Update captcha implementation
authorMatthias Schmidt <gravatronics@live.com>
Thu, 26 Jun 2014 12:25:48 +0000 (14:25 +0200)
committerMatthias Schmidt <gravatronics@live.com>
Thu, 26 Jun 2014 12:25:48 +0000 (14:25 +0200)
13 files changed:
com.woltlab.wcf/option.xml
wcfsetup/install/files/lib/acp/form/LoginForm.class.php
wcfsetup/install/files/lib/action/FacebookAuthAction.class.php
wcfsetup/install/files/lib/action/GithubAuthAction.class.php
wcfsetup/install/files/lib/action/GoogleAuthAction.class.php
wcfsetup/install/files/lib/action/TwitterAuthAction.class.php
wcfsetup/install/files/lib/data/comment/CommentAction.class.php
wcfsetup/install/files/lib/form/AbstractCaptchaForm.class.php
wcfsetup/install/files/lib/form/LostPasswordForm.class.php
wcfsetup/install/files/lib/form/RegisterForm.class.php
wcfsetup/install/files/lib/form/SearchForm.class.php
wcfsetup/install/lang/de.xml
wcfsetup/install/lang/en.xml

index 8bad41e5504256947233fb327939a445dbbfb8c6..a0f74755cdcdb36706a6eb9bc3605fe1f6554a61 100644 (file)
@@ -571,41 +571,40 @@ imagick:wcf.acp.option.image_adapter_type.imagick]]>
                        </option>
                        <!-- /security.blacklist -->
                        
-                       <!-- security.antispam -->
-                       <option name="register_captcha_type">
+                       <!-- security.antispam.captcha -->
+                       <option name="captcha_type">
                                <categoryname>security.antispam.captcha</categoryname>
                                <optiontype>captchaSelect</optiontype>
                                <defaultvalue>com.woltlab.wcf.recaptcha</defaultvalue>
                                <allowemptyvalue>1</allowemptyvalue>
                        </option>
-                       <option name="lost_password_captcha_type">
+                       <option name="register_use_captcha">
                                <categoryname>security.antispam.captcha</categoryname>
-                               <optiontype>captchaSelect</optiontype>
-                               <defaultvalue>com.woltlab.wcf.recaptcha</defaultvalue>
-                               <allowemptyvalue>1</allowemptyvalue>
+                               <optiontype>boolean</optiontype>
+                               <defaultvalue>1</defaultvalue>
+                               <options>captcha_type</options>
                        </option>
-                       <option name="profile_mail_captcha_type">
+                       <option name="lost_password_use_captcha">
                                <categoryname>security.antispam.captcha</categoryname>
-                               <optiontype>captchaSelect</optiontype>
-                               <defaultvalue>com.woltlab.wcf.recaptcha</defaultvalue>
-                               <allowemptyvalue>1</allowemptyvalue>
+                               <optiontype>boolean</optiontype>
+                               <defaultvalue>1</defaultvalue>
+                               <options>captcha_type</options>
                        </option>
-                       <option name="search_captcha_type">
+                       <option name="profile_mail_use_captcha">
                                <categoryname>security.antispam.captcha</categoryname>
                                <optiontype>boolean</optiontype>
-                               <optiontype>captchaSelect</optiontype>
-                               <defaultvalue>com.woltlab.wcf.recaptcha</defaultvalue>
-                               <allowemptyvalue>1</allowemptyvalue>
+                               <defaultvalue>1</defaultvalue>
+                               <options>captcha_type</options>
                        </option>
-                       <option name="message_captcha_type">
+                       <option name="search_use_captcha">
                                <categoryname>security.antispam.captcha</categoryname>
                                <optiontype>boolean</optiontype>
-                               <optiontype>captchaSelect</optiontype>
-                               <defaultvalue>com.woltlab.wcf.recaptcha</defaultvalue>
-                               <allowemptyvalue>1</allowemptyvalue>
+                               <defaultvalue>1</defaultvalue>
+                               <options>captcha_type</options>
                        </option>
-                       <!-- /security.antispam -->
+                       <!-- /security.antispam.captcha -->
                        
