<?php
/*
* Name: form_security.class.php
* Function: contains routines created to stop people from using 'bots' to auto complete the forms with spam info.
* I/O: functions take various parmaters, Some return values.
* By: M. Ward
*
*/
class FormSecurity {
protected $Crypted;
/*******************************************
* name: getStoredCrypt
* function: returns a (presumably) encrypted value from the class variable $Crypted
* I/O: returns the contents of $Crypted
* Date: 04/24/08
* By: M. Ward
*******************************************/
function getStoredCrypt() {
return $this->Crypted;
}
/*******************************************
* name: setStoredCrypt
* function: stores a (presumably) encrypted value in the class variable $Crypted
* I/O: stores the passed value in $Crypted
* Date: 04/24/08
* By: M. Ward
*******************************************/
function setStoredCrypt($_Crypted) {
$this->Crypted = $_Crypted;
}
/**************************************
*
* Name: HardSecureQuestion
* Function: This function generates a relatively hard(2 operations and 3 values) random mathematical question and prints it to the bottom
* of the calling page.
* I/O: takes the following inputs:
* random salt string(will error if not provided), limit on the random values(1..X) defaults to 100
* produces the following output
* the text for the question, or an error if no salt was given
* hidden input type.
* Date: Nov 21/05
* Updated: Apr 23/08
* By: M. Ward
*
***************************************/
function HardSecureQuestion( $salt = "", $limit = 100 ) {
//get the 3 values and 2 functions
$Security_Values = array(mt_rand(1,$limit), mt_rand(1,$limit), mt_rand(1,$limit), mt_rand(0,1),mt_rand(0,1) );
//sort out the operators
$Operators = array('+','-');
//check to see if salt is blank
if( $salt == "" ) {
print("<p>Error in SecureQuestion: You didn't specify a salt value to encrypt with.</p>");
return;
}
//compute the result the hard way.
if ( $Security_Values[3] == 0)
$Result = $Security_Values[0] + $Security_Values[1];
else
$Result = $Security_Values[0] - $Security_Values[1];
if ( $Security_Values[4] == 0)
$Result = $Result + $Security_Values[2];
else
$Result = $Result - $Security_Values[2];
$this->setStoredCrypt($this->Crypt($Result,$salt) );
//return the computation string
return ($Security_Values[0]." ".$Operators[$Security_Values[3]]." ".$Security_Values[1]." ".$Operators[$Security_Values[4]]." ".$Security_Values[2]);
}
/**************************************
*
* Name: EasySecureQuestion
* Function: This function generates a relatively easy(1 operation and 2 values) random mathematical question and prints it to the bottom
* of the calling page.
* I/O: takes the following inputs:
* random salt string(will error if not provided), limit on the random values(1..X) defaults to 10
* produces the following output
* the text for the question, or an error if no salt was given
* hidden input type.
* Date: Apr 24/08
* By: M. Ward
*
***************************************/
function EasySecureQuestion( $salt = "", $limit = 10 ) {
//get the 2 values and 1 function
$Security_Values = array(mt_rand(1,$limit), mt_rand(1,$limit), mt_rand(0,1) );
//sort out the operators
$Operators = array('+','-');
//check to see if salt is blank
if( $salt == "" ) {
print("<p>Error in SecureQuestion: You didn't specify a salt value to encrypt with.</p>");
return;
}
//compute the result .
if ( $Security_Values[2] == 0)
$Result = $Security_Values[0] + $Security_Values[1];
else
$Result = $Security_Values[0] - $Security_Values[1];
$this->setStoredCrypt($this->Crypt($Result,$salt) );
//return the computation string
return ($Security_Values[0]." ".$Operators[$Security_Values[2]]." ".$Security_Values[1]);
}
/*********************************************
*
* Name: Crypt
* Function: encrypts the passed key and returns the binary safe result
* I/O: Takes the value to be encrypted, and it's salt and returns the encrypted data
* Date: Nov 23/05
* Updated: Apr 24/08
* By: M. Ward
*
* ********************************************/
function Crypt( $key,$salt ) {
if( $salt == "" ) {
print("<p>Error in Crypt: You didn't specify a password to encrypt with.</p>");
return -1;
}
if( !isset($key) ) {
print("<p>Error in Crypt: You didn't specify a value to encrypt.</p>");
return -1;
}
$crypt = crypt($key,$salt);
//now serialise the data
$crypt = serialize($crypt);
//binary safe encode
$crypt = base64_encode($crypt);
//return value
return $crypt;
}
/*********************************************
*
* Name: DeCrypt
* Function: de-packs the binary safe result of the Cryp function above into the plain crypto text
* I/O: Takes the value to be unpacked
* Date: Nov 23/05
* Updated: Apr 24/08
* By: M. Ward
*
*********************************************/
function DeCrypt ( $crypto ) {
if( $crypto == "" ) {
print("<p>Error in DeCrypt: You didn't specify a value to decrypt.</p>");
return -1;
}
//decode
$crypt = base64_decode($crypto);
//unserialize
$crypt = unserialize($crypt);
return $crypt;
}
/********************************************
* Name: Verify
* Function: given a key, a salt and the results from the Crypt function above, it determines if the encrypted
* result of key and salt equals the unpacked crypto value.
* I/O: Takes the key and it's encryption salt(which must match what was used to generate $crypto), and the binary safe results of the Crypt function.
* Returns 1 if they are equal, 0 otherwise.
* Date: Apr 24/08
* By: M. Ward
*******************************************/
function Verify( $key, $salt, $crypto ) {
//check to see if salt is blank
if( $salt == "" ) {
print("<p>Error in Verify: You didn't specify a password to encrypt with.</p>");
return -1;
}
if( !isset($key) ) {
print("<p>Error in Verify: You didn't specify a value to encrypt.</p>");
return -1;
}
if( $crypto == "" ) {
print("<p>Error in Verify: You didn't specify a crypto value to compare.</p>");
return -1;
}
$crypt = $this->DeCrypt( $crypto );
if( crypt( $key, $salt ) == $crypt ) return 1; else return 0;
}
}
?>