Changeset 60431 in spip-zone

Timestamp:

Apr 16, 2012, 10:34:09 PM (9 years ago)

Author:

gilles.vincent@…

Message:

Mise a jour de l'antispam base sur reCaptcha

Location:

_plugins_/antispam-recaptcha

Files:

• fonctions_recaptcha.php (modified) (3 diffs)
• plugin.xml (modified) (3 diffs)
• recaptchalib.php (modified) (13 diffs)

_plugins_/antispam-recaptcha/fonctions_recaptcha.php

@@ -9 +9 @@
 if (!defined("_ECRIRE_INC_VERSION")) return;
 
-// http://recaptcha.googlecode.com/files/recaptcha-php-1.8.zip
+// http://recaptcha.googlecode.com/files/recaptcha-php-1.11.zip
 function get_recaptcha_keys($force = false) {
         if ($force
@@ -18 +18 @@
                 include_spip('inc/distant');
                 include_spip('inc/texte');
-                $u = textebrut(recuperer_page('http://mailhide.recaptcha.net/apikey'));
-                if(!preg_match(',Public Key:(.*),i', $u, $r1)
-                OR !preg_match(',Private Key:(.*),i', $u, $r2)) {
+                include_spip('inc/filtres');
+                $u = translitteration(textebrut(recuperer_page('http://www.google.com/recaptcha/mailhide/apikey')));
+                if(!preg_match(',Cl([^p]+)publique:(.*),i', $u, $r1) // La page retourne des accents qui (pour l'instant) sont errones, donc ne passent pas la translitteration
+                OR !preg_match(',Cl([^p]+)prive:(.*),i', $u, $r2)) {
                         spip_log('erreur recaptcha n\'a pas donne de cle : '.$u);
                         return false;
@@ -26 +27 @@
 
                 $keys = array(
-                        'public' => trim($r1[1]),
-                        'private' => trim($r2[1])
+                        'public' => trim($r1[2]),
+                        'private' => trim($r2[2])
                 );
+                
                 ecrire_meta('recaptcha_keys', serialize($keys));
                 ecrire_metas();
-        }
-
+        } 
+        
         return $keys;
 }

_plugins_/antispam-recaptcha/plugin.xml

@@ -2 +2 @@
         <nom>Antispam reCAPTCHA</nom>
         <auteur>Fil</auteur>
-        <version>0.1.0</version>
+        <version>0.2.0</version>
         <etat>dev</etat>
         <slogan>Filtre antispam pour vos emails</slogan>
@@ -8 +8 @@
 Ce plugin fournit un filtre <code>|antispam</code> (fonction <code>filtre_antispam()</code>) pour prot&#233;ger les emails avec un test de reCAPTCHA. A sa premi&#232;re utilisation, le plugin va chercher tout seul une cl&#233; d'activation sur le site de reCAPTCHA.
 
-Le principal d&#233;faut de ce service est qu'il n'est disponible qu'en anglais seulement pour le moment.
+Le principal d&#233;faut de ce service est qu'on ne peut pas d&#233;finir la langue comme on le souhaite
         </description>
         <lien>http://www.spip-contrib.net/reCAPTCHA</lien>
@@ -18 +18 @@
         <chemin dir='' />
         <categorie>performance</categorie>
-        <necessite id="SPIP" version="[1.9.2;1.9.2]" />
+        <necessite id="SPIP" version="[1.9.2;2.1.99]" />
 </plugin>

_plugins_/antispam-recaptcha/recaptchalib.php

@@ -5 +5 @@
  *          http://recaptcha.net/plugins/php/
  *    - Get a reCAPTCHA API Key
- *          http://recaptcha.net/api/getkey
+ *          https://www.google.com/recaptcha/admin/create
  *    - Discussion group
  *          http://groups.google.com/group/recaptcha
@@ -36 +36 @@
  * The reCAPTCHA server URL's
  */
-$recaptcha_api_server = 'http://api.recaptcha.net';
-$recaptcha_api_secure_server = 'https://api-secure.recaptcha.net';
-$recaptcha_verify_server = 'api-verify.recaptcha.net';
-
+define("RECAPTCHA_API_SERVER", "http://www.google.com/recaptcha/api");
+define("RECAPTCHA_API_SECURE_SERVER", "https://www.google.com/recaptcha/api");
+define("RECAPTCHA_VERIFY_SERVER", "www.google.com");
 
 /**
@@ -107 +106 @@
 function recaptcha_get_html ($pubkey, $error = null, $use_ssl = false)
 {
-        global $recaptcha_api_server, $recaptcha_api_secure_server;
-
         if ($pubkey == null || $pubkey == '') {
-                die ("To use reCAPTCHA you must get an API key from <a href='http://recaptcha.net/api/getkey'>http://recaptcha.net/api/getkey</a>");
+                die ("To use reCAPTCHA you must get an API key from <a href='https://www.google.com/recaptcha/admin/create'>https://www.google.com/recaptcha/admin/create</a>");
         }
         
         if ($use_ssl) {
-           $server = $recaptcha_api_secure_server;
+                $server = RECAPTCHA_API_SECURE_SERVER;
         } else {
-           $server = $recaptcha_api_server;
-        }
+                $server = RECAPTCHA_API_SERVER;
+        }
+
         $errorpart = "";
         if ($error) {
@@ -125 +123 @@
 
