Context Navigation

source: extensions/CryptograPHP/securimage/securimage.php @ 26413

Last change on this file since 26413 was 12617, checked in by mistic100, 12 years ago
rewrite some prefilters, replace CryptograPHP by Securimage (not abandoned project!)
File size: 48.4 KB

Line
1	<?php
2	/**
3	* Project: Securimage: A PHP class for creating and managing form CAPTCHA images
4	* File: securimage.php
5	*
6	* Copyright (c) 2011, Drew Phillips
7	* All rights reserved.
8	*
9	* Redistribution and use in source and binary forms, with or without modification,
10	* are permitted provided that the following conditions are met:
11	*
12	* - Redistributions of source code must retain the above copyright notice,
13	* this list of conditions and the following disclaimer.
14	* - Redistributions in binary form must reproduce the above copyright notice,
15	* this list of conditions and the following disclaimer in the documentation
16	* and/or other materials provided with the distribution.
17	*
18	* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
19	* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21	* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
22	* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
23	* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
24	* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
25	* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
26	* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
27	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
28	* POSSIBILITY OF SUCH DAMAGE.
29	*
30	* Any modifications to the library should be indicated clearly in the source code
31	* to inform users that the changes are not a part of the original software.
32	*
33	* If you found this script useful, please take a quick moment to rate it.
34	* http://www.hotscripts.com/rate/49400.html Thanks.
35	*
36	* @link http://www.phpcaptcha.org Securimage PHP CAPTCHA
37	* @link http://www.phpcaptcha.org/latest.zip Download Latest Version
38	* @link http://www.phpcaptcha.org/Securimage_Docs/ Online Documentation
39	* @copyright 2011 Drew Phillips
40	* @author Drew Phillips <drew@drew-phillips.com>
41	* @version 3.0 (October 2011)
42	* @package Securimage
43	*
44	*/
45
46	/**
47	ChangeLog
48
49	3.0
50	- Rewrite class using PHP5 OOP
51	- Remove support for GD fonts, require FreeType
52	- Remove support for multi-color codes
53	- Add option to make codes case-sensitive
54	- Add namespaces to support multiple captchas on a single page or page specific captchas
55	- Add option to show simple math problems instead of codes
56	- Remove support for mp3 files due to vulnerability in decoding mp3 audio files
57	- Create new flash file to stream wav files instead of mp3
58	- Changed to BSD license
59
60	2.0.2
61	- Fix pathing to make integration into libraries easier (Nathan Phillip Brink ohnobinki@ohnopublishing.net)
62
63	2.0.1
64	- Add support for browsers with cookies disabled (requires php5, sqlite) maps users to md5 hashed ip addresses and md5 hashed codes for security
65	- Add fallback to gd fonts if ttf support is not enabled or font file not found (Mike Challis http://www.642weather.com/weather/scripts.php)
66	- Check for previous definition of image type constants (Mike Challis)
67	- Fix mime type settings for audio output
68	- Fixed color allocation issues with multiple colors and background images, consolidate allocation to one function
69	- Ability to let codes expire after a given length of time
70	- Allow HTML color codes to be passed to Securimage_Color (suggested by Mike Challis)
71
72	2.0.0
73	- Add mathematical distortion to characters (using code from HKCaptcha)
74	- Improved session support
75	- Added Securimage_Color class for easier color definitions
76	- Add distortion to audio output to prevent binary comparison attack (proposed by Sven "SavageTiger" Hagemann [insecurity.nl])
77	- Flash button to stream mp3 audio (Douglas Walsh www.douglaswalsh.net)
78	- Audio output is mp3 format by default
79	- Change font to AlteHaasGrotesk by yann le coroller
80	- Some code cleanup
81
82	1.0.4 (unreleased)
83	- Ability to output audible codes in mp3 format to stream from flash
84
85	1.0.3.1
86	- Error reading from wordlist in some cases caused words to be cut off 1 letter short
87
88	1.0.3
89	- Removed shadow_text from code which could cause an undefined property error due to removal from previous version
90
91	1.0.2
92	- Audible CAPTCHA Code wav files
93	- Create codes from a word list instead of random strings
94
95	1.0
96	- Added the ability to use a selected character set, rather than a-z0-9 only.
97	- Added the multi-color text option to use different colors for each letter.
98	- Switched to automatic session handling instead of using files for code storage
99	- Added GD Font support if ttf support is not available. Can use internal GD fonts or load new ones.
100	- Added the ability to set line thickness
101	- Added option for drawing arced lines over letters
102	- Added ability to choose image type for output
103
104	*/
105
106
107	/**
108	* Securimage CAPTCHA Class.
