* @license GNU General Public License, version 2 (GPL-2.0) * * For full copyright and license information, please see * the docs/CREDITS.txt file. * */ namespace phpbb\captcha\plugins; /** * And now to something completely different. Let's make a captcha without extending the abstract class. * QA CAPTCHA sample implementation */ class qa { var $confirm_id; var $answer; var $question_ids; var $question_text; var $question_lang; var $question_strict; var $attempts = 0; var $type; // dirty trick: 0 is false, but can still encode that the captcha is not yet validated var $solved = 0; protected $table_captcha_questions; protected $table_captcha_answers; protected $table_qa_confirm; /** * @var string name of the service. */ protected $service_name; /** * Constructor * * @param string $table_captcha_questions * @param string $table_captcha_answers * @param string $table_qa_confirm */ function __construct($table_captcha_questions, $table_captcha_answers, $table_qa_confirm) { $this->table_captcha_questions = $table_captcha_questions; $this->table_captcha_answers = $table_captcha_answers; $this->table_qa_confirm = $table_qa_confirm; } /** * @param int $type as per the CAPTCHA API docs, the type */ function init($type) { global $config, $db, $user, $request; // load our language file $user->add_lang('captcha_qa'); // read input $this->confirm_id = $request->variable('qa_confirm_id', ''); $this->answer = $request->variable('qa_answer', '', true); $this->type = (int) $type; $this->question_lang = $user->lang_name; // we need all defined questions - shouldn't be too many, so we can just grab them // try the user's lang first $sql = 'SELECT question_id FROM ' . $this->table_captcha_questions . " WHERE lang_iso = '" . $db->sql_escape($user->lang_name) . "'"; $result = $db->sql_query($sql, 3600); while ($row = $db->sql_fetchrow($result)) { $this->question_ids[$row['question_id']] = $row['question_id']; } $db->sql_freeresult($result); // fallback to the board default lang if (!count($this->question_ids)) { $this->question_lang = $config['default_lang']; $sql = 'SELECT question_id FROM ' . $this->table_captcha_questions . " WHERE lang_iso = '" . $db->sql_escape($config['default_lang']) . "'"; $result = $db->sql_query($sql, 7200); while ($row = $db->sql_fetchrow($result)) { $this->question_ids[$row['question_id']] = $row['question_id']; } $db->sql_freeresult($result); } // final fallback to any language if (!count($this->question_ids)) { $this->question_lang = ''; $sql = 'SELECT q.question_id, q.lang_iso FROM ' . $this->table_captcha_questions . ' q, ' . $this->table_captcha_answers . ' a WHERE q.question_id = a.question_id GROUP BY lang_iso'; $result = $db->sql_query($sql, 7200); while ($row = $db->sql_fetchrow($result)) { if (empty($this->question_lang)) { $this->question_lang = $row['lang_iso']; } $this->question_ids[$row['question_id']] = $row['question_id']; } $db->sql_freeresult($result); } // okay, if there is a confirm_id, we try to load that confirm's state. If not, we try to find one if (!$this->load_answer() && (!$this->load_confirm_id() || !$this->load_answer())) { // we have no valid confirm ID, better get ready to ask something $this->select_question(); } } /** * See if the captcha has created its tables. */ public function is_installed() { global $phpbb_container; $db_tool = $phpbb_container->get('dbal.tools'); return $db_tool->sql_table_exists($this->table_captcha_questions); } /** * API function - for the captcha to be available, it must have installed itself and there has to be at least one question in the board's default lang */ public function is_available() { global $config, $db, $user; // load language file for pretty display in the ACP dropdown $user->add_lang('captcha_qa'); if (!$this->is_installed()) { return false; } $sql = 'SELECT COUNT(question_id) AS question_count FROM ' . $this->table_captcha_questions . " WHERE lang_iso = '" . $db->sql_escape($config['default_lang']) . "'"; $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); return ((bool) $row['question_count']); } /** * API function */ function has_config() { return true; } /** * API function */ static public function get_name() { return 'CAPTCHA_QA'; } /** * @return string the name of the service corresponding to the plugin */ function get_service_name() { return $this->service_name; } /** * Set the name of the plugin * * @param string $name */ public function set_name($name) { $this->service_name = $name; } /** * API function - not needed as we don't display an image */ function execute_demo() { } /** * API function - not needed as we don't display an image */ function execute() { } /** * API function - send the question to the template */ function get_template() { global $phpbb_log, $template, $user; if ($this->is_solved()) { return false; } else if (empty($this->question_text) || !count($this->question_ids)) { /** @var \phpbb\log\log_interface $phpbb_log */ $phpbb_log->add('critical', $user->data['user_id'], $user->ip, 'LOG_ERROR_CAPTCHA', time(), array($user->lang('CONFIRM_QUESTION_MISSING'))); return false; } else { $template->assign_vars(array( 'QA_CONFIRM_QUESTION' => $this->question_text, 'QA_CONFIRM_ID' => $this->confirm_id, 'S_CONFIRM_CODE' => true, 'S_TYPE' => $this->type, )); return 'captcha_qa.html'; } } /** * API function - we just display a mockup so that the captcha doesn't need to be installed */ function get_demo_template() { global $config, $db, $template; if ($this->is_available()) { $sql = 'SELECT question_text FROM ' . $this->table_captcha_questions . " WHERE lang_iso = '" . $db->sql_escape($config['default_lang']) . "'"; $result = $db->sql_query_limit($sql, 1); if ($row = $db->sql_fetchrow($result)) { $template->assign_vars(array( 'QA_CONFIRM_QUESTION' => $row['question_text'], )); } $db->sql_freeresult($result); } return 'captcha_qa_acp_demo.html'; } /** * API function */ function get_hidden_fields() { $hidden_fields = array(); // this is required - otherwise we would forget about the captcha being already solved if ($this->solved) { $hidden_fields['qa_answer'] = $this->answer; } $hidden_fields['qa_confirm_id'] = $this->confirm_id; return $hidden_fields; } /** * API function */ function garbage_collect($type = 0) { global $db; $sql = 'SELECT c.confirm_id FROM ' . $this->table_qa_confirm . ' c LEFT JOIN ' . SESSIONS_TABLE . ' s ON (c.session_id = s.session_id) WHERE s.session_id IS NULL' . ((empty($type)) ? '' : ' AND c.confirm_type = ' . (int) $type); $result = $db->sql_query($sql); if ($row = $db->sql_fetchrow($result)) { $sql_in = array(); do { $sql_in[] = (string) $row['confirm_id']; } while ($row = $db->sql_fetchrow($result)); if (count($sql_in)) { $sql = 'DELETE FROM ' . $this->table_qa_confirm . ' WHERE ' . $db->sql_in_set('confirm_id', $sql_in); $db->sql_query($sql); } } $db->sql_freeresult($result); } /** * API function - we don't drop the tables here, as that would cause the loss of all entered questions. */ function uninstall() { $this->garbage_collect(0); } /** * API function - set up shop */ function install() { global $phpbb_container; $db_tool = $phpbb_container->get('dbal.tools'); $schemas = array( $this->table_captcha_questions => array ( 'COLUMNS' => array( 'question_id' => array('UINT', null, 'auto_increment'), 'strict' => array('BOOL', 0), 'lang_id' => array('UINT', 0), 'lang_iso' => array('VCHAR:30', ''), 'question_text' => array('TEXT_UNI', ''), ), 'PRIMARY_KEY' => 'question_id', 'KEYS' => array( 'lang' => array('INDEX', 'lang_iso'), ), ), $this->table_captcha_answers => array ( 'COLUMNS' => array( 'question_id' => array('UINT', 0), 'answer_text' => array('STEXT_UNI', ''), ), 'KEYS' => array( 'qid' => array('INDEX', 'question_id'), ), ), $this->table_qa_confirm => array ( 'COLUMNS' => array( 'session_id' => array('CHAR:32', ''), 'confirm_id' => array('CHAR:32', ''), 'lang_iso' => array('VCHAR:30', ''), 'question_id' => array('UINT', 0), 'attempts' => array('UINT', 0), 'confirm_type' => array('USINT', 0), ), 'KEYS' => array( 'session_id' => array('INDEX', 'session_id'), 'lookup' => array('INDEX', array('confirm_id', 'session_id', 'lang_iso')), ), 'PRIMARY_KEY' => 'confirm_id', ), ); foreach ($schemas as $table => $schema) { if (!$db_tool->sql_table_exists($table)) { $db_tool->sql_create_table($table, $schema); } } } /** * API function - see what has to be done to validate */ function validate() { global $phpbb_log, $user; $error = ''; if (!count($this->question_ids)) { /** @var \phpbb\log\log_interface $phpbb_log */ $phpbb_log->add('critical', $user->data['user_id'], $user->ip, 'LOG_ERROR_CAPTCHA', time(), array($user->lang('CONFIRM_QUESTION_MISSING'))); return $user->lang('CONFIRM_QUESTION_MISSING'); } if (!