MediaWiki REL1_30
ReCaptcha.class.php
Go to the documentation of this file.
1<?php
2
3use MediaWiki\Auth\AuthenticationRequest;
4
5class ReCaptcha extends SimpleCaptcha {
6 // used for recaptcha-edit, recaptcha-addurl, recaptcha-badlogin, recaptcha-createaccount,
7 // recaptcha-create, recaptcha-sendemail via getMessage()
8 protected static $messagePrefix = 'recaptcha-';
9
10 // reCAPTHCA error code returned from recaptcha_check_answer
11 private $recaptcha_error = null;
12
17 function getFormInformation( $tabIndex = 1 ) {
18 global $wgReCaptchaPublicKey, $wgReCaptchaTheme;
19
20 wfDeprecated( 'ConfirmEdit module ReCaptcha', '1.28' );
21 $useHttps = ( isset( $_SERVER['HTTPS'] ) && $_SERVER['HTTPS'] == 'on' );
22 $js = 'var RecaptchaOptions = ' . Xml::encodeJsVar(
23 [ 'theme' => $wgReCaptchaTheme, 'tabindex' => $tabIndex ]
24 );
25
26 return [
27 'html' => Html::inlineScript( $js ) .
28 recaptcha_get_html( $wgReCaptchaPublicKey, $this->recaptcha_error, $useHttps )
29 ];
30 }
31
36 protected function getCaptchaParamsFromRequest( WebRequest $request ) {
37 // API is hardwired to return captchaId and captchaWord,
38 // so use that if the standard two are empty
39 $challenge = $request->getVal( 'recaptcha_challenge_field', $request->getVal( 'captchaId' ) );
40 $response = $request->getVal( 'recaptcha_response_field', $request->getVal( 'captchaWord' ) );
41 return [ $challenge, $response ];
42 }
43
51 function passCaptcha( $challenge, $response ) {
52 global $wgReCaptchaPrivateKey, $wgRequest;
53
54 if ( $response === null ) {
55 // new captcha session
56 return false;
57 }
58
59 $ip = $wgRequest->getIP();
60
61 $recaptcha_response =
62 recaptcha_check_answer( $wgReCaptchaPrivateKey, $ip, $challenge, $response );
63
64 if ( !$recaptcha_response->is_valid ) {
65 $this->recaptcha_error = $recaptcha_response->error;
66 return false;
67 }
68
69 $recaptcha_error = null;
70
71 return true;
72 }
73
77 function addCaptchaAPI( &$resultArr ) {
78 $resultArr['captcha'] = $this->describeCaptchaType();
79 $resultArr['captcha']['error'] = $this->recaptcha_error;
80 }
81
85 public function describeCaptchaType() {
86 global $wgReCaptchaPublicKey;
87 return [
88 'type' => 'recaptcha',
89 'mime' => 'image/png',
90 'key' => $wgReCaptchaPublicKey,
91 ];
92 }
93
100 public function APIGetAllowedParams( &$module, &$params, $flags ) {
101 if ( $flags && $this->isAPICaptchaModule( $module ) ) {
102 $params['recaptcha_challenge_field'] = [
103 ApiBase::PARAM_HELP_MSG => 'recaptcha-apihelp-param-recaptcha_challenge_field',
104 ];
105 $params['recaptcha_response_field'] = [
106 ApiBase::PARAM_HELP_MSG => 'recaptcha-apihelp-param-recaptcha_response_field',
107 ];
108 }
109
110 return true;
111 }
112
116 public function getError() {
117 // do not treat failed captcha attempts as errors
118 if ( in_array( $this->recaptcha_error, [
119 'invalid-request-cookie', 'incorrect-captcha-sol',
120 ], true ) ) {
121 return null;
122 }
123
124 return $this->recaptcha_error;
125 }
126
127 public function storeCaptcha( $info ) {
128 // ReCaptcha is stored by Google; the ID will be generated at that time as well, and
129 // the one returned here won't be used. Just pretend this worked.
130 return 'not used';
131 }
132
133 public function retrieveCaptcha( $index ) {
134 // just pretend it worked
135 return [ 'index' => $index ];
136 }
137
138 public function getCaptcha() {
139 // ReCaptcha is handled by frontend code + an external provider; nothing to do here.
140 return [];
141 }
142
148 public function getCaptchaInfo( $captchaData, $id ) {
149 return wfMessage( 'recaptcha-info' );
150 }
151
155 public function createAuthenticationRequest() {
156 return new ReCaptchaAuthenticationRequest();
157 }
158
165 public function onAuthChangeFormFields(
166 array $requests, array $fieldInfo, array &$formDescriptor, $action
167 ) {
168 global $wgReCaptchaPublicKey, $wgReCaptchaTheme;
169
170 $req = AuthenticationRequest::getRequestByClass( $requests,
171 CaptchaAuthenticationRequest::class, true );
172 if ( !$req ) {
173 return;
174 }
175
176 // ugly way to retrieve error information
177 $captcha = ConfirmEditHooks::getInstance();
178
179 $formDescriptor['captchaInfo'] = [
180 'class' => HTMLReCaptchaField::class,
181 'key' => $wgReCaptchaPublicKey,
182 'theme' => $wgReCaptchaTheme,
183 'secure' => isset( $_SERVER['HTTPS'] ) && $_SERVER['HTTPS'] === 'on',
184 'error' => $captcha->getError(),
185 ] + $formDescriptor['captchaInfo'];
186
187 // the custom form element cannot return multiple fields; work around that by
188 // "redirecting" ReCaptcha names to standard names
189 $formDescriptor['captchaId'] = [
190 'class' => HTMLSubmittedValueField::class,
191 'name' => 'recaptcha_challenge_field',
192 ];
193 $formDescriptor['captchaWord'] = [
194 'class' => HTMLSubmittedValueField::class,
195 'name' => 'recaptcha_response_field',
196 ];
197 }
198}
wfDeprecated
wfDeprecated( $function, $version=false, $component=false, $callerOffset=2)
Throws a warning that $function is deprecated.
