r71735 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r71734‎ \| r71735 \| r71736 >
Date:	20:02, 26 August 2010
Author:	awjrichards
Status:	deferred
Tags:
Comment:	Updated recaptcha extra for payflow pro to NOT use the recaptcha mw extension - now it uses the native php api for recaptcha as per http://www.mediawiki.org/wiki/Special:Code/MediaWiki/70919#c8511
Modified paths:	/trunk/extensions/DonationInterface/payflowpro_gateway/extras/conversion_log/conversion_log.php (modified) (history) /trunk/extensions/DonationInterface/payflowpro_gateway/extras/minfraud/minfraud.body.php (modified) (history) /trunk/extensions/DonationInterface/payflowpro_gateway/extras/minfraud/minfraud.php (modified) (history) /trunk/extensions/DonationInterface/payflowpro_gateway/extras/recaptcha/recaptcha-php (added) (history) /trunk/extensions/DonationInterface/payflowpro_gateway/extras/recaptcha/recaptcha-php/LICENSE (added) (history) /trunk/extensions/DonationInterface/payflowpro_gateway/extras/recaptcha/recaptcha-php/README (added) (history) /trunk/extensions/DonationInterface/payflowpro_gateway/extras/recaptcha/recaptcha-php/recaptchalib.php (added) (history) /trunk/extensions/DonationInterface/payflowpro_gateway/extras/recaptcha/recaptcha.body.php (added) (history) /trunk/extensions/DonationInterface/payflowpro_gateway/extras/recaptcha/recaptcha.php (replaced) (history)

Diff [purge]

Index: trunk/extensions/DonationInterface/payflowpro_gateway/extras/minfraud/minfraud.body.php
—	—	@@ -159,7 +159,7 @@
160	160	$minfraud_array[ "license_key" ] = $this->minfraud_license_key;
161	161
162	162	// user's IP address
163		~~- $minfraud_array[ "i" ] = wfGetIP();~~
	163	+ $minfraud_array[ "i" ] ='12.12.12.12';// wfGetIP();
164	164
165	165	// user's user agent
166	166	global $wgRequest;
Index: trunk/extensions/DonationInterface/payflowpro_gateway/extras/minfraud/minfraud.php
—	—	@@ -13,7 +13,7 @@
14	14	die( "This file is part of the MinFraud for PayflowPro Gateway extension. It is not a valid entry point.\n" );
15	15	}
16	16
17		~~-$wgExtensionCredits['validextensionclass'][] = array(~~
	17	+$wgExtensionCredits['payflowprogateway_extras_minfraud'][] = array(
18	18	'name' => 'minfraud',
19	19	'author' =>'Arthur Richards',
20	20	'url' => '',
Index: trunk/extensions/DonationInterface/payflowpro_gateway/extras/conversion_log/conversion_log.php
—	—	@@ -12,7 +12,7 @@
13	13	die( "This file is part of the Conversion Log for PayflowPro Gateway extension. It is not a valid entry point.\n");
14	14	}
15	15
16		~~-$wgExtensionCredits['validextensionclass'][] = array(~~
	16	+$wgExtensionCredits['payflowprogateway_extras_conversionLog'][] = array(
17	17	'name' => 'conversion log',
18	18	'author' =>'Arthur Richards',
19	19	'url' => '',
Index: trunk/extensions/DonationInterface/payflowpro_gateway/extras/recaptcha/recaptcha-php/LICENSE
—	—	@@ -0,0 +1,22 @@
	2	+Copyright (c) 2007 reCAPTCHA -- http://recaptcha.net
	3	+AUTHORS:
	4	+ Mike Crawford
	5	+ Ben Maurer
	6	+
	7	+Permission is hereby granted, free of charge, to any person obtaining a copy
	8	+of this software and associated documentation files (the "Software"), to deal
	9	+in the Software without restriction, including without limitation the rights
	10	+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
	11	+copies of the Software, and to permit persons to whom the Software is
	12	+furnished to do so, subject to the following conditions:
	13	+
	14	+The above copyright notice and this permission notice shall be included in
	15	+all copies or substantial portions of the Software.