$this->confirm_id) { $error = $user->lang['CONFIRM_QUESTION_WRONG']; } else { if ($this->check_answer()) { $this->solved = true; } else { $error = $user->lang['CONFIRM_QUESTION_WRONG']; } } if (strlen($error)) { // okay, incorrect answer. Let's ask a new question. $this->new_attempt(); $this->solved = false; return $error; } else { return false; } } /** * Select a question */ function select_question() { global $db, $user; if (!count($this->question_ids)) { return; } $this->confirm_id = md5(unique_id($user->ip)); $this->question = (int) array_rand($this->question_ids); $sql = 'INSERT INTO ' . $this->table_qa_confirm . ' ' . $db->sql_build_array('INSERT', array( 'confirm_id' => (string) $this->confirm_id, 'session_id' => (string) $user->session_id, 'lang_iso' => (string) $this->question_lang, 'confirm_type' => (int) $this->type, 'question_id' => (int) $this->question, )); $db->sql_query($sql); $this->load_answer(); } /** * New Question, if desired. */ function reselect_question() { global $db, $user; if (!count($this->question_ids)) { return; } $this->question = (int) array_rand($this->question_ids); $this->solved = 0; $sql = 'UPDATE ' . $this->table_qa_confirm . ' SET question_id = ' . (int) $this->question . " WHERE confirm_id = '" . $db->sql_escape($this->confirm_id) . "' AND session_id = '" . $db->sql_escape($user->session_id) . "'"; $db->sql_query($sql); $this->load_answer(); } /** * Wrong answer, so we increase the attempts and use a different question. */ function new_attempt() { global $db, $user; // yah, I would prefer a stronger rand, but this should work $this->question = (int) array_rand($this->question_ids); $this->solved = 0; $sql = 'UPDATE ' . $this->table_qa_confirm . ' SET question_id = ' . (int) $this->question . ", attempts = attempts + 1 WHERE confirm_id = '" . $db->sql_escape($this->confirm_id) . "' AND session_id = '" . $db->sql_escape($user->session_id) . "'"; $db->sql_query($sql); $this->load_answer(); } /** * See if there is already an entry for the current session. */ function load_confirm_id() { global $db, $user; $sql = 'SELECT confirm_id FROM ' . $this->table_qa_confirm . " WHERE session_id = '" . $db->sql_escape($user->session_id) . "' AND lang_iso = '" . $db->sql_escape($this->question_lang) . "' AND confirm_type = " . $this->type; $result = $db->sql_query_limit($sql, 1); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); if ($row) { $this->confirm_id = $row['confirm_id']; return true; } return false; } /** * Look up everything we need and populate the instance variables. */ function load_answer() { global $db, $user; if (!strlen($this->confirm_id) || !count($this->question_ids)) { return false; } $sql = 'SELECT con.question_id, attempts, question_text, strict FROM ' . $this->table_qa_confirm . ' con, ' . $this->table_captcha_questions . " qes WHERE con.question_id = qes.question_id AND confirm_id = '" . $db->sql_escape($this->confirm_id) . "' AND session_id = '" . $db->sql_escape($user->session_id) . "' AND qes.lang_iso = '" . $db->sql_escape($this->question_lang) . "' AND confirm_type = " . $this->type; $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); if ($row) { $this->question = $row['question_id']; $this->attempts = $row['attempts']; $this->question_strict = $row['strict']; $this->question_text = $row['question_text']; return true; } return false; } /** * The actual validation */ function check_answer() { global $db, $request; $answer = ($this->question_strict) ? $request->variable('qa_answer', '', true) : utf8_clean_string($request->variable('qa_answer', '', true)); $sql = 'SELECT answer_text FROM ' . $this->table_captcha_answers . ' WHERE question_id = ' . (int) $this->question; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $solution = ($this->question_strict) ? $row['answer_text'] : utf8_clean_string($row['answer_text']); if ($solution === $answer) { $this->solved = true; break; } } $db->sql_freeresult($result); return $this->solved; } /** * API function */ function get_attempt_count() { return $this->attempts; } /** * API function */ function reset() { global $db, $user; $sql = 'DELETE FROM ' . $this->table_qa_confirm . " WHERE session_id = '" . $db->sql_escape($user->session_id) . "' AND confirm_type = " . (int) $this->type; $db->sql_query($sql); // we leave the class usable by generating a new question $this->select_question(); } /** * API function */ function is_solved() { global $request; if ($request->variable('qa_answer', false) && $this->solved === 0) { $this->validate(); } return (bool) $this->solved; } /** * API function - The ACP backend, this marks the end