyResponse( $wgReCaptchaPrivateKey, $ip, $challenge, $response ); - if ( !$recaptcha_response->is_valid ) { + if ( !$recaptchaResponse->is_valid ) { $this->recaptcha_error = $recaptcha_response->error; return false; } diff --git a/ReCaptcha/i18n/en.json b/ReCaptcha/i18n/en.json index 7119dd7..2d934b5 100644 --- a/ReCaptcha/i18n/en.json +++ b/ReCaptcha/i18n/en.json @@ -3,7 +3,7 @@ "authors": [] }, "recaptcha-desc": "reCAPTCHA module for Confirm Edit", - "recaptcha-edit": "To protect the wiki against automated edit spam, we kindly ask you to type the two words you see in the box below:", + "recaptcha-edit": "To protect the wiki against automated edit spam, we kindly ask you to type the words you see in the box below:", "recaptcha-addurl": "Your edit includes new external links. To protect the wiki against automated spam, we kindly ask you to type the two words you see in the box below:", "recaptcha-badlogin": "To protect the wiki against automated password cracking, we kindly ask you to type the two words you see in the box below:", "recaptcha-createaccount": "To protect the wiki against automated account creation, we kindly ask you to type the two words you see in the box below:", diff --git a/ReCaptcha/recaptchalib.php b/ReCaptcha/recaptchalib.php index a04f567..98b5719 100644 --- a/ReCaptcha/recaptchalib.php +++ b/ReCaptcha/recaptchalib.php @@ -2,16 +2,14 @@ /** * This is a PHP library that handles calling reCAPTCHA. * - Documentation and latest version - * http://recaptcha.net/plugins/php/ + * https://developers.google.com/recaptcha/docs/php * - Get a reCAPTCHA API Key * https://www.google.com/recaptcha/admin/create * - Discussion group - * http://groups.google.com/group/recaptcha + * https://groups.google.com/group/recaptcha * - * Copyright (c) 2007 reCAPTCHA -- http://recaptcha.net - * AUTHORS: - * Mike Crawford - * Ben Maurer + * @copyright Copyright (c) 2014, Google Inc. + * @link https://www.google.com/recaptcha * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -33,242 +31,123 @@ */ /** - * The reCAPTCHA server URL's + * A ReCaptchaResponse is returned from checkAnswer(). */ +class ReCaptchaResponse { + public $success; + public $errorCodes; + public $error; +} + +static $_signupUrl = "https://www.google.com/recaptcha/admin";; +static $_siteVerifyUrl = "https://www.google.com/recaptcha/api/siteverify?";; +static $_version = "php_1.0"; + define( "RECAPTCHA_API_SERVER", "http://www.google.com/recaptcha/api"; ); define( "RECAPTCHA_API_SECURE_SERVER", "https://www.google.com/recaptcha/api"; ); define( "RECAPTCHA_VERIFY_SERVER", "www.google.com" ); /** - * Encodes the given data into a query string format - * @param $data - array of string elements to be encoded - * @return string - encoded request + * Constructor. + * + * @param string $secret shared secret between site and ReCAPTCHA server. */ -function _recaptcha_qsencode ( $data ) { - $req = ""; - foreach ( $data as $key => $value ) - $req .= $key . '=' . urlencode( stripslashes( $value ) ) . '&'; +function ReCaptcha( $pubkey, $error = null, $use_ssl = false ) { + if ( $pubkey == null || $pubkey == '' ) { + die ( "To use reCAPTCHA you must get an API key from <a href='https://www.google.com/recaptcha/admin/create'>https://www.google.com/recaptcha/admin/create</a>" ); + } - // Cut the last '&' - $req = substr( $req, 0, strlen( $req ) -1 ); - return $req; + if ( $use_ssl ) { + $server = RECAPTCHA_API_SECURE_SERVER; + } else { + $server = RECAPTCHA_API_SERVER; + } + + $errorpart = ""; + if ( $errorCodes ) { + $errorpart = "&error=" . $errorCodes; + } + return '<script type="text/javascript" src="' . $server . '/challenge?k=' . $pubkey . $errorpart . '"></script> + + <noscript> + <iframe src="' . $server . '/noscript?k=' . $pubkey . $errorpart . '" height="300" width="500" frameborder="0"></iframe><br/> + <textarea name="recaptcha_challenge_field" rows="3" cols="40"></textarea> + <input type="hidden" name="recaptcha_response_field" value="manual_challenge"/> + </noscript>'; } +/** + * Encodes the given data into a query string format. + * + * @param array $data array of string elements to be encoded. + * + * @return string - encoded request. + */ +function _encodeQS( $data ) { + $req = ""; + foreach ( $data as $key => $value ) { + $req .= $key . '=' . urlencode( stripslashes( $value ) ) . '&'; + } + // Cut the last '&' + $req = substr( $req, 0, strlen( $req ) -1 ); + return $req; +} /** - * Submits an HTTP POST to a reCAPTCHA server - * @param string $host - * @param string $path - * @param array $data - * @param int port + * Submits an HTTP GET to a reCAPTCHA server. + * + * @param string $path url path to recaptcha server. + * @param array $data array of parameters to be sent. + * * @return array response */ -function _recaptcha_http_post( $host, $path, $data, $port = 80 ) { - - $req = _recaptcha_qsencode ( $data ); - - $http_request = "POST $path HTTP/1.0\r\n"; - $http_request .= "Host: $host\r\n"; - $http_request .= "Content-Type: application/x-www-form-urlencoded;\r\n"; - $http_request .= "Content-Length: " . strlen( $req ) . "\r\n"; - $http_request .= "User-Agent: reCAPTCHA/PHP\r\n"; - $http_request .= "\r\n"; - $http_request .= $req; - - $response = ''; - if ( false == ( $fs = @fsockopen( $host, $port, $errno, $errstr, 10 ) ) ) { - die ( 'Could not open socket' ); - } - - fwrite( $fs, $http_request ); - - while ( !feof( $fs ) ) - $response .= fgets( $fs, 1160 ); // One TCP-IP packet - fclose( $fs ); - $response = explode( "\r\n\r\n", $response, 2 ); - - return $response; -} - - - -/** - * Gets the challenge HTML (javascript and non-javascript version). - * This is called from the browser, and the resulting reCAPTCHA HTML widget - * is embedded within the HTML form it was called from. - * @param string $pubkey A public key for reCAPTCHA - * @param string $error The error given by reCAPTCHA (optional, default is null) - * @param boolean $use_ssl Should the request be made over ssl? (optional, default is false) - - * @return string - The HTML to be embedded in the user's form. - */ -function recaptcha_get_html ( $pubkey, $error = null, $use_ssl = false ) -{ - if ( $pubkey == null || $pubkey == '' ) { - die ( "To use reCAPTCHA you must get an API key from <a href='https://www.google.com/recaptcha/admin/create'>https://www.google.com/recaptcha/admin/create</a>" ); - } - - if ( $use_ssl ) { - $server = RECAPTCHA_API_SECURE_SERVER; - } else { - $server = RECAPTCHA_API_SERVER; - } - - $errorpart = ""; - if ( $error ) { - $errorpart = "&error=" . $error; - } - return '<script type="text/javascript" src="' . $server . '/challenge?k=' . $pubkey . $errorpart . '"></script> - - <noscript> - <iframe src="' . $server . '/noscript?k=' . $pubkey . $errorpart . '" height="300" width="500" frameborder="0"></iframe><br/> - <textarea name="recaptcha_challenge_field" rows="3" cols="40"></textarea> - <input type="hidden" name="recaptcha_response_field" value="manual_challenge"/> - </noscript>'; -} - - - - -/** - * A ReCaptchaResponse is returned from recaptcha_check_answer() - */ -class ReCaptchaResponse { - public $is_valid; - public $error; -} - - -/** - * Calls an HTTP POST function to verify if the user's guess was correct - * @param string $privkey - * @param string $remoteip - * @param string $challenge - * @param string $response - * @param array $extra_params an array of extra variables to post to the server - * @return ReCaptchaResponse - */ -function recaptcha_check_answer ( $privkey, $remoteip, $challenge, $response, $extra_params = array() ) -{ - if ( $privkey == null || $privkey == '' ) { - die ( "To use reCAPTCHA you must get an API key from <a href='https://www.google.com/recaptcha/admin/create'>https://www.google.com/recaptcha/admin/create</a>" ); - } - - if ( $remoteip == null || $remoteip == '' ) { - die ( "For security reasons, you must pass the remote ip to reCAPTCHA" ); - } - - - - // discard spam submissions - if ( $challenge == null || strlen( $challenge ) == 0 || $response == null || strlen( $response ) == 0 ) { - $recaptcha_response = new ReCaptchaResponse(); - $recaptcha_response->is_valid = false; - $recaptcha_response->error = 'incorrect-captcha-sol'; - return $recaptcha_response; - } - - $response = _recaptcha_http_post ( RECAPTCHA_VERIFY_SERVER, "/recaptcha/api/verify", - array ( - 'privatekey' => $privkey, - 'remoteip' => $remoteip, - 'challenge' => $challenge, - 'response' => $response - ) + $extra_params - ); - - $answers = explode ( "\n", $response [1] ); - $recaptcha_response = new ReCaptchaResponse(); - - if ( trim ( $answers [0] ) == 'true' ) { - $recaptcha_response->is_valid = true; - } - else { - $recaptcha_response->is_valid = false; - $recaptcha_response->error = $answers [1]; - } - return $recaptcha_response; - +function _submitHTTPGet( $path, $data ) { + $req = $this->_encodeQS( $data ); + $response = file_get_contents( $path . $req ); + return $response; } /** - * gets a URL where the user can sign up for reCAPTCHA. If your application - * has a configuration page where you enter a key, you should provide a link - * using this function. - * @param string $domain The domain where the page is hosted - * @param string $appname The name of your application - */ -function recaptcha_get_signup_url ( $domain = null, $appname = null ) { - return "https://www.google.com/recaptcha/admin/create?"; . _recaptcha_qsencode ( array ( 'domains' => $domain, 'app' => $appname ) ); -} - -function _recaptcha_aes_pad( $val ) { - $block_size = 16; - $numpad = $block_size - ( strlen ( $val ) % $block_size ); - return str_pad( $val, strlen ( $val ) + $numpad, chr( $numpad ) ); -} - -/* Mailhide related code */ - -function _recaptcha_aes_encrypt( $val, $ky ) { - if ( ! function_exists ( "mcrypt_encrypt" ) ) { - die ( "To use reCAPTCHA Mailhide, you need to have the mcrypt php module installed." ); - } - $mode = MCRYPT_MODE_CBC; - $enc = MCRYPT_RIJNDAEL_128; - $val = _recaptcha_aes_pad( $val ); - return mcrypt_encrypt( $enc, $ky, $val, $mode, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" ); -} - - -function _recaptcha_mailhide_urlbase64 ( $x ) { - return strtr( base64_encode ( $x ), '+/', '-_' ); -} - -/* gets the reCAPTCHA Mailhide url for a given email, public key and private key */ -function recaptcha_mailhide_url( $pubkey, $privkey, $email ) { - if ( $pubkey == '' || $pubkey == null || $privkey == "" || $privkey == null ) { - die ( "To use reCAPTCHA Mailhide, you have to sign up for a public and private key, " . - "you can do so at <a href='http://www.google.com/recaptcha/mailhide/apikey'>http://www.google.com/recaptcha/mailhide/apikey</a>" ); - } - - - $ky = pack( 'H*', $privkey ); - $cryptmail = _recaptcha_aes_encrypt ( $email, $ky ); - - return "http://www.google.com/recaptcha/mailhide/d?k="; . $pubkey . "&c=" . _recaptcha_mailhide_urlbase64 ( $cryptmail ); -} - -/** - * gets the parts of the email to expose to the user. - * eg, given johndoe@example,com return ["john", "example.com"]. - * the email is then displayed as john...