109	*
110	* @version 3.0
111	* @package Securimage
112	* @subpackage classes
113	* @author Drew Phillips <drew@drew-phillips.com>
114	*
115	*/
116	class Securimage
117	{
118	// All of the public variables below are securimage options
119	// They can be passed as an array to the Securimage constructor, set below,
120	// or set from securimage_show.php and securimage_play.php
121
122	/**
123	* Renders captcha as a JPEG image
124	* @var int
125	*/
126	const SI_IMAGE_JPEG = 1;
127	/**
128	* Renders captcha as a PNG image (default)
129	* @var int
130	*/
131	const SI_IMAGE_PNG = 2;
132	/**
133	* Renders captcha as a GIF image
134	* @var int
135	*/
136	const SI_IMAGE_GIF = 3;
137
138	/**
139	* Create a normal alphanumeric captcha
140	* @var int
141	*/
142	const SI_CAPTCHA_STRING = 0;
143	/**
144	* Create a captcha consisting of a simple math problem
145	* @var int
146	*/
147	const SI_CAPTCHA_MATHEMATIC = 1;
148
149	/**
150	* The width of the captcha image
151	* @var int
152	*/
153	public $image_width = 215;
154	/**
155	* The height of the captcha image
156	* @var int
157	*/
158	public $image_height = 80;
159	/**
160	* The type of the image, default = png
161	* @var int
162	*/
163	public $image_type = self::SI_IMAGE_PNG;
164
165	/**
166	* The background color of the captcha
167	* @var Securimage_Color
168	*/
169	public $image_bg_color = '#ffffff';
170	/**
171	* The color of the captcha text
172	* @var Securimage_Color
173	*/
174	public $text_color = '#707070';
175	/**
176	* The color of the lines over the captcha
177	* @var Securimage_Color
178	*/
179	public $line_color = '#707070';
180	/**
181	* The color of the noise that is drawn
182	* @var Securimage_Color
183	*/
184	public $noise_color = '#707070';
185
186	/**
187	* How transparent to make the text 0 = completely opaque, 100 = invisible
188	* @var int
189	*/
190	public $text_transparency_percentage = 50;
191	/**
192	* Whether or not to draw the text transparently, true = use transparency, false = no transparency
193	* @var bool
194	*/
195	public $use_transparent_text = false;
196
197	/**
198	* The length of the captcha code
199	* @var int
200	*/
201	public $code_length = 6;
202	/**
203	* Whether the captcha should be case sensitive (not recommended, use only for maximum protection)
204	* @var bool
205	*/
206	public $case_sensitive = false;
207	/**
208	* The character set to use for generating the captcha code
209	* @var string
210	*/
211	public $charset = 'ABCDEFGHKLMNPRSTUVWYZabcdefghklmnprstuvwyz23456789';
212	/**
213	* How long in seconds a captcha remains valid, after this time it will not be accepted
214	* @var unknown_type
215	*/
216	public $expiry_time = 900;
217
218	/**
219	* The session name securimage should use, only set this if your application uses a custom session name
220	* It is recommended to set this value below so it is used by all securimage scripts
221	* @var string
222	*/
223	public $session_name = null;
224
225	/**
226	* true to use the wordlist file, false to generate random captcha codes
227	* @var bool
228	*/
229	public $use_wordlist = false;
230
231	/**
232	* The level of distortion, 0.75 = normal, 1.0 = very high distortion
233	* @var double
234	*/
235	public $perturbation = 0.75;
236	/**
237	* How many lines to draw over the captcha code to increase security
238	* @var int
239	*/
240	public $num_lines = 8;
241	/**
242	* The level of noise (random dots) to place on the image, 0-10
243	* @var int
244	*/
245	public $noise_level = 0;
246
247	/**
248	* The signature text to draw on the bottom corner of the image
249	* @var string
250	*/
251	public $image_signature = '';
252	/**
253	* The color of the signature text
254	* @var Securimage_Color
255	*/
256	public $signature_color = '#707070';
257	/**
258	* The path to the ttf font file to use for the signature text, defaults to $ttf_file (AHGBold.ttf)
259	* @var string
260	*/
261	public $signature_font;
262
263	/**
264	* Use an SQLite database to store data (for users that do not support cookies)
265	* @var bool
266	*/
267	public $use_sqlite_db = false;
268
269	/**
270	* The type of captcha to create, either alphanumeric, or a math problem<br />
271	* Securimage::SI_CAPTCHA_STRING or Securimage::SI_CAPTCHA_MATHEMATIC
272	* @var int
273	*/
274	public $captcha_type = self::SI_CAPTCHA_STRING;
275
276	/**
277	* The captcha namespace, use this if you have multiple forms on a single page, blank if you do not use multiple forms on one page
278	* @var string
279	* <code>
280	* <?php
281	* // in securimage_show.php (create one show script for each form)
282	* $img->namespace = 'contact_form';
283	*
284	* // in form validator
285	* $img->namespace = 'contact_form';
286	* if ($img->check($code) == true) {
287	* echo "Valid!";
288	* }
289	* </code>
290	*/
291	public $namespace;
292
293	/**
294	* The font file to use to draw the captcha code, leave blank for default font AHGBold.ttf
295	* @var string
296	*/
297	public $ttf_file;
298	/**
299	* The path to the wordlist file to use, leave blank for default words/words.txt
300	* @var string
301	*/
302	public $wordlist_file;
303	/**
304	* The directory to scan for background images, if set a random background will be chosen from this folder
305	* @var string
306	*/
307	public $background_directory;
308	/**
309	* The path to the SQLite database file to use, if $use_sqlite_database = true, should be chmod 666
310	* @var string
311	*/
312	public $sqlite_database;
313	/**
314	* The path to the securimage audio directory, can be set in securimage_play.php
