get_var( $wpdb->prepare( 'SELECT meta_value FROM ' . $wpdb->prefix . 'captcha_booster_meta WHERE meta_key = %s', 'error_message' ) );// db call ok; no-cache ok. $captcha_booster_options = get_option( 'captcha_option' ); $error_data_array = maybe_unserialize( $error_data ); if ( ! get_option( 'captcha_option' ) ) { $captcha_booster_options = array( 'plugin_option_version' => $captcha_plugin_info['Version'], 'captcha_key' => array( 'time' => '', 'key' => '', ), 'captcha_label_form' => '', 'captcha_required_symbol' => '*', 'captcha_difficulty_number' => '1', 'captcha_difficulty_word' => '0', ); add_option( 'captcha_option', $captcha_booster_options ); } $display_settings_data = $wpdb->get_var( $wpdb->prepare( 'SELECT meta_value FROM ' . $wpdb->prefix . 'captcha_booster_meta WHERE meta_key = %s', 'display_settings' ) );// db call ok; no-cache ok. $meta_data_array = maybe_unserialize( $display_settings_data ); $display_setting = explode( ',', isset( $meta_data_array['settings'] ) ? $meta_data_array['settings'] : '' ); $captcha_time = CAPTCHA_BOOSTER_LOCAL_TIME; $captcha_type = $wpdb->get_results( $wpdb->prepare( 'SELECT meta_value FROM ' . $wpdb->prefix . 'captcha_booster_meta WHERE meta_key = %s', 'captcha_type' ) );// db call ok; no-cache ok. $captcha_array = array(); foreach ( $captcha_type as $row ) { $captcha_array = maybe_unserialize( $row->meta_value ); } /* This action hooks is used to display and validate captcha on login form */ if ( '1' === $display_setting[0] ) { add_action( 'login_form', 'captcha_booster_login_form' ); add_filter( 'authenticate', 'captcha_booster_login_check', 21, 3 ); } else { add_action( 'wp_authenticate', 'captcha_booster_check_user_login_status', 10, 2 ); } /* This action hook is used to display and validate captcha on registeration form */ if ( '1' === $display_setting[2] ) { if ( is_multisite() ) { add_action( 'signup_extra_fields', 'captcha_booster_register_form', 10, 2 ); add_action( 'wpmu_signup_user_notification', 'captcha_booster_register_check', 10, 3 ); } else { add_action( 'register_form', 'captcha_booster_register_form' ); add_action( 'register_post', 'captcha_booster_register_check', 10, 3 ); } } /* This action hook is used to display and validate captcha on comment form */ if ( '1' === $display_setting[6] ) { add_action( 'comment_form_after_fields', 'captcha_booster_comment_form' ); add_action( 'pre_comment_on_post', 'captcha_booster_comment_form_check' ); } /* This action Hook is Used to create and validate captcha on Lost-Password form */ if ( '1' === $display_setting[4] ) { add_action( 'lostpassword_form', 'captcha_booster_register_form' ); add_action( 'allow_password_reset', 'captcha_booster_lost_password', 1 ); } /** * This function adds captcha to the login form . */ function captcha_booster_login_form() { global $captcha_booster_options; if ( '' === session_id() ) {// @codingStandardsIgnoreLine. @session_start();// @codingStandardsIgnoreLine } if ( isset( $_SESSION['captch_booster_login'] ) ) {// @codingStandardsIgnoreLine. unset( $_SESSION['captch_booster_login'] );// @codingStandardsIgnoreLine. } echo '

'; if ( '' !== $captcha_booster_options['captcha_label_form'] ) { echo '
'; } if ( isset( $_SESSION['captcha_booster_error'] ) ) {// @codingStandardsIgnoreLine. echo '
' . $_SESSION['captcha_booster_error'] . '
';// @codingStandardsIgnoreLine. unset( $_SESSION['captcha_booster_error'] );// @codingStandardsIgnoreLine. } echo '
'; captcha_booster_display_captcha(); echo '


