MediaWiki  1.33.0
ReCaptcha.php
Go to the documentation of this file.
1 <?php
2 
3 use MediaWiki\Auth\AuthenticationRequest;
4 
5 class ReCaptcha extends SimpleCaptcha {
6  // used for recaptcha-edit, recaptcha-addurl, recaptcha-badlogin, recaptcha-createaccount,
7  // recaptcha-create, recaptcha-sendemail via getMessage()
8  protected static $messagePrefix = 'recaptcha-';
9 
10  // reCAPTHCA error code returned from recaptcha_check_answer
11  private $recaptcha_error = null;
12 
19  public function getFormInformation( $tabIndex = 1 ) {
20  global $wgReCaptchaPublicKey, $wgReCaptchaTheme;
21 
22  wfDeprecated( 'ConfirmEdit module ReCaptcha', '1.28' );
23  $useHttps = ( isset( $_SERVER['HTTPS'] ) && $_SERVER['HTTPS'] == 'on' );
24  $js = 'var RecaptchaOptions = ' . Xml::encodeJsVar(
25  [ 'theme' => $wgReCaptchaTheme, 'tabindex' => $tabIndex ]
26  );
27 
28  return [
29  'html' => Html::inlineScript( $js ) .
30  recaptcha_get_html( $wgReCaptchaPublicKey, $this->recaptcha_error, $useHttps )
31  ];
32  }
33 
38  protected function getCaptchaParamsFromRequest( WebRequest $request ) {
39  // API is hardwired to return captchaId and captchaWord,
40  // so use that if the standard two are empty
41  $challenge = $request->getVal( 'recaptcha_challenge_field', $request->getVal( 'captchaId' ) );
42  $response = $request->getVal( 'recaptcha_response_field', $request->getVal( 'captchaWord' ) );
43  return [ $challenge, $response ];
44  }
45 
53  protected function passCaptcha( $challenge, $response ) {
54  global $wgReCaptchaPrivateKey, $wgRequest;
55 
56  if ( $response === null ) {
57  // new captcha session
58  return false;
59  }
60 
61  $ip = $wgRequest->getIP();
62 
63  $recaptcha_response =
64  recaptcha_check_answer( $wgReCaptchaPrivateKey, $ip, $challenge, $response );
65 
66  if ( !$recaptcha_response->is_valid ) {
67  $this->recaptcha_error = $recaptcha_response->error;
68  return false;
69  }
70 
71  $recaptcha_error = null;
72 
73  return true;
74  }
75 
79  protected function addCaptchaAPI( &$resultArr ) {
80  $resultArr['captcha'] = $this->describeCaptchaType();
81  $resultArr['captcha']['error'] = $this->recaptcha_error;
82  }
83 
87  public function describeCaptchaType() {
88  global $wgReCaptchaPublicKey;
89  return [
90  'type' => 'recaptcha',
91  'mime' => 'image/png',
92  'key' => $wgReCaptchaPublicKey,
93  ];
94  }
95 
102  public function apiGetAllowedParams( &$module, &$params, $flags ) {
103  if ( $flags && $this->isAPICaptchaModule( $module ) ) {
104  $params['recaptcha_challenge_field'] = [
105  ApiBase::PARAM_HELP_MSG => 'recaptcha-apihelp-param-recaptcha_challenge_field',
106  ];
107  $params['recaptcha_response_field'] = [
108  ApiBase::PARAM_HELP_MSG => 'recaptcha-apihelp-param-recaptcha_response_field',
109  ];
110  }
111 
112  return true;
113  }
114 
118  public function getError() {
119  // do not treat failed captcha attempts as errors
120  if ( in_array( $this->recaptcha_error, [
121  'invalid-request-cookie', 'incorrect-captcha-sol',
122  ], true ) ) {
123  return null;
124  }
125 
126  return $this->recaptcha_error;
127  }
128 
129  public function storeCaptcha( $info ) {
130  // ReCaptcha is stored by Google; the ID will be generated at that time as well, and
131  // the one returned here won't be used. Just pretend this worked.
132  return 'not used';
133  }
134 
135  public function retrieveCaptcha( $index ) {
136  // just pretend it worked
137  return [ 'index' => $index ];
138  }
139 
140  public function getCaptcha() {
141  // ReCaptcha is handled by frontend code + an external provider; nothing to do here.