315	* @var string
316	* <code>
317	* $img->audio_path = '/home/yoursite/public_html/securimage/audio/';
318	* </code>
319	*/
320	public $audio_path;
321
322
323
324	protected $im;
325	protected $tmpimg;
326	protected $bgimg;
327	protected $iscale = 5;
328
329	protected $securimage_path = null;
330
331	protected $code;
332	protected $code_display;
333
334	protected $captcha_code;
335	protected $sqlite_handle;
336
337	protected $gdbgcolor;
338	protected $gdtextcolor;
339	protected $gdlinecolor;
340	protected $gdsignaturecolor;
341
342	/**
343	* Create a new securimage object, pass options to set in the constructor.<br />
344	* This can be used to display a captcha, play an audible captcha, or validate an entry
345	* @param array $options
346	* <code>
347	* $options = array(
348	* 'text_color' => new Securimage_Color('#013020'),
349	* 'code_length' => 5,
350	* 'num_lines' => 5,
351	* 'noise_level' => 3,
352	* 'font_file' => Securimage::getPath() . '/custom.ttf'
353	* );
354	*
355	* $img = new Securimage($options);
356	* </code>
357	*/
358	public function __construct($options = array())
359	{
360	$this->securimage_path = dirname(__FILE__);
361
362	if (is_array($options) && sizeof($options) > 0) {
363	foreach($options as $prop => $val) {
364	$this->$prop = $val;
365	}
366	}
367
368	$this->image_bg_color = $this->initColor($this->image_bg_color, '#ffffff');
369	$this->text_color = $this->initColor($this->text_color, '#616161');
370	$this->line_color = $this->initColor($this->line_color, '#616161');
371	$this->noise_color = $this->initColor($this->noise_color, '#616161');
372	$this->signature_color = $this->initColor($this->signature_color, '#616161');
373
374	if ($this->ttf_file == null) {
375	$this->ttf_file = $this->securimage_path . '/AHGBold.ttf';
376	}
377
378	$this->signature_font = $this->ttf_file;
379
380	if ($this->wordlist_file == null) {
381	$this->wordlist_file = $this->securimage_path . '/words/words.txt';
382	}
383
384	if ($this->sqlite_database == null) {
385	$this->sqlite_database = $this->securimage_path . '/database/securimage.sqlite';
386	}
387
388	if ($this->audio_path == null) {
389	$this->audio_path = $this->securimage_path . '/audio/';
390	}
391
392	if ($this->code_length == null \|\| $this->code_length < 1) {
393	$this->code_length = 6;
394	}
395
396	if ($this->perturbation == null \|\| !is_numeric($this->perturbation)) {
397	$this->perturbation = 0.75;
398	}
399
400	if ($this->namespace == null \|\| !is_string($this->namespace)) {
401	$this->namespace = 'default';
402	}
403
404	// Initialize session or attach to existing
405	if ( session_id() == '' ) { // no session has been started yet, which is needed for validation
406	if ($this->session_name != null && trim($this->session_name) != '') {
407	session_name(trim($this->session_name)); // set session name if provided
408	}
409	session_start();
410	}
411	}
412
413	/**
414	* Return the absolute path to the Securimage directory
415	* @return string The path to the securimage base directory
416	*/
417	public static function getPath()
418	{
419	return dirname(__FILE__);
420	}
421
422	/**
423	* Used to serve a captcha image to the browser
424	* @param string $background_image The path to the background image to use
425	* <code>
426	* $img = new Securimage();
427	* $img->code_length = 6;
428	* $img->num_lines = 5;
429	* $img->noise_level = 5;
430	*
431	* $img->show(); // sends the image to browser
432	* exit;
433	* </code>
434	*/
435	public function show($background_image = '')
436	{
437	if($background_image != '' && is_readable($background_image)) {
438	$this->bgimg = $background_image;
439	}
440
441	$this->doImage();
442	}
443
444	/**
445	* Check a submitted code against the stored value
446	* @param string $code The captcha code to check
447	* <code>
448	* $code = $_POST['code'];
449	* $img = new Securimage();
450	* if ($img->check($code) == true) {
451	* $captcha_valid = true;
452	* } else {
453	* $captcha_valid = false;
454	* }
455	* </code>
456	*/
457	public function check($code)
458	{
459	$this->code_entered = $code;
460	$this->validate();
461	return $this->correct_code;
462	}
463
464	/**
465	* Output a wav file of the captcha code to the browser
466	*
467	* <code>
468	* $img = new Securimage();
469	* $img->outputAudioFile(); // outputs a wav file to the browser
470	* exit;
471	* </code>
472	*/
473	public function outputAudioFile()
474	{
475	$ext = 'wav'; // force wav - mp3 is insecure
476
477	header("Content-Disposition: attachment; filename=\"securimage_audio.{$ext}\"");
478	header('Cache-Control: no-store, no-cache, must-revalidate');
479	header('Expires: Sun, 1 Jan 2000 12:00:00 GMT');
480	header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . 'GMT');
481	header('Content-type: audio/x-wav');
482
483	$audio = $this->getAudibleCode($ext);
484
485	header('Content-Length: ' . strlen($audio));
486
487	echo $audio;
488	exit;
489	}
490
491	/**
492	* The main image drawing routing, responsible for constructing the entire image and serving it
493	*/
494	protected function doImage()
495	{
496	if( ($this->use_transparent_text == true \|\| $this->bgimg != '') && function_exists('imagecreatetruecolor')) {
497	$imagecreate = 'imagecreatetruecolor';
498	} else {
499	$imagecreate = 'imagecreate';
500	}
501
502	$this->im = $imagecreate($this->image_width, $this->image_height);
503	$this->tmpimg = $imagecreate($this->image_width * $this->iscale, $this->image_height * $this->iscale);