	16	+
	17	+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
	18	+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
	19	+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
	20	+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
	21	+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
	22	+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
	23	+THE SOFTWARE.
Index: trunk/extensions/DonationInterface/payflowpro_gateway/extras/recaptcha/recaptcha-php/recaptchalib.php
—	—	@@ -0,0 +1,277 @@
	2	+<?php
	3	+/*
	4	+ * This is a PHP library that handles calling reCAPTCHA.
	5	+ * - Documentation and latest version
	6	+ * http://recaptcha.net/plugins/php/
	7	+ * - Get a reCAPTCHA API Key
	8	+ * https://www.google.com/recaptcha/admin/create
	9	+ * - Discussion group
	10	+ * http://groups.google.com/group/recaptcha
	11	+ *
	12	+ * Copyright (c) 2007 reCAPTCHA -- http://recaptcha.net
	13	+ * AUTHORS:
	14	+ * Mike Crawford
	15	+ * Ben Maurer
	16	+ *
	17	+ * Permission is hereby granted, free of charge, to any person obtaining a copy
	18	+ * of this software and associated documentation files (the "Software"), to deal
	19	+ * in the Software without restriction, including without limitation the rights
	20	+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
	21	+ * copies of the Software, and to permit persons to whom the Software is
	22	+ * furnished to do so, subject to the following conditions:
	23	+ *
	24	+ * The above copyright notice and this permission notice shall be included in
	25	+ * all copies or substantial portions of the Software.
	26	+ *
	27	+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
	28	+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
	29	+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
	30	+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
	31	+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
	32	+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
	33	+ * THE SOFTWARE.
	34	+ */
	35	+
	36	+/**
	37	+ * The reCAPTCHA server URL's
	38	+ */
	39	+define("RECAPTCHA_API_SERVER", "http://www.google.com/recaptcha/api");
	40	+define("RECAPTCHA_API_SECURE_SERVER", "https://www.google.com/recaptcha/api");
	41	+define("RECAPTCHA_VERIFY_SERVER", "www.google.com");
	42	+
	43	+/**
	44	+ * Encodes the given data into a query string format
	45	+ * @param $data - array of string elements to be encoded
	46	+ * @return string - encoded request
	47	+ */
	48	+function _recaptcha_qsencode ($data) {
	49	+ $req = "";
	50	+ foreach ( $data as $key => $value )
	51	+ $req .= $key . '=' . urlencode( stripslashes($value) ) . '&';
	52	+
	53	+ // Cut the last '&'
	54	+ $req=substr($req,0,strlen($req)-1);
	55	+ return $req;
	56	+}
	57	+
	58	+
	59	+
	60	+/**
	61	+ * Submits an HTTP POST to a reCAPTCHA server
	62	+ * @param string $host
	63	+ * @param string $path
	64	+ * @param array $data
	65	+ * @param int port
	66	+ * @return array response
	67	+ */
	68	+function _recaptcha_http_post($host, $path, $data, $port = 80) {
	69	+
	70	+ $req = _recaptcha_qsencode ($data);
	71	+
	72	+ $http_request = "POST $path HTTP/1.0\r\n";
	73	+ $http_request .= "Host: $host\r\n";
	74	+ $http_request .= "Content-Type: application/x-www-form-urlencoded;\r\n";
	75	+ $http_request .= "Content-Length: " . strlen($req) . "\r\n";
	76	+ $http_request .= "User-Agent: reCAPTCHA/PHP\r\n";
	77	+ $http_request .= "\r\n";
	78	+ $http_request .= $req;
	79	+
	80	+ $response = '';
	81	+ if( false == ( $fs = @fsockopen($host, $port, $errno, $errstr, 10) ) ) {
	82	+ die ('Could not open socket');
	83	+ }
	84	+
	85	+ fwrite($fs, $http_request);
	86	+
	87	+ while ( !feof($fs) )
	88	+ $response .= fgets($fs, 1160); // One TCP-IP packet
	89	+ fclose($fs);
	90	+ $response = explode("\r\n\r\n", $response, 2);
	91	+
	92	+ return $response;
	93	+}
	94	+
	95	+
	96	+
	97	+/**
	98	+ * Gets the challenge HTML (javascript and non-javascript version).