142  return [];
143  }
144 
150  public function getCaptchaInfo( $captchaData, $id ) {
151  return wfMessage( 'recaptcha-info' );
152  }
153 
157  public function createAuthenticationRequest() {
158  return new ReCaptchaAuthenticationRequest();
159  }
160 
167  public function onAuthChangeFormFields(
168  array $requests, array $fieldInfo, array &$formDescriptor, $action
169  ) {
170  global $wgReCaptchaPublicKey, $wgReCaptchaTheme;
171 
172  $req = AuthenticationRequest::getRequestByClass( $requests,
173  CaptchaAuthenticationRequest::class, true );
174  if ( !$req ) {
175  return;
176  }
177 
178  // ugly way to retrieve error information
179  $captcha = ConfirmEditHooks::getInstance();
180 
181  $formDescriptor['captchaInfo'] = [
182  'class' => HTMLReCaptchaField::class,
183  'key' => $wgReCaptchaPublicKey,
184  'theme' => $wgReCaptchaTheme,
185  'secure' => isset( $_SERVER['HTTPS'] ) && $_SERVER['HTTPS'] === 'on',
186  'error' => $captcha->getError(),
187  ] + $formDescriptor['captchaInfo'];
188 
189  // the custom form element cannot return multiple fields; work around that by
190  // "redirecting" ReCaptcha names to standard names
191  $formDescriptor['captchaId'] = [
192  'class' => HTMLSubmittedValueField::class,
193  'name' => 'recaptcha_challenge_field',
194  ];
195  $formDescriptor['captchaWord'] = [
196  'class' => HTMLSubmittedValueField::class,
197  'name' => 'recaptcha_response_field',
198  ];
199  }
200 }
ReCaptcha
Definition: ReCaptcha.php:5
ReCaptcha\describeCaptchaType
describeCaptchaType()
Definition: ReCaptcha.php:87
ReCaptcha\onAuthChangeFormFields
onAuthChangeFormFields(array $requests, array $fieldInfo, array &$formDescriptor, $action)
Definition: ReCaptcha.php:167
ApiBase\PARAM_HELP_MSG
const PARAM_HELP_MSG
(string|array|Message) Specify an alternative i18n documentation message for this parameter.
Definition: ApiBase.php:124
$req
this hook is for auditing only $req
Definition: hooks.txt:979
$params
$params
Definition: styleTest.css.php:44
ReCaptcha\getCaptchaInfo
getCaptchaInfo( $captchaData, $id)
Definition: ReCaptcha.php:150
$formDescriptor
either a unescaped string or a HtmlArmor object after in associative array form externallinks including delete and has completed for all link tables whether this was an auto creation use $formDescriptor instead & $formDescriptor
Definition: hooks.txt:2064
SimpleCaptcha\$action
string $action
Used to select the right message.
Definition: SimpleCaptcha.php:19
ConfirmEditHooks\getInstance
static getInstance()
Get the global Captcha instance.
Definition: ConfirmEditHooks.php:11
Xml\encodeJsVar
static encodeJsVar( $value, $pretty=false)
Encode a variable of arbitrary type to JavaScript.
Definition: Xml.php:659
ReCaptcha\retrieveCaptcha
retrieveCaptcha( $index)
Fetch this session's captcha info.
Definition: ReCaptcha.php:135
php
injection txt This is an overview of how MediaWiki makes use of dependency injection The design described here grew from the discussion of RFC T384 The term dependency this means that anything an object needs to operate should be injected from the the object itself should only know narrow no concrete implementation of the logic it relies on The requirement to inject everything typically results in an architecture that based on two main types of and essentially stateless service objects that use other service objects to operate on the value objects As of the beginning MediaWiki is only starting to use the DI approach Much of the code still relies on global state or direct resulting in a highly cyclical dependency which acts as the top level factory for services in MediaWiki which can be used to gain access to default instances of various services MediaWikiServices however also allows new services to be defined and default services to be redefined Services are defined or redefined by providing a callback the instantiator that will return a new instance of the service When it will create an instance of MediaWikiServices and populate it with the services defined in the files listed by thereby bootstrapping the DI framework Per $wgServiceWiringFiles lists includes ServiceWiring php
Definition: injection.txt:35
ReCaptcha\passCaptcha
passCaptcha( $challenge, $response)
Calls the library function recaptcha_check_answer to verify the users input.