+                       <!-- security.antispam.recaptcha -->
                        <option name="recaptcha_publickey">
                                <categoryname>security.antispam.recaptcha</categoryname>
                                <optiontype>text</optiontype>
@@ -622,6 +621,7 @@ imagick:wcf.acp.option.image_adapter_type.imagick]]>
                                <defaultvalue>6LfOlMYSAAAAAKR3m_EFxmDv1xS8PCfeaSZ2LdG9</defaultvalue>
                                <showorder>2</showorder>
                        </option>
+                       <!-- /security.antispam.recaptcha -->
                        
                        <!-- general.system.date -->
                        <option name="timezone">
@@ -1308,36 +1308,6 @@ DESC:wcf.global.sortOrder.descending]]></selectoptions>
                                <maxvalue>100</maxvalue>
                        </option>
                        <!-- /message.general.poll -->
-                       
-                       <!-- deprecated -->
-                       <option name="register_use_captcha">
-                               <categoryname>security.antispam</categoryname>
-                               <optiontype>boolean</optiontype>
-                               <defaultvalue><![CDATA[1]]></defaultvalue>
-                               <options>module_system_recaptcha</options>
-                               <hidden>1</hidden>
-                       </option>
-                       <option name="lost_password_use_captcha">
-                               <categoryname>security.antispam</categoryname>
-                               <optiontype>boolean</optiontype>
-                               <defaultvalue><![CDATA[1]]></defaultvalue>
-                               <options>module_system_recaptcha</options>
-                               <hidden>1</hidden>
-                       </option>
-                       <option name="profile_mail_use_captcha">
-                               <categoryname>security.antispam</categoryname>
-                               <optiontype>boolean</optiontype>
-                               <defaultvalue><![CDATA[1]]></defaultvalue>
-                               <options>module_system_recaptcha</options>
-                               <hidden>1</hidden>
-                       </option>
-                       <option name="search_use_captcha">
-                               <categoryname>security.antispam</categoryname>
-                               <optiontype>boolean</optiontype>
-                               <options>module_system_recaptcha</options>
-                               <hidden>1</hidden>
-                       </option>
-                       <!-- deprecated -->
                </options>
        </import>
        
index 0b8588b4e3f7a210ef188f6f05844cd7c7d088a5..06ff0e04f2791d8a68630f6c492467bb28e44c5e 100755 (executable)
@@ -53,8 +53,7 @@ class LoginForm extends AbstractCaptchaForm {
        public $url = null;
        
        /**
-        * @todo
-        * @var unknown
+        * @see \wcf\form\AbstractCaptchaForm::$useCaptcha
         */
        public $useCaptcha = false;
        
@@ -82,7 +81,7 @@ class LoginForm extends AbstractCaptchaForm {
                
                if (!empty($_REQUEST['url'])) {
                        $this->url = StringUtil::trim($_REQUEST['url']);
-                               
+                       
                        // discard URL if it is not an absolute URL of local content
                        if (!ApplicationHandler::getInstance()->isInternalURL($this->url)) {
                                $this->url = '';
@@ -96,7 +95,7 @@ class LoginForm extends AbstractCaptchaForm {
                                throw new NamedUserException(WCF::getLanguage()->getDynamicVariable('wcf.user.login.blocked'));
                        }
                        if (USER_AUTHENTICATION_FAILURE_IP_CAPTCHA && $failures >= USER_AUTHENTICATION_FAILURE_IP_CAPTCHA) {
-                               $this->captchaObjectTypeName = REGISTER_CAPTCHA_TYPE;
+                               $this->useCaptcha = true;
                        }
                        else if (USER_AUTHENTICATION_FAILURE_USER_CAPTCHA) {
                                if (isset($_POST['username'])) {
@@ -106,7 +105,7 @@ class LoginForm extends AbstractCaptchaForm {
                                        if ($user->userID) {
                                                $failures = UserAuthenticationFailure::countUserFailures($user->userID);
                                                if (USER_AUTHENTICATION_FAILURE_USER_CAPTCHA && $failures >= USER_AUTHENTICATION_FAILURE_USER_CAPTCHA) {
-                                                       $this->captchaObjectTypeName = REGISTER_CAPTCHA_TYPE;
+                                                       $this->useCaptcha = true;
                                                }
                                        }
                                }
index 9db5426320cd7a9125f759d889cfa18571b016aa..41da886c8bc018234665df1bf15f6a831ca0c170 100644 (file)
@@ -117,7 +117,7 @@ class FacebookAuthAction extends AbstractAction {
                                        
