From 3bb3ee2e86aac70906fbb66213b4141c5ca1aa74 Mon Sep 17 00:00:00 2001
From: Shish <shish@shishnet.org>
Date: Sun, 3 Jan 2010 08:15:52 +0000
Subject: [PATCH] securimage support as an alternative captcha

---
 core/util.inc.php                 | 57 +++++++++++++++++++++++++++++++
 ext/comment/main.php              | 24 ++-----------
 ext/comment/theme.php             | 28 +++++++++------
 themes/danbooru/comment.theme.php | 14 ++++++--
 4 files changed, 90 insertions(+), 33 deletions(-)

diff --git a/core/util.inc.php b/core/util.inc.php
index a5c681a5..6c7d1d20 100644
--- a/core/util.inc.php
+++ b/core/util.inc.php
@@ -1,4 +1,7 @@
 <?php
+require_once "lib/recaptchalib.php";
+require_once "lib/securimage/securimage.php";
+
 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *\
 * Input / Output Sanitising                                                 *
 \* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
@@ -208,6 +211,60 @@ function theme_file($filepath) {
 }
 
 
+/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *\
+* CAPTCHA abstraction                                                       *
+\* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
+
+function captcha_get_html() {
+	global $config, $user;
+	$captcha = "";
+	if($user->is_anonymous()) {
+		$rpk = $config->get_string("api_recaptcha_pubkey");
+		if(!empty($rpk)) {
+			$captcha = recaptcha_get_html($rpk);
+		}
+		else {
+			session_start();
+			$securimg = new Securimage();
+			$base = get_base_href();
+			$captcha = "<br/><img src='$base/lib/securimage/securimage_show.php?sid=". md5(uniqid(time())) ."'>".
+				"<br/>CAPTCHA: <input type='text' name='code' value='' />";
+		}
+	}
+	return $captcha;
+}
+
+function captcha_check() {
+	global $config, $user;
+
+	if($user->is_anonymous()) {
+		$rpk = $config->get_string('api_recaptcha_privkey');
+		if(!empty($rpk)) {
+			$resp = recaptcha_check_answer(
+					$rpk,
+					$_SERVER["REMOTE_ADDR"],
+					$_POST["recaptcha_challenge_field"],
+					$_POST["recaptcha_response_field"]);
+
+			if(!$resp->is_valid) {
+				log_info("core", "Captcha failed (ReCaptcha): " . $resp->error);
+				return false;
+			}
+		}
+		else {
+			session_start();
+			$securimg = new Securimage();
+			if($securimg->check($_POST['code']) == false) {
+				log_info("core", "Captcha failed (Securimage)");
+				return false;
+			}
+		}
+	}
+
+	return true;
+}
+
+
 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *\
 * Misc                                                                      *
 \* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
diff --git a/ext/comment/main.php b/ext/comment/main.php
index 61fcd336..c53d4f3c 100644
--- a/ext/comment/main.php
+++ b/ext/comment/main.php
@@ -1,6 +1,5 @@
 <?php
 require_once "lib/akismet.class.php";
-require_once "lib/recaptchalib.php";
 
 class CommentPostingEvent extends Event {
 	var $image_id, $user, $comment;
@@ -53,6 +52,7 @@ class CommentList extends SimpleExtension {
 		$config->set_default_int('comment_limit', 10);
 		$config->set_default_int('comment_list_count', 10);
 		$config->set_default_int('comment_count', 5);
+		$config->set_default_bool('comment_captcha', false);
 
 		if($config->get_int("ext_comments_version") < 2) {
 			// shortcut to latest
@@ -182,6 +182,7 @@ class CommentList extends SimpleExtension {
 	public function onSetupBuilding($event) {
 		$sb = new SetupBlock("Comment Options");
 		$sb->add_bool_option("comment_anon", "Allow anonymous comments: ");
+		$sb->add_bool_option("comment_captcha", "<br>Require CAPTCHA for anonymous comments: ");
 		$sb->add_label("<br>Limit to ");
 		$sb->add_int_option("comment_limit");
 		$sb->add_label(" comments per ");
@@ -336,25 +337,6 @@ class CommentList extends SimpleExtension {
 		return md5($_SERVER['REMOTE_ADDR'] . date("%Y%m%d"));
 	}
 
-	private function is_spam_recaptcha($text) {
-		global $config, $user;
-
-		if(strlen($config->get_string('api_recaptcha_privkey')) > 0) {
-			$resp = recaptcha_check_answer(
-					$config->get_string('api_recaptcha_privkey'),
-					$_SERVER["REMOTE_ADDR"],
-					$_POST["recaptcha_challenge_field"],
-					$_POST["recaptcha_response_field"]);
-
-			if(!$resp->is_valid) {
-				log_info("comment", "Captcha failed: " . $resp->error);
-				return true;
-			}
-		}
-
-		return false;
-	}
-
 	private function is_spam_akismet($text) {
 		global $config, $user;
 		if(strlen($config->get_string('comment_wordpress_key')) > 0) {
@@ -430,7 +412,7 @@ class CommentList extends SimpleExtension {
 		}
 
 		// rate-limited external service checks last
-		else if($user->is_anonymous() && $this->is_spam_recaptcha($comment)) {
+		else if($config->get_bool('comment_captcha') && !captcha_check()) {
 			throw new CommentPostingException("Error in captcha");
 		}
 		else if($user->is_anonymous() && $this->is_spam_akismet($comment)) {
diff --git a/ext/comment/theme.php b/ext/comment/theme.php
index df6b906a..3fa92b0a 100644
--- a/ext/comment/theme.php
+++ b/ext/comment/theme.php
@@ -1,5 +1,4 @@
 <?php
-
 class CommentListTheme extends Themelet {
 	var $comments_shown = 0;
 
@@ -8,7 +7,7 @@ class CommentListTheme extends Themelet {
 	 * the image's comments
 	 */
 	public function display_comment_list($images, $page_number, $total_pages, $can_post) {
-		global $config, $page;
+		global $config, $page, $user;
 
 		// aaaaaaargh php
 		assert(is_array($images));
@@ -52,8 +51,19 @@ class CommentListTheme extends Themelet {
 			foreach($comments as $comment) {
 				$comment_html .= $this->comment_to_html($comment);
 			}
-			if($can_post) {
-				$comment_html .= $this->build_postbox($image->id);
+			if(!$user->is_anonymous()) {
+				if($can_post) {
+					$comment_html .= $this->build_postbox($image->id);
+				}
+			} else {
+				if ($can_post) {
+					if(!$config->get_bool('comment_captcha')) {
+						$comment_html .= $this->build_postbox($image->id);
+					}
+					else {
+						$comment_html .= "<a href='".make_link("post/view/".$image->id)."'>Add Comment</a>";
+					}
+				}
 			}
 
 			$html  = "
@@ -145,20 +155,18 @@ class CommentListTheme extends Themelet {
 	}
 
 	protected function build_postbox($image_id) {
-		global $config, $user;
+		global $config;
 
 		$i_image_id = int_escape($image_id);
 		$hash = CommentList::get_hash();
+		$captcha = $config->get_bool("comment_captcha") ? captcha_get_html() : "";
 
-		$rpk = $config->get_string("api_recaptcha_pubkey");
-		$reca = (!$user->is_anonymous() || empty($rpk)) ?
-				"" : recaptcha_get_html($rpk);
 		return "
-			<form action='".make_link("comment/add")."' method='POST'>
+			<form name='comment_form' action='".make_link("comment/add")."' method='POST'>
 				<input type='hidden' name='image_id' value='$i_image_id' />
 				<input type='hidden' name='hash' value='$hash' />
 				<textarea name='comment' rows='5' cols='50'></textarea>
-				$reca
+				$captcha
 				<br><input type='submit' value='Post Comment' />
 			</form>
 		";
diff --git a/themes/danbooru/comment.theme.php b/themes/danbooru/comment.theme.php
index c148ee76..c961f7db 100644
--- a/themes/danbooru/comment.theme.php
+++ b/themes/danbooru/comment.theme.php
@@ -2,7 +2,7 @@
 
 class CustomCommentListTheme extends CommentListTheme {
 	public function display_comment_list($images, $page_number, $total_pages, $can_post) {
-		global $config, $page;
+		global $config, $page, $user;
 
 		$page->disable_left();
 
@@ -52,7 +52,17 @@ class CustomCommentListTheme extends CommentListTheme {
 				$comment_html .= $this->comment_to_html($comment);
 			}
 			if($can_post) {
-				$comment_html .= $this->build_postbox($image->id);
+				if(!$user->is_anonymous()) {
+					$comment_html .= $this->build_postbox($image->id);
+				}
+				else {
+					if(!$config->get_bool('comment_captcha')) {
+						$comment_html .= $this->build_postbox($image->id);
+					}
+					else {
+						$comment_html .= "<a href='".make_link("post/view/".$image->id)."'>Add Comment</a>";
+					}
+				}
 			}
 
 			$html  = "