         <noscript>
-                <iframe src="'. $server . '/noscript?k=' . $pubkey . $errorpart . '" height="300" width="500" frameborder="0"></iframe><br>
+                <iframe src="'. $server . '/noscript?k=' . $pubkey . $errorpart . '" height="300" width="500" frameborder="0"></iframe><br/>
                 <textarea name="recaptcha_challenge_field" rows="3" cols="40"></textarea>
-                <input type="hidden" name="recaptcha_response_field" value="manual_challenge">
+                <input type="hidden" name="recaptcha_response_field" value="manual_challenge"/>
         </noscript>';
 }
@@ -149 +147 @@
   * @param string $challenge
   * @param string $response
+  * @param array $extra_params an array of extra variables to post to the server
   * @return ReCaptchaResponse
   */
-function recaptcha_check_answer ($privkey, $remoteip, $challenge, $response)
+function recaptcha_check_answer ($privkey, $remoteip, $challenge, $response, $extra_params = array())
 {
         if ($privkey == null || $privkey == '') {
-                die ("To use reCAPTCHA you must get an API key from <a href='http://recaptcha.net/api/getkey'>http://recaptcha.net/api/getkey</a>");
+                die ("To use reCAPTCHA you must get an API key from <a href='https://www.google.com/recaptcha/admin/create'>https://www.google.com/recaptcha/admin/create</a>");
         }
 
@@ -171 +170 @@
         }
 
-        global $recaptcha_verify_server;
-        $response = _recaptcha_http_post ($recaptcha_verify_server, "/verify",
+        $response = _recaptcha_http_post (RECAPTCHA_VERIFY_SERVER, "/recaptcha/api/verify",
                                           array (
                                                  'privatekey' => $privkey,
@@ -178 +176 @@
                                                  'challenge' => $challenge,
                                                  'response' => $response
-                                                 )
+                                                 ) + $extra_params
                                           );
 
@@ -203 +201 @@
  */
 function recaptcha_get_signup_url ($domain = null, $appname = null) {
-        return "http://recaptcha.net/api/getkey?" .  _recaptcha_qsencode (array ('domain' => $domain, 'app' => $appname));
-}
-
-
+        return "https://www.google.com/recaptcha/admin/create?" .  _recaptcha_qsencode (array ('domains' => $domain, 'app' => $appname));
+}
+
+function _recaptcha_aes_pad($val) {
+        $block_size = 16;
+        $numpad = $block_size - (strlen ($val) % $block_size);
+        return str_pad($val, strlen ($val) + $numpad, chr($numpad));
+}
 
 /* Mailhide related code */
@@ -216 +218 @@
         $mode=MCRYPT_MODE_CBC;   
         $enc=MCRYPT_RIJNDAEL_128;
-        $val=str_pad($val, (16*(floor(strlen($val) / 16)+(strlen($val) % 16==0?2:1))), chr(16-(strlen($val) % 16)));
+        $val=_recaptcha_aes_pad($val);
         return mcrypt_encrypt($enc, $ky, $val, $mode, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0");
 }
@@ -229 +231 @@
         if ($pubkey == '' || $pubkey == null || $privkey == "" || $privkey == null) {
                 die ("To use reCAPTCHA Mailhide, you have to sign up for a public and private key, " .
-                     "you can do so at <a href='http://mailhide.recaptcha.net/apikey'>http://mailhide.recaptcha.net/apikey</a>");
+                     "you can do so at <a href='http://www.google.com/recaptcha/mailhide/apikey'>http://www.google.com/recaptcha/mailhide/apikey</a>");
         }
         
@@ -236 +238 @@
         $cryptmail = _recaptcha_aes_encrypt ($email, $ky);
         
-        return "http://mailhide.recaptcha.net/d?k=" . $pubkey . "&c=" . _recaptcha_mailhide_urlbase64 ($cryptmail);
+        return "http://www.google.com/recaptcha/mailhide/d?k=" . $pubkey . "&c=" . _recaptcha_mailhide_urlbase64 ($cryptmail);
 }
 
@@ -261 +263 @@
  * to get a key, go to:
  *
- * http://mailhide.recaptcha.net/apikey
+ * http://www.google.com/recaptcha/mailhide/apikey
  */
 function recaptcha_mailhide_html($pubkey, $privkey, $email) {
@@ -268 +270 @@
         
         return htmlentities($emailparts[0]) . "<a href='" . htmlentities ($url) .
-                "' onclick=\"window.open(this.href, '', 'toolbar=0,scrollbars=0,location=0,statusbar=0,menubar=0,resizable=0,width=500,height=300'); return false;\" title=\"Reveal this e-mail address\">...</a>@" . htmlentities ($emailparts [1]);
+                "' onclick=\"window.open('" . htmlentities ($url) . "', '', 'toolbar=0,scrollbars=0,location=0,statusbar=0,menubar=0,resizable=0,width=500,height=300'); return false;\" title=\"Reveal this e-mail address\">...</a>@" . htmlentities ($emailparts [1]);
 
 }