of the easy methods */ function acp_page($id, &$module) { global $config, $request, $phpbb_log, $template, $user; $user->add_lang('acp/board'); $user->add_lang('captcha_qa'); if (!self::is_installed()) { $this->install(); } $module->tpl_name = 'captcha_qa_acp'; $module->page_title = 'ACP_VC_SETTINGS'; $form_key = 'acp_captcha'; add_form_key($form_key); $submit = $request->variable('submit', false); $question_id = $request->variable('question_id', 0); $action = $request->variable('action', ''); // we have two pages, so users might want to navigate from one to the other $list_url = $module->u_action . "&configure=1&select_captcha=" . $this->get_service_name(); $template->assign_vars(array( 'U_ACTION' => $module->u_action, 'QUESTION_ID' => $question_id , 'CLASS' => $this->get_service_name(), )); // show the list? if (!$question_id && $action != 'add') { $this->acp_question_list($module); } else if ($question_id && $action == 'delete') { if ($this->get_service_name() !== $config['captcha_plugin'] || !$this->acp_is_last($question_id)) { if (confirm_box(true)) { $this->acp_delete_question($question_id); trigger_error($user->lang['QUESTION_DELETED'] . adm_back_link($list_url)); } else { confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array( 'question_id' => $question_id, 'action' => $action, 'configure' => 1, 'select_captcha' => $this->get_service_name(), )) ); } } else { trigger_error($user->lang['QA_LAST_QUESTION'] . adm_back_link($list_url), E_USER_WARNING); } } else { // okay, show the editor $question_input = $this->acp_get_question_input(); $langs = $this->get_languages(); foreach ($langs as $lang => $entry) { $template->assign_block_vars('langs', array( 'ISO' => $lang, 'NAME' => $entry['name'], )); } $template->assign_vars(array( 'U_LIST' => $list_url, )); if ($question_id) { if ($question = $this->acp_get_question_data($question_id)) { $template->assign_vars(array( 'QUESTION_TEXT' => ($question_input['question_text']) ? $question_input['question_text'] : $question['question_text'], 'LANG_ISO' => ($question_input['lang_iso']) ? $question_input['lang_iso'] : $question['lang_iso'], 'STRICT' => (isset($_REQUEST['strict'])) ? $question_input['strict'] : $question['strict'], 'ANSWERS' => implode("\n", $question['answers']), )); } else { trigger_error($user->lang['FORM_INVALID'] . adm_back_link($list_url)); } } else { $template->assign_vars(array( 'QUESTION_TEXT' => $question_input['question_text'], 'LANG_ISO' => $question_input['lang_iso'], 'STRICT' => $question_input['strict'], 'ANSWERS' => (is_array($question_input['answers'])) ? implode("\n", $question_input['answers']) : '', )); } if ($submit && check_form_key($form_key)) { if (!$this->validate_input($question_input)) { $template->assign_vars(array( 'S_ERROR' => true, )); } else { if ($question_id) { $this->acp_update_question($question_input, $question_id); } else { $this->acp_add_question($question_input); } $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_CONFIG_VISUAL'); trigger_error($user->lang['CONFIG_UPDATED'] . adm_back_link($list_url)); } } else if ($submit) { trigger_error($user->lang['FORM_INVALID'] . adm_back_link($list_url), E_USER_WARNING); } } } /** * This handles the list overview */ function acp_question_list(&$module) { global $db, $template; $sql = 'SELECT * FROM ' . $this->table_captcha_questions; $result = $db->sql_query($sql); $template->assign_vars(array( 'S_LIST' => true, )); while ($row = $db->sql_fetchrow($result)) { $url = $module->u_action . "&question_id={$row['question_id']}&configure=1&select_captcha=" . $this->get_service_name() . '&'; $template->assign_block_vars('questions', array( 'QUESTION_TEXT' => $row['question_text'], 'QUESTION_ID' => $row['question_id'], 'QUESTION_LANG' => $row['lang_iso'], 'U_DELETE' => "{$url}action=delete", 'U_EDIT' => "{$url}action=edit", )); } $db->sql_freeresult($result); } /** * Grab a question and bring it into a format the editor understands */ function acp_get_question_data($question_id) { global $db; if ($question_id) { $sql = 'SELECT * FROM ' . $this->table_captcha_questions . ' WHERE question_id = ' . $question_id; $result = $db->sql_query($sql); $question = $db->sql_fetchrow($result); $db->sql_freeresult($result); if (!