'; } /** * This function adds captcha to the register form . */ function captcha_booster_register_form() { global $display_setting; if ( '1' === $display_setting[7] ) { echo '
'; } echo '

'; captcha_booster_display_captcha(); echo '

'; } /* This action hooks is used to display and validate captcha on admin comment form */ if ( '1' === $display_setting[8] ) { add_action( 'comment_form_logged_in_after', 'captcha_booster_comment_form' ); add_action( 'pre_comment_on_post', 'captcha_booster_comment_form_check' ); } /** * This function adds captcha to the comment form . */ function captcha_booster_comment_form() { global $display_setting, $wpdb, $current_user; if ( is_user_logged_in() ) { if ( is_super_admin() ) { $cpb_role = 'administrator'; } else { $cpb_role = $wpdb->prefix . 'capabilities'; $current_user->role = array_keys( $current_user->$cpb_role ); $cpb_role = $current_user->role[0]; } if ( ( 'administrator' === $cpb_role && '1' === $display_setting[8] ) || ( 'administrator' !== $cpb_role && '0' === $display_setting[10] ) ) { echo '

'; captcha_booster_display_captcha(); echo '


'; } } else { echo '

'; captcha_booster_display_captcha(); echo '


'; // return true. } } /** * This function checks the captcha posted with a login when login errors are absent . * * @param string $user . * @param string $username . * @param string $password . */ function captcha_booster_login_check( $user, $username, $password ) { global $captcha_booster_options, $wpdb, $error_data_array; $ip_address = sprintf( '%u', ip2long( get_ip_address_for_captcha_booster() ) ); $str_key = $captcha_booster_options['captcha_key']['key']; if ( '' === session_id() ) {// @codingStandardsIgnoreLine. @session_start();// @codingStandardsIgnoreLine. } if ( isset( $_SESSION['captch_booster_login'] ) && true === $_SESSION['captch_booster_login'] ) {// @codingStandardsIgnoreLine. return $user; } /* Delete errors, if they set */ if ( isset( $_SESSION['captcha_booster_error'] ) ) {// @codingStandardsIgnoreLine. unset( $_SESSION['captcha_booster_error'] );// @codingStandardsIgnoreLine. } /* Add error if captcha is empty */ if ( ( ! isset( $_REQUEST['ux_txt_captcha_input'] ) || '' === esc_attr( wp_unslash( $_REQUEST['ux_txt_captcha_input'] ) ) ) && isset( $_REQUEST['loggedout'] ) ) {// WPCS: CSRF ok, input var ok, sanitization ok. $error = new WP_Error(); $error->add( 'captcha_booster_error', '' . __( 'ERROR', 'wp-captcha-booster' ) . ': ' . $error_data_array['for_captcha_empty_error'] ); wp_clear_auth_cookie(); return $error; } if ( isset( $_REQUEST['captcha_booster_result'] ) && isset( $_REQUEST['ux_txt_captcha_input'] ) && isset( $_REQUEST['captcha_booster_time'] ) ) {// WPCS: CSRF ok, WPCS: input var ok. if ( 0 === strcasecmp( trim( captcha_booster_decode( wp_unslash( $_REQUEST['captcha_booster_result'] ), $str_key, wp_unslash( $_REQUEST['captcha_booster_time'] ) ) ), esc_attr( wp_unslash( $_REQUEST['ux_txt_captcha_input'] ) ) ) ) {// WPCS: CSRF ok, input var ok, sanitization ok. $userdata = get_user_by( 'login', $username ); $user_email_data = get_user_by( 'email', $username ); if ( ( $userdata && wp_check_password( $password, $userdata->user_pass ) ) || ( $user_email_data && wp_check_password( $password, $user_email_data->user_pass ) ) ) { /* Captcha was matched */ $_SESSION['captch_booster_login'] = true;// @codingStandardsIgnoreLine. captcha_booster_user_log_in_success( $username, $ip_address ); return $user; } else { $_SESSION['captch_booster_login'] = false;// @codingStandardsIgnoreLine. captcha_booster_user_log_in_fails( $username, $ip_address ); } } else { $_SESSION['captch_booster_login'] = false;// @codingStandardsIgnoreLine. captcha_booster_user_log_in_fails( $username, $ip_address ); wp_clear_auth_cookie(); /* Add error if captcha is incorrect */ $error = new WP_Error(); if ( '' === esc_attr( wp_unslash( $_REQUEST['ux_txt_captcha_input'] ) ) ) {// WPCS: CSRF ok, input var ok, sanitization ok. $error->add( 'captcha_booster_error', '' . __( 'ERROR', 'wp-captcha-booster' ) . ': ' . $error_data_array['for_captcha_empty_error'] ); } else { $error->add( 'captcha_booster_error', '' . __( 'ERROR', 'wp-captcha-booster' ) . ': ' . $error_data_array['for_invalid_captcha_error'] ); } return $error; } } else { if ( isset( $_REQUEST['log'] ) && isset( $_REQUEST['pwd'] ) ) {// WPCS: CSRF ok, WPCS: input var ok. /* captcha was not found in _REQUEST */ $error = new WP_Error(); $error->add( 'captcha_booster_error', '' . __( 'ERROR', 'wp-captcha-booster' ) . ': ' . $error_data_array['for_captcha_empty_error'] ); return $error; } else { /* it is not a submit */ return $user; } } } /** * This function checks captcha for registeration form. * * @param string $login . * @param string $email . * @param string $errors . */ function captcha_booster_register_check( $login, $email, $errors ) { global $captcha_booster_options, $wpdb, $error_data_array; $str_key = $captcha_booster_options['captcha_key']['key']; if ( is_multisite() ) { if ( isset( $_REQUEST['ux_txt_captcha_input'] ) && '' === esc_attr( wp_unslash( $_REQUEST['ux_txt_captcha_input'] ) ) ) {// WPCS: input var ok, CSRF ok, sanitization ok. wp_die( '' . esc_attr( __( 'ERROR', 'wp-captcha-booster' ) ) . ': ' . esc_attr( $error_data_array['for_captcha_empty_error'] ) ); } if ( 0 !== strcasecmp( trim( captcha_booster_decode( wp_unslash( isset( $_REQUEST['captcha_booster_result'] ) ? $_REQUEST['captcha_booster_result'] : '' ), $str_key, wp_unslash( isset( $_REQUEST['captcha_booster_time'] ) ? $_REQUEST['captcha_booster_time'] : '' ) ) ), esc_attr( wp_unslash( $_REQUEST['ux_txt_captcha_input'] ) ) ) ) {// WPCS: CSRF ok,input var ok, sanitization ok. wp_die( '' . esc_attr( __( 'ERROR', 'wp-captcha-booster' ) ) . ': ' . esc_attr( $error_data_array['for_invalid_captcha_error'] ) ); } } else { if ( isset( $_REQUEST['ux_txt_captcha_input'] ) && '' === esc_attr( wp_unslash( $_REQUEST['ux_txt_captcha_input'] ) ) ) {// WPCS: CSRF ok, input var ok, sanitization ok. $errors->add( 'captcha_blank', '' . __( 'ERROR', 'wp-captcha-booster' ) . ': ' . $error_data_array['for_captcha_empty_error'] ); return $errors; } if ( 0 !== strcasecmp( trim( captcha_booster_decode( wp_unslash( $_REQUEST['captcha_booster_result'] ), $str_key, wp_unslash( $_REQUEST['captcha_booster_time'] ) ) ), esc_attr( wp_unslash( $_REQUEST['ux_txt_captcha_input'] ) ) ) ) {// WPCS: CSRF ok, input var ok, sanitization ok. $errors->add( 'captcha_wrong', '' . __( 'ERROR', 'wp-captcha-booster' ) . ': ' . $error_data_array['for_invalid_captcha_error'] ); } return( $errors ); } } /** * Functionality of the captcha logic work. */ function captcha_booster_display_captcha() { global $captcha_booster_options, $captcha_time, $captcha_plugin_info, $wpdb, $captcha_array, $display_setting; if ( ! $captcha_plugin_info ) { include_once ABSPATH . 