Skip to content

Commit

Permalink
MDL-14073 New param for download_file_content: skipcertcheck. ssl now…
Browse files Browse the repository at this point in the history 
… used in recaptchalib
  • Loading branch information
nicolasconnault committed Mar 31, 2008
1 parent 0d6a810 commit 83947a3
Show file tree
Hide file tree
Showing 4 changed files with 35 additions and 17 deletions.
8 changes: 7 additions & 1 deletion lib/filelib.php
View file
Expand Up @@ -15,9 +15,10 @@
* @param int $connecttimeout timeout for connection to server; this is the timeout that
* usually happens if the remote server is completely down (default 20 seconds);
* may not work when using proxy
* @param bool $skipcertverify If true, the peer's SSL certificate will not be checked. Only use this when already in a trusted location.
* @return mixed false if request failed or content of the file as string if ok.
*/
function download_file_content($url, $headers=null, $postdata=null, $fullresponse=false, $timeout=300, $connecttimeout=20) {
function download_file_content($url, $headers=null, $postdata=null, $fullresponse=false, $timeout=300, $connecttimeout=20, $skipcertverify=false) {
global $CFG;

// some extra security
Expand Down Expand Up @@ -111,6 +112,11 @@ function download_file_content($url, $headers=null, $postdata=null, $fullrespons
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers2);
}


if ($skipcertverify) {
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
}

// use POST if requested
if (is_array($postdata)) {
foreach ($postdata as $k=>$v) {
Expand Down
12 changes: 9 additions & 3 deletions lib/form/recaptcha.php
View file
Expand Up @@ -23,16 +23,21 @@ class MoodleQuickForm_recaptcha extends HTML_QuickForm_input {
* @var string
*/
var $_helpbutton='';

var $_https=false;

/**
* <code>
* $form->addElement('textarea_counter', 'message', 'Message',
* array('cols'=>60, 'rows'=>10), 160);
* </code>
*/
function HTML_QuickForm_recaptcha($elementName = null, $elementLabel = null, $attributes = null) {
function MoodleQuickForm_recaptcha($elementName = null, $elementLabel = null, $attributes = null) {
parent::HTML_QuickForm_input($elementName, $elementLabel, $attributes);
$this->_type = 'recaptcha';
if (!empty($attributes['https'])) {
$this->_https = $attributes['https'];
}
}

/**
Expand Down Expand Up @@ -85,7 +90,7 @@ function toHtml() {
<div class="recaptcha_only_if_audio"><a href="javascript:Recaptcha.switch_type(\'image\')">' . $strgetanimagecaptcha . '</a></div>
</div>';

return $html . recaptcha_get_html($CFG->recaptchapublickey, $error);
return $html . recaptcha_get_html($CFG->recaptchapublickey, $error, $this->_https);
}

/**
Expand Down Expand Up @@ -126,7 +131,8 @@ function verify($challenge_field, $response_field) {
$response = recaptcha_check_answer($CFG->recaptchaprivatekey,
$_SERVER['REMOTE_ADDR'],
$challenge_field,
$response_field);
$response_field,
$this->_https);
if (!$response->is_valid) {
$attributes = $this->getAttributes();
$attributes['error_message'] = $response->error;
Expand Down
30 changes: 18 additions & 12 deletions lib/recaptchalib.php
View file
Expand Up @@ -64,8 +64,13 @@ function _recaptcha_qsencode ($data) {
* @param int port
* @return array response
*/
function _recaptcha_http_post($host, $path, $data, $port = 80) {
function _recaptcha_http_post($host, $path, $data, $port = 80, $https=false) {
global $CFG;
$protocol = 'http';
if ($https) {
$protocol = 'https';
}

require_once $CFG->libdir . '/filelib.php';

$req = _recaptcha_qsencode ($data);
Expand All @@ -76,7 +81,7 @@ function _recaptcha_http_post($host, $path, $data, $port = 80) {
$headers['Content-Length'] = strlen($req);
$headers['User-Agent'] = 'reCAPTCHA/PHP';

$results = download_file_content('http://' . $host . $path, $headers, $data);
$results = download_file_content("$protocol://" . $host . $path, $headers, $data, false, 300, 20, true);

if ($results) {
return array(1 => $results);
Expand Down Expand Up @@ -118,7 +123,7 @@ function recaptcha_get_html ($pubkey, $error = null, $use_ssl = false) {
}

require_once $CFG->libdir . '/filelib.php';
$html = download_file_content($server . '/noscript?k=' . $pubkey . $errorpart);
$html = download_file_content($server . '/noscript?k=' . $pubkey . $errorpart, null, null, false, 300, 20, true);
preg_match('/image\?c\=([A-Za-z0-9\-\_]*)\"/', $html, $matches);
$challenge_hash = $matches[1];
$image_url = $server . '/image?c=' . $challenge_hash;
Expand Down Expand Up @@ -185,7 +190,7 @@ class ReCaptchaResponse {
* @param string $response
* @return ReCaptchaResponse
*/
function recaptcha_check_answer ($privkey, $remoteip, $challenge, $response)
function recaptcha_check_answer ($privkey, $remoteip, $challenge, $response, $https=false)
{
if ($privkey == null || $privkey == '') {
die ("To use reCAPTCHA you must get an API key from <a href='http://recaptcha.net/api/getkey'>http://recaptcha.net/api/getkey</a>");
Expand All @@ -205,14 +210,15 @@ function recaptcha_check_answer ($privkey, $remoteip, $challenge, $response)
return $recaptcha_response;
}

$response = _recaptcha_http_post (RECAPTCHA_VERIFY_SERVER, "/verify",
array (
'privatekey' => $privkey,
'remoteip' => $remoteip,
'challenge' => $challenge,
'response' => $response
)
);
$response = _recaptcha_http_post(RECAPTCHA_VERIFY_SERVER, "/verify",
array (
'privatekey' => $privkey,
'remoteip' => $remoteip,
'challenge' => $challenge,
'response' => $response
),
$https
);

$answers = explode ("\n", $response [1]);
$recaptcha_response = new ReCaptchaResponse();
Expand Down
2 changes: 1 addition & 1 deletion login/signup_form.php
View file
Expand Up @@ -64,7 +64,7 @@ function definition() {
}

if (signup_captcha_enabled()) {
$mform->addElement('recaptcha', 'recaptcha_element', get_string('recaptcha', 'auth'));
$mform->addElement('recaptcha', 'recaptcha_element', get_string('recaptcha', 'auth'), array('https' => $CFG->loginhttps));
$mform->setHelpButton('recaptcha_element', array('recaptcha', get_string('recaptcha', 'auth')));
}

Expand Down

0 comments on commit 83947a3

Please sign in to comment.