                                        // we assume that bots won't register on facebook first
                                        // thus no need for a captcha
-                                       if (REGISTER_CAPTCHA_TYPE) {
+                                       if (REGISTER_USE_CAPTCHA) {
                                                WCF::getSession()->register('noRegistrationCaptcha', true);
                                        }
                                        
index 1801fb3147ee8ad35bf50ac3fa24f4ac2e473487..6bc2808a6c4d25b4a1d8f96af6d405453f319b98 100644 (file)
@@ -149,7 +149,7 @@ class GithubAuthAction extends AbstractAction {
                                        
                                        // we assume that bots won't register on github first
                                        // thus no need for a captcha
-                                       if (REGISTER_CAPTCHA_TYPE) {
+                                       if (REGISTER_USE_CAPTCHA) {
                                                WCF::getSession()->register('noRegistrationCaptcha', true);
                                        }
                                        
index 88e54aedb85e5bf97ae3c0906e1da94d7b197af9..253764cac79701825dfba50455da1f2aee9e5fe6 100644 (file)
@@ -130,7 +130,7 @@ class GoogleAuthAction extends AbstractAction {
                                        
                                        // we assume that bots won't register on google first
                                        // thus no need for a captcha
-                                       if (REGISTER_CAPTCHA_TYPE) {
+                                       if (REGISTER_USE_CAPTCHA) {
                                                WCF::getSession()->register('noRegistrationCaptcha', true);
                                        }
                                        
index 8500b5dea94a73e270a06964c2f496691bdec835..6f5afb6f33b22826b9cb86d77db60006b2420f1a 100644 (file)
@@ -129,7 +129,7 @@ class TwitterAuthAction extends AbstractAction {
                                        
                                        // we assume that bots won't register on twitter first
                                        // thus no need for a captcha
-                                       if (REGISTER_CAPTCHA_TYPE) {
+                                       if (REGISTER_USE_CAPTCHA) {
                                                WCF::getSession()->register('noRegistrationCaptcha', true);
                                        }
                                        
index 04f3ddb6830fd45e0bf0c1b80d20ddbe4878ab21..4e36131ffe2bbbb9802fc0e9c762e58fbe1fa85b 100644 (file)
@@ -578,10 +578,10 @@ class CommentAction extends AbstractDatabaseObjectAction {
         * @return      array
         */
        public function getGuestDialog() {
-               if (MESSAGE_CAPTCHA_TYPE) {
-                       $captchaObjectType = CaptchaHandler::getInstance()->getObjectTypeByName(MESSAGE_CAPTCHA_TYPE);
+               if (CAPTCHA_TYPE) {
+                       $captchaObjectType = CaptchaHandler::getInstance()->getObjectTypeByName(CAPTCHA_TYPE);
                        if ($captchaObjectType === null) {
-                               throw new SystemException("Unknown captcha object type with name '".MESSAGE_CAPTCHA_TYPE."'");
+                               throw new SystemException("Unknown captcha object type with name '".CAPTCHA_TYPE."'");
                        }
                        
                        if (!$captchaObjectType->getProcessor()->isAvailable()) {
@@ -726,10 +726,10 @@ class CommentAction extends AbstractDatabaseObjectAction {
        protected function validateCaptcha() {
                if (WCF::getUser()->userID) return;
                