504
505	$this->allocateColors();
506	imagepalettecopy($this->tmpimg, $this->im);
507
508	$this->setBackground();
509
510	$this->createCode();
511
512	$this->drawWord();
513
514	if ($this->noise_level > 0) {
515	$this->drawNoise();
516	}
517
518	if ($this->perturbation > 0 && is_readable($this->ttf_file)) {
519	$this->distortedCopy();
520	}
521
522	if ($this->num_lines > 0) {
523	$this->drawLines();
524	}
525
526	if (trim($this->image_signature) != '') {
527	$this->addSignature();
528	}
529
530	$this->output();
531	}
532
533	/**
534	* Allocate the colors to be used for the image
535	*/
536	protected function allocateColors()
537	{
538	// allocate bg color first for imagecreate
539	$this->gdbgcolor = imagecolorallocate($this->im,
540	$this->image_bg_color->r,
541	$this->image_bg_color->g,
542	$this->image_bg_color->b);
543
544	$alpha = intval($this->text_transparency_percentage / 100 * 127);
545
546	if ($this->use_transparent_text == true) {
547	$this->gdtextcolor = imagecolorallocatealpha($this->im,
548	$this->text_color->r,
549	$this->text_color->g,
550	$this->text_color->b,
551	$alpha);
552	$this->gdlinecolor = imagecolorallocatealpha($this->im,
553	$this->line_color->r,
554	$this->line_color->g,
555	$this->line_color->b,
556	$alpha);
557	$this->gdnoisecolor = imagecolorallocatealpha($this->im,
558	$this->noise_color->r,
559	$this->noise_color->g,
560	$this->noise_color->b,
561	$alpha);
562	} else {
563	$this->gdtextcolor = imagecolorallocate($this->im,
564	$this->text_color->r,
565	$this->text_color->g,
566	$this->text_color->b);
567	$this->gdlinecolor = imagecolorallocate($this->im,
568	$this->line_color->r,
569	$this->line_color->g,
570	$this->line_color->b);
571	$this->gdnoisecolor = imagecolorallocate($this->im,
572	$this->noise_color->r,
573	$this->noise_color->g,
574	$this->noise_color->b);
575	}
576
577	$this->gdsignaturecolor = imagecolorallocate($this->im,
578	$this->signature_color->r,
579	$this->signature_color->g,
580	$this->signature_color->b);
581
582	}
583
584	/**
585	* The the background color, or background image to be used
586	*/
587	protected function setBackground()
588	{
589	// set background color of image by drawing a rectangle since imagecreatetruecolor doesn't set a bg color
590	imagefilledrectangle($this->im, 0, 0,
591	$this->image_width, $this->image_height,
592	$this->gdbgcolor);
593	imagefilledrectangle($this->tmpimg, 0, 0,
594	$this->image_width * $this->iscale, $this->image_height * $this->iscale,
595	$this->gdbgcolor);
596
597	if ($this->bgimg == '') {
598	if ($this->background_directory != null &&
599	is_dir($this->background_directory) &&
600	is_readable($this->background_directory))
601	{
602	$img = $this->getBackgroundFromDirectory();
603	if ($img != false) {
604	$this->bgimg = $img;
605	}
606	}
607	}
608
609	if ($this->bgimg == '') {
610	return;
611	}
612
613	$dat = @getimagesize($this->bgimg);
614	if($dat == false) {
615	return;
616	}
617
618	switch($dat[2]) {
619	case 1: $newim = @imagecreatefromgif($this->bgimg); break;
620	case 2: $newim = @imagecreatefromjpeg($this->bgimg); break;
621	case 3: $newim = @imagecreatefrompng($this->bgimg); break;
622	default: return;
623	}
624
625	if(!$newim) return;
626
627	imagecopyresized($this->im, $newim, 0, 0, 0, 0,
628	$this->image_width, $this->image_height,
629	imagesx($newim), imagesy($newim));
630	}
631
632	/**
633	* Scan the directory for a background image to use
634	*/
635	protected function getBackgroundFromDirectory()
636	{
637	$images = array();
638
639	if ( ($dh = opendir($this->background_directory)) !== false) {
640	while (($file = readdir($dh)) !== false) {
641	if (preg_match('/(jpg\|gif\|png)$/i', $file)) $images[] = $file;
642	}
643
644	closedir($dh);
645
646	if (sizeof($images) > 0) {
647	return rtrim($this->background_directory, '/') . '/' . $images[rand(0, sizeof($images)-1)];
648	}
649	}
650
651	return false;
652	}
653
654	/**
655	* Generates the code or math problem and saves the value to the session
656	*/
657	protected function createCode()
658	{
659	$this->code = false;
660
661	switch($this->captcha_type) {
662	case self::SI_CAPTCHA_MATHEMATIC:
663	{
664	$signs = array('+', '-', 'x');
665	$left = rand(1, 10);
666	$right = rand(1, 5);
667	$sign = $signs[rand(0, 2)];
668
669	switch($sign) {
670	case 'x': $c = $left * $right; break;
671	case '-': $c = $left - $right; break;
672	default: $c = $left + $right; break;
673	}
674
675	$this->code = $c;
676	$this->code_display = "$left $sign $right";
677	break;
678	}
679
680	default:
681	{
682	if ($this->use_wordlist && is_readable($this->wordlist_file)) {
683	$this->code = $this->readCodeFromFile();
684	}
685
686	if ($this->code == false) {
687	$this->code = $this->generateCode($this->code_length);
688	}
689
690	$this->code_display = $this->code;
691	$this->code = ($this->case_sensitive) ? $this->code : strtolower($this->code);
692	} // default
693	}
694
695	$this->saveData();
696	}
697
698	/**
699	* Draws the captcha code on the image
700	*/
701	protected function drawWord()
702	{
703	$width2 = $this->image_width * $this->iscale;
704	$height2 = $this->image_height * $this->iscale;
705
706	if (!is_readable($this->ttf_file)) {
707	imagestring($this->im, 4, 10, ($this->image_height / 2) - 5, 'Failed to load TTF font file!', $this->gdtextcolor);
708	} else {
709	if ($this->perturbation > 0) {
710	$font_size = $height2 * .4;
711	$bb = imageftbbox($font_size, 0, $this->ttf_file, $this->code_display);