	99	+ * This is called from the browser, and the resulting reCAPTCHA HTML widget
	100	+ * is embedded within the HTML form it was called from.
	101	+ * @param string $pubkey A public key for reCAPTCHA
	102	+ * @param string $error The error given by reCAPTCHA (optional, default is null)
	103	+ * @param boolean $use_ssl Should the request be made over ssl? (optional, default is false)
	104	+
	105	+ * @return string - The HTML to be embedded in the user's form.
	106	+ */
	107	+function recaptcha_get_html ($pubkey, $error = null, $use_ssl = false)
	108	+{
	109	+ if ($pubkey == null \|\| $pubkey == '') {
	110	+ die ("To use reCAPTCHA you must get an API key from <a href='https://www.google.com/recaptcha/admin/create'>https://www.google.com/recaptcha/admin/create</a>");
	111	+ }
	112	+
	113	+ if ($use_ssl) {
	114	+ $server = RECAPTCHA_API_SECURE_SERVER;
	115	+ } else {
	116	+ $server = RECAPTCHA_API_SERVER;
	117	+ }
	118	+
	119	+ $errorpart = "";
	120	+ if ($error) {
	121	+ $errorpart = "&error=" . $error;
	122	+ }
	123	+ return '<script type="text/javascript" src="'. $server . '/challenge?k=' . $pubkey . $errorpart . '"></script>
	124	+
	125	+ <noscript>
	126	+ <iframe src="'. $server . '/noscript?k=' . $pubkey . $errorpart . '" height="300" width="500" frameborder="0"></iframe><br/>
	127	+ <textarea name="recaptcha_challenge_field" rows="3" cols="40"></textarea>
	128	+ <input type="hidden" name="recaptcha_response_field" value="manual_challenge"/>
	129	+ </noscript>';
	130	+}
	131	+
	132	+
	133	+
	134	+
	135	+/**
	136	+ * A ReCaptchaResponse is returned from recaptcha_check_answer()
	137	+ */
	138	+class ReCaptchaResponse {
	139	+ var $is_valid;
	140	+ var $error;
	141	+}
	142	+
	143	+
	144	+/**
	145	+ * Calls an HTTP POST function to verify if the user's guess was correct
	146	+ * @param string $privkey
	147	+ * @param string $remoteip
	148	+ * @param string $challenge
	149	+ * @param string $response
	150	+ * @param array $extra_params an array of extra variables to post to the server
	151	+ * @return ReCaptchaResponse
	152	+ */
	153	+function recaptcha_check_answer ($privkey, $remoteip, $challenge, $response, $extra_params = array())
	154	+{
	155	+ if ($privkey == null \|\| $privkey == '') {
	156	+ die ("To use reCAPTCHA you must get an API key from <a href='https://www.google.com/recaptcha/admin/create'>https://www.google.com/recaptcha/admin/create</a>");
	157	+ }
	158	+
	159	+ if ($remoteip == null \|\| $remoteip == '') {
	160	+ die ("For security reasons, you must pass the remote ip to reCAPTCHA");
	161	+ }
	162	+
	163	+
	164	+
	165	+ //discard spam submissions
	166	+ if ($challenge == null \|\| strlen($challenge) == 0 \|\| $response == null \|\| strlen($response) == 0) {
	167	+ $recaptcha_response = new ReCaptchaResponse();
	168	+ $recaptcha_response->is_valid = false;
	169	+ $recaptcha_response->error = 'incorrect-captcha-sol';
	170	+ return $recaptcha_response;
	171	+ }
	172	+
	173	+ $response = _recaptcha_http_post (RECAPTCHA_VERIFY_SERVER, "/recaptcha/api/verify",
	174	+ array (
	175	+ 'privatekey' => $privkey,
	176	+ 'remoteip' => $remoteip,
	177	+ 'challenge' => $challenge,
	178	+ 'response' => $response
	179	+ ) + $extra_params
	180	+ );
	181	+
	182	+ $answers = explode ("\n", $response [1]);
	183	+ $recaptcha_response = new ReCaptchaResponse();
	184	+
	185	+ if (trim ($answers [0]) == 'true') {
	186	+ $recaptcha_response->is_valid = true;
	187	+ }
	188	+ else {
	189	+ $recaptcha_response->is_valid = false;
	190	+ $recaptcha_response->error = $answers [1];
	191	+ }
	192	+ return $recaptcha_response;
	193	+
	194	+}
	195	+
	196	+/**
	197	+ * gets a URL where the user can sign up for reCAPTCHA. If your application
	198	+ * has a configuration page where you enter a key, you should provide a link
	199	+ * using this function.
