File: /srv/users/mkanyafarm/apps/mkanyafarm/public/wp-content/plugins/booking/js/captcha/captcha.php
<?php
/*
Plugin Name: Really Simple CAPTCHA
Plugin URI: http://contactform7.com/captcha/
Description: Really Simple CAPTCHA is a CAPTCHA module intended to be called from other plugins. It is originally created for my Contact Form 7 plugin.
Author: Takayuki Miyoshi
Author URI: http://ideasilo.wordpress.com/
Text Domain: really-simple-captcha
Version: 1.9
*/
/* Copyright 2007-2016 Takayuki Miyoshi (email: takayukister at gmail.com)
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
define( 'WPDEVREALLYSIMPLECAPTCHA_VERSION', '1.9.0.1' );
class wpdevReallySimpleCaptcha {
public $chars;
public $char_length;
public $fonts;
public $tmp_dir;
public $img_size;
public $bg;
public $fg;
public $base;
public $font_size;
public $font_char_width;
public $img_type;
public $file_mode;
public $answer_file_mode;
public function __construct() {
/* Characters available in images */
$this->chars = 'ABCDEFGHJKLMNPQRSTUVWXYZ23456789';
/* Length of a word in an image */
$this->char_length = 4;
/* Array of fonts. Randomly picked up per character */
$this->fonts = array(
dirname( __FILE__ ) . '/gentium/GenBkBasR.ttf',
dirname( __FILE__ ) . '/gentium/GenBkBasI.ttf',
dirname( __FILE__ ) . '/gentium/GenBkBasBI.ttf',
dirname( __FILE__ ) . '/gentium/GenBkBasB.ttf' );
/* Directory temporary keeping CAPTCHA images and corresponding text files */
$this->tmp_dir = path_join( dirname( __FILE__ ), 'tmp' );
/* Array of CAPTCHA image size. Width and height */
$this->img_size = array( 72, 24 );
/* Background color of CAPTCHA image. RGB color 0-255 */
$this->bg = array( 255, 255, 255 );
/* Foreground (character) color of CAPTCHA image. RGB color 0-255 */
$this->fg = array( 0, 0, 0 );
// FixIn: 10.0.0.54.
if ( ( function_exists( 'get_bk_option' ) ) && ( 'wpbc_theme_dark_1' === get_bk_option( 'booking_form_theme' ) ) ) {
$this->bg = array( 39, 39, 39 );
$this->fg = array( 255, 255, 255 );
}
/* Coordinates for a text in an image. I don't know the meaning. Just adjust. */
$this->base = array( 6, 18 );
/* Font size */
$this->font_size = 14;
/* Width of a character */
$this->font_char_width = 15;
/* Image type. 'png', 'gif' or 'jpeg' */
$this->img_type = 'png';
/* Mode of temporary image files */
$this->file_mode = 0644;
/* Mode of temporary answer text files */
$this->answer_file_mode = 0640;
}
/**
* Generate and return a random word.
*
* @return string Random word with $chars characters x $char_length length
*/
public function generate_random_word() {
$word = '';
for ( $i = 0; $i < $this->char_length; $i++ ) {
$pos = wp_rand( 0, strlen( $this->chars ) - 1 );
$char = $this->chars[$pos];
$word .= $char;
}
return $word;
}
/**
* Generate CAPTCHA image and corresponding answer file.
*
* @param string $prefix File prefix used for both files
* @param string $word Random word generated by generate_random_word()
* @return string|bool The file name of the CAPTCHA image. Return false if temp directory is not available.
