xref: /webtrees/app/Services/CaptchaService.php (revision 10e0649788c8d7d4974d81c048ca2b225df8f22e)
170ca9c90SGreg Roach<?php
270ca9c90SGreg Roach
370ca9c90SGreg Roach/**
470ca9c90SGreg Roach * webtrees: online genealogy
55bfc6897SGreg Roach * Copyright (C) 2022 webtrees development team
670ca9c90SGreg Roach * This program is free software: you can redistribute it and/or modify
770ca9c90SGreg Roach * it under the terms of the GNU General Public License as published by
870ca9c90SGreg Roach * the Free Software Foundation, either version 3 of the License, or
970ca9c90SGreg Roach * (at your option) any later version.
1070ca9c90SGreg Roach * This program is distributed in the hope that it will be useful,
1170ca9c90SGreg Roach * but WITHOUT ANY WARRANTY; without even the implied warranty of
1270ca9c90SGreg Roach * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
1370ca9c90SGreg Roach * GNU General Public License for more details.
1470ca9c90SGreg Roach * You should have received a copy of the GNU General Public License
1589f7189bSGreg Roach * along with this program. If not, see <https://www.gnu.org/licenses/>.
1670ca9c90SGreg Roach */
1770ca9c90SGreg Roach
1870ca9c90SGreg Roachdeclare(strict_types=1);
1970ca9c90SGreg Roach
2070ca9c90SGreg Roachnamespace Fisharebest\Webtrees\Services;
2170ca9c90SGreg Roach
222e464181SGreg Roachuse Fisharebest\Webtrees\Registry;
2370ca9c90SGreg Roachuse Fisharebest\Webtrees\Session;
24b55cbc6bSGreg Roachuse Fisharebest\Webtrees\Validator;
2570ca9c90SGreg Roachuse Psr\Http\Message\ServerRequestInterface;
2670ca9c90SGreg Roach
27*10e06497SGreg Roachuse function assert;
28*10e06497SGreg Roachuse function is_float;
29*10e06497SGreg Roachuse function is_string;
3070ca9c90SGreg Roachuse function view;
3170ca9c90SGreg Roach
3270ca9c90SGreg Roach/**
3370ca9c90SGreg Roach * Completely Automated Public Turing test to tell Computers and Humans Apart.
3470ca9c90SGreg Roach */
3570ca9c90SGreg Roachclass CaptchaService
3670ca9c90SGreg Roach{
3770ca9c90SGreg Roach    // If the form is completed faster than this, then suspect a robot.
3870ca9c90SGreg Roach    private const MINIMUM_FORM_TIME = 3.0;
3970ca9c90SGreg Roach
4070ca9c90SGreg Roach    /**
4170ca9c90SGreg Roach     * Create the captcha
4270ca9c90SGreg Roach     *
4370ca9c90SGreg Roach     * @return string
4470ca9c90SGreg Roach     */
4570ca9c90SGreg Roach    public function createCaptcha(): string
4670ca9c90SGreg Roach    {
472e464181SGreg Roach        $x = Registry::idFactory()->uuid();
482e464181SGreg Roach        $y = Registry::idFactory()->uuid();
492e464181SGreg Roach        $z = Registry::idFactory()->uuid();
5070ca9c90SGreg Roach
51eeec557aSGreg Roach        Session::put('captcha-t', Registry::timeFactory()->now());
5270ca9c90SGreg Roach        Session::put('captcha-x', $x);
5370ca9c90SGreg Roach        Session::put('captcha-y', $y);
5470ca9c90SGreg Roach        Session::put('captcha-z', $z);
5570ca9c90SGreg Roach
5670ca9c90SGreg Roach        return view('captcha', [
5770ca9c90SGreg Roach            'x' => $x,
5870ca9c90SGreg Roach            'y' => $y,
5970ca9c90SGreg Roach            'z' => $z,
6070ca9c90SGreg Roach        ]);
6170ca9c90SGreg Roach    }
6270ca9c90SGreg Roach
6370ca9c90SGreg Roach    /**
6470ca9c90SGreg Roach     * Check the user's response.
6570ca9c90SGreg Roach     *
6670ca9c90SGreg Roach     * @param ServerRequestInterface $request
6770ca9c90SGreg Roach     *
6870ca9c90SGreg Roach     * @return bool
6970ca9c90SGreg Roach     */
7070ca9c90SGreg Roach    public function isRobot(ServerRequestInterface $request): bool
7170ca9c90SGreg Roach    {
72d8809d62SGreg Roach        $t = Session::pull('captcha-t');
73d8809d62SGreg Roach        $x = Session::pull('captcha-x');
74d8809d62SGreg Roach        $y = Session::pull('captcha-y');
75d8809d62SGreg Roach        $z = Session::pull('captcha-z');
7670ca9c90SGreg Roach
77e6b1f16dSGreg Roach        assert(is_float($t));
78b55cbc6bSGreg Roach        assert(is_string($x));
79b55cbc6bSGreg Roach        assert(is_string($y));
80b55cbc6bSGreg Roach        assert(is_string($z));
81b55cbc6bSGreg Roach
82b55cbc6bSGreg Roach        $value_x = Validator::parsedBody($request)->string($x, '');
83b55cbc6bSGreg Roach        $value_y = Validator::parsedBody($request)->string($y, '');
8470ca9c90SGreg Roach
8570ca9c90SGreg Roach        // The captcha uses javascript to copy value z from field y to field x.
8670ca9c90SGreg Roach        // Expect it in both fields.
8770ca9c90SGreg Roach        if ($value_x !== $z || $value_y !== $z) {
8870ca9c90SGreg Roach            return true;
8970ca9c90SGreg Roach        }
9070ca9c90SGreg Roach
91e6b1f16dSGreg Roach        // If the form was returned too quickly, then probably a robot.
92eeec557aSGreg Roach        return Registry::timeFactory()->now() < $t + self::MINIMUM_FORM_TIME;
9370ca9c90SGreg Roach    }
9470ca9c90SGreg Roach}
95