[25027] | 1 | <?php
|
---|
| 2 | /**
|
---|
| 3 | * CAPTCHA antispam plugin
|
---|
| 4 | *
|
---|
| 5 | * @license GPL 2 (http://www.gnu.org/licenses/gpl.html)
|
---|
| 6 | * @author Andreas Gohr <[email protected]>
|
---|
| 7 | */
|
---|
| 8 |
|
---|
| 9 | // must be run within Dokuwiki
|
---|
| 10 | if(!defined('DOKU_INC')) die();
|
---|
| 11 |
|
---|
| 12 | if(!defined('DOKU_PLUGIN')) define('DOKU_PLUGIN',DOKU_INC.'lib/plugins/');
|
---|
| 13 | require_once(DOKU_PLUGIN.'action.php');
|
---|
| 14 |
|
---|
| 15 | class action_plugin_captcha extends DokuWiki_Action_Plugin {
|
---|
| 16 |
|
---|
| 17 | /**
|
---|
| 18 | * register the eventhandlers
|
---|
| 19 | */
|
---|
| 20 | function register(&$controller){
|
---|
| 21 | $controller->register_hook('ACTION_ACT_PREPROCESS',
|
---|
| 22 | 'BEFORE',
|
---|
| 23 | $this,
|
---|
| 24 | 'handle_act_preprocess',
|
---|
| 25 | array());
|
---|
| 26 |
|
---|
| 27 | // old hook
|
---|
| 28 | $controller->register_hook('HTML_EDITFORM_INJECTION',
|
---|
| 29 | 'BEFORE',
|
---|
| 30 | $this,
|
---|
| 31 | 'handle_editform_output',
|
---|
| 32 | array('editform' => true, 'oldhook' => true));
|
---|
| 33 |
|
---|
| 34 | // new hook
|
---|
| 35 | $controller->register_hook('HTML_EDITFORM_OUTPUT',
|
---|
| 36 | 'BEFORE',
|
---|
| 37 | $this,
|
---|
| 38 | 'handle_editform_output',
|
---|
| 39 | array('editform' => true, 'oldhook' => false));
|
---|
| 40 |
|
---|
| 41 | if($this->getConf('regprotect')){
|
---|
| 42 | // old hook
|
---|
| 43 | $controller->register_hook('HTML_REGISTERFORM_INJECTION',
|
---|
| 44 | 'BEFORE',
|
---|
| 45 | $this,
|
---|
| 46 | 'handle_editform_output',
|
---|
| 47 | array('editform' => false, 'oldhook' => true));
|
---|
| 48 |
|
---|
| 49 | // new hook
|
---|
| 50 | $controller->register_hook('HTML_REGISTERFORM_OUTPUT',
|
---|
| 51 | 'BEFORE',
|
---|
| 52 | $this,
|
---|
| 53 | 'handle_editform_output',
|
---|
| 54 | array('editform' => false, 'oldhook' => false));
|
---|
| 55 | }
|
---|
| 56 | }
|
---|
| 57 |
|
---|
| 58 | /**
|
---|
| 59 | * Will intercept the 'save' action and check for CAPTCHA first.
|
---|
| 60 | */
|
---|
| 61 | function handle_act_preprocess(&$event, $param){
|
---|
| 62 | $act = $this->_act_clean($event->data);
|
---|
| 63 | if(!('save' == $act || ($this->getConf('regprotect') &&
|
---|
| 64 | 'register' == $act &&
|
---|
| 65 | $_POST['save']))){
|
---|
| 66 | return; // nothing to do for us
|
---|
| 67 | }
|
---|
| 68 |
|
---|
| 69 | // do nothing if logged in user and no CAPTCHA required
|
---|
| 70 | if(!$this->getConf('forusers') && $_SERVER['REMOTE_USER']){
|
---|
| 71 | return;
|
---|
| 72 | }
|
---|
| 73 |
|
---|
| 74 | // check captcha
|
---|
| 75 | $helper = plugin_load('helper','captcha');
|
---|
| 76 | if(!$helper->check()){
|
---|
| 77 | if($act == 'save'){
|
---|
| 78 | // stay in preview mode
|
---|
| 79 | $event->data = 'preview';
|
---|
| 80 | }else{
|
---|
| 81 | // stay in register mode, but disable the save parameter
|
---|
| 82 | $_POST['save'] = false;
|
---|
| 83 | }
|
---|
| 84 | }
|
---|
| 85 | }
|
---|
| 86 |
|
---|
| 87 | /**
|
---|
| 88 | * Create the additional fields for the edit form
|
---|
| 89 | */
|
---|
| 90 | function handle_editform_output(&$event, $param){
|
---|
| 91 | // check if source view -> no captcha needed
|
---|
| 92 | if(!$param['oldhook']){
|
---|
| 93 | // get position of submit button
|
---|
| 94 | $pos = $event->data->findElementByAttribute('type','submit');
|
---|
| 95 | if(!$pos) return; // no button -> source view mode
|
---|
| 96 | }elseif($param['editform'] && !$event->data['writable']){
|
---|
| 97 | if($param['editform'] && !$event->data['writable']) return;
|
---|
| 98 | }
|
---|
| 99 |
|
---|
| 100 | // do nothing if logged in user and no CAPTCHA required
|
---|
| 101 | if(!$this->getConf('forusers') && $_SERVER['REMOTE_USER']){
|
---|
| 102 | return;
|
---|
| 103 | }
|
---|
| 104 |
|
---|
| 105 | // get the CAPTCHA
|
---|
| 106 | $helper = plugin_load('helper','captcha');
|
---|
| 107 | $out = $helper->getHTML();
|
---|
| 108 |
|
---|
| 109 | if($param['oldhook']){
|
---|
| 110 | // old wiki - just print
|
---|
| 111 | echo $out;
|
---|
| 112 | }else{
|
---|
| 113 | // new wiki - insert at correct position
|
---|
| 114 | $event->data->insertElement($pos++,$out);
|
---|
| 115 | }
|
---|
| 116 | }
|
---|
| 117 |
|
---|
| 118 | /**
|
---|
| 119 | * Pre-Sanitize the action command
|
---|
| 120 | *
|
---|
| 121 | * Similar to act_clean in action.php but simplified and without
|
---|
| 122 | * error messages
|
---|
| 123 | */
|
---|
| 124 | function _act_clean($act){
|
---|
| 125 | // check if the action was given as array key
|
---|
| 126 | if(is_array($act)){
|
---|
| 127 | list($act) = array_keys($act);
|
---|
| 128 | }
|
---|
| 129 |
|
---|
| 130 | //remove all bad chars
|
---|
| 131 | $act = strtolower($act);
|
---|
| 132 | $act = preg_replace('/[^a-z_]+/','',$act);
|
---|
| 133 |
|
---|
| 134 | return $act;
|
---|
| 135 | }
|
---|
| 136 |
|
---|
| 137 | }
|
---|
| 138 |
|
---|