vendor/google/recaptcha/src/ReCaptcha/ReCaptcha.php line 139

Open in your IDE?
  1. <?php
  2. /**
  3. * This is a PHP library that handles calling reCAPTCHA.
  4. *
  5. * BSD 3-Clause License
  6. * @copyright (c) 2019, Google Inc.
  7. * @link https://www.google.com/recaptcha
  8. * All rights reserved.
  9. *
  10. * Redistribution and use in source and binary forms, with or without
  11. * modification, are permitted provided that the following conditions are met:
  12. * 1. Redistributions of source code must retain the above copyright notice, this
  13. * list of conditions and the following disclaimer.
  14. *
  15. * 2. Redistributions in binary form must reproduce the above copyright notice,
  16. * this list of conditions and the following disclaimer in the documentation
  17. * and/or other materials provided with the distribution.
  18. *
  19. * 3. Neither the name of the copyright holder nor the names of its
  20. * contributors may be used to endorse or promote products derived from
  21. * this software without specific prior written permission.
  22. *
  23. * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
  24. * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  25. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
  26. * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
  27. * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  28. * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
  29. * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
  30. * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
  31. * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  32. * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  33. */
  35. namespace ReCaptcha;
  37. /**
  38. * reCAPTCHA client.
  39. */
  40. class ReCaptcha
  41. {
  42. /**
  43. * Version of this client library.
  44. * @const string
  45. */
  46. public const VERSION = 'php_1.3.0';
  48. /**
  49. * URL for reCAPTCHA siteverify API
  50. * @const string
  51. */
  52. public const SITE_VERIFY_URL = 'https://www.google.com/recaptcha/api/siteverify';
  54. /**
  55. * Invalid JSON received
  56. * @const string
  57. */
  58. public const E_INVALID_JSON = 'invalid-json';
  60. /**
  61. * Could not connect to service
  62. * @const string
  63. */
  64. public const E_CONNECTION_FAILED = 'connection-failed';
  66. /**
  67. * Did not receive a 200 from the service
  68. * @const string
  69. */
  70. public const E_BAD_RESPONSE = 'bad-response';
  72. /**
  73. * Not a success, but no error codes received!
  74. * @const string
  75. */
  76. public const E_UNKNOWN_ERROR = 'unknown-error';
  78. /**
  79. * ReCAPTCHA response not provided
  80. * @const string
  81. */
  82. public const E_MISSING_INPUT_RESPONSE = 'missing-input-response';
  84. /**
  85. * Expected hostname did not match
  86. * @const string
  87. */
  88. public const E_HOSTNAME_MISMATCH = 'hostname-mismatch';
  90. /**
  91. * Expected APK package name did not match
  92. * @const string
  93. */
  94. public const E_APK_PACKAGE_NAME_MISMATCH = 'apk_package_name-mismatch';
  96. /**
  97. * Expected action did not match
  98. * @const string
  99. */
  100. public const E_ACTION_MISMATCH = 'action-mismatch';
  102. /**
  103. * Score threshold not met
  104. * @const string
  105. */
  106. public const E_SCORE_THRESHOLD_NOT_MET = 'score-threshold-not-met';
  108. /**
  109. * Challenge timeout
  110. * @const string
  111. */
  112. public const E_CHALLENGE_TIMEOUT = 'challenge-timeout';
  114. /**
  115. * Shared secret for the site.
  116. * @var string
  117. */
  118. private $secret;
  120. /**
  121. * Method used to communicate with service. Defaults to POST request.
  122. * @var RequestMethod
  123. */
  124. private $requestMethod;
  126. private $hostname;
  127. private $apkPackageName;
  128. private $action;
  129. private $threshold;
  130. private $timeoutSeconds;
  132. /**
  133. * Create a configured instance to use the reCAPTCHA service.
  134. *
  135. * @param string $secret The shared key between your site and reCAPTCHA.
  136. * @param RequestMethod $requestMethod method used to send the request. Defaults to POST.
  137. * @throws \RuntimeException if $secret is invalid
  138. */
  139. public function __construct($secret, RequestMethod $requestMethod = null)
  140. {
  141. if (empty($secret)) {
  142. throw new \RuntimeException('No secret provided');
  143. }
  145. if (!is_string($secret)) {
  146. throw new \RuntimeException('The provided secret must be a string');
  147. }
  149. $this->secret = $secret;
  150. $this->requestMethod = (is_null($requestMethod)) ? new RequestMethod\Post() : $requestMethod;
  151. }
  153. /**
  154. * Calls the reCAPTCHA siteverify API to verify whether the user passes
  155. * CAPTCHA test and additionally runs any specified additional checks
  156. *
  157. * @param string $response The user response token provided by reCAPTCHA, verifying the user on your site.