*/
public function generate_image( $prefix, $word ) {
if ( ! $this->make_tmp_dir() ) {
return false;
}
$this->cleanup();
$dir = trailingslashit( $this->tmp_dir );
$filename = null;
if ( $im = imagecreatetruecolor( $this->img_size[0], $this->img_size[1] ) ) {
$bg = imagecolorallocate( $im, $this->bg[0], $this->bg[1], $this->bg[2] );
$fg = imagecolorallocate( $im, $this->fg[0], $this->fg[1], $this->fg[2] );
imagefill( $im, 0, 0, $bg );
// phpcs:ignore WordPress.WP.AlternativeFunctions.rand_mt_rand
$x = $this->base[0] + mt_rand( -2, 2 );
for ( $i = 0; $i < strlen( $word ); $i++ ) {
$font = $this->fonts[array_rand( $this->fonts )];
$font = $this->normalize_path( $font );
// phpcs:ignore WordPress.WP.AlternativeFunctions.rand_mt_rand
imagettftext( $im, $this->font_size, mt_rand( -12, 12 ), $x, $this->base[1] + mt_rand( -2, 2 ), $fg, $font, $word[$i] );
$x += $this->font_char_width;
}
switch ( $this->img_type ) {
case 'jpeg':
$filename = sanitize_file_name( $prefix . '.jpeg' );
$file = $this->normalize_path( $dir . $filename );
imagejpeg( $im, $file );
break;
case 'gif':
$filename = sanitize_file_name( $prefix . '.gif' );
$file = $this->normalize_path( $dir . $filename );
imagegif( $im, $file );
break;
case 'png':
default:
$filename = sanitize_file_name( $prefix . '.png' );
$file = $this->normalize_path( $dir . $filename );
imagepng( $im, $file );
}
imagedestroy( $im );
// phpcs:ignore WordPress.WP.AlternativeFunctions.file_system_operations_chmod
@chmod( $file, $this->file_mode );
}
$this->generate_answer_file( $prefix, $word );
return $filename;
}
/**
* Generate answer file corresponding to CAPTCHA image.
*
* @param string $prefix File prefix used for answer file
* @param string $word Random word generated by generate_random_word()
*/
public function generate_answer_file( $prefix, $word ) {
$dir = trailingslashit( $this->tmp_dir );
$answer_file = $dir . sanitize_file_name( $prefix . '.txt' );
$answer_file = $this->normalize_path( $answer_file );
// phpcs:ignore WordPress.WP.AlternativeFunctions.file_system_operations_fopen
if ( $fh = @fopen( $answer_file, 'w' ) ) {
$word = strtoupper( $word );
$salt = wp_generate_password( 64 );
$hash = hash_hmac( 'md5', $word, $salt );
$code = $salt . '|' . $hash;
// phpcs:ignore WordPress.WP.AlternativeFunctions.file_system_operations_fwrite
fwrite( $fh, $code );
// phpcs:ignore WordPress.WP.AlternativeFunctions.file_system_operations_fclose
fclose( $fh );
}
// phpcs:ignore WordPress.WP.AlternativeFunctions.file_system_operations_chmod
@chmod( $answer_file, $this->answer_file_mode );
}
/**
* Check a response against the code kept in the temporary file.
*
* @param string $prefix File prefix used for both files
* @param string $response CAPTCHA response
* @return bool Return true if the two match, otherwise return false.
*/
public function check( $prefix, $response ) {
if ( 0 == strlen( $prefix ) ) {
return false;
}
$response = str_replace( array( " ", "\t" ), '', $response );
$response = strtoupper( $response );
$dir = trailingslashit( $this->tmp_dir );
$filename = sanitize_file_name( $prefix . '.txt' );
$file = $this->normalize_path( $dir . $filename );
// phpcs:ignore WordPress.WP.AlternativeFunctions.file_get_contents_file_get_contents
if ( @is_readable( $file ) && ( $code = file_get_contents( $file ) ) ) {
$code = explode( '|', $code, 2 );
$salt = $code[0];
$hash = $code[1];
if ( hash_hmac( 'md5', $response, $salt ) == $hash ) {
return true;
}
}
return false;
}
/**
* Remove temporary files with given prefix.
