aboutsummaryrefslogtreecommitdiff
path: root/lib/models/CaptchaChallenge.php
blob: 446985d9abeafdd0a7984fec6c8d465971bf9081 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88

<?php
final class CaptchaChallenge extends SimpleORMap
{
    public const ALGORITHM = 'SHA-256';
    public const CHALLENGE_EXPIRATION = 5 * 60;

    protected static function configure($config = [])
    {
        $config['db_table'] = 'captcha_challenges';

        parent::configure($config);
    }

    protected static function getKey(): string
    {
        $key = Config::get()->CAPTCHA_KEY;
        if ($key === '') {
            $key = bin2hex(random_bytes(32));
            Config::get()->store('CAPTCHA_KEY', $key);
        }
        return $key;
    }

    public static function createChallenge(string $salt, int $number): array
    {
        $algorithm = 'sha256';
        $challenge = hash($algorithm, $salt . $number);
        $signature = hash_hmac($algorithm, $challenge, self::getKey());

        return [
            'algorithm' => self::ALGORITHM,
            'challenge' => $challenge,
            'salt'      => $salt,
            'signature' => $signature,
        ];
    }

    public static function createNewChallenge(): array
    {
        do {
            $salt = time() . '-' . bin2hex(random_bytes(12));
            $number = random_int(1e3, 1e5);
        } while (self::countBySql('salt = ? AND number = ?', [$salt, $number]) > 0);

        return self::createChallenge($salt, $number);
    }

    public static function decodePayload(string $payload): array|null
    {
        return json_decode(base64_decode($payload), true);
    }

    public static function validatePayload(string $payload): string|bool
    {
        $json = self::decodePayload($payload);

        if ($json === null) {
            return _('Sie haben nicht bestÃĪtigt, dass Sie kein Roboter sind');
        }

        $time = explode('-', $json['salt'])[0];
        if ($time < time() - self::CHALLENGE_EXPIRATION) {
            return _('Die Challenge ist abgelaufen');
        }

        // Replay?
        if (\CaptchaChallenge::countBySql('salt = ? AND number = ?', [$json['salt'], $json['number']]) > 0) {
            return _('Nicht schummeln!');
        }

        $check = self::createChallenge($json['salt'], $json['number']);

        if (
            $json['algorithm'] !== $check['algorithm']
            || $json['challenge'] !== $check['challenge']
            || $json['signature'] !== $check['signature']
        ) {
            return _('Sie sind scheinbar ein Roboter...');
        }

        return true;
    }

    public static function gc(): void
    {
        self::deleteBySQL("mkdate < UNIX_TIMESTAMP() - ?", [self::CHALLENGE_EXPIRATION]);
    }
}
generated by cgit v1.0 at 2026-05-27 18:22:24 +0000