1: <?php
  2: /**
  3:  * Magento
  4:  *
  5:  * NOTICE OF LICENSE
  6:  *
  7:  * This source file is subject to the Open Software License (OSL 3.0)
  8:  * that is bundled with this package in the file LICENSE.txt.
  9:  * It is also available through the world-wide-web at this URL:
 10:  * http://opensource.org/licenses/osl-3.0.php
 11:  * If you did not receive a copy of the license and are unable to
 12:  * obtain it through the world-wide-web, please send an email
 13:  * to license@magentocommerce.com so we can send you a copy immediately.
 14:  *
 15:  * DISCLAIMER
 16:  *
 17:  * Do not edit or add to this file if you wish to upgrade Magento to newer
 18:  * versions in the future. If you wish to customize Magento for your
 19:  * needs please refer to http://www.magentocommerce.com for more information.
 20:  *
 21:  * @category    Mage
 22:  * @package     Mage_Captcha
 23:  * @copyright   Copyright (c) 2012 Magento Inc. (http://www.magentocommerce.com)
 24:  * @license     http://opensource.org/licenses/osl-3.0.php  Open Software License (OSL 3.0)
 25:  */
 26: 
 27: /**
 28:  * Implementation of Zend_Captcha
 29:  *
 30:  * @category   Mage
 31:  * @package    Mage_Captcha
 32:  * @author     Magento Core Team <core@magentocommerce.com>
 33:  */
 34: class Mage_Captcha_Model_Zend extends Zend_Captcha_Image implements Mage_Captcha_Model_Interface
 35: {
 36:     /**
 37:      * Key in session for captcha code
 38:      */
 39:     const SESSION_WORD = 'word';
 40: 
 41:     /**
 42:      * Min captcha lengths default value
 43:      */
 44:     const DEFAULT_WORD_LENGTH_FROM = 3;
 45: 
 46:     /**
 47:      * Max captcha lengths default value
 48:      */
 49:     const DEFAULT_WORD_LENGTH_TO   = 5;
 50: 
 51:     /**
 52:      * Helper Instance
 53:      * @var Mage_Captcha_Helper_Data
 54:      */
 55:     protected $_helper = null;
 56: 
 57:     /**
 58:      * Captcha expire time
 59:      * @var int
 60:      */
 61:     protected $_expiration;
 62: 
 63:     /**
 64:     * Override default value to prevent a captcha cut off
 65:     * @var int
 66:     * @see Zend_Captcha_Image::$_fsize
 67:     */
 68:     protected $_fsize = 22;
 69: 
 70:     /**
 71:      * Captcha form id
 72:      * @var string
 73:      */
 74:     protected  $_formId;
 75: 
 76:     /**
 77:      * Zend captcha constructor
 78:      *
 79:      * @param array $params
 80:      */
 81:     public function __construct($params)
 82:     {
 83:         if (!isset($params['formId'])) {
 84:             throw new Exception('formId is mandatory');
 85:         }
 86:         $this->_formId = $params['formId'];
 87:         $this->setExpiration($this->getTimeout());
 88:     }
 89: 
 90:     /**
 91:      * Returns key with respect of current form ID
 92:      *
 93:      * @param string $key
 94:      * @return string
 95:      */
 96:     protected function _getFormIdKey($key)
 97:     {
 98:         return $this->_formId . '_' . $key;
 99:     }
100: 
101:     /**
102:      * Get Block Name
103:      *
104:      * @return string
105:      */
106:     public function getBlockName()
107:     {
108:         return 'captcha/captcha_zend';
109:     }
110: 
111: 
112:     /**
113:      * Whether captcha is required to be inserted to this form
114:      *
115:      * @param null|string $login
116:      * @return bool
117:      */
118:     public function isRequired($login = null)
119:     {
120:         if ($this->_isUserAuth() || !$this->_isEnabled() || !in_array($this->_formId, $this->_getTargetForms())) {
121:             return false;
122:         }
123: 
124:         return ($this->_isShowAlways() || $this->_isOverLimitAttempts($login)
125:             || $this->getSession()->getData($this->_getFormIdKey('show_captcha'))
126:         );
127:     }
128: 
129:     /**
130:      * Check is overlimit attempts
131:      *
132:      * @param string $login
133:      * @return bool
134:      */
135:     protected function _isOverLimitAttempts($login)
136:     {
137:         return ($this->_isOverLimitIpAttempt() || $this->_isOverLimitLoginAttempts($login));
138:     }
139: 
140:     /**
141:      * Returns number of allowed attempts for same login
142:      *
143:      * @return int
144:      */
145:     protected function _getAllowedAttemptsForSameLogin()
146:     {
147:         return (int)$this->_getHelper()->getConfigNode('failed_attempts_login');
148:     }
149: 
150:     /**
151:      * Returns number of allowed attempts from same IP
152:      *
153:      * @return int
154:      */
155:     protected function _getAllowedAttemptsFromSameIp()
156:     {
157:         return (int)$this->_getHelper()->getConfigNode('failed_attempts_ip');
158:     }
159: 
160:     /**
161:      * Check is overlimit saved attempts from one ip
162:      *
163:      * @return bool
164:      */
165:     protected function _isOverLimitIpAttempt()
166:     {
167:         $countAttemptsByIp = Mage::getResourceModel('captcha/log')->countAttemptsByRemoteAddress();
168:         return $countAttemptsByIp >= $this->_getAllowedAttemptsFromSameIp();
169:     }
170: 
171:     /**
172:      * Is Over Limit Login Attempts
173:      *
174:      * @param string $login
175:      * @return bool
176:      */
177:     protected function _isOverLimitLoginAttempts($login)
178:     {
179:         if ($login != false) {
180:             $countAttemptsByLogin = Mage::getResourceModel('captcha/log')->countAttemptsByUserLogin($login);