Definition: ReCaptcha.php:53
wfDeprecated
wfDeprecated( $function, $version=false, $component=false, $callerOffset=2)
Throws a warning that $function is deprecated.
Definition: GlobalFunctions.php:1078
recaptcha_get_html
recaptcha_get_html( $pubkey, $error=null, $use_ssl=false)
Gets the challenge HTML (javascript and non-javascript version).
Definition: recaptchalib.php:106
use
as see the revision history and available at free of to any person obtaining a copy of this software and associated documentation to deal in the Software without including without limitation the rights to use
Definition: MIT-LICENSE.txt:10
ReCaptchaAuthenticationRequest
Authentication request for ReCaptcha v1.
Definition: ReCaptchaAuthenticationRequest.php:9
ReCaptcha\apiGetAllowedParams
apiGetAllowedParams(&$module, &$params, $flags)
Definition: ReCaptcha.php:102
array
The wiki should then use memcached to cache various data To use multiple just add more items to the array To increase the weight of a make its entry a array("192.168.0.1:11211", 2))
ReCaptcha\getCaptchaParamsFromRequest
getCaptchaParamsFromRequest(WebRequest $request)
Definition: ReCaptcha.php:38
$request
do that in ParserLimitReportFormat instead use this to modify the parameters of the image all existing parser cache entries will be invalid To avoid you ll need to handle that somehow(e.g. with the RejectParserCacheValue hook) because MediaWiki won 't do it for you. & $defaults also a ContextSource after deleting those rows but within the same transaction you ll probably need to make sure the header is varied on $request
Definition: hooks.txt:2636
ReCaptcha\$messagePrefix
static $messagePrefix
Definition: ReCaptcha.php:8
ReCaptcha\getError
getError()
Definition: ReCaptcha.php:118
SimpleCaptcha
Demo CAPTCHA (not for production usage) and base class for real CAPTCHAs.
Definition: SimpleCaptcha.php:8
$response
this hook is for auditing only $response
Definition: hooks.txt:780
WebRequest
The WebRequest class encapsulates getting at data passed in the URL or via a POSTed form stripping il...
Definition: WebRequest.php:41
SimpleCaptcha\isAPICaptchaModule
isAPICaptchaModule( $module)
Definition: SimpleCaptcha.php:918
ReCaptcha\createAuthenticationRequest
createAuthenticationRequest()
Definition: ReCaptcha.php:157
ReCaptcha\addCaptchaAPI
addCaptchaAPI(&$resultArr)
Definition: ReCaptcha.php:79
$requests
Allows to change the fields on the form that will be generated are created Can be used to omit specific feeds from being outputted You must not use this hook to add use OutputPage::addFeedLink() instead. & $feedLinks hooks can tweak the array to change how login etc forms should look $requests
Definition: hooks.txt:273
ReCaptcha\getFormInformation
getFormInformation( $tabIndex=1)
Displays the reCAPTCHA widget.
Definition: ReCaptcha.php:19
class
you have access to all of the normal MediaWiki so you can get a DB use the etc For full docs on the Maintenance class
Definition: maintenance.txt:52
ReCaptcha\getCaptcha
getCaptcha()
Returns an array with 'question' and 'answer' keys.
Definition: ReCaptcha.php:140
$wgRequest
if(! $wgDBerrorLogTZ) $wgRequest
Definition: Setup.php:728
wfMessage
either a unescaped string or a HtmlArmor object after in associative array form externallinks including delete and has completed for all link tables whether this was an auto creation use $formDescriptor instead default is conds Array Extra conditions for the No matching items in log is displayed if loglist is empty msgKey Array If you want a nice box with a set this to the key of the message First element is the message additional optional elements are parameters for the key that are processed with wfMessage() -> params() ->parseAsBlock() - offset Set to overwrite offset parameter in $wgRequest set to '' to unset offset - wrap String Wrap the message in html(usually something like "&lt
MediaWiki\Auth\AuthenticationRequest
This is a value object for authentication requests.
Definition: AuthenticationRequest.php:37
ReCaptcha\$recaptcha_error
$recaptcha_error
Definition: ReCaptcha.php:11
ReCaptcha\storeCaptcha
storeCaptcha( $info)
Generate a captcha session ID and save the info in PHP's session storage.
Definition: ReCaptcha.php:129