Allow local securimage captcha to be run without cURL library

2 years ago · 58d719c7f9
4 changed files with 74 additions and 47 deletions
--- a/inc/config.php
+++ b/inc/config.php
@ -328,18 +328,29 @@
 	$config['captcha']['enabled'] = false;

 	//New thread captcha
- 	//Require solving a captcha to post a thread. 
- 	//Default off.
- 	$config['new_thread_capt'] = false;
+	//Require solving a captcha to post a thread. 
+	//Default off.
+	$config['new_thread_capt'] = false;
+
+	// Directly use the local securimage captcha (or another local file) instead of making cURL requests
+	// This probably increases speed and reduces potential misconfiguration issues.
+	$config['captcha']['local'] = true;

 	// Custom captcha get provider path (if not working get the absolute path aka your url.)
-	$config['captcha']['provider_get'] = '../inc/captcha/entrypoint.php';
+	$config['captcha']['provider_get'] = '/securimage.php';
 	// Custom captcha check provider path
-	$config['captcha']['provider_check'] = '../inc/captcha/entrypoint.php';
+	$config['captcha']['provider_check'] = '/securimage.php';

 	// Custom captcha extra field (eg. charset)
 	$config['captcha']['extra'] = 'abcdefghijklmnopqrstuvwxyz';
 	
+	// Custom options for the local securimage captcha.
+	// See https://github.com/dapphp/securimage/blob/master/securimage.php#L236
+	$config['captcha']['securimage_options'] = array(
+		'send_headers' => false,
+		'no_exit' => true
+	);
+	
 	// Ability to lock a board for normal users and still allow mods to post.  Could also be useful for making an archive board
 	$config['board_locked'] = false;

--- a/post.php
+++ b/post.php
@ -322,17 +322,24 @@ if (isset($_POST['delete'])) {
 	}

 	if ($config['report_captcha']) {
-		$ch = curl_init($config['domain'].'/'.$config['captcha']['provider_check'] . "?" . http_build_query([
-			'mode' => 'check',
-			'text' => $_POST['captcha_text'],
-			'extra' => $config['captcha']['extra'],
-			'cookie' => $_POST['captcha_cookie']
-		]));
-		curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
-		$resp = curl_exec($ch);
-
-		if ($resp !== '1') {
-                        error($config['error']['captcha']);
+		if ($config['captcha']['local']) {
+			require_once '.' . $config['captcha']['provider_check'];
+			if (!captcha_check($_POST['captcha_cookie'], $config['captcha']['extra'], $_POST['captcha_text'])) {
+				error($config['error']['captcha']);
+			}
+		} else {
+			$ch = curl_init($config['domain'].$config['captcha']['provider_check'] . "?" . http_build_query([
+				'mode' => 'check',
+				'text' => $_POST['captcha_text'],
+				'extra' => $config['captcha']['extra'],
+				'cookie' => $_POST['captcha_cookie']
+			]));
+			curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+			$resp = curl_exec($ch);
+
+			if ($resp !== '1') {
+		                    error($config['error']['captcha']);
+			}
 		}
 	}
 	
@ -431,18 +438,25 @@ if (isset($_POST['delete'])) {
 		}
 		// Same, but now with our custom captcha provider
 		if (($config['captcha']['enabled']) || (($post['op']) && ($config['new_thread_capt'])) ) {
-			$ch = curl_init($config['domain'].'/'.$config['captcha']['provider_check'] . "?" . http_build_query([
-				'mode' => 'check',
-				'text' => $_POST['captcha_text'],
-				'extra' => $config['captcha']['extra'],
-				'cookie' => $_POST['captcha_cookie']
-			]));
-			curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
-			$resp = curl_exec($ch);
-
-			if ($resp !== '1') {
-		                    error($config['error']['captcha'] .
-				'<script>if (actually_load_captcha !== undefined) actually_load_captcha("'.$config['captcha']['provider_get'].'", "'.$config['captcha']['extra'].'");</script>');
+ 			if ($config['captcha']['local']) {
+ 				require_once '.' . $config['captcha']['provider_check'];
+				if (!captcha_check($_POST['captcha_cookie'], $config['captcha']['extra'], $_POST['captcha_text'])) {
+					error($config['error']['captcha']);
+				}
+ 			} else { 			
+				$ch = curl_init($config['domain'].$config['captcha']['provider_check'] . "?" . http_build_query([
+					'mode' => 'check',
+					'text' => $_POST['captcha_text'],
+					'extra' => $config['captcha']['extra'],
+					'cookie' => $_POST['captcha_cookie']
+				]));
+				curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+				$resp = curl_exec($ch);
+
+				if ($resp !== '1') {
+				                error($config['error']['captcha'] .
+					'<script>if (actually_load_captcha !== undefined) actually_load_captcha("'.$config['captcha']['provider_get'].'", "'.$config['captcha']['extra'].'");</script>');
+				}
 			}
 		}

