added captcha form control and strengthened captcha security

2006-02-13 15:03:37 +00:00 · 2006-02-13 15:03:37 +00:00 · f9a60ab55a
commit f9a60ab55a
parent ce3b1f484a
4 changed files with 124 additions and 6 deletions
--- a/docs/changelog/6.x.x.txt
+++ b/docs/changelog/6.x.x.txt
@ -20,6 +20,8 @@
   more powerful and will use slightly less memory.
 - fix [ 1406210 ] 6.9 i18n in create.sql, previous.sql broken.
 - fix [ 1410577 ] WebGUI::Session not included
+ - Strengthened security of Captcha validation.
+ - Added Captcha form control type.

 6.8.6
 - Added logic to deal with case sensitivity and whitespace problems in LDAP
--- a/lib/WebGUI/Auth/WebGUI.pm
+++ b/lib/WebGUI/Auth/WebGUI.pm
@ -169,13 +169,9 @@ sub createAccount {
   } 
 	my $i18n = WebGUI::International->new($self->session);
   $vars->{'create.message'} = $_[0] if ($_[0]);
-	my $storage = WebGUI::Storage::Image->createTemp($self->session);
-	my ($filename, $challenge) = $storage->addFileFromCaptcha;
 	$vars->{useCaptcha} = $self->session->setting->get("webguiUseCaptcha");
 	if ($vars->{useCaptcha}) {
-   		$vars->{'create.form.captcha'} = WebGUI::Form::text($self->session,{"name"=>"authWebGUI.captcha", size=>6, maxlength=>6})
-			.WebGUI::Form::hidden($self->session,{name=>"authWebGUI.captcha.validation", value=>Digest::MD5::md5_base64(lc($challenge))})
-			.'<img src="'.$storage->getUrl($filename).'" border="0" alt="captcha" align="middle" />';
+   		$vars->{'create.form.captcha'} = WebGUI::Form::Captcha($self->session,{"name"=>"authWebGUI.captcha"});
   		$vars->{'create.form.captcha.label'} = $i18n->get("captcha label","AuthWebGUI");
 	}
   $vars->{'create.form.username'} = WebGUI::Form::text($self->session,{"name"=>"authWebGUI.username","value"=>$self->session->form->process("authWebGUI.username")});
@ -211,7 +207,7 @@ sub createAccountSave {
 	
   $error = $self->error unless($self->validUsername($username));
 	if ($self->session->setting->get("webguiUseCaptcha")) {
-		unless ($self->session->form->process('authWebGUI.captcha.validation') eq Digest::MD5::md5_base64(lc($self->session->form->process('authWebGUI.captcha')))) {
+		unless ($self->session->form->process('authWebGUI.captcha', "Captcha")) {
 			$error .= $i18n->get("captcha failure","AuthWebGUI");
 		}
 	}
--- a/lib/WebGUI/Form/Captcha.pm
+++ b/lib/WebGUI/Form/Captcha.pm
@ -0,0 +1,108 @@
+package WebGUI::Form::Captcha;
+
+=head1 LEGAL
+
+ -------------------------------------------------------------------
+  WebGUI is Copyright 2001-2006 Plain Black Corporation.
+ -------------------------------------------------------------------
+  Please read the legal notices (docs/legal.txt) and the license
+  (docs/license.txt) that came with this distribution before using
+  this software.
+ -------------------------------------------------------------------
+  http://www.plainblack.com                     info@plainblack.com
+ -------------------------------------------------------------------
+
+=cut
+
+use strict;
+use base 'WebGUI::Form::Text';
+use WebGUI::International;
+use WebGUI::Storage::Image;
+
+=head1 NAME
+
+Package WebGUI::Form::Captcha
+
+=head1 DESCRIPTION
+
+Creates a captcha form element that helps verify a human is submitting the form rather than a bot.
+
+=head1 SEE ALSO
+
+This is a subclass of WebGUI::Form::Text.
+
+=head1 METHODS 
+
+The following methods are specifically available from this class. Check the superclass for additional methods.
+
+=cut
+
+#-------------------------------------------------------------------
+
+=head2 definition ( [ additionalTerms ] )
+
+See the super class for additional details.
+
+=head3 additionalTerms
+
+The following additional parameters have been added via this sub class.
+
+=head4 profileEnabled
+
+Flag that tells the User Profile system that this is a valid form element in a User Profile
+
+=cut
+
+sub definition {
+	my $class = shift;
+	my $session = shift;
+	my $definition = shift || [];
+	my $i18n = WebGUI::International->new($session,"Form_Captcha");
+	push(@{$definition}, {
+		formName=>{
+			defaultValue=>$i18n->get("formName")
+			},
+		profileEnabled=>{
+			defaultValue=>1
+			},
+		});
+        return $class->SUPER::definition($session, $definition);
+}
+
+#-------------------------------------------------------------------
+
+=head2 getValueFromPost ( )
+
+Returns a boolean indicating whether the string typed matched the image.
+
+=cut
+
+sub getValueFromPost {
+	my $self = shift;
+	my $value = $self->session->form->param($self->get("name"));
+	my $challenge = $self->session->scratch->get("captcha_".$self->get("name"));
+	$self->session->scratch->delete("captcha_".$self->get("name"));
+	return (lc($value) eq lc($challenge));
+}
+
+#-------------------------------------------------------------------
+
+=head2 toHtml ( )
+
+Renders a captcha field.
+
+=cut
+
+sub toHtml {
+        my $self = shift;
+ 	my $storage = WebGUI::Storage::Image->createTemp($self->session);
+        my ($filename, $challenge) = $storage->addFileFromCaptcha;
+        $self->set("size", 6);
+	$self->set("maxlength", 6);
+	$self->session->scratch->set("captcha_".$self->get("name"), $challenge);
+	$self->set("subtext", '<img src="'.$storage->getUrl($filename).'" border="0" alt="captcha" align="middle" />'.$self->get("subtext"));
+	return $self->SUPER::toHtml;
+}
+
+1;
+
--- a/lib/WebGUI/i18n/English/Form_Captcha.pm
+++ b/lib/WebGUI/i18n/English/Form_Captcha.pm
@ -0,0 +1,12 @@
+package WebGUI::i18n::English::Form_Captcha; 
+
+our $I18N = { 
+	'formName' => {
+		message => q|Captcha|,
+		context => q|Captcha is an acronym, it cannot be translated.|,
+		lastUpdated => 1131394072,
+	},
+
+};
+
+1;