@example.com - */ -function _recaptcha_mailhide_email_parts ( $email ) { - $arr = preg_split( "/@/", $email ); - - if ( strlen ( $arr[0] ) <= 4 ) { - $arr[0] = substr ( $arr[0], 0, 1 ); - } elseif ( strlen ( $arr[0] ) <= 6 ) { - $arr[0] = substr ( $arr[0], 0, 3 ); - } else { - $arr[0] = substr ( $arr[0], 0, 4 ); - } - return $arr; -} - -/** - * Gets html to display an email address given a public an private key. - * to get a key, go to: + * Calls the reCAPTCHA siteverify API to verify whether the user passes + * CAPTCHA test. * - * http://www.google.com/recaptcha/mailhide/apikey + * @param string $privkey + * @param string $remoteip + * @param string $challenge + * @param string $response + * @param array $extra_params an array of extra variables to post to the server + * + * @return ReCaptchaResponse */ -function recaptcha_mailhide_html( $pubkey, $privkey, $email ) { - $emailparts = _recaptcha_mailhide_email_parts ( $email ); - $url = recaptcha_mailhide_url ( $pubkey, $privkey, $email ); +function verifyResponse( $privkey, $remoteip, $challenge, $response, $extra_params = array() ) { + // Discard empty solution submissions + if ( $response == null || strlen( $response ) == 0 ) { + $recaptchaResponse = new ReCaptchaResponse(); + $recaptchaResponse->success = false; + $recaptchaResponse->errorCodes = 'missing-input'; + return $recaptchaResponse; + } - return htmlentities( $emailparts[0] ) . "<a href='" . htmlentities ( $url ) . - "' onclick=\"window.open('" . htmlentities ( $url ) . "', '', 'toolbar=0,scrollbars=0,location=0,statusbar=0,menubar=0,resizable=0,width=500,height=300'); return false;\" title=\"Reveal this e-mail address\">...</a>@" . htmlentities ( $emailparts [1] ); + $getResponse = $this->_submitHttpGet( + self::$_siteVerifyUrl, + array( + 'privatekey' => $privkey, + 'remoteip' => $remoteip, + 'v' => self::$_version, + 'challenge' => $challenge, + 'response' => $response + ) + $extra_params + ); + $answers = json_decode( $getResponse, true ); + $recaptchaResponse = new ReCaptchaResponse(); + if ( trim( $answers['success'] ) == true) { + $recaptchaResponse->success = true; + } else { + $recaptchaResponse->success = false; + $recaptchaResponse->errorCodes = $answers[error-codes]; + } + + return $recaptchaResponse; } diff --git a/includes/ConfirmEditHooks.php b/includes/ConfirmEditHooks.php index de5b36e..c16e857 100644 --- a/includes/ConfirmEditHooks.php +++ b/includes/ConfirmEditHooks.php @@ -145,7 +145,7 @@ * FIXME: This should be done in a better way, e.g. only load the libraray, if really needed. */ public static function onReCaptchaSetup() { - require_once ( __DIR__ . '/../ReCaptcha/recaptchalib.php' ); + require_once ( __DIR__ . '/../ReCaptcha/recaptcha/src/autoload.php' ); } /** -- To view, visit https://gerrit.wikimedia.org/r/257063 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I740d3970f3be2a29db14a9ae40157337e121839c Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/extensions/ConfirmEdit Gerrit-Branch: master Gerrit-Owner: Paladox <thomasmulhall...@yahoo.com> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