712	$tx = $bb[4] - $bb[0];
713	$ty = $bb[5] - $bb[1];
714	$x = floor($width2 / 2 - $tx / 2 - $bb[0]);
715	$y = round($height2 / 2 - $ty / 2 - $bb[1]);
716
717	imagettftext($this->tmpimg, $font_size, 0, $x, $y, $this->gdtextcolor, $this->ttf_file, $this->code_display);
718	} else {
719	$font_size = $this->image_height * .4;
720	$bb = imageftbbox($font_size, 0, $this->ttf_file, $this->code_display);
721	$tx = $bb[4] - $bb[0];
722	$ty = $bb[5] - $bb[1];
723	$x = floor($this->image_width / 2 - $tx / 2 - $bb[0]);
724	$y = round($this->image_height / 2 - $ty / 2 - $bb[1]);
725
726	imagettftext($this->im, $font_size, 0, $x, $y, $this->gdtextcolor, $this->ttf_file, $this->code_display);
727	}
728	}
729
730	// DEBUG
731	//$this->im = $this->tmpimg;
732	//$this->output();
733
734	}
735
736	/**
737	* Copies the captcha image to the final image with distortion applied
738	*/
739	protected function distortedCopy()
740	{
741	$numpoles = 3; // distortion factor
742	// make array of poles AKA attractor points
743	for ($i = 0; $i < $numpoles; ++ $i) {
744	$px[$i] = rand($this->image_width * 0.2, $this->image_width * 0.8);
745	$py[$i] = rand($this->image_height * 0.2, $this->image_height * 0.8);
746	$rad[$i] = rand($this->image_height * 0.2, $this->image_height * 0.8);
747	$tmp = ((- $this->frand()) * 0.15) - .15;
748	$amp[$i] = $this->perturbation * $tmp;
749	}
750
751	$bgCol = imagecolorat($this->tmpimg, 0, 0);
752	$width2 = $this->iscale * $this->image_width;
753	$height2 = $this->iscale * $this->image_height;
754	imagepalettecopy($this->im, $this->tmpimg); // copy palette to final image so text colors come across
755	// loop over $img pixels, take pixels from $tmpimg with distortion field
756	for ($ix = 0; $ix < $this->image_width; ++ $ix) {
757	for ($iy = 0; $iy < $this->image_height; ++ $iy) {
758	$x = $ix;
759	$y = $iy;
760	for ($i = 0; $i < $numpoles; ++ $i) {
761	$dx = $ix - $px[$i];
762	$dy = $iy - $py[$i];
763	if ($dx == 0 && $dy == 0) {
764	continue;
765	}
766	$r = sqrt($dx * $dx + $dy * $dy);
767	if ($r > $rad[$i]) {
768	continue;
769	}
770	$rscale = $amp[$i] * sin(3.14 * $r / $rad[$i]);
771	$x += $dx * $rscale;
772	$y += $dy * $rscale;
773	}
774	$c = $bgCol;
775	$x *= $this->iscale;
776	$y *= $this->iscale;
777	if ($x >= 0 && $x < $width2 && $y >= 0 && $y < $height2) {
778	$c = imagecolorat($this->tmpimg, $x, $y);
779	}
780	if ($c != $bgCol) { // only copy pixels of letters to preserve any background image
781	imagesetpixel($this->im, $ix, $iy, $c);
782	}
783	}
784	}
785	}
786
787	/**
788	* Draws distorted lines on the image
789	*/
790	protected function drawLines()
791	{
792	for ($line = 0; $line < $this->num_lines; ++ $line) {
793	$x = $this->image_width * (1 + $line) / ($this->num_lines + 1);
794	$x += (0.5 - $this->frand()) * $this->image_width / $this->num_lines;
795	$y = rand($this->image_height * 0.1, $this->image_height * 0.9);
796
797	$theta = ($this->frand() - 0.5) * M_PI * 0.7;
798	$w = $this->image_width;
799	$len = rand($w * 0.4, $w * 0.7);
800	$lwid = rand(0, 2);
801
802	$k = $this->frand() * 0.6 + 0.2;
803	$k = $k * $k * 0.5;
804	$phi = $this->frand() * 6.28;
805	$step = 0.5;
806	$dx = $step * cos($theta);
807	$dy = $step * sin($theta);
808	$n = $len / $step;
809	$amp = 1.5 * $this->frand() / ($k + 5.0 / $len);
810	$x0 = $x - 0.5 * $len * cos($theta);
811	$y0 = $y - 0.5 * $len * sin($theta);
812
813	$ldx = round(- $dy * $lwid);
814	$ldy = round($dx * $lwid);
815
816	for ($i = 0; $i < $n; ++ $i) {
817	$x = $x0 + $i * $dx + $amp * $dy * sin($k * $i * $step + $phi);
818	$y = $y0 + $i * $dy - $amp * $dx * sin($k * $i * $step + $phi);
819	imagefilledrectangle($this->im, $x, $y, $x + $lwid, $y + $lwid, $this->gdlinecolor);
820	}
821	}
822	}
823
824	/**
825	* Draws random noise on the image
826	*/
827	protected function drawNoise()
828	{
829	if ($this->noise_level > 10) {
830	$noise_level = 10;
831	} else {
832	$noise_level = $this->noise_level;
833	}
834
835	$t0 = microtime(true);
836
837	$noise_level *= 125; // an arbitrary number that works well on a 1-10 scale
838
839	$points = $this->image_width * $this->image_height * $this->iscale;
840	$height = $this->image_height * $this->iscale;
841	$width = $this->image_width * $this->iscale;
842	for ($i = 0; $i < $noise_level; ++$i) {
843	$x = rand(10, $width);
844	$y = rand(10, $height);
845	$size = rand(7, 10);
846	if ($x - $size <= 0 && $y - $size <= 0) continue; // dont cover 0,0 since it is used by imagedistortedcopy
847	imagefilledarc($this->tmpimg, $x, $y, $size, $size, 0, 360, $this->gdnoisecolor, IMG_ARC_PIE);
848	}
849
850	$t1 = microtime(true);
851
852	$t = $t1 - $t0;
853
854	/*
855	// DEBUG
856	imagestring($this->tmpimg, 5, 25, 30, "$t", $this->gdnoisecolor);
857	header('content-type: image/png');
858	imagepng($this->tmpimg);
859	exit;
860	*/
861	}
862
863	/**
864	* Print signature text on image
865	*/
866	protected function addSignature()
867	{
868	if ($this->use_gd_font) {
869	imagestring($this->im, 5, $this->image_width - (strlen($this->image_signature) * 10), $this->image_height - 20, $this->image_signature, $this->gdsignaturecolor);
870	} else {
871
872	$bbox = imagettfbbox(10, 0, $this->signature_font, $this->image_signature);
873	$textlen = $bbox[2] - $bbox[0];
874	$x = $this->image_width - $textlen - 5;
875	$y = $this->image_height - 3;
876
877	imagettftext($this->im, 10, 0, $x, $y, $this->gdsignaturecolor, $this->signature_font, $this->image_signature);
878	}
879	}
880
881	/**