'wp-admin/includes/plugin.php'; $captcha_plugin_info = get_plugin_data( __FILE__ ); } if ( ! isset( $captcha_booster_options['captcha_key'] ) ) { $captcha_booster_options = get_option( 'captcha_option' ); } if ( '' === $captcha_booster_options['captcha_key']['key'] || $captcha_booster_options['captcha_key']['time'] < CAPTCHA_BOOSTER_LOCAL_TIME - ( 24 * 60 * 60 ) ) { captcha_booster_generate_key(); } $str_key = $captcha_booster_options['captcha_key']['key']; if ( 'logical_captcha' === $captcha_array['captcha_type_text_logical'] && 'arrange_order' === $captcha_array['mathematical_operations'] ) { $arrange_order = explode( ',', isset( $captcha_array['arrange_order'] ) ? $captcha_array['arrange_order'] : '' ); $arrange_array = captcha_booster_random_numbers( 10, 20, 5 ); $copy_array = array(); $arrange_type = array(); if ( 1 === $arrange_order[0] ) { $arrange_type[] = 'Ascending'; } if ( 1 === $arrange_order[1] ) { $arrange_type[] = 'Descending'; } $rand_arrange_array = rand( 0, count( $arrange_type ) - 1 ); switch ( $arrange_type[ $rand_arrange_array ] ) { case 'Ascending': sort( $arrange_array ); $arr_convert = implode( ',', $arrange_array ); break; case 'Descending': rsort( $arrange_array ); $arr_convert = implode( ',', $arrange_array ); break; } $imploded_form = implode( ',', $copy_array ); $str_arrange_expretion = ''; $str_arrange_expretion .= ( 'Ascending' === $arrange_type[ $rand_arrange_array ] ) ? __( 'Arrange in Ascending Order', 'wp-captcha-booster' ) : __( 'Arrange in Descending Order', 'wp-captcha-booster' ); $str_arrange_expretion .= '
' . __( " (Use ',' to separate the numbers) :", 'wp-captcha-booster' ) . "*

"; $str_arrange_expretion .= $imploded_form . ' = '; $str_arrange_expretion .= ''; /* Add hidden field with encoding result */ ?> $array_number[1] ) { $array_number[2] = $array_number[0]; } else { $array_number[2] = $array_number[1]; } break; } $str_relational_expretion = ''; $str_relational_expretion .= __( 'Solve', 'wp-captcha-booster' ) . " : *
"; $str_relational_expretion .= ( 'Smaller' === $relation_op[ $rand_relation_op ] ) ? __( 'Which Number is Smaller ', 'wp-captcha-booster' ) : __( 'Which Number is Larger ', 'wp-captcha-booster' ); $str_relational_expretion .= $array_number[0] . ' '; $str_relational_expretion .= __( ' or ', 'wp-captcha-booster' ); $str_relational_expretion .= ' ' . $array_number[1] . ' ? '; $str_relational_expretion .= ""; /* Add hidden field with encoding result */ ?> get_var( $wpdb->prepare( 'SELECT meta_value FROM ' . $wpdb->prefix . 'captcha_booster_meta WHERE meta_key = %s', 'captcha_type' ) );// db call ok; no-cache ok. $maths_array = maybe_unserialize( $maths_action ); $arithmetic_actions = explode( ',', isset( $maths_array['arithmetic_actions'] ) ? $maths_array['arithmetic_actions'] : '' ); /* If value for Plus on the settings page is set */ if ( '1' === $arithmetic_actions[0] ) { $math_actions[] = '+'; } /* If value for Minus on the settings page is set */ if ( '1' === $arithmetic_actions[1] ) { $math_actions[] = '−'; } /* If value for Increase on the settings page is set */ if ( '1' === $arithmetic_actions[2] ) { $math_actions[] = '×'; } /* if value for division on setting page is set */ if ( '1' === $arithmetic_actions[3] ) { $math_actions[] = '⁄'; } /* What is math action to display in the form */ $rand_math_action = rand( 0, count( $math_actions ) - 1 ); $array_math_expretion = array(); /* Add first part of mathematical expression */ $array_math_expretion[0] = rand( 1, 30 ); /* Add second part of mathematical expression */ $array_math_expretion[1] = rand( 1, 30 ); /* Calculation of the mathematical expression result */ switch ( $math_actions[ $rand_math_action ] ) { case '+': $array_math_expretion[2] = $array_math_expretion[0] + $array_math_expretion[1]; break; case '−': /* Result must not be equal to the negative number */ if ( $array_math_expretion[0] < $array_math_expretion[1] ) { $number = $array_math_expretion[0]; $array_math_expretion[0] = $array_math_expretion[1]; $array_math_expretion[1] = $number; } $array_math_expretion[2] = $array_math_expretion[0] - $array_math_expretion[1]; break; case '×': $array_math_expretion[2] = $array_math_expretion[0] * $array_math_expretion[1]; break; case '⁄': if ( $array_math_expretion[0] < $array_math_expretion[1] ) { $number = $array_math_expretion[0]; $array_math_expretion[0] = $array_math_expretion[1]; $array_math_expretion[1] = $number; } while ( 0 !== $array_math_expretion[0] % $array_math_expretion[1] ) { $array_math_expretion[0] ++; } $array_math_expretion[2] = $array_math_expretion[0] / $array_math_expretion[1]; if ( is_float( $array_math_expretion[2] ) ) { $float_value = round( $array_math_expretion[2], 1 ); $devision = explode( '.', $float_value ); $array_math_expretion[2] = $devision[1] >= 5 ? ceil( $float_value ) : floor( $float_value ); } break; } /* String for display */ $str_math_expretion = ''; $str_math_expretion .= __( 'Solve', 'wp-captcha-booster' ) . " : *
"; $str_math_expretion .= $array_math_expretion[0]; /* Add math action */ $str_math_expretion .= ' ' . $math_actions[ $rand_math_action ]; $str_math_expretion .= ' ' . $array_math_expretion[1]; $str_math_expretion .= ' = '; $str_math_expretion .= ' '; /* Add hidden field with encoding result */ $str_math_expretion .= ' '; echo $str_math_expretion;// WPCS: XSS ok. } } /** * This Function generates a key which is used during validation of captcha. * * @param int $lenght . */ function captcha_booster_generate_key( $lenght = 15 ) { global $captcha_booster_options; $simbols = get_bloginfo( 'url' ) . CAPTCHA_BOOSTER_LOCAL_TIME; $simbols_lenght = strlen( $simbols ); $simbols_lenght--; $str_key = null; for ( $x = 1; $x <= $lenght; $x++ ) { $position = rand( 0, $simbols_lenght ); $str_key .= substr( $simbols, $position, 1 ); } $captcha_booster_options['captcha_key']['key'] = md5( $str_key ); $captcha_booster_options['captcha_key']['time'] = CAPTCHA_BOOSTER_LOCAL_TIME; update_option( 'captcha_option', $captcha_booster_options ); } /** * This Function used to check captcha for comment form. */ function captcha_booster_comment_form_check() { global $captcha_booster_options, $wpdb, $error_data_array; $str_key = $captcha_booster_options['captcha_key']['key']; if ( isset( $_REQUEST['ux_txt_captcha_input'] ) && '' === esc_attr( wp_unslash( $_REQUEST['ux_txt_captcha_input'] ) ) ) {// WPCS: CSRF ok, input var ok, sanitization ok. wp_die( esc_attr( __( 'ERROR', 'wp-captcha-booster' ) ) . ': ' . esc_attr( $error_data_array['for_captcha_empty_error'] ) ); } if ( isset( $_REQUEST['captcha_booster_result'] ) && isset( $_REQUEST['captcha_booster_time'] ) && isset( $_REQUEST['ux_txt_captcha_input'] ) ) {// WPCS: CSRF ok, input var ok, sanitization ok. if ( 0 === strcasecmp( trim( captcha_booster_decode( wp_unslash( $_REQUEST['captcha_booster_result'] ), $str_key, wp_unslash( $_REQUEST['captcha_booster_time'] ) ) ), esc_attr( wp_unslash( $_REQUEST['ux_txt_captcha_input'] ) ) ) ) {// WPCS: CSRF ok, input var ok, sanitization ok. return; /* Captcha was matched */ } else { wp_die( esc_attr( __( 'ERROR', 'wp-captcha-booster' ) ) . ': ' . esc_attr( $error_data_array['for_invalid_captcha_error'] ) ); } } } /** * This function checks the captcha posted with lostpassword form. * * @param string $user . */ function captcha_booster_lost_password( $user ) { global $captcha_booster_options, $error_data_array, $errors; $str_key = $captcha_booster_options['captcha_key']['key']; /* If field 'user login' is empty - return */ if ( isset( $_REQUEST['user_login'] ) && '' === esc_attr( wp_unslash( $_REQUEST['user_login'] ) ) ) {// WPCS: CSRF ok, input var ok, sanitization ok. return; } /* If captcha doesn't entered */ if ( isset( $_REQUEST['ux_txt_captcha_input'] ) && '' === esc_attr( wp_unslash( $_REQUEST['ux_txt_captcha_input'] ) ) ) {// WPCS: CSRF ok, input var ok, sanitization ok. $error = new WP_Error( 'captcha_wrong', '' . __( 'ERROR', 'wp-captcha-booster' ) . ': ' . $error_data_array['for_captcha_empty_error'] ); return $error; } /* Check entered captcha */ if ( isset( $_REQUEST['captcha_booster_result'] ) && isset( $_REQUEST['ux_txt_captcha_input'] ) && isset( $_REQUEST['captcha_booster_time'] ) && 0 === strcasecmp( trim( captcha_booster_decode( wp_unslash( $_REQUEST['captcha_booster_result'] ), $str_key, wp_unslash( $_REQUEST['captcha_booster_time'] ) ) ), esc_attr( wp_unslash( $_REQUEST['ux_txt_captcha_input'] ) ) ) ) {// WPCS: CSRF ok, input var ok, sanitization ok. return $user; } else { $error = new WP_Error( 'captcha_wrong', '' . __( 'ERROR', 'wp-captcha-booster' ) . ': ' . $error_data_array['for_invalid_captcha_error'] ); return $error; } } /** * Function for encoding number. * * @param string $string . * @param string $password . * @param string $captcha_time . */ function captcha_booster_encode( $string, $password, $captcha_time ) { /* Check if key for encoding is empty */ if ( ! $password ) { die( esc_attr( __( 'Encryption password is not set', 'wp-captcha-booster' ) ) ); } $salt = md5( $captcha_time, true ); $string = substr( pack( 'H*', sha1( $string ) ), 0, 1 ) . $string; $strlen = strlen( $string ); $seq = $password; $gamma = ''; while ( strlen( $gamma ) < $strlen ) {// @codingStandardsIgnoreLine. $seq = pack( 'H*', sha1( $seq . $gamma . $salt ) ); $gamma .= substr( $seq, 0, 8 ); } return base64_encode( $string ^ $gamma ); } /** * Function for decoding number. * * @param string $string_orignal . * @param string $key . * @param string $captcha_time . */ function captcha_booster_decode( $string_orignal, $key, $captcha_time ) { /* Check if key for encoding is empty */ if ( ! $key ) { die( esc_attr( __( 'Decryption password is not set', 'wp-captcha-booster' ) ) ); } $salt = md5( $captcha_time, true ); $strlen = strlen( $string_orignal ); $seq = $key; $gamma = ''; while ( strlen( $gamma ) < $strlen ) {// @codingStandardsIgnoreLine. $seq = pack( 'H*', sha1( $seq . $gamma . $salt ) ); $gamma .= substr( $seq, 0, 8 ); } $string1 = base64_decode( $string_orignal ); $string = $string1 ^ $gamma; $decoded_string = substr( $string, 1 ); $error = ord( substr( $string, 0, 1 ) ^ substr( pack( 'H*', sha1( $decoded_string ) ), 0, 1 ) ); if ( $error ) { return false; } else { return $decoded_string; } } /** * This function is used to generate random number. * * @param string $min . * @param string $max . * @param string $quantity . */ function captcha_booster_random_numbers( $min, $max, $quantity ) { $numbers = range( $min, $max ); shuffle( $numbers ); return array_slice( $numbers, 0, $quantity ); }