1*c6d794b3SAndreas Gohr<?php 2*c6d794b3SAndreas Gohr 3*c6d794b3SAndreas Gohrnamespace dokuwiki\plugin\captcha; 4*c6d794b3SAndreas Gohr 5*c6d794b3SAndreas Gohr/** 6*c6d794b3SAndreas Gohr * Remember the issuing (and use) of CAPTCHAs by placing a file on the server 7*c6d794b3SAndreas Gohr * 8*c6d794b3SAndreas Gohr * This is used to prevent replay attacks. It is generated when the captcha form 9*c6d794b3SAndreas Gohr * is shown and checked with the captcha check. Since we can not be sure about the 10*c6d794b3SAndreas Gohr * session state (might be closed or open) we're not using it. 11*c6d794b3SAndreas Gohr * 12*c6d794b3SAndreas Gohr * We're not using the stored values for displaying the captcha image (or audio) 13*c6d794b3SAndreas Gohr * but continue to use our encryption scheme. This way it's still possible to have 14*c6d794b3SAndreas Gohr * multiple captcha checks going on in parallel (eg. with multiple browser tabs) 15*c6d794b3SAndreas Gohr */ 16*c6d794b3SAndreas Gohrclass FileCookie 17*c6d794b3SAndreas Gohr{ 18*c6d794b3SAndreas Gohr protected $path; 19*c6d794b3SAndreas Gohr 20*c6d794b3SAndreas Gohr /** 21*c6d794b3SAndreas Gohr * Initialize the cookie 22*c6d794b3SAndreas Gohr * 23*c6d794b3SAndreas Gohr * @param $fixed string the fixed part, any string 24*c6d794b3SAndreas Gohr * @param $rand float some random number between 0 and 1 25*c6d794b3SAndreas Gohr */ 26*c6d794b3SAndreas Gohr public function __construct($ident, $rand) 27*c6d794b3SAndreas Gohr { 28*c6d794b3SAndreas Gohr global $conf; 29*c6d794b3SAndreas Gohr $path = $conf['tmpdir'] . '/captcha/' . date('Y-m-d') . '/' . md5($ident . $rand) . '.cookie'; 30*c6d794b3SAndreas Gohr io_makeFileDir($path); 31*c6d794b3SAndreas Gohr } 32*c6d794b3SAndreas Gohr 33*c6d794b3SAndreas Gohr /** 34*c6d794b3SAndreas Gohr * Creates a one time captcha cookie 35*c6d794b3SAndreas Gohr */ 36*c6d794b3SAndreas Gohr public function set() 37*c6d794b3SAndreas Gohr { 38*c6d794b3SAndreas Gohr touch($this->path); 39*c6d794b3SAndreas Gohr } 40*c6d794b3SAndreas Gohr 41*c6d794b3SAndreas Gohr /** 42*c6d794b3SAndreas Gohr * Checks if the captcha cookie exists and deletes it 43*c6d794b3SAndreas Gohr * 44*c6d794b3SAndreas Gohr * @return bool true if the cookie existed 45*c6d794b3SAndreas Gohr */ 46*c6d794b3SAndreas Gohr public function check() 47*c6d794b3SAndreas Gohr { 48*c6d794b3SAndreas Gohr if (file_exists($this->path)) { 49*c6d794b3SAndreas Gohr unlink($this->path); 50*c6d794b3SAndreas Gohr return true; 51*c6d794b3SAndreas Gohr } 52*c6d794b3SAndreas Gohr return false; 53*c6d794b3SAndreas Gohr } 54*c6d794b3SAndreas Gohr 55*c6d794b3SAndreas Gohr /** 56*c6d794b3SAndreas Gohr * remove all outdated captcha cookies 57*c6d794b3SAndreas Gohr */ 58*c6d794b3SAndreas Gohr public static function clean() 59*c6d794b3SAndreas Gohr { 60*c6d794b3SAndreas Gohr global $conf; 61*c6d794b3SAndreas Gohr $path = $conf['tmpdir'] . '/captcha/'; 62*c6d794b3SAndreas Gohr $dirs = glob("$path/*", GLOB_ONLYDIR); 63*c6d794b3SAndreas Gohr $today = date('Y-m-d'); 64*c6d794b3SAndreas Gohr foreach ($dirs as $dir) { 65*c6d794b3SAndreas Gohr if (basename($dir) === $today) continue; 66*c6d794b3SAndreas Gohr if (!preg_match('/\/captcha\//', $dir)) continue; // safety net 67*c6d794b3SAndreas Gohr io_rmdir($dir, true); 68*c6d794b3SAndreas Gohr } 69*c6d794b3SAndreas Gohr } 70*c6d794b3SAndreas Gohr} 71