Merge branch 'release/2.0.1'

galette · Nov 5, 2023 · a1e7288 · a1e7288
2 parents f69d9e5 + c98dc16
commit a1e7288
Show file tree

Hide file tree

Showing 8 changed files with 132 additions and 137 deletions.
diff --git a/.composer-require-checker.config.json b/.composer-require-checker.config.json
@@ -6,7 +6,8 @@
     "json",
     "pcre",
     "session",
-    "mbstring"
+    "mbstring",
+    "random"
   ],
   "symbol-whitelist": [
     "Twig\\Extension\\DebugExtension",

diff --git a/app/Controllers/Reference.php b/app/Controllers/Reference.php
@@ -1,5 +1,6 @@
 <?php namespace GaletteTelemetry\Controllers;
 
+use GaletteTelemetry\Gaptcha;
 use GaletteTelemetry\Models\Reference as ReferenceModel;
 use PHPMailer\PHPMailer\PHPMailer;
 use Slim\Psr7\Request;
@@ -19,6 +20,9 @@ public function view(Request $request, Response $response): Response
             ];
         }
 
+        $gaptcha = new Gaptcha();
+        $_SESSION['gaptcha'] = serialize($gaptcha);
+
         $_SESSION['reference']['pagination'] = 15;
         $order_field = $_SESSION['reference']['orderby'];
         $order_sort  = $_SESSION['reference']['sort'];
@@ -84,7 +88,8 @@ public function view(Request $request, Response $response): Response
                 'orderby'       => $_SESSION['reference']['orderby'],
                 'sort'          => $_SESSION['reference']['sort'],
                 'filters'       => $current_filters,
-                'ref_countries' => $ref_countries
+                'ref_countries' => $ref_countries,
+                'gaptcha'       => $gaptcha
             ]
         );
         return $response;
@@ -95,12 +100,32 @@ public function register(Request $request, Response $response): Response
         $post = $request->getParsedBody();
 
         // clean data
-        unset($post['g-recaptcha-response']);
+        $posted_gaptcha = (int)$post['gaptcha'];
+        unset($post['gaptcha']);
         unset($post['csrf_name']);
         unset($post['csrf_value']);
 
+        if (empty($post['num_members'])) {
+            unset($post['num_members']);
+        }
+
         $ref_data = $post;
 
+        //check captcha
+        $gaptcha = unserialize($_SESSION['gaptcha']);
+        if (!$gaptcha->check($posted_gaptcha)) {
+            $this->container->get('flash')->addMessage(
+                'error',
+                'Invalid captcha'
+            );
+            return $response
+                ->withStatus(301)
+                ->withHeader(
+                    'Location',
+                    $this->routeparser->urlFor('reference')
+                );
+        }
+
         // alter data
         $ref_data['country'] = strtolower($ref_data['country']);
 

diff --git a/app/Gaptcha.php b/app/Gaptcha.php
@@ -0,0 +1,92 @@
+<?php
+
+namespace GaletteTelemetry;
+
+use NumberFormatter;
+
+class Gaptcha
+{
+    public const OP_ADD = 1;
+    public const OP_SUB = 2;
+
+    private int $max = 12;
+    private int $min = 1;
+
+    /** @var integer */
+    private int $current_left;
+    /** @var integer */
+    private int $current_right;
+    /** @var integer */
+    private int $current_op;
+    /** @var integer */
+    private int $gaptcha;
+
+    /**
+     * Default constructor
+     */
+    public function __construct()
+    {
+        $this->current_left = rand($this->min, $this->max);
+        $this->current_right = rand($this->min, $this->max);
+        $this->current_op = rand(1, 2);
+        switch ($this->current_op) {
+            case self::OP_ADD:
+                $this->gaptcha = $this->current_left + $this->current_right;
+                break;
+            case self::OP_SUB:
+                $this->gaptcha = $this->current_left - $this->current_right;
+                break;
+        }
+    }
+
+    /**
+     * Get questions phrase
+     *
+     * @return string
+     */
+    public function getQuestion(): string
+    {
+        $add_questions = [
+            'How much is %1$s plus %2$s?',
+            'How much is %1$s added to %2$s?',
+            'I have %1$s Galettes, a friend give me %2$s more. How many Galettes do I have?'
+        ];
+        $sub_questions = [
+            'How much is %1$s minus %2$s?',
+            'How much is %1$s on which we retire %2$s?',
+            'How much is %2$s retired to %1$s?',
+            'I have %1$s Galettes, I give %2$s of them. How many Galettes do I have?'
+        ];
+
+        $questions = ($this->current_op === self::OP_ADD) ? $add_questions : $sub_questions;
+        return $questions[rand(0, (count($questions) - 1))];
+    }
+
+
+    /**
+     * Generate captcha question to display
+     *
+     * @return string
+     */
+    public function generateQuestion(): string
+    {
+        $formatter = new NumberFormatter('en', NumberFormatter::SPELLOUT);
+        return sprintf(
+            $this->getQuestion(),
+            $formatter->format($this->current_left),
+            $formatter->format($this->current_right)
+        );
+    }
+
+    /**
+     * Checks captcha validity
+     *
+     * @param integer $gaptcha User entry
+     *
+     * @return boolean
+     */
+    public function check(int $gaptcha): bool
+    {
+        return $gaptcha === $this->gaptcha;
+    }
+}
diff --git a/app/Templates/default/reference.html.twig b/app/Templates/default/reference.html.twig
@@ -184,9 +184,11 @@
                    <textarea name="comment" id="comment" rows="3" placeholder="Your message"></textarea>
                </div>
 