181:             return ($countAttemptsByLogin >= $this->_getAllowedAttemptsForSameLogin());
182:         }
183:         return false;
184:     }
185: 
186:     /**
187:      * Check is user auth
188:      *
189:      * @return bool
190:      */
191:     protected function _isUserAuth()
192:     {
193:         return Mage::app()->getStore()->isAdmin()
194:             ? Mage::getSingleton('admin/session')->isLoggedIn()
195:             : Mage::getSingleton('customer/session')->isLoggedIn();
196:     }
197: 
198:     /**
199:      * Whether to respect case while checking the answer
200:      *
201:      * @return bool
202:      */
203:     public function isCaseSensitive()
204:     {
205:         return (string)$this->_getHelper()->getConfigNode('case_sensitive');
206:     }
207: 
208:     /**
209:      * Get font to use when generating captcha
210:      *
211:      * @return string
212:      */
213:     public function getFont()
214:     {
215:         return $this->_getFontPath();
216:     }
217: 
218:     /**
219:      * After this time isCorrect() is going to return FALSE even if word was guessed correctly
220:      *
221:      * @return int
222:      */
223:     public function getTimeout()
224:     {
225:         if (!$this->_expiration) {
226:             /**
227:              * as "timeout" configuration parameter specifies timeout in minutes - we multiply it on 60 to set
228:              * expiration in seconds
229:              */
230:             $this->_expiration = (int)$this->_getHelper()->getConfigNode('timeout') * 60;
231:         }
232:         return $this->_expiration;
233:     }
234: 
235:     /**
236:      * Get captcha image directory
237:      *
238:      * @return string
239:      */
240:     public function getImgDir()
241:     {
242:         return $this->_helper->getImgDir();
243:     }
244: 
245:     /**
246:      * Get captcha image base URL
247:      *
248:      * @return string
249:      */
250:     public function getImgUrl()
251:     {
252:         return $this->_helper->getImgUrl();
253:     }
254: 
255:     /**
256:      * Checks whether captcha was guessed correctly by user
257:      *
258:      * @param string $word
259:      * @return bool
260:      */
261:     public function isCorrect($word)
262:     {
263:         $storedWord = $this->getWord();
264:         $this->_clearWord();
265: 
266:         if (!$word || !$storedWord){
267:             return false;
268:         }
269: 
270:         if (!$this->isCaseSensitive()) {
271:             $storedWord = strtolower($storedWord);
272:             $word = strtolower($word);
273:         }
274:         return $word == $storedWord;
275:     }
276: 
277:     /**
278:      * Returns session instance
279:      *
280:      * @return Mage_Customer_Model_Session
281:      */
282:     public function getSession()
283:     {
284:         return Mage::getSingleton('customer/session');
285:     }
286: 
287:      /**
288:      * Return full URL to captcha image
289:      *
290:      * @return string
291:      */
292:     public function getImgSrc()
293:     {
294:         return $this->getImgUrl() . $this->getId() . $this->getSuffix();
295:     }
296: 
297:     /**
298:      * log Attempt
299:      *
300:      * @param string $login
301:      * @return Mage_Captcha_Model_Zend
302:      */
303:     public function logAttempt($login)
304:     {
305:         if ($this->_isEnabled() && in_array($this->_formId, $this->_getTargetForms())) {
306:             Mage::getResourceModel('captcha/log')->logAttempt($login);
307:             if ($this->_isOverLimitLoginAttempts($login)) {
308:                 $this->getSession()->setData($this->_getFormIdKey('show_captcha'), 1);
309:             }
310:         }
311:         return $this;
312:     }
313: 
314:     /**
315:      * Returns path for the font file, chosen to generate captcha
316:      *
317:      * @return string
318:      */
319:     protected function _getFontPath()
320:     {
321:         $font = (string)$this->_getHelper()->getConfigNode('font');
322:         $fonts = $this->_getHelper()->getFonts();
323: 
324:         if (isset($fonts[$font])) {
325:             $fontPath = $fonts[$font]['path'];
326:         } else {
327:             $fontData = array_shift($fonts);
328:             $fontPath = $fontData['path'];
329:         }
330: 
331:         return $fontPath;
332:     }
333: 
334:     /**
335:      * Returns captcha helper
336:      *
337:      * @return Mage_Captcha_Helper_Data
338:      */
339:     protected function _getHelper()
340:     {
341:         if (empty($this->_helper)) {
342:             $this->_helper = Mage::helper('captcha');
343:         }
344:         return $this->_helper;
345:     }
346: 
347:     /**
348:      * Generate word used for captcha render
349:      *
350:      * @return string
351:      */
352:     protected function _generateWord()
353:     {
354:         $word = '';
355:         $symbols = $this->_getSymbols();
356:         $wordLen = $this->_getWordLen();
357:         for ($i = 0; $i < $wordLen; $i++) {
358:             $word .= $symbols[array_rand($symbols)];
359:         }
360:         return $word;
361:     }
362: 
363:     /**
364:      * Get symbols array to use for word generation
365:      *
366:      * @return array
367:      */
368:     protected function _getSymbols()
369:     {
370:         return str_split((string)$this->_getHelper()->getConfigNode('symbols'));
371:     }
372: 
373:     /**
374:      * Returns length for generating captcha word. This value may be dynamic.
