1<?php 2/* 3 * This is a PHP library that handles calling reCAPTCHA. 4 * - Documentation and latest version 5 * http://recaptcha.net/plugins/php/ 6 * - Get a reCAPTCHA API Key 7 * http://recaptcha.net/api/getkey 8 * - Discussion group 9 * http://groups.google.com/group/recaptcha 10 * 11 * Copyright (c) 2007 reCAPTCHA -- http://recaptcha.net 12 * AUTHORS: 13 * Mike Crawford 14 * Ben Maurer 15 * 16 * Permission is hereby granted, free of charge, to any person obtaining a copy 17 * of this software and associated documentation files (the "Software"), to deal 18 * in the Software without restriction, including without limitation the rights 19 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 20 * copies of the Software, and to permit persons to whom the Software is 21 * furnished to do so, subject to the following conditions: 22 * 23 * The above copyright notice and this permission notice shall be included in 24 * all copies or substantial portions of the Software. 25 * 26 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 27 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 28 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 29 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 30 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 31 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 32 * THE SOFTWARE. 33 */ 34 35/** 36 * The reCAPTCHA server URL's 37 */ 38define("PROTO", "http://"); 39define("PROTO_SECURE", "https://"); 40define("RECAPTCHA_API_SERVER", "www.google.com/recaptcha/api"); 41define("RECAPTCHA_API_SECURE_SERVER", "www.google.com/recaptcha/api"); 42define("RECAPTCHA_VERIFY_SERVER", "api-verify.recaptcha.net"); 43 44/** 45 * Encodes the given data into a query string format 46 * @param $data - array of string elements to be encoded 47 * @return string - encoded request 48 */ 49function _recaptcha_qsencode ($data) { 50 $req = ""; 51 foreach ( $data as $key => $value ) 52 $req .= $key . '=' . urlencode( stripslashes($value) ) . '&'; 53 54 // Cut the last '&' 55 $req=substr($req,0,strlen($req)-1); 56 return $req; 57} 58 59 60 61/** 62 * Submits an HTTP POST to a reCAPTCHA server 63 * @param string $host 64 * @param string $path 65 * @param array $data 66 * @param int port 67 * @return array response 68 */ 69function _recaptcha_http_post($host, $path, $data, $port = 80) { 70 71 $req = _recaptcha_qsencode ($data); 72 73 $http_request = "POST $path HTTP/1.0\r\n"; 74 $http_request .= "Host: $host\r\n"; 75 $http_request .= "Content-Type: application/x-www-form-urlencoded;\r\n"; 76 $http_request .= "Content-Length: " . strlen($req) . "\r\n"; 77 $http_request .= "User-Agent: reCAPTCHA/PHP\r\n"; 78 $http_request .= "\r\n"; 79 $http_request .= $req; 80 81 $response = ''; 82 if( false == ( $fs = @fsockopen($host, $port, $errno, $errstr, 10) ) ) { 83 die ('Could not open socket'); 84 } 85 86 fwrite($fs, $http_request); 87 88 while ( !feof($fs) ) 89 $response .= fgets($fs, 1160); // One TCP-IP packet 90 fclose($fs); 91 $response = explode("\r\n\r\n", $response, 2); 92 93 return $response; 94} 95 96 97 98/** 99 * Gets the challenge HTML (javascript and non-javascript version). 100 * This is called from the browser, and the resulting reCAPTCHA HTML widget 101 * is embedded within the HTML form it was called from. 102 * @param string $pubkey A public key for reCAPTCHA 103 * @param string $error The error given by reCAPTCHA (optional, default is null) 104 * @param boolean $use_ssl Should the request be made over ssl? (optional, default is false) 105 106 * @return string - The HTML to be embedded in the user's form. 107 */ 108function recaptcha_get_html ($pubkey, $error = null, $use_ssl = false) 109{ 110 if ($pubkey == null || $pubkey == '') { 111 die ("To use reCAPTCHA you must get an API key from <a href='http://www.google.com/recaptcha'>http://www.google.com/recaptcha</a>"); 112 } 113 114 if ($use_ssl) { 115 $server = PROTO_SECURE . RECAPTCHA_API_SECURE_SERVER; 116 } else { 117 $server = PROTO . RECAPTCHA_API_SERVER; 118 } 119 120 $errorpart = ""; 121 if ($error) { 122 $errorpart = "&error=" . $error; 123 } 124 return '<script type="text/javascript" src="'. $server . '/challenge?k=' . $pubkey . $errorpart . '"></script> 125 126 <noscript> 127 <iframe src="'. $server . '/noscript?k=' . $pubkey . $errorpart . '" height="300" width="500" frameborder="0"></iframe><br/> 128 <textarea name="recaptcha_challenge_field" rows="3" cols="40"></textarea> 129 <input type="hidden" name="recaptcha_response_field" value="manual_challenge"/> 130 </noscript>'; 131} 132 133 134/** 135 * A ReCaptchaResponse is returned from recaptcha_check_answer() 136 */ 137class ReCaptchaResponse { 138 var $is_valid; 139 var $error; 140} 141 142 143/** 144 * Calls an HTTP POST function to verify if the user's guess was correct 145 * @param string $privkey 146 * @param string $remoteip 147 * @param string $challenge 148 * @param string $response 149 * @param array $extra_params an array of extra variables to post to the server 150 * @return ReCaptchaResponse 151 */ 152function recaptcha_check_answer ($privkey, $remoteip, $challenge, $response, $extra_params = array()) 153{ 154 if ($privkey == null || $privkey == '') { 155 die ("To use reCAPTCHA you must get an API key from <a href='http://www.google.com/recaptcha'>http://www.google.com/recaptcha</a>"); 156 } 157 158 if ($remoteip == null || $remoteip == '') { 159 die ("For security reasons, you must pass the remote ip to reCAPTCHA"); 160 } 161 162 163 164 //discard spam submissions 165 if ($challenge == null || strlen($challenge) == 0 || $response == null || strlen($response) == 0) { 166 $recaptcha_response = new ReCaptchaResponse(); 167 $recaptcha_response->is_valid = false; 168 $recaptcha_response->error = 'incorrect-captcha-sol'; 169 return $recaptcha_response; 170 } 171 172 $response = _recaptcha_http_post (RECAPTCHA_VERIFY_SERVER, "/verify", 173 array ( 174 'privatekey' => $privkey, 175 'remoteip' => $remoteip, 176 'challenge' => $challenge, 177 'response' => $response 178 ) + $extra_params 179 ); 180 181 $answers = explode ("\n", $response [1]); 182 $recaptcha_response = new ReCaptchaResponse(); 183 184 if (trim ($answers [0]) == 'true') { 185 $recaptcha_response->is_valid = true; 186 } 187 else { 188 $recaptcha_response->is_valid = false; 189 $recaptcha_response->error = $answers [1]; 190 } 191 return $recaptcha_response; 192 193} 194 195/** 196 * gets a URL where the user can sign up for reCAPTCHA. If your application 197 * has a configuration page where you enter a key, you should provide a link 198 * using this function. 199 * @param string $domain The domain where the page is hosted 200 * @param string $appname The name of your application 201 */ 202function recaptcha_get_signup_url ($domain = null, $appname = null) { 203 return "http://recaptcha.net/api/getkey?" . _recaptcha_qsencode (array ('domain' => $domain, 'app' => $appname)); 204} 205 206function _recaptcha_aes_pad($val) { 207 $block_size = 16; 208 $numpad = $block_size - (strlen ($val) % $block_size); 209 return str_pad($val, strlen ($val) + $numpad, chr($numpad)); 210} 211 212/* Mailhide related code */ 213 214function _recaptcha_aes_encrypt($val,$ky) { 215 if (! function_exists ("mcrypt_encrypt")) { 216 die ("To use reCAPTCHA Mailhide, you need to have the mcrypt php module installed."); 217 } 218 $mode=MCRYPT_MODE_CBC; 219 $enc=MCRYPT_RIJNDAEL_128; 220 $val=_recaptcha_aes_pad($val); 221 return mcrypt_encrypt($enc, $ky, $val, $mode, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"); 222} 223 224 225function _recaptcha_mailhide_urlbase64 ($x) { 226 return strtr(base64_encode ($x), '+/', '-_'); 227} 228 229/* gets the reCAPTCHA Mailhide url for a given email, public key and private key */ 230function recaptcha_mailhide_url($pubkey, $privkey, $email) { 231 if ($pubkey == '' || $pubkey == null || $privkey == "" || $privkey == null) { 232 die ("To use reCAPTCHA Mailhide, you have to sign up for a public and private key, " . 233 "you can do so at <a href='http://mailhide.recaptcha.net/apikey'>http://mailhide.recaptcha.net/apikey</a>"); 234 } 235 236 237 $ky = pack('H*', $privkey); 238 $cryptmail = _recaptcha_aes_encrypt ($email, $ky); 239 240 return "http://mailhide.recaptcha.net/d?k=" . $pubkey . "&c=" . _recaptcha_mailhide_urlbase64 ($cryptmail); 241} 242 243/** 244 * gets the parts of the email to expose to the user. 245 * eg, given johndoe@example,com return ["john", "example.com"]. 246 * the email is then displayed as john...@example.com 247 */ 248function _recaptcha_mailhide_email_parts ($email) { 249 $arr = preg_split("/@/", $email ); 250 251 if (strlen ($arr[0]) <= 4) { 252 $arr[0] = substr ($arr[0], 0, 1); 253 } else if (strlen ($arr[0]) <= 6) { 254 $arr[0] = substr ($arr[0], 0, 3); 255 } else { 256 $arr[0] = substr ($arr[0], 0, 4); 257 } 258 return $arr; 259} 260 261/** 262 * Gets html to display an email address given a public an private key. 263 * to get a key, go to: 264 * 265 * http://mailhide.recaptcha.net/apikey 266 */ 267function recaptcha_mailhide_html($pubkey, $privkey, $email) { 268 $emailparts = _recaptcha_mailhide_email_parts ($email); 269 $url = recaptcha_mailhide_url ($pubkey, $privkey, $email); 270 271 return htmlentities($emailparts[0]) . "<a href='" . htmlentities ($url) . 272 "' onclick=\"window.open('" . htmlentities ($url) . "', '', 'toolbar=0,scrollbars=0,location=0,statusbar=0,menubar=0,resizable=0,width=500,height=300'); return false;\" title=\"Reveal this e-mail address\">...</a>@" . htmlentities ($emailparts [1]); 273 274} 275 276 277?> 278