MediaWiki REL1_31
ReCaptcha.class.php
Go to the documentation of this file.
1<?php
2
4
5class ReCaptcha extends SimpleCaptcha {
6 // used for recaptcha-edit, recaptcha-addurl, recaptcha-badlogin, recaptcha-createaccount,
7 // recaptcha-create, recaptcha-sendemail via getMessage()
8 protected static $messagePrefix = 'recaptcha-';
9
10 // reCAPTHCA error code returned from recaptcha_check_answer
11 private $recaptcha_error = null;
12
19 function getFormInformation( $tabIndex = 1 ) {
20 global $wgReCaptchaPublicKey, $wgReCaptchaTheme;
21
22 wfDeprecated( 'ConfirmEdit module ReCaptcha', '1.28' );
23 $useHttps = ( isset( $_SERVER['HTTPS'] ) && $_SERVER['HTTPS'] == 'on' );
24 $js = 'var RecaptchaOptions = ' . Xml::encodeJsVar(
25 [ 'theme' => $wgReCaptchaTheme, 'tabindex' => $tabIndex ]
26 );
27
28 return [
29 'html' => Html::inlineScript( $js ) .
30 recaptcha_get_html( $wgReCaptchaPublicKey, $this->recaptcha_error, $useHttps )
31 ];
32 }
33
39 // API is hardwired to return captchaId and captchaWord,
40 // so use that if the standard two are empty
41 $challenge = $request->getVal( 'recaptcha_challenge_field', $request->getVal( 'captchaId' ) );
42 $response = $request->getVal( 'recaptcha_response_field', $request->getVal( 'captchaWord' ) );
43 return [ $challenge, $response ];
44 }
45
53 function passCaptcha( $challenge, $response ) {
54 global $wgReCaptchaPrivateKey, $wgRequest;
55
56 if ( $response === null ) {
57 // new captcha session
58 return false;
59 }
60
61 $ip = $wgRequest->getIP();
62
63 $recaptcha_response =
64 recaptcha_check_answer( $wgReCaptchaPrivateKey, $ip, $challenge, $response );
65
66 if ( !$recaptcha_response->is_valid ) {
67 $this->recaptcha_error = $recaptcha_response->error;
68 return false;
69 }
70
71 $recaptcha_error = null;
72
73 return true;
74 }
75
79 function addCaptchaAPI( &$resultArr ) {
80 $resultArr['captcha'] = $this->describeCaptchaType();
81 $resultArr['captcha']['error'] = $this->recaptcha_error;
82 }
83
87 public function describeCaptchaType() {
88 global $wgReCaptchaPublicKey;
89 return [
90 'type' => 'recaptcha',
91 'mime' => 'image/png',
92 'key' => $wgReCaptchaPublicKey,
93 ];
94 }
95
102 public function APIGetAllowedParams( &$module, &$params, $flags ) {
103 if ( $flags && $this->isAPICaptchaModule( $module ) ) {
104 $params['recaptcha_challenge_field'] = [
105 ApiBase::PARAM_HELP_MSG => 'recaptcha-apihelp-param-recaptcha_challenge_field',
106 ];
107 $params['recaptcha_response_field'] = [
108 ApiBase::PARAM_HELP_MSG => 'recaptcha-apihelp-param-recaptcha_response_field',
109 ];
110 }
111
112 return true;
113 }
114
118 public function getError() {
119 // do not treat failed captcha attempts as errors
120 if ( in_array( $this->recaptcha_error, [
121 'invalid-request-cookie', 'incorrect-captcha-sol',
122 ], true ) ) {
123 return null;
124 }
125
127 }
128
129 public function storeCaptcha( $info ) {
130 // ReCaptcha is stored by Google; the ID will be generated at that time as well, and
131 // the one returned here won't be used. Just pretend this worked.
132 return 'not used';
133 }
134
135 public function retrieveCaptcha( $index ) {
136 // just pretend it worked
137 return [ 'index' => $index ];
138 }
139
140 public function getCaptcha() {
141 // ReCaptcha is handled by frontend code + an external provider; nothing to do here.