882	* Sends the appropriate image and cache headers and outputs image to the browser
883	*/
884	protected function output()
885	{
886	header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
887	header("Last-Modified: " . gmdate("D, d M Y H:i:s") . "GMT");
888	header("Cache-Control: no-store, no-cache, must-revalidate");
889	header("Cache-Control: post-check=0, pre-check=0", false);
890	header("Pragma: no-cache");
891
892	switch ($this->image_type) {
893	case self::SI_IMAGE_JPEG:
894	header("Content-Type: image/jpeg");
895	imagejpeg($this->im, null, 90);
896	break;
897	case self::SI_IMAGE_GIF:
898	header("Content-Type: image/gif");
899	imagegif($this->im);
900	break;
901	default:
902	header("Content-Type: image/png");
903	imagepng($this->im);
904	break;
905	}
906
907	imagedestroy($this->im);
908	exit();
909	}
910
911	/**
912	* Gets the code and returns the binary audio file for the stored captcha code
913	* @param string $format WAV only
914	*/
915	protected function getAudibleCode($format = 'wav')
916	{
917	// override any format other than wav for now
918	// this is due to security issues with MP3 files
919	$format = 'wav';
920
921	$letters = array();
922	$code = $this->getCode();
923
924	if ($code == '') {
925	$this->createCode();
926	$code = $this->getCode();
927	}
928
929	for($i = 0; $i < strlen($code); ++$i) {
930	$letters[] = $code{$i};
931	}
932
933	if ($format == 'mp3') {
934	return $this->generateMP3($letters);
935	} else {
936	return $this->generateWAV($letters);
937	}
938	}
939
940	/**
941	* Gets a captcha code from a wordlist
942	*/
943	protected function readCodeFromFile()
944	{
945	$fp = @fopen($this->wordlist_file, 'rb');
946	if (!$fp) return false;
947
948	$fsize = filesize($this->wordlist_file);
949	if ($fsize < 128) return false; // too small of a list to be effective
950
951	fseek($fp, rand(0, $fsize - 64), SEEK_SET); // seek to a random position of file from 0 to filesize-64
952	$data = fread($fp, 64); // read a chunk from our random position
953	fclose($fp);
954	$data = preg_replace("/\r?\n/", "\n", $data);
955
956	$start = @strpos($data, "\n", rand(0, 56)) + 1; // random start position
957	$end = @strpos($data, "\n", $start); // find end of word
958
959	if ($start === false) {
960	return false;
961	} else if ($end === false) {
962	$end = strlen($data);
963	}
964
965	return strtolower(substr($data, $start, $end - $start)); // return a line of the file
966	}
967
968	/**
969	* Generates a random captcha code from the set character set
970	*/
971	protected function generateCode()
972	{
973	$code = '';
974
975	for($i = 1, $cslen = strlen($this->charset); $i <= $this->code_length; ++$i) {
976	$code .= $this->charset{rand(0, $cslen - 1)};
977	}
978
979	//return 'testing'; // debug, set the code to given string
980
981	return $code;
982	}
983
984	/**
985	* Checks the entered code against the value stored in the session or sqlite database, handles case sensitivity
986	* Also clears the stored codes if the code was entered correctly to prevent re-use
987	*/
988	protected function validate()
989	{
990	$code = $this->getCode();
991	// returns stored code, or an empty string if no stored code was found
992	// checks the session and sqlite database if enabled
993
994	if ($this->case_sensitive == false && preg_match('/[A-Z]/', $code)) {
995	// case sensitive was set from securimage_show.php but not in class
996	// the code saved in the session has capitals so set case sensitive to true
997	$this->case_sensitive = true;
998	}
999
1000	$code_entered = trim( (($this->case_sensitive) ? $this->code_entered
1001	: strtolower($this->code_entered))
1002	);
1003	$this->correct_code = false;
1004
1005	if ($code != '') {
1006	if ($code == $code_entered) {
1007	$this->correct_code = true;
1008	$_SESSION['securimage_code_value'][$this->namespace] = '';
1009	$_SESSION['securimage_code_ctime'][$this->namespace] = '';
1010	$this->clearCodeFromDatabase();
1011	}
1012	}
1013	}
1014
1015	/**
1016	* Return the code from the session or sqlite database if used. If none exists yet, an empty string is returned
1017	*/
1018	protected function getCode()
1019	{
1020	$code = '';
1021
1022	if (isset($_SESSION['securimage_code_value'][$this->namespace]) &&
1023	trim($_SESSION['securimage_code_value'][$this->namespace]) != '') {
1024	if ($this->isCodeExpired(
1025	$_SESSION['securimage_code_ctime'][$this->namespace]) == false) {
1026	$code = $_SESSION['securimage_code_value'][$this->namespace];
1027	}
1028	} else if ($this->use_sqlite_db == true && function_exists('sqlite_open')) {
1029	// no code in session - may mean user has cookies turned off
1030	$this->openDatabase();
1031	$code = $this->getCodeFromDatabase();
1032	} else { /* no code stored in session or sqlite database, validation will fail */ }
1033
1034	return $code;
1035	}
1036
1037	/**
1038	* Save data to session namespace and database if used
1039	*/
1040	protected function saveData()
1041	{
1042	$_SESSION['securimage_code_value'][$this->namespace] = $this->code;
1043	$_SESSION['securimage_code_ctime'][$this->namespace] = time();
1044
1045	$this->saveCodeToDatabase();
1046	}
1047
1048	/**
1049	* Saves the code to the sqlite database
1050	*/
1051	protected function saveCodeToDatabase()
1052	{
1053	$success = false;
1054
1055	$this->openDatabase();
1056
1057	if ($this->use_sqlite_db && $this->sqlite_handle !== false) {
1058	$ip = $_SERVER['REMOTE_ADDR'];
1059	$time = time();