*
* @param string $prefix File prefix
*/
public function remove( $prefix ) {
$dir = trailingslashit( $this->tmp_dir );
$suffixes = array( '.jpeg', '.gif', '.png', '.php', '.txt' );
foreach ( $suffixes as $suffix ) {
$filename = sanitize_file_name( $prefix . $suffix );
$file = $this->normalize_path( $dir . $filename );
if ( @is_file( $file ) ) {
// phpcs:ignore WordPress.WP.AlternativeFunctions.unlink_unlink
@wp_delete_file( $file );
}
}
}
/**
* Clean up dead files older than given length of time.
*
* @param int $minutes Consider older files than this time as dead files
* @return int|bool The number of removed files. Return false if error occurred.
*/
public function cleanup( $minutes = 60, $max = 100 ) {
$dir = trailingslashit( $this->tmp_dir );
$dir = $this->normalize_path( $dir );
if ( ! @is_dir( $dir ) || ! @is_readable( $dir ) ) {
return false;
}
$is_win = ( 'WIN' === strtoupper( substr( PHP_OS, 0, 3 ) ) );
// phpcs:ignore WordPress.WP.AlternativeFunctions.file_system_operations_is_writable
if ( ! ( $is_win ? win_is_writable( $dir ) : @is_writable( $dir ) ) ) {
return false;
}
$count = 0;
if ( $handle = @opendir( $dir ) ) {
while ( false !== ( $filename = readdir( $handle ) ) ) {
if ( ! preg_match( '/^[0-9]+\.(php|txt|png|gif|jpeg)$/', $filename ) ) {
continue;
}
$file = $this->normalize_path( $dir . $filename );
$stat = @stat( $file );
if ( ( $stat['mtime'] + $minutes * 60 ) < time() ) {
// phpcs:ignore WordPress.WP.AlternativeFunctions.unlink_unlink
if ( ! @wp_delete_file( $file ) ) {
// phpcs:ignore WordPress.WP.AlternativeFunctions.file_system_operations_chmod
@chmod( $file, 0644 );
// phpcs:ignore WordPress.WP.AlternativeFunctions.unlink_unlink
@wp_delete_file( $file );
}
$count += 1;
}
if ( $max <= $count ) {
break;
}
}
closedir( $handle );
}
return $count;
}
/**
* Make a temporary directory and generate .htaccess file in it.
*
* @return bool True on successful create, false on failure.
*/
public function make_tmp_dir() {
$dir = trailingslashit( $this->tmp_dir );
$dir = $this->normalize_path( $dir );
if ( ! wp_mkdir_p( $dir ) ) {
return false;
}
$htaccess_file = $this->normalize_path( $dir . '.htaccess' );
if ( file_exists( $htaccess_file ) ) {
return true;
}
// FixIn: 8.7.7.5
// phpcs:ignore WordPress.WP.AlternativeFunctions.file_system_operations_fopen
if ( $handle = @fopen( $htaccess_file, 'w' ) ) {
// phpcs:ignore WordPress.WP.AlternativeFunctions.file_system_operations_fwrite
fwrite( $handle, '# apache 2.2' . "\n" );
// phpcs:ignore WordPress.WP.AlternativeFunctions.file_system_operations_fwrite
fwrite( $handle, '<IfModule !mod_authz_core.c>' . "\n" );
// phpcs:ignore WordPress.WP.AlternativeFunctions.file_system_operations_fwrite
fwrite( $handle, ' Order deny,allow' . "\n" );
// phpcs:ignore WordPress.WP.AlternativeFunctions.file_system_operations_fwrite
fwrite( $handle, ' Deny from all' . "\n" );
// phpcs:ignore WordPress.WP.AlternativeFunctions.file_system_operations_fwrite