	200	+ * @param string $domain The domain where the page is hosted
	201	+ * @param string $appname The name of your application
	202	+ */
	203	+function recaptcha_get_signup_url ($domain = null, $appname = null) {
	204	+ return "https://www.google.com/recaptcha/admin/create?" . _recaptcha_qsencode (array ('domains' => $domain, 'app' => $appname));
	205	+}
	206	+
	207	+function _recaptcha_aes_pad($val) {
	208	+ $block_size = 16;
	209	+ $numpad = $block_size - (strlen ($val) % $block_size);
	210	+ return str_pad($val, strlen ($val) + $numpad, chr($numpad));
	211	+}
	212	+
	213	+/* Mailhide related code */
	214	+
	215	+function _recaptcha_aes_encrypt($val,$ky) {
	216	+ if (! function_exists ("mcrypt_encrypt")) {
	217	+ die ("To use reCAPTCHA Mailhide, you need to have the mcrypt php module installed.");
	218	+ }
	219	+ $mode=MCRYPT_MODE_CBC;
	220	+ $enc=MCRYPT_RIJNDAEL_128;
	221	+ $val=_recaptcha_aes_pad($val);
	222	+ return mcrypt_encrypt($enc, $ky, $val, $mode, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0");
	223	+}
	224	+
	225	+
	226	+function _recaptcha_mailhide_urlbase64 ($x) {
	227	+ return strtr(base64_encode ($x), '+/', '-_');
	228	+}
	229	+
	230	+/* gets the reCAPTCHA Mailhide url for a given email, public key and private key */
	231	+function recaptcha_mailhide_url($pubkey, $privkey, $email) {
	232	+ if ($pubkey == '' \|\| $pubkey == null \|\| $privkey == "" \|\| $privkey == null) {
	233	+ die ("To use reCAPTCHA Mailhide, you have to sign up for a public and private key, " .
	234	+ "you can do so at <a href='http://www.google.com/recaptcha/mailhide/apikey'>http://www.google.com/recaptcha/mailhide/apikey</a>");
	235	+ }
	236	+
	237	+
	238	+ $ky = pack('H*', $privkey);
	239	+ $cryptmail = _recaptcha_aes_encrypt ($email, $ky);
	240	+
	241	+ return "http://www.google.com/recaptcha/mailhide/d?k=" . $pubkey . "&c=" . _recaptcha_mailhide_urlbase64 ($cryptmail);
	242	+}
	243	+
	244	+/**
	245	+ * gets the parts of the email to expose to the user.
	246	+ * eg, given johndoe@example,com return ["john", "example.com"].
