1c6d794b3SAndreas Gohr<?php 2c6d794b3SAndreas Gohr 3c6d794b3SAndreas Gohrnamespace dokuwiki\plugin\captcha; 4c6d794b3SAndreas Gohr 5c6d794b3SAndreas Gohr/** 6c6d794b3SAndreas Gohr * Remember the issuing (and use) of CAPTCHAs by placing a file on the server 7c6d794b3SAndreas Gohr * 8c6d794b3SAndreas Gohr * This is used to prevent replay attacks. It is generated when the captcha form 9c6d794b3SAndreas Gohr * is shown and checked with the captcha check. Since we can not be sure about the 10c6d794b3SAndreas Gohr * session state (might be closed or open) we're not using it. 11c6d794b3SAndreas Gohr * 12c6d794b3SAndreas Gohr * We're not using the stored values for displaying the captcha image (or audio) 13c6d794b3SAndreas Gohr * but continue to use our encryption scheme. This way it's still possible to have 14c6d794b3SAndreas Gohr * multiple captcha checks going on in parallel (eg. with multiple browser tabs) 15c6d794b3SAndreas Gohr */ 16c6d794b3SAndreas Gohrclass FileCookie 17c6d794b3SAndreas Gohr{ 18c6d794b3SAndreas Gohr protected $path; 19c6d794b3SAndreas Gohr 20c6d794b3SAndreas Gohr /** 21c6d794b3SAndreas Gohr * Initialize the cookie 22c6d794b3SAndreas Gohr * 23c6d794b3SAndreas Gohr * @param $fixed string the fixed part, any string 24c6d794b3SAndreas Gohr * @param $rand float some random number between 0 and 1 25c6d794b3SAndreas Gohr */ 26c6d794b3SAndreas Gohr public function __construct($ident, $rand) 27c6d794b3SAndreas Gohr { 28c6d794b3SAndreas Gohr global $conf; 29*5697ecf8SAndreas Gohr $this->path = $conf['tmpdir'] . '/captcha/' . date('Y-m-d') . '/' . md5($ident . $rand) . '.cookie'; 30*5697ecf8SAndreas Gohr io_makeFileDir($this->path); 31c6d794b3SAndreas Gohr } 32c6d794b3SAndreas Gohr 33c6d794b3SAndreas Gohr /** 34c6d794b3SAndreas Gohr * Creates a one time captcha cookie 35c6d794b3SAndreas Gohr */ 36c6d794b3SAndreas Gohr public function set() 37c6d794b3SAndreas Gohr { 38c6d794b3SAndreas Gohr touch($this->path); 39c6d794b3SAndreas Gohr } 40c6d794b3SAndreas Gohr 41c6d794b3SAndreas Gohr /** 42c6d794b3SAndreas Gohr * Checks if the captcha cookie exists and deletes it 43c6d794b3SAndreas Gohr * 44c6d794b3SAndreas Gohr * @return bool true if the cookie existed 45c6d794b3SAndreas Gohr */ 46c6d794b3SAndreas Gohr public function check() 47c6d794b3SAndreas Gohr { 48c6d794b3SAndreas Gohr if (file_exists($this->path)) { 49c6d794b3SAndreas Gohr unlink($this->path); 50c6d794b3SAndreas Gohr return true; 51c6d794b3SAndreas Gohr } 52c6d794b3SAndreas Gohr return false; 53c6d794b3SAndreas Gohr } 54c6d794b3SAndreas Gohr 55c6d794b3SAndreas Gohr /** 56c6d794b3SAndreas Gohr * remove all outdated captcha cookies 57c6d794b3SAndreas Gohr */ 58c6d794b3SAndreas Gohr public static function clean() 59c6d794b3SAndreas Gohr { 60c6d794b3SAndreas Gohr global $conf; 61c6d794b3SAndreas Gohr $path = $conf['tmpdir'] . '/captcha/'; 62c6d794b3SAndreas Gohr $dirs = glob("$path/*", GLOB_ONLYDIR); 63c6d794b3SAndreas Gohr $today = date('Y-m-d'); 64c6d794b3SAndreas Gohr foreach ($dirs as $dir) { 65c6d794b3SAndreas Gohr if (basename($dir) === $today) continue; 66c6d794b3SAndreas Gohr if (!preg_match('/\/captcha\//', $dir)) continue; // safety net 67c6d794b3SAndreas Gohr io_rmdir($dir, true); 68c6d794b3SAndreas Gohr } 69c6d794b3SAndreas Gohr } 70c6d794b3SAndreas Gohr} 71