142 return [];
143 }
144
150 public function getCaptchaInfo( $captchaData, $id ) {
151 return wfMessage( 'recaptcha-info' );
152 }
153
157 public function createAuthenticationRequest() {
159 }
160
167 public function onAuthChangeFormFields(
168 array $requests, array $fieldInfo, array &$formDescriptor, $action
169 ) {
170 global $wgReCaptchaPublicKey, $wgReCaptchaTheme;
171
172 $req = AuthenticationRequest::getRequestByClass( $requests,
173 CaptchaAuthenticationRequest::class, true );
174 if ( !$req ) {
175 return;
176 }
177
178 // ugly way to retrieve error information
180
181 $formDescriptor['captchaInfo'] = [
182 'class' => HTMLReCaptchaField::class,
183 'key' => $wgReCaptchaPublicKey,
184 'theme' => $wgReCaptchaTheme,
185 'secure' => isset( $_SERVER['HTTPS'] ) && $_SERVER['HTTPS'] === 'on',
186 'error' => $captcha->getError(),
187 ] + $formDescriptor['captchaInfo'];
188
189 // the custom form element cannot return multiple fields; work around that by
190 // "redirecting" ReCaptcha names to standard names
191 $formDescriptor['captchaId'] = [
192 'class' => HTMLSubmittedValueField::class,
193 'name' => 'recaptcha_challenge_field',
194 ];
195 $formDescriptor['captchaWord'] = [
196 'class' => HTMLSubmittedValueField::class,
197 'name' => 'recaptcha_response_field',
198 ];
199 }
200}
wfDeprecated( $function, $version=false, $component=false, $callerOffset=2)
Throws a warning that $function is deprecated.
if(! $wgDBerrorLogTZ) $wgRequest
Definition Setup.php:737
const PARAM_HELP_MSG
(string|array|Message) Specify an alternative i18n documentation message for this parameter.
Definition ApiBase.php:124
static getInstance()
Get the global Captcha instance.
This is a value object for authentication requests.
Authentication request for ReCaptcha v1.
storeCaptcha( $info)
Generate a captcha session ID and save the info in PHP's session storage.
getFormInformation( $tabIndex=1)
Displays the reCAPTCHA widget.
onAuthChangeFormFields(array $requests, array $fieldInfo, array &$formDescriptor, $action)
passCaptcha( $challenge, $response)
Calls the library function recaptcha_check_answer to verify the users input.
createAuthenticationRequest()
static $messagePrefix
retrieveCaptcha( $index)
Fetch this session's captcha info.
addCaptchaAPI(&$resultArr)
getCaptchaParamsFromRequest(WebRequest $request)
getCaptcha()
Returns an array with 'question' and 'answer' keys.
APIGetAllowedParams(&$module, &$params, $flags)
getCaptchaInfo( $captchaData, $id)
Demo CAPTCHA (not for production usage) and base class for real CAPTCHAs.
Definition Captcha.php:8
isAPICaptchaModule( $module)
Definition Captcha.php:921
string $action
Used to select the right message.
Definition Captcha.php:19
The WebRequest class encapsulates getting at data passed in the URL or via a POSTed form stripping il...
this hook is for auditing only $req
Definition hooks.txt:990
do that in ParserLimitReportFormat instead use this to modify the parameters of the image all existing parser cache entries will be invalid To avoid you ll need to handle that somehow(e.g. with the RejectParserCacheValue hook) because MediaWiki won 't do it for you. & $defaults also a ContextSource after deleting those rows but within the same transaction you ll probably need to make sure the header is varied on $request
Definition hooks.txt:2806
either a unescaped string or a HtmlArmor object after in associative array form externallinks including delete and has completed for all link tables whether this was an auto creation default is conds Array Extra conditions for the No matching items in log is displayed if loglist is empty msgKey Array If you want a nice box with a set this to the key of the message First element is the message additional optional elements are parameters for the key that are processed with wfMessage() -> params() ->parseAsBlock() - offset Set to overwrite offset parameter in $wgRequest set to '' to unset offset - wrap String Wrap the message in html(usually something like "&lt;div ...>$1&lt;/div>"). - flags Integer display flags(NO_ACTION_LINK, NO_EXTRA_USER_LINKS) 'LogException':Called before an exception(or PHP error) is logged. This is meant for integration with external error aggregation services
Allows to change the fields on the form that will be generated are created Can be used to omit specific feeds from being outputted You must not use this hook to add use OutputPage::addFeedLink() instead. & $feedLinks hooks can tweak the array to change how login etc forms should look $requests
Definition hooks.txt:304
this hook is for auditing only $response
Definition hooks.txt:783
recaptcha_get_html( $pubkey, $error=null, $use_ssl=false)
Gets the challenge HTML (javascript and non-javascript version).
recaptcha_check_answer( $privkey, $remoteip, $challenge, $response, $extra_params=array())
Calls an HTTP POST function to verify if the user's guess was correct.
$params