-               if (MESSAGE_CAPTCHA_TYPE) {
-                       $this->captchaObjectType = CaptchaHandler::getInstance()->getObjectTypeByName(MESSAGE_CAPTCHA_TYPE);
+               if (CAPTCHA_TYPE) {
+                       $this->captchaObjectType = CaptchaHandler::getInstance()->getObjectTypeByName(CAPTCHA_TYPE);
                        if ($this->captchaObjectType === null) {
-                               throw new SystemException("Unknown captcha object type with name '".MESSAGE_CAPTCHA_TYPE."'");
+                               throw new SystemException("Unknown captcha object type with name '".CAPTCHA_TYPE."'");
                        }
                        
                        if (!$this->captchaObjectType->getProcessor()->isAvailable()) {
index 1dcb83326cf0c65b6db98bd9e5464de6c8b0ac9b..205fd46269783eb920f1a9552ce63f29cf13e961 100644 (file)
@@ -27,22 +27,10 @@ abstract class AbstractCaptchaForm extends AbstractForm {
         * name of the captcha object type; if empty, captcha is disabled
         * @var string
         */
-       public $captchaObjectTypeName = '';
+       public $captchaObjectTypeName = CAPTCHA_TYPE;
        
        /**
-        * challenge (legacy property from RecaptchaForm, do not use!)
-        * @var string
-        */
-       public $challenge = '';
-       
-       /**
-        * response (legacy property from RecaptchaForm, do not use!)
-        * @var string
-        */
-       public $response = '';
-       
-       /**
-        * true if recaptcha is used (legacy property from RecaptchaForm, do not use!)
+        * true if recaptcha is used
         * @var boolean
         */
        public $useCaptcha = true;
@@ -54,22 +42,16 @@ abstract class AbstractCaptchaForm extends AbstractForm {
                parent::assignVariables();
                
                WCF::getTPL()->assign(array(
-                       'captchaObjectType' => $this->captchaObjectType
+                       'captchaObjectType' => $this->captchaObjectType,
+                       'useCaptcha' => $this->useCaptcha
                ));
-               
-               if (!$this->captchaObjectType) {
-                       RecaptchaHandler::getInstance()->assignVariables();
-                       WCF::getTPL()->assign(array(
-                               'useCaptcha' => $this->useCaptcha
-                       ));
-               }
        }
        
        /**
         * @see \wcf\page\IPage::readData()
         */
        public function readData() {
-               if (!WCF::getUser()->userID && $this->captchaObjectTypeName) {
+               if (!WCF::getUser()->userID && $this->useCaptcha && $this->captchaObjectTypeName) {
                        $this->captchaObjectType = CaptchaHandler::getInstance()->getObjectTypeByName($this->captchaObjectTypeName);
                        if ($this->captchaObjectType === null) {
                                throw new SystemException("Unknown captcha object type with name '".$this->captchaObjectTypeName."'");
@@ -92,21 +74,6 @@ abstract class AbstractCaptchaForm extends AbstractForm {
                if ($this->captchaObjectType) {
                        $this->captchaObjectType->getProcessor()->readFormParameters();
                }
-               else if ($this->useCaptcha) {
-                       if (isset($_POST['recaptcha_challenge_field'])) $this->challenge = StringUtil::trim($_POST['recaptcha_challenge_field']);
-                       if (isset($_POST['recaptcha_response_field'])) $this->response = StringUtil::trim($_POST['recaptcha_response_field']);
-               }
-       }
-       
-       /**
-        * @see \wcf\page\IPage::readParameters()
-        */
-       public function readParameters() {
-               parent::readParameters();
-               
-               if ($this->captchaObjectType === null && (!MODULE_SYSTEM_RECAPTCHA || WCF::getUser()->userID || WCF::getSession()->getVar('recaptchaDone'))) {
-                       $this->useCaptcha = false;
-               }
        }
        