	247	+ * the email is then displayed as john...@example.com
	248	+ */
	249	+function _recaptcha_mailhide_email_parts ($email) {
	250	+ $arr = preg_split("/@/", $email );
	251	+
	252	+ if (strlen ($arr[0]) <= 4) {
	253	+ $arr[0] = substr ($arr[0], 0, 1);
	254	+ } else if (strlen ($arr[0]) <= 6) {
	255	+ $arr[0] = substr ($arr[0], 0, 3);
	256	+ } else {
	257	+ $arr[0] = substr ($arr[0], 0, 4);
	258	+ }
	259	+ return $arr;
	260	+}
	261	+
	262	+/**
	263	+ * Gets html to display an email address given a public an private key.
	264	+ * to get a key, go to:
	265	+ *
	266	+ * http://www.google.com/recaptcha/mailhide/apikey
	267	+ */
	268	+function recaptcha_mailhide_html($pubkey, $privkey, $email) {
	269	+ $emailparts = _recaptcha_mailhide_email_parts ($email);
	270	+ $url = recaptcha_mailhide_url ($pubkey, $privkey, $email);
	271	+
	272	+ return htmlentities($emailparts[0]) . "<a href='" . htmlentities ($url) .
	273	+ "' onclick=\"window.open('" . htmlentities ($url) . "', '', 'toolbar=0,scrollbars=0,location=0,statusbar=0,menubar=0,resizable=0,width=500,height=300'); return false;\" title=\"Reveal this e-mail address\">...</a>@" . htmlentities ($emailparts [1]);
	274	+
	275	+}
	276	+
	277	+
	278	+?>
Index: trunk/extensions/DonationInterface/payflowpro_gateway/extras/recaptcha/recaptcha-php/README
—	—	@@ -0,0 +1,7 @@
	2	+reCAPTCHA README
	3	+================
	4	+
	5	+The reCAPTCHA PHP Lirary helps you use the reCAPTCHA API. Documentation
	6	+for this library can be found at
	7	+
	8	+ http://recaptcha.net/plugins/php
Index: trunk/extensions/DonationInterface/payflowpro_gateway/extras/recaptcha/recaptcha.php
—	—	@@ -1,62 +0,0 @@
2		~~-<?php~~
3		-/**
4		~~- * Validates a transaction against MaxMind's minFraud service~~
5		- *
6		~~- * To install:~~
7		~~- * require_once( "$IP/extensions/recaptcha/ReCaptcha.php" );~~
8		- *
9		~~- * You will need to get reCaptcha public/private keys (http://www.google.com/recaptcha/whyrecaptcha)~~
10		~~- * In LocalSettings.php:~~
11		~~- * $recaptcha_public_key = '<key>';~~
12		~~- * $recaptcha_private_key = '<key>';~~
13		~~- * $wgPayflowCaptcha = new $wgCaptchaClass;~~
14		~~- */~~
15		-
16		~~-require_once( dirname( __FILE__ ) . "/../extras.php" );~~
17		~~-class PayflowProGateway_Extras_reCaptcha extends PayflowProGateway_Extras {~~
18		- /**
19		~~- * Handle the challenge logic~~
20		~~- */~~
21		~~- public function challenge( &$pfp_gateway_object, &$data ) {~~
22		~~- // if captcha posted, validate~~
23		~~- if ( isset( $_POST[ 'recaptcha_response_field' ] )) {~~
24		~~- if ( $this->validate_captcha() ){~~
25		~~- // if validated, update the action and move on~~
26		~~- $this->log( $data[ 'contribution_tracking_id' ], 'Captcha passed' );~~
27		~~- $pfp_gateway_object->action = "process";~~
28		~~- return TRUE;~~
29		~~- } else {~~
30		~~- $this->log( $data[ 'contribution_tracking_id' ], 'Captcha failed' );~~
31		~~- }~~
32		~~- }~~
33		~~- // display captcha~~
34		~~- $this->display_captcha( &$pfp_gateway_object, &$data );~~
35		~~- return TRUE;~~