  158. * @param string $remoteIp The end user's IP address.
  159. * @return Response Response from the service.
  160. */
  161. public function verify($response, $remoteIp = null)
  162. {
  163. // Discard empty solution submissions
  164. if (empty($response)) {
  165. $recaptchaResponse = new Response(false, array(self::E_MISSING_INPUT_RESPONSE));
  166. return $recaptchaResponse;
  167. }
  169. $params = new RequestParameters($this->secret, $response, $remoteIp, self::VERSION);
  170. $rawResponse = $this->requestMethod->submit($params);
  171. $initialResponse = Response::fromJson($rawResponse);
  172. $validationErrors = array();
  174. if (isset($this->hostname) && strcasecmp($this->hostname, $initialResponse->getHostname()) !== 0) {
  175. $validationErrors[] = self::E_HOSTNAME_MISMATCH;
  176. }
  178. if (isset($this->apkPackageName) && strcasecmp($this->apkPackageName, $initialResponse->getApkPackageName()) !== 0) {
  179. $validationErrors[] = self::E_APK_PACKAGE_NAME_MISMATCH;
  180. }
  182. if (isset($this->action) && strcasecmp($this->action, $initialResponse->getAction()) !== 0) {
  183. $validationErrors[] = self::E_ACTION_MISMATCH;
  184. }
  186. if (isset($this->threshold) && $this->threshold > $initialResponse->getScore()) {
  187. $validationErrors[] = self::E_SCORE_THRESHOLD_NOT_MET;
  188. }
  190. if (isset($this->timeoutSeconds)) {
  191. $challengeTs = strtotime($initialResponse->getChallengeTs());
  193. if ($challengeTs > 0 && time() - $challengeTs > $this->timeoutSeconds) {
  194. $validationErrors[] = self::E_CHALLENGE_TIMEOUT;
  195. }
  196. }
  198. if (empty($validationErrors)) {
  199. return $initialResponse;
  200. }
  202. return new Response(
  203. false,
  204. array_merge($initialResponse->getErrorCodes(), $validationErrors),
  205. $initialResponse->getHostname(),
  206. $initialResponse->getChallengeTs(),
  207. $initialResponse->getApkPackageName(),
  208. $initialResponse->getScore(),
  209. $initialResponse->getAction()
  210. );
  211. }
  213. /**
  214. * Provide a hostname to match against in verify()
  215. * This should be without a protocol or trailing slash, e.g. www.google.com
  216. *
  217. * @param string $hostname Expected hostname
  218. * @return ReCaptcha Current instance for fluent interface
  219. */
  220. public function setExpectedHostname($hostname)
  221. {
  222. $this->hostname = $hostname;
  223. return $this;
  224. }
  226. /**
  227. * Provide an APK package name to match against in verify()
  228. *
  229. * @param string $apkPackageName Expected APK package name
  230. * @return ReCaptcha Current instance for fluent interface
  231. */
  232. public function setExpectedApkPackageName($apkPackageName)
  233. {
  234. $this->apkPackageName = $apkPackageName;
  235. return $this;
  236. }
  238. /**
  239. * Provide an action to match against in verify()
  240. * This should be set per page.
  241. *
  242. * @param string $action Expected action
  243. * @return ReCaptcha Current instance for fluent interface
  244. */
  245. public function setExpectedAction($action)
  246. {
  247. $this->action = $action;
  248. return $this;
  249. }
  251. /**
  252. * Provide a threshold to meet or exceed in verify()
  253. * Threshold should be a float between 0 and 1 which will be tested as response >= threshold.
  254. *
  255. * @param float $threshold Expected threshold
  256. * @return ReCaptcha Current instance for fluent interface
  257. */
  258. public function setScoreThreshold($threshold)
  259. {
  260. $this->threshold = floatval($threshold);
  261. return $this;
  262. }
  264. /**
  265. * Provide a timeout in seconds to test against the challenge timestamp in verify()
  266. *
  267. * @param int $timeoutSeconds Expected hostname
  268. * @return ReCaptcha Current instance for fluent interface
  269. */
  270. public function setChallengeTimeout($timeoutSeconds)
  271. {
  272. $this->timeoutSeconds = $timeoutSeconds;
  273. return $this;
  274. }
  275. }