        /**
@@ -118,9 +85,6 @@ abstract class AbstractCaptchaForm extends AbstractForm {
                if ($this->captchaObjectType) {
                        $this->captchaObjectType->getProcessor()->reset();
                }
-               else {
-                       WCF::getSession()->unregister('recaptchaDone');
-               }
        }
        
        /**
@@ -139,9 +103,5 @@ abstract class AbstractCaptchaForm extends AbstractForm {
                if ($this->captchaObjectType) {
                        $this->captchaObjectType->getProcessor()->validate();
                }
-               else if ($this->useCaptcha) {
-                       RecaptchaHandler::getInstance()->validate($this->challenge, $this->response);
-                       $this->useCaptcha = false;
-               }
        }
 }
index f0eec4d85fabd8b7d0caec6934282c0ccc1083c5..77380a9ffec8b5b564156ddaeed114bf589b8419 100644 (file)
@@ -47,9 +47,9 @@ class LostPasswordForm extends AbstractCaptchaForm {
        public $user;
        
        /**
-        * @see \wcf\form\CaptchaForm::$captchaObjectTypeName
+        * @see \wcf\form\AbstractCaptchaForm::$useCaptcha
         */
-       public $captchaObjectTypeName = LOST_PASSWORD_CAPTCHA_TYPE;
+       public $useCaptcha = LOST_PASSWORD_USE_CAPTCHA;
        
        /**
         * @see \wcf\form\IForm::readFormParameters()
index c5b7e4a0ab10c988c525a58824394db40ee56e87..50523370d232668301c48b539827d09a304b63e5 100644 (file)
@@ -58,16 +58,19 @@ class RegisterForm extends UserAddForm {
        public $message = '';
        
        /**
-        * captcha object type object
-        * @var \wcf\data\object\type\ObjectType
+        * @see \wcf\form\AbstractCaptchaForm::$captchaObjectType
         */
        public $captchaObjectType = null;
        
        /**
-        * name of the captcha object type; if empty, captcha is disabled
-        * @var string
+        * @see \wcf\form\AbstractCaptchaForm::$useCaptcha
+        */
+       public $captchaObjectTypeName = CAPTCHA_TYPE;
+       
+       /**
+        * @see \wcf\form\AbstractCaptchaForm::$useCaptcha
         */
-       public $captchaObjectTypeName = REGISTER_CAPTCHA_TYPE;
+       public $useCaptcha = REGISTER_USE_CAPTCHA;
        
        /**
         * field names
@@ -163,7 +166,7 @@ class RegisterForm extends UserAddForm {
         * @see \wcf\page\IPage::readData()
         */
        public function readData() {
-               if ($this->captchaObjectTypeName) {
+               if ($this->useCaptcha && $this->captchaObjectTypeName) {
                        $this->captchaObjectType = CaptchaHandler::getInstance()->getObjectTypeByName($this->captchaObjectTypeName);
                        if ($this->captchaObjectType === null) {
                                throw new SystemException("Unknown captcha object type with id '".$this->captchaObjectTypeName."'");
index e5dc4d836ddb93e8244b4379f1f035a2b2f4dc7b..eaf456ca92478905d6ec9549166122ca0dc24ef7 100644 (file)
@@ -93,9 +93,9 @@ class SearchForm extends AbstractCaptchaForm {
        public $username = '';
        
        /**
-        * @see \wcf\form\AbstractCaptchaForm::$captchaObjectTypeName
+        * @see \wcf\form\AbstractCaptchaForm::$useCaptcha
         */
-       public $captchaObjectTypeName = SEARCH_CAPTCHA_TYPE;
+       public $useCaptcha = SEARCH_USE_CAPTCHA;
        