$question) { return false; } $question['answers'] = array(); $sql = 'SELECT * FROM ' . $this->table_captcha_answers . ' WHERE question_id = ' . $question_id; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $question['answers'][] = $row['answer_text']; } $db->sql_freeresult($result); return $question; } return false; } /** * Grab a question from input and bring it into a format the editor understands */ function acp_get_question_input() { global $request; $answers = $request->variable('answers', '', true); // Convert answers into array and filter if answers are set if (strlen($answers)) { $answers = array_filter(array_map('trim', explode("\n", $answers)), function ($value) { return $value !== ''; }); } $question = array( 'question_text' => $request->variable('question_text', '', true), 'strict' => $request->variable('strict', false), 'lang_iso' => $request->variable('lang_iso', ''), 'answers' => $answers, ); return $question; } /** * Update a question. * param mixed $data : an array as created from acp_get_question_input or acp_get_question_data */ function acp_update_question($data, $question_id) { global $db, $cache; // easier to delete all answers than to figure out which to update $sql = 'DELETE FROM ' . $this->table_captcha_answers . " WHERE question_id = $question_id"; $db->sql_query($sql); $langs = $this->get_languages(); $question_ary = $data; $question_ary['lang_id'] = $langs[$question_ary['lang_iso']]['id']; unset($question_ary['answers']); $sql = 'UPDATE ' . $this->table_captcha_questions . ' SET ' . $db->sql_build_array('UPDATE', $question_ary) . " WHERE question_id = $question_id"; $db->sql_query($sql); $this->acp_insert_answers($data, $question_id); $cache->destroy('sql', $this->table_captcha_questions); } /** * Insert a question. * param mixed $data : an array as created from acp_get_question_input or acp_get_question_data */ function acp_add_question($data) { global $db, $cache; $langs = $this->get_languages(); $question_ary = $data; $question_ary['lang_id'] = $langs[$data['lang_iso']]['id']; unset($question_ary['answers']); $sql = 'INSERT INTO ' . $this->table_captcha_questions . ' ' . $db->sql_build_array('INSERT', $question_ary); $db->sql_query($sql); $question_id = $db->sql_nextid(); $this->acp_insert_answers($data, $question_id); $cache->destroy('sql', $this->table_captcha_questions); } /** * Insert the answers. * param mixed $data : an array as created from acp_get_question_input or acp_get_question_data */ function acp_insert_answers($data, $question_id) { global $db, $cache; foreach ($data['answers'] as $answer) { $answer_ary = array( 'question_id' => $question_id, 'answer_text' => $answer, ); $sql = 'INSERT INTO ' . $this->table_captcha_answers . ' ' . $db->sql_build_array('INSERT', $answer_ary); $db->sql_query($sql); } $cache->destroy('sql', $this->table_captcha_answers); } /** * Delete a question. */ function acp_delete_question($question_id) { global $db, $cache; $tables = array($this->table_captcha_questions, $this->table_captcha_answers); foreach ($tables as $table) { $sql = "DELETE FROM $table WHERE question_id = $question_id"; $db->sql_query($sql); } $cache->destroy('sql', $tables); } /** * Check if the entered data can be inserted/used * param mixed $data : an array as created from acp_get_question_input or acp_get_question_data */ function validate_input($question_data) { $langs = $this->get_languages(); if (!isset($question_data['lang_iso']) || !isset($question_data['question_text']) || !isset($question_data['strict']) || !isset($question_data['answers'])) { return false; } if (!isset($langs[$question_data['lang_iso']]) || !strlen($question_data['question_text']) || !count($question_data['answers']) || !is_array($question_data['answers'])) { return false; } return true; } /** * List the installed language packs */ function get_languages() { global $db; $sql = 'SELECT * FROM ' . LANG_TABLE; $result = $db->sql_query($sql); $langs = array(); while ($row = $db->sql_fetchrow($result)) { $langs[$row['lang_iso']] = array( 'name' => $row['lang_local_name'], 'id' => (int) $row['lang_id'], ); } $db->sql_freeresult($result); return $langs; } /** * See if there is a question other than the one we have */ function acp_is_last($question_id) { global $config, $db; if ($question_id) { $sql = 'SELECT question_id FROM ' . $this->table_captcha_questions . " WHERE lang_iso = '" . $db->sql_escape($config['default_lang']) . "' AND question_id <> " . (int) $question_id; $result = $db->sql_query_limit($sql, 1); $question = $db->sql_fetchrow($result); $db->sql_freeresult($result); if (!$question) { return true; } return false; } } }