Definition GlobalFunctions.php:1177
$wgRequest
if(! $wgDBerrorLogTZ) $wgRequest
Definition Setup.php:662
ApiBase\PARAM_HELP_MSG
const PARAM_HELP_MSG
(string|array|Message) Specify an alternative i18n documentation message for this parameter.
Definition ApiBase.php:128
ConfirmEditHooks\getInstance
static getInstance()
Get the global Captcha instance.
Definition ConfirmEditHooks.php:13
MediaWiki\Auth\AuthenticationRequest
This is a value object for authentication requests.
Definition AuthenticationRequest.php:37
ReCaptchaAuthenticationRequest
Authentication request for ReCaptcha v1.
Definition ReCaptchaAuthenticationRequest.php:9
ReCaptcha\storeCaptcha
storeCaptcha( $info)
Generate a captcha session ID and save the info in PHP's session storage.
Definition ReCaptcha.class.php:127
ReCaptcha\getFormInformation
getFormInformation( $tabIndex=1)
Displays the reCAPTCHA widget.
Definition ReCaptcha.class.php:17
ReCaptcha\onAuthChangeFormFields
onAuthChangeFormFields(array $requests, array $fieldInfo, array &$formDescriptor, $action)
Definition ReCaptcha.class.php:165
ReCaptcha\passCaptcha
passCaptcha( $challenge, $response)
Calls the library function recaptcha_check_answer to verify the users input.
Definition ReCaptcha.class.php:51
ReCaptcha\createAuthenticationRequest
createAuthenticationRequest()
Definition ReCaptcha.class.php:155
ReCaptcha\$messagePrefix
static $messagePrefix
Definition ReCaptcha.class.php:8
ReCaptcha\retrieveCaptcha
retrieveCaptcha( $index)
Fetch this session's captcha info.
Definition ReCaptcha.class.php:133
ReCaptcha\addCaptchaAPI
addCaptchaAPI(&$resultArr)
Definition ReCaptcha.class.php:77
ReCaptcha\getCaptchaParamsFromRequest
getCaptchaParamsFromRequest(WebRequest $request)
Definition ReCaptcha.class.php:36
ReCaptcha\getCaptcha
getCaptcha()
Returns an array with 'question' and 'answer' keys.
Definition ReCaptcha.class.php:138
ReCaptcha\APIGetAllowedParams
APIGetAllowedParams(&$module, &$params, $flags)
Definition ReCaptcha.class.php:100
ReCaptcha\getCaptchaInfo
getCaptchaInfo( $captchaData, $id)
Definition ReCaptcha.class.php:148
SimpleCaptcha
Demo CAPTCHA (not for production usage) and base class for real CAPTCHAs.
Definition Captcha.php:9
SimpleCaptcha\isAPICaptchaModule
isAPICaptchaModule( $module)
Definition Captcha.php:893
SimpleCaptcha\$action
string $action
Used to select the right message.
Definition Captcha.php:20
WebRequest
The WebRequest class encapsulates getting at data passed in the URL or via a POSTed form stripping il...
Definition WebRequest.php:38
$req
this hook is for auditing only $req
Definition hooks.txt:988
$request
do that in ParserLimitReportFormat instead use this to modify the parameters of the image all existing parser cache entries will be invalid To avoid you ll need to handle that somehow(e.g. with the RejectParserCacheValue hook) because MediaWiki won 't do it for you. & $defaults also a ContextSource after deleting those rows but within the same transaction you ll probably need to make sure the header is varied on $request
Definition hooks.txt:2775
wfMessage
either a unescaped string or a HtmlArmor object after in associative array form externallinks including delete and has completed for all link tables whether this was an auto creation default is conds Array Extra conditions for the No matching items in log is displayed if loglist is empty msgKey Array If you want a nice box with a set this to the key of the message First element is the message additional optional elements are parameters for the key that are processed with wfMessage() -> params() ->parseAsBlock() - offset Set to overwrite offset parameter in $wgRequest set to '' to unset offset - wrap String Wrap the message in html(usually something like "&lt;div ...>$1&lt;/div>"). - flags Integer display flags(NO_ACTION_LINK, NO_EXTRA_USER_LINKS) 'LogException':Called before an exception(or PHP error) is logged. This is meant for integration with external error aggregation services
$flags
it s the revision text itself In either if gzip is the revision text is gzipped $flags
Definition hooks.txt:2805
$requests
Allows to change the fields on the form that will be generated are created Can be used to omit specific feeds from being outputted You must not use this hook to add use OutputPage::addFeedLink() instead. & $feedLinks hooks can tweak the array to change how login etc forms should look $requests
Definition hooks.txt:304
$response
this hook is for auditing only $response
Definition hooks.txt:781
recaptcha_get_html
recaptcha_get_html( $pubkey, $error=null, $use_ssl=false)
Gets the challenge HTML (javascript and non-javascript version).
Definition recaptchalib.php:106
recaptcha_check_answer
recaptcha_check_answer( $privkey, $remoteip, $challenge, $response, $extra_params=array())
Calls an HTTP POST function to verify if the user's guess was correct.
Definition recaptchalib.php:152
$params
$params
Definition styleTest.css.php:40