        /**
         * parameters used for previous search
index e61af85e2bce7da30dd1713e082074e5f857c302..020f3a14bef7a796233fd59f47903adaa9dd2100 100644 (file)
@@ -989,11 +989,11 @@ GmbH=Gesellschaft mit beschränkter Haftung]]></item>
                <item name="wcf.acp.option.url_omit_index_php"><![CDATA[„index.php“ aus URLs entfernen]]></item>
                <item name="wcf.acp.option.url_omit_index_php.description"><![CDATA[TODO]]></item>
                <item name="wcf.acp.option.module_ad"><![CDATA[Werbung]]></item>
-               <item name="wcf.acp.option.register_captcha_type"><![CDATA[Registierung]]></item>
-               <item name="wcf.acp.option.lost_password_captcha_type"><![CDATA[Kennwort vergessen]]></item>
-               <item name="wcf.acp.option.profile_mail_captcha_type"><![CDATA[E-Mail an Benutzer schicken]]></item>
-               <item name="wcf.acp.option.search_captcha_type"><![CDATA[Suche]]></item>
-               <item name="wcf.acp.option.message_captcha_type"><![CDATA[Nachrichten]]></item>
+               <item name="wcf.acp.option.captcha_type"><![CDATA[Captcha-Art]]></item>
+               <item name="wcf.acp.option.register_use_captcha"><![CDATA[Captcha in Registrierung aktivieren]]></item>
+               <item name="wcf.acp.option.lost_password_use_captcha"><![CDATA[Captcha in „Kennwort vergessen“ aktivieren]]></item>
+               <item name="wcf.acp.option.profile_mail_use_captcha"><![CDATA[Captcha in „E-Mail an Benutzer schicken“ aktivieren]]></item>
+               <item name="wcf.acp.option.search_use_captcha"><![CDATA[Captcha in Suchfunktion aktivieren]]></item>
                <item name="wcf.acp.option.category.security.antispam.captcha"><![CDATA[Captchas]]></item>
                <item name="wcf.acp.option.category.security.general.authentication"><![CDATA[Benutzer-Authentifikation]]></item>
                <item name="wcf.acp.option.enable_user_authentication_failure"><![CDATA[Fehlgeschlagene Ammeldeversuche protokollieren]]></item>
index d8d6bada2f97f7886b1c6fac50c856fcf61f172a..246f9fd258dd6a045e016f4bfdbb3468b7cc64bb 100644 (file)
@@ -989,11 +989,11 @@ GmbH=Gesellschaft mit beschränkter Haftung]]></item>
                <item name="wcf.acp.option.url_omit_index_php"><![CDATA[TODO: „index.php“ aus URLs entfernen]]></item>
                <item name="wcf.acp.option.url_omit_index_php.description"><![CDATA[TODO]]></item>
                <item name="wcf.acp.option.module_ad"><![CDATA[Ads]]></item>
-               <item name="wcf.acp.option.register_captcha_type"><![CDATA[Registration]]></item>
-               <item name="wcf.acp.option.lost_password_captcha_type"><![CDATA[Lost Password]]></item>
-               <item name="wcf.acp.option.profile_mail_captcha_type"><![CDATA[Send Email to User]]></item>
-               <item name="wcf.acp.option.search_captcha_type"><![CDATA[Search]]></item>
-               <item name="wcf.acp.option.message_captcha_type"><![CDATA[Messages]]></item>
+               <item name="wcf.acp.option.captcha_type"><![CDATA[Captcha Type]]></item>
+               <item name="wcf.acp.option.register_use_captcha"><![CDATA[Enable Captcha protection during registration]]></item>
+               <item name="wcf.acp.option.lost_password_use_captcha"><![CDATA[Enable Captcha protection for “Lost Password”]]></item>
+               <item name="wcf.acp.option.profile_mail_use_captcha"><![CDATA[Enable Captcha protection for “Send Email to User”]]></item>
+               <item name="wcf.acp.option.search_use_captcha"><![CDATA[Enable Captcha protection for search]]></item>
                <item name="wcf.acp.option.category.security.antispam.captcha"><![CDATA[Captchas]]></item>
                <item name="wcf.acp.option.category.security.general.authentication"><![CDATA[TODO: Benutzer-Authentifikation]]></item>
                <item name="wcf.acp.option.enable_user_authentication_failure"><![CDATA[TODO: Fehlgeschlagene Ammeldeversuche protokollieren]]></item>