36		~~- }~~
37		-
38		- /**
39		~~- * Display the submission form with the captcha injected into it~~
40		~~- */~~
41		~~- public function display_captcha( &$pfp_gateway_object, &$data, $error=array() ) {~~
42		~~- $this->log( $data[ 'contribution_tracking_id' ], 'Captcha triggered' );~~
43		-
44		~~- global $wgOut, $wgPayflowCaptcha;~~
45		~~- $form = $pfp_gateway_object->fnPayflowGenerateFormBody( $data, &$error );~~
46		~~- $form .= Xml::openElement( 'div', array( 'id' => 'mw-donate-captcha' ));~~
47		-
48		~~- // get the captcha~~
49		~~- $form .= $wgPayflowCaptcha->getForm();~~
50		~~- $form .= '<span class="creditcard-error-msg">' . wfMsg( 'payflowpro_gateway-error-msg-captcha-please') . '</span>';~~
51		~~- $form .= Xml::closeElement( 'div' );~~
52		~~- $form .= $pfp_gateway_object->fnPayflowGenerateFormSubmit( $data, &$error );~~
53		~~- $wgOut->addHTML( $form );~~
54		~~- }~~
55		-
56		- /**
57		~~- * Wrapper for validating the captcha submission~~
58		~~- */~~
59		~~- public function validate_captcha() {~~
60		~~- global $wgPayflowCaptcha;~~
61		~~- return $wgPayflowCaptcha->passCaptcha();~~
62		~~- }~~
63		-}
Index: trunk/extensions/DonationInterface/payflowpro_gateway/extras/recaptcha/recaptcha.php
—	—	@@ -0,0 +1,33 @@
	2	+<?php
	3	+/**
	4	+ * Extra to expose a recaptcha for 'challenged' transactions
	5	+ *
	6	+ * To install:
	7	+ * require_once( "$IP/extensions/DonationInterface/payflowpro_gateway/extras/recaptcha/recaptcha.php"
	8	+ */
	9	+
	10	+if ( !defined( 'MEDIAWIKI' ) ) {
	11	+ die( "This file is part of the ReCaptcha for PayflowPro Gateway extension. It is not a valid entry point.\n");
	12	+}
	13	+
	14	+$wgExtensionCredits['payflowgateway_extras_recaptcha'][] = array(
	15	+ 'name' => 'reCaptcha',
	16	+ 'author' =>'Arthur Richards',
	17	+ 'url' => '',
	18	+ 'description' => "This extension exposes a reCpathca for 'challenged' transactions in the Payflowpro Gateway"
	19	+);
	20	+
	21	+/**
	22	+ * Public and Private reCaptcha keys
	23	+ *
	24	+ * These can be obtained at:
	25	+ * http://www.google.com/recaptcha/whyrecaptcha
	26	+ */
	27	+$wgPayflowRecaptchaPublicKey = '';
	28	+$wgPayflowRecaptchaPrivateKey = '';
	29	+
	30	+$dir = dirname( __FILE__ ) . "/";
	31	+$wgAutoloadClasses['PayflowProGateway_Extras_ReCaptcha'] = $dir . "recaptcha.body.php";
	32	+
	33	+// Set reCpatcha as plugin for 'challenge' action
	34	+$wgHooks["PayflowGatewayChallenge"][] = array( "PayflowProGateway_Extras_ReCaptcha::onChallenge");
Index: trunk/extensions/DonationInterface/payflowpro_gateway/extras/recaptcha/recaptcha.body.php
—	—	@@ -0,0 +1,89 @@
	2	+<?php
	3	+/**
	4	+ * Validates a transaction against MaxMind's minFraud service
	5	+ */
	6	+
	7	+class PayflowProGateway_Extras_reCaptcha extends PayflowProGateway_Extras {
	8	+
	9	+ /**
	10	+ * Container for singelton instance of self
	11	+ */
	12	+ static $instance;
	13	+
	14	+ public function __construct() {
	15	+ parent::__construct();
	16	+
	17	+ // load the reCaptcha API