-               {% if mode != 'DEV' %}
-                   <div class="g-recaptcha" data-sitekey="{{ recaptchasitekey }}"></div>
-               {% endif %}
+                <div class="field">
+                    <label for="gaptcha" title="">Captcha</label>
+                    <p><span class="ui medium red text">{{ gaptcha.generateQuestion() }} (numbers only)</span></p>
+                    <input type="gaptcha" name="gaptcha" id="gaptcha" value="" required="required" class="required" autocomplete="1">
+                </div>
 
                 <input type="hidden" name="uuid" value="{{ uuid }}" />
                 {% include "partials/csrf.html.twig" %}

diff --git a/app/init.php b/app/init.php
@@ -208,29 +208,6 @@ function ($c) use ($config) {
     }
 );
 
-//setup recaptcha
-if (TELEMETRY_MODE == 'DEV') {
-    $recaptcha = function (ServerRequestInterface $request, RequestHandler $handler) {
-        //does nothing
-        $response = $handler->handle($request);
-        return $response;
-    };
-} else {
-    $container->set(
-        Captcha::class,
-        function ($c) {
-            return new Captcha($c->get(ReCaptcha::class));
-        }
-    );
-    $container->set(
-        ReCaptcha::class,
-        function ($c) use ($config) {
-            return new ReCaptcha($config['recaptcha']['secret']);
-        }
-    );
-    $recaptcha = $container->get(Captcha::class);
-}
-
 $app->addErrorMiddleware(true, true, true);
 
 $container->set(

diff --git a/composer.json b/composer.json
@@ -25,16 +25,15 @@
         "illuminate/pagination": "^10.29",
         "mledoze/countries": "^5.0",
         "slim/flash": "^0.4.0",
-        "google/recaptcha": "^1.1",
-        "geggleto/psr7-recaptcha": "^0.0.1",
         "phpmailer/phpmailer": "^6.8",
         "slim/csrf": "^1.3",
         "justinrainbow/json-schema": "^5.2",
         "robmorgan/phinx": "^0.14.0",
         "symfony/cache": "^6.3",
         "php-di/slim-bridge": "^3.4",
         "slim/psr7": "^1.6",
-        "middlewares/trailing-slash": "^2.0"
+        "middlewares/trailing-slash": "^2.0",
+        "ext-intl": "*"
     },
     "require-dev": {
         "squizlabs/php_codesniffer": "^3.7",

diff --git a/composer.lock b/composer.lock
diff --git a/public/index.php b/public/index.php
@@ -1,6 +1,6 @@
 <?php
 
-global $container, $recaptcha;
+global $container;
 
 use Slim\App;
 
@@ -33,7 +33,6 @@
 
 //Reference registration
 $app->post('/reference', 'GaletteTelemetry\Controllers\Reference:register')
-   ->add($recaptcha)
    ->add($container->get('csrf'))
    ->setName('registerReference');
 /** /References */