--- a/securimage.php
+++ b/securimage.php
@ -15,6 +15,22 @@ function cleanup() {
 	prepare("DELETE FROM `captchas` WHERE `created_at` < ?")->execute([time() - $expires_in]);
 }

+function captcha_check($cookie, $extra, $text) {
+		cleanup();
+		$query = prepare("SELECT * FROM `captchas` WHERE `cookie` = ? AND `extra` = ?");
+		$query->execute([$cookie, $extra]);
+
+		$ary = $query->fetchAll();
+
+		if (!$ary) {
+			return false;
+		} else {
+			$query = prepare("DELETE FROM `captchas` WHERE `cookie` = ? AND `extra` = ?");
+			$query->execute([$cookie, $extra]);
+		}
+
+		return ($ary[0]['text'] === $text);
+}

 $mode = @$_GET['mode'];
 switch ($mode) {
@ -26,7 +42,7 @@ switch ($mode) {
 		header("Content-type: application/json");
 		$extra = $_GET['extra'];
 		$cookie = rand_string(20, "abcdefghijklmnopqrstuvwxyz");
-		$i = new Securimage(['send_headers' => false, 'no_exit' => true]);
+		$i = new Securimage($config['captcha']['securimage_options']);
 		$i->createCode();
 		ob_start();
 		$i->show();
@ -46,27 +62,13 @@ switch ($mode) {
 		}
 		break;
 	case 'check':
-		cleanup();
 		if (!isset ($_GET['mode']) || !isset ($_GET['cookie']) || !isset ($_GET['extra']) || !isset ($_GET['text'])) {
 			die();
 		}
-
-		$query = prepare("SELECT * FROM `captchas` WHERE `cookie` = ? AND `extra` = ?");
-		$query->execute([$_GET['cookie'], $_GET['extra']]);
-
-		$ary = $query->fetchAll();
-
-		if (!$ary) {
-			echo "0";
+		if (captcha_check($_GET['cookie'], $_GET['extra'], $_GET['text'])){
+			echo "1";
 		} else {
-			$query = prepare("DELETE FROM `captchas` WHERE `cookie` = ? AND `extra` = ?");
-			$query->execute([$_GET['cookie'], $_GET['extra']]);
-		}
-
-		if ($ary[0]['text'] !== $_GET['text']) {
 			echo "0";
-		} else {
-			echo "1";
 		}
 		break;
 }
--- a/templates/post_form.html
+++ b/templates/post_form.html
@ -91,7 +91,7 @@
 				<noscript>
 					<input class='captcha_text' type='text' name='captcha_text' size='32' maxlength='6' autocomplete='off'>
 					<div class="captcha_html">
-						<img src="/{{ config.captcha.provider_get }}?mode=get&raw=1">
+						<img src="{{ config.captcha.provider_get }}?mode=get&raw=1">
 					</div>
 				</noscript>
 			</td>
@ -107,7 +107,7 @@
 				<noscript>
 					<input class='captcha_text' type='text' name='captcha_text' size='32' maxlength='6' autocomplete='off'>
 					<div class="captcha_html">
-						<img src="/{{ config.captcha.provider_get }}?mode=get&raw=1">
+						<img src="{{ config.captcha.provider_get }}?mode=get&raw=1">
 					</div>
 				</noscript>
                        </td>