	18	+ require_once( dirname( __FILE__ ) . '/recaptcha-php/recaptchalib.php' );
	19	+ }
	20	+
	21	+ /**
	22	+ * Handle the challenge logic
	23	+ */
	24	+ public function challenge( &$pfp_gateway_object, &$data, $error=array() ) {
	25	+ // if captcha posted, validate
	26	+ if ( isset( $_POST[ 'recaptcha_response_field' ] )) {
	27	+ //check the captcha response
	28	+ $captcha_resp = $this->check_captcha();
	29	+ if ( $captcha_resp->is_valid ){
	30	+ // if validated, update the action and move on
	31	+ $this->log( $data[ 'contribution_tracking_id' ], 'Captcha passed' );
	32	+ $pfp_gateway_object->action = "process";
	33	+ return TRUE;
	34	+ } else {
	35	+ $error[ 'recap_err' ] = $captcha_resp->error;
	36	+ $this->log( $data[ 'contribution_tracking_id' ], 'Captcha failed' );
	37	+ }
	38	+ }
	39	+ // display captcha
	40	+ $this->display_captcha( $pfp_gateway_object, $data, $error );
	41	+ return TRUE;
	42	+ }
	43	+
	44	+ /**
	45	+ * Display the submission form with the captcha injected into it
	46	+ */
	47	+ public function display_captcha( &$pfp_gateway_object, &$data, $error=array() ) {
	48	+ $this->log( $data[ 'contribution_tracking_id' ], 'Captcha triggered' );
	49	+
	50	+ // set the recaptcha error, if we have one.
	51	+ $recap_err = ( $error[ 'recap_err' ] ) ? $error[ 'recap_err' ] : NULL;
	52	+
	53	+ global $wgOut;
	54	+ $form = $pfp_gateway_object->fnPayflowGenerateFormBody( $data, $error );
	55	+ $form .= Xml::openElement( 'div', array( 'id' => 'mw-donate-captcha' ));
	56	+
	57	+ // get the captcha
	58	+ global $wgPayflowRecaptchaPublicKey, $wgProto;
	59	+ $use_ssl = ( $wgProto == 'https' ) ? TRUE : FALSE;
	60	+ $form .= recaptcha_get_html( $wgPayflowRecaptchaPublicKey, $recap_err, $use_ssl );
	61	+ $form .= '<span class="creditcard-error-msg">' . wfMsg( 'payflowpro_gateway-error-msg-captcha-please') . '</span>';
	62	+ $form .= Xml::closeElement( 'div' );
	63	+ $form .= $pfp_gateway_object->fnPayflowGenerateFormSubmit( $data, $error );
	64	+ $wgOut->addHTML( $form );
	65	+ }
	66	+
	67	+ /**
	68	+ * Check recaptcha answer
	69	+ */
	70	+ public function check_captcha() {
	71	+ global $wgPayflowRecaptchaPrivateKey, $wgRequest;
	72	+ $resp = recaptcha_check_answer( $wgPayflowRecaptchaPrivateKey,
	73	+ wfGetIP(),
	74	+ $wgRequest->getText( 'recaptcha_challenge_field' ),
	75	+ $wgRequest->getText( 'recaptcha_response_field' ));
	76	+
	77	+ return $resp;
	78	+ }
	79	+
	80	+ static function onChallenge( &$pfp_gateway_object, &$data ) {
	81	+ return self::singleton()->challenge( $pfp_gateway_object, $data );
	82	+ }
	83	+
	84	+ static function singleton() {
	85	+ if ( !self::$instance ) {
	86	+ self::$instance = new self;
	87	+ }
	88	+ return self::$instance;
	89	+ }
	90	+}
Property changes on: trunk/extensions/DonationInterface/payflowpro_gateway/extras/recaptcha/recaptcha.body.php
___________________________________________________________________
Added: svn:eol-style
1	91	+ native

Status & tagging log

22:49, 3 December 2010 Reedy (talk | contribs) changed the status of r71735 [removed: new added: deferred]