fwrite( $handle, ' <Files ~ "^[0-9A-Za-z]+\.(jpeg|gif|png)$">' . "\n" );
// phpcs:ignore WordPress.WP.AlternativeFunctions.file_system_operations_fwrite
fwrite( $handle, ' Allow from all' . "\n" );
// phpcs:ignore WordPress.WP.AlternativeFunctions.file_system_operations_fwrite
fwrite( $handle, ' </Files>' . "\n" );
// phpcs:ignore WordPress.WP.AlternativeFunctions.file_system_operations_fwrite
fwrite( $handle, '</IfModule>' . "\n" );
// phpcs:ignore WordPress.WP.AlternativeFunctions.file_system_operations_fwrite
fwrite( $handle, '# apache 2.4' . "\n" );
// phpcs:ignore WordPress.WP.AlternativeFunctions.file_system_operations_fwrite
fwrite( $handle, '<IfModule mod_authz_core.c>' . "\n" );
// phpcs:ignore WordPress.WP.AlternativeFunctions.file_system_operations_fwrite
fwrite( $handle, ' Require all denied' . "\n" );
// phpcs:ignore WordPress.WP.AlternativeFunctions.file_system_operations_fwrite
fwrite( $handle, ' <Files ~ "^[0-9A-Za-z]+\.(jpeg|gif|png)$">' . "\n" );
// phpcs:ignore WordPress.WP.AlternativeFunctions.file_system_operations_fwrite
fwrite( $handle, ' Require all granted' . "\n" );
// phpcs:ignore WordPress.WP.AlternativeFunctions.file_system_operations_fwrite
fwrite( $handle, ' </Files>' . "\n" );
// phpcs:ignore WordPress.WP.AlternativeFunctions.file_system_operations_fwrite
fwrite( $handle, '</IfModule>' . "\n" );
// phpcs:ignore WordPress.WP.AlternativeFunctions.file_system_operations_fclose
fclose( $handle );
}
/*
// Check Apache version
$apache_ver = '0';
if ( ( isset( $_SERVER['SERVER_SOFTWARE'] ) ) && ( false !== strpos( $_SERVER['SERVER_SOFTWARE'], 'Apache/2.4' ) ) ) {
$apache_ver = explode( "Apache", $_SERVER['SERVER_SOFTWARE'] ); // Apache/1.3.29 (Unix) PHP
if ( isset( $apache_ver[1] ) ) {
$apache_ver = trim( $apache_ver[1], '/ ' );
$apache_ver = explode( " ", $apache_ver );
$apache_ver = trim( $apache_ver[0] );
} else {
$apache_ver = '0';
}
}
if ( version_compare( $apache_ver, '2.4', '>=' ) ) {
// Apache 2.4 or newer
if ( $handle = @fopen( $htaccess_file, 'w' ) ) {
fwrite( $handle, 'Require all denied' . "\n" );
fwrite( $handle, '<Files ~ "^[0-9A-Za-z]+\\.(jpeg|gif|png)$">' . "\n" );
fwrite( $handle, ' Require all granted' . "\n" );
fwrite( $handle, '</Files>' . "\n" );
fclose( $handle );
}
} else {
// Apache 2.2 or lower
if ( $handle = @fopen( $htaccess_file, 'w' ) ) {
fwrite( $handle, 'Order deny,allow' . "\n" );
fwrite( $handle, 'Deny from all' . "\n" );
fwrite( $handle, '<Files ~ "^[0-9A-Za-z]+\\.(jpeg|gif|png)$">' . "\n" );
fwrite( $handle, ' Allow from all' . "\n" );
fwrite( $handle, '</Files>' . "\n" );
fclose( $handle );
}
}
*/
return true;
}
/**
* Normalize a filesystem path.
*
* This should be replaced by wp_normalize_path when the plugin's
* minimum requirement becomes WordPress 3.9 or higher.
*
* @param string $path Path to normalize.
* @return string Normalized path.
*/
private function normalize_path( $path ) {
$path = str_replace( '\\', '/', $path );
$path = preg_replace( '|/+|', '/', $path );
return $path;
}
}