1060	$code = $_SESSION['securimage_code_value'][$this->namespace]; // if cookies are disabled the session still exists at this point
1061	$success = sqlite_query($this->sqlite_handle,
1062	"INSERT OR REPLACE INTO codes(ip, code, namespace, created)
1063	VALUES('$ip', '$code', '{$this->namespace}', $time)");
1064	}
1065
1066	return $success !== false;
1067	}
1068
1069	/**
1070	* Open sqlite database
1071	*/
1072	protected function openDatabase()
1073	{
1074	$this->sqlite_handle = false;
1075
1076	if ($this->use_sqlite_db && function_exists('sqlite_open')) {
1077	$this->sqlite_handle = sqlite_open($this->sqlite_database, 0666, $error);
1078
1079	if ($this->sqlite_handle !== false) {
1080	$res = sqlite_query($this->sqlite_handle, "PRAGMA table_info(codes)");
1081	if (sqlite_num_rows($res) == 0) {
1082	sqlite_query($this->sqlite_handle, "CREATE TABLE codes (ip VARCHAR(32) PRIMARY KEY, code VARCHAR(32) NOT NULL, namespace VARCHAR(32) NOT NULL, created INTEGER)");
1083	}
1084	}
1085
1086	return $this->sqlite_handle != false;
1087	}
1088
1089	return $this->sqlite_handle;
1090	}
1091
1092	/**
1093	* Get a code from the sqlite database for ip address
1094	*/
1095	protected function getCodeFromDatabase()
1096	{
1097	$code = '';
1098
1099	if ($this->use_sqlite_db && $this->sqlite_handle !== false) {
1100	$ip = $_SERVER['REMOTE_ADDR'];
1101	$ns = sqlite_escape_string($this->namespace);
1102
1103	$res = sqlite_query($this->sqlite_handle, "SELECT * FROM codes WHERE ip = '$ip' AND namespace = '$ns'");
1104	if ($res && sqlite_num_rows($res) > 0) {
1105	$res = sqlite_fetch_array($res);
1106
1107	if ($this->isCodeExpired($res['created']) == false) {
1108	$code = $res['code'];
1109	}
1110	}
1111	}
1112	return $code;
1113	}
1114
1115	/**
1116	* Remove an entered code from the database
1117	*/
1118	protected function clearCodeFromDatabase()
1119	{
1120	if (is_resource($this->sqlite_handle)) {
1121	$ip = $_SERVER['REMOTE_ADDR'];
1122	$ns = sqlite_escape_string($this->namespace);
1123
1124	sqlite_query($this->sqlite_handle, "DELETE FROM codes WHERE ip = '$ip' AND namespace = '$ns'");
1125	}
1126	}
1127
1128	/**
1129	* Deletes old codes from sqlite database
1130	*/
1131	protected function purgeOldCodesFromDatabase()
1132	{
1133	if ($this->use_sqlite_db && $this->sqlite_handle !== false) {
1134	$now = time();
1135	$limit = (!is_numeric($this->expiry_time) \|\| $this->expiry_time < 1) ? 86400 : $this->expiry_time;
1136
1137	sqlite_query($this->sqlite_handle, "DELETE FROM codes WHERE $now - created > $limit");
1138	}
1139	}
1140
1141	/**
1142	* Checks to see if the captcha code has expired and cannot be used
1143	* @param unknown_type $creation_time
1144	*/
1145	protected function isCodeExpired($creation_time)
1146	{
1147	$expired = true;
1148
1149	if (!is_numeric($this->expiry_time) \|\| $this->expiry_time < 1) {
1150	$expired = false;
1151	} else if (time() - $creation_time < $this->expiry_time) {
1152	$expired = false;
1153	}
1154
1155	return $expired;
1156	}
1157
1158	/**
1159	*
1160	* Generate an MP3 audio file of the captcha image
1161	*
1162	* @deprecated 3.0
1163	*/
1164	protected function generateMP3()
1165	{
1166	return false;
1167	}
1168
1169	/**
1170	* Generate a wav file given the $letters in the code
1171	* @todo Add ability to merge 2 sound files together to have random background sounds
1172	* @param array $letters
1173	* @return string The binary contents of the wav file
1174	*/
1175	protected function generateWAV($letters)
1176	{
1177	$data_len = 0;
1178	$files = array();
1179	$out_data = '';
1180	$out_channels = 0;
1181	$out_samplert = 0;
1182	$out_bpersample = 0;
1183	$numSamples = 0;
1184	$removeChunks = array('LIST', 'DISP', 'NOTE');
1185
1186	for ($i = 0; $i < sizeof($letters); ++$i) {
1187	$letter = $letters[$i];
1188	$filename = $this->audio_path . strtoupper($letter) . '.wav';
1189	$file = array();
1190	$data = @file_get_contents($filename);
1191
1192	if ($data === false) {
1193	// echo "Failed to read $filename";
1194	return $this->audioError();
1195	}
1196
1197	$header = substr($data, 0, 36);
1198	$info = unpack('NChunkID/VChunkSize/NFormat/NSubChunk1ID/'
1199	.'VSubChunk1Size/vAudioFormat/vNumChannels/'
1200	.'VSampleRate/VByteRate/vBlockAlign/vBitsPerSample',
1201	$header);
1202
1203	$dataPos = strpos($data, 'data');
1204	$out_channels = $info['NumChannels'];
1205	$out_samplert = $info['SampleRate'];
1206	$out_bpersample = $info['BitsPerSample'];
1207
1208	if ($dataPos === false) {
1209	// wav file with no data?
1210	// echo "Failed to find DATA segment in $filename";
1211	return $this->audioError();
1212	}
1213
1214	if ($info['AudioFormat'] != 1) {
1215	// only work with PCM audio
1216	// echo "$filename was not PCM audio, only PCM is supported";
1217	return $this->audioError();
1218	}
1219
1220	if ($info['SubChunk1Size'] != 16 && $info['SubChunk1Size'] != 18) {
1221	// probably unsupported extension
1222	// echo "Bad SubChunk1Size in $filename - Size was {$info['SubChunk1Size']}";
1223	return $this->audioError();
1224	}
1225
1226	if ($info['SubChunk1Size'] > 16) {
1227	$header .= substr($data, 36, $info['SubChunk1Size'] - 16);
1228	}
1229
1230	if ($i == 0) {
1231	// create the final file's header, size will be adjusted later
1232	$out_data = $header . 'data';
1233	}
1234
1235	$removed = 0;
1236
1237	foreach($removeChunks as $chunk) {
1238	$chunkPos = strpos($data, $chunk);
1239	if ($chunkPos !== false) {
1240	$listSize = unpack('VSize', substr($data, $chunkPos + 4, 4));
1241
1242	$data = substr($data, 0, $chunkPos) .