375:      *
376:      * @return int
377:      */
378:     protected function _getWordLen()
379:     {
380:         $from = 0;
381:         $to = 0;
382:         $length = (string)$this->_getHelper()->getConfigNode('length');
383:         if (!is_numeric($length)) {
384:             if (preg_match('/(\d+)-(\d+)/', $length, $matches)) {
385:                 $from = (int)$matches[1];
386:                 $to = (int)$matches[2];
387:             }
388:         } else {
389:             $from = (int)$length;
390:             $to = (int)$length;
391:         }
392: 
393:         if (($to < $from) || ($from < 1) || ($to < 1)) {
394:             $from = self::DEFAULT_WORD_LENGTH_FROM;
395:             $to = self::DEFAULT_WORD_LENGTH_TO;
396:         }
397: 
398:         return mt_rand($from, $to);
399:     }
400: 
401:     /**
402:      * Whether to show captcha for this form every time
403:      *
404:      * @return bool
405:      */
406:     protected function _isShowAlways()
407:     {
408:         if ((string)$this->_getHelper()->getConfigNode('mode') == Mage_Captcha_Helper_Data::MODE_ALWAYS) {
409:             return true;
410:         }
411: 
412:         $alwaysFor = $this->_getHelper()->getConfigNode('always_for');
413:         foreach ($alwaysFor as $nodeFormId => $isAlwaysFor) {
414:             if ($isAlwaysFor && $this->_formId == $nodeFormId) {
415:                 return true;
416:             }
417:         }
418: 
419:         return false;
420:     }
421: 
422:     /**
423:      * Whether captcha is enabled at this area
424:      *
425:      * @return bool
426:      */
427:     protected function _isEnabled()
428:     {
429:         return (string)$this->_getHelper()->getConfigNode('enable');
430:     }
431: 
432:     /**
433:      * Retrieve list of forms where captcha must be shown
434:      *
435:      * For frontend this list is based on current website
436:      *
437:      * @return array
438:      */
439:     protected function _getTargetForms()
440:     {
441:         $formsString = (string) $this->_getHelper()->getConfigNode('forms');
442:         return explode(',', $formsString);
443:     }
444: 
445:     /**
446:      * Get captcha word
447:      *
448:      * @return string
449:      */
450:     public function getWord()
451:     {
452:         $sessionData = $this->getSession()->getData($this->_getFormIdKey(self::SESSION_WORD));
453:         return time() < $sessionData['expires'] ? $sessionData['data'] : null;
454:     }
455: 
456:     /**
457:      * Set captcha word
458:      *
459:      * @param  string $word
460:      * @return Zend_Captcha_Word
461:      */
462:     protected function _setWord($word)
463:     {
464:         $this->getSession()->setData($this->_getFormIdKey(self::SESSION_WORD),
465:             array('data' => $word, 'expires' => time() + $this->getTimeout())
466:         );
467:         $this->_word = $word;
468:         return $this;
469:     }
470: 
471:     /**
472:      * Set captcha word
473:      *
474:      * @return Mage_Captcha_Model_Zend
475:      */
476:     protected function _clearWord()
477:     {
478:         $this->getSession()->unsetData($this->_getFormIdKey(self::SESSION_WORD));
479:         $this->_word = null;
480:         return $this;
481:     }
482: 
483:     /**
484:     * Override function to generate less curly captcha that will not cut off
485:     *
486:     * @see Zend_Captcha_Image::_randomSize()
487:     * @return int
488:     */
489:     protected function _randomSize()
490:     {
491:         return mt_rand(280, 300) / 100;
492:     }
493: 
494:     /**
495:      * Overlap of the parent method
496:      *
497:      * Now deleting old captcha images make crontab script
498:      * @see Mage_Captcha_Model_Observer::deleteExpiredImages
499:      */
500:     protected function _gc()
501:     {
502:         //do nothing
503:     }
504: }
505: