1<?php 2 3namespace dokuwiki\plugin\captcha; 4 5/** 6 * Remember the issuing (and use) of CAPTCHAs by placing a file on the server 7 * 8 * This is used to prevent replay attacks. It is generated when the captcha form 9 * is shown and checked with the captcha check. Since we can not be sure about the 10 * session state (might be closed or open) we're not using it. 11 * 12 * We're not using the stored values for displaying the captcha image (or audio) 13 * but continue to use our encryption scheme. This way it's still possible to have 14 * multiple captcha checks going on in parallel (eg. with multiple browser tabs) 15 */ 16class FileCookie 17{ 18 protected $path; 19 20 /** 21 * Initialize the cookie 22 * 23 * @param $fixed string the fixed part, any string 24 * @param $rand float some random number between 0 and 1 25 */ 26 public function __construct($ident, $rand) 27 { 28 global $conf; 29 $this->path = $conf['tmpdir'] . '/captcha/' . date('Y-m-d') . '/' . md5($ident . $rand) . '.cookie'; 30 io_makeFileDir($this->path); 31 } 32 33 /** 34 * Creates a one time captcha cookie 35 */ 36 public function set() 37 { 38 touch($this->path); 39 } 40 41 /** 42 * Checks if the captcha cookie exists and deletes it 43 * 44 * @return bool true if the cookie existed 45 */ 46 public function check() 47 { 48 if (file_exists($this->path)) { 49 unlink($this->path); 50 return true; 51 } 52 return false; 53 } 54 55 /** 56 * remove all outdated captcha cookies 57 */ 58 public static function clean() 59 { 60 global $conf; 61 $path = $conf['tmpdir'] . '/captcha/'; 62 $dirs = glob("$path/*", GLOB_ONLYDIR); 63 $today = date('Y-m-d'); 64 foreach ($dirs as $dir) { 65 if (basename($dir) === $today) continue; 66 if (!preg_match('/\/captcha\//', $dir)) continue; // safety net 67 io_rmdir($dir, true); 68 } 69 } 70} 71