1243	substr($data, $chunkPos + 8 + $listSize['Size']);
1244
1245	$removed += $listSize['Size'] + 8;
1246	}
1247	}
1248
1249	$dataSize = unpack('VSubchunk2Size', substr($data, $dataPos + 4, 4));
1250	$dataSize['Subchunk2Size'] -= $removed;
1251	$out_data .= substr($data, $dataPos + 8, $dataSize['Subchunk2Size'] * ($out_bpersample / 8));
1252	$numSamples += $dataSize['Subchunk2Size'];
1253	}
1254
1255	$filesize = strlen($out_data);
1256	$chunkSize = $filesize - 8;
1257	$dataCSize = $numSamples;
1258
1259	$out_data = substr_replace($out_data, pack('V', $chunkSize), 4, 4);
1260	$out_data = substr_replace($out_data, pack('V', $numSamples), 40 + ($info['SubChunk1Size'] - 16), 4);
1261
1262	$this->scrambleAudioData($out_data, 'wav');
1263
1264	return $out_data;
1265	}
1266
1267	/**
1268	* Randomizes the audio data to add noise and prevent binary recognition
1269	* @param string $data The binary audio file data
1270	* @param string $format The format of the sound file (wav only)
1271	*/
1272	protected function scrambleAudioData(&$data, $format)
1273	{
1274	$start = strpos($data, 'data') + 4; // look for "data" indicator
1275	if ($start === false) $start = 44; // if not found assume 44 byte header
1276
1277	$start += rand(1, 4); // randomize starting offset
1278	$datalen = strlen($data) - $start;
1279	$step = 1;
1280
1281	for ($i = $start; $i < $datalen; $i += $step) {
1282	$ch = ord($data{$i});
1283	if ($ch == 0 \|\| $ch == 255) continue;
1284
1285	if ($ch < 16 \|\| $ch > 239) {
1286	$ch += rand(-6, 6);
1287	} else {
1288	$ch += rand(-12, 12);
1289	}
1290
1291	if ($ch < 0) $ch = 0; else if ($ch > 255) $ch = 255;
1292
1293	$data{$i} = chr($ch);
1294
1295	$step = rand(1,4);
1296	}
1297
1298	return $data;
1299	}
1300
1301	/**
1302	* Return a wav file saying there was an error generating file
1303	*
1304	* @return string The binary audio contents
1305	*/
1306	protected function audioError()
1307	{
1308	return @file_get_contents(dirname(__FILE__) . '/audio/error.wav');
1309	}
1310
1311	function frand()
1312	{
1313	return 0.0001 * rand(0,9999);
1314	}
1315
1316	/**
1317	* Convert an html color code to a Securimage_Color
1318	* @param string $color
1319	* @param Securimage_Color $default The defalt color to use if $color is invalid
1320	*/
1321	protected function initColor($color, $default)
1322	{
1323	if ($color == null) {
1324	return new Securimage_Color($default);
1325	} else if (is_string($color)) {
1326	try {
1327	return new Securimage_Color($color);
1328	} catch(Exception $e) {
1329	return new Securimage_Color($default);
1330	}
1331	} else if (is_array($color) && sizeof($color) == 3) {
1332	return new Securimage_Color($color[0], $color[1], $color[2]);
1333	} else {
1334	return new Securimage_Color($default);
1335	}
1336	}
1337	}
1338
1339
1340	/**
1341	* Color object for Securimage CAPTCHA
1342	*
1343	* @version 3.0
1344	* @since 2.0
1345	* @package Securimage
1346	* @subpackage classes
1347	*
1348	*/
1349	class Securimage_Color
1350	{
1351	public $r;
1352	public $g;
1353	public $b;
1354
1355	/**
1356	* Create a new Securimage_Color object.<br />
1357	* Constructor expects 1 or 3 arguments.<br />
1358	* When passing a single argument, specify the color using HTML hex format,<br />
1359	* when passing 3 arguments, specify each RGB component (from 0-255) individually.<br />
1360	* $color = new Securimage_Color('#0080FF') or <br />
1361	* $color = new Securimage_Color(0, 128, 255)
1362	*
1363	* @param string $color
1364	* @throws Exception
1365	*/
1366	public function __construct($color = '#ffffff')
1367	{
1368	$args = func_get_args();
1369
1370	if (sizeof($args) == 0) {
1371	$this->r = 255;
1372	$this->g = 255;
1373	$this->b = 255;
1374	} else if (sizeof($args) == 1) {
1375	// set based on html code
1376	if (substr($color, 0, 1) == '#') {
1377	$color = substr($color, 1);
1378	}
1379
1380	if (strlen($color) != 3 && strlen($color) != 6) {
1381	throw new InvalidArgumentException(
1382	'Invalid HTML color code passed to Securimage_Color'
1383	);
1384	}
1385
1386	$this->constructHTML($color);
1387	} else if (sizeof($args) == 3) {
1388	$this->constructRGB($args[0], $args[1], $args[2]);
1389	} else {
1390	throw new InvalidArgumentException(
1391	'Securimage_Color constructor expects 0, 1 or 3 arguments; ' . sizeof($args) . ' given'
1392	);
1393	}
1394	}
1395
1396	/**
1397	* Construct from an rgb triplet
1398	* @param int $red The red component, 0-255
1399	* @param int $green The green component, 0-255
1400	* @param int $blue The blue component, 0-255
1401	*/
1402	protected function constructRGB($red, $green, $blue)
1403	{
1404	if ($red < 0) $red = 0;
1405	if ($red > 255) $red = 255;
1406	if ($green < 0) $green = 0;
1407	if ($green > 255) $green = 255;
1408	if ($blue < 0) $blue = 0;
1409	if ($blue > 255) $blue = 255;
1410
1411	$this->r = $red;
1412	$this->g = $green;
1413	$this->b = $blue;
1414	}
1415
1416	/**
1417	* Construct from an html hex color code
1418	* @param string $color
1419	*/
1420	protected function constructHTML($color)
1421	{
1422	if (strlen($color) == 3) {
1423	$red = str_repeat(substr($color, 0, 1), 2);
1424	$green = str_repeat(substr($color, 1, 1), 2);
1425	$blue = str_repeat(substr($color, 2, 1), 2);
1426	} else {
1427	$red = substr($color, 0, 2);
1428	$green = substr($color, 2, 2);
1429	$blue = substr($color, 4, 2);
1430	}
1431
1432	$this->r = hexdec($red);
1433	$this->g = hexdec($green);
1434	$this->b = hexdec($blue);
1435	}
1436	}
1437	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: