PHP Класс Prado\Web\UI\WebControls\TCaptcha
Notice: while this class is easy to use and implement, it does not provide full security.
In fact, it's easy to bypass the checks reusing old, already-validated tokens (reply attack).
A better alternative is provided by {@link TReCaptcha}.
TCaptcha displays a CAPTCHA (a token displayed as an image) that can be used
to determine if the input is entered by a real user instead of some program.
Unlike other CAPTCHA scripts, TCaptcha does not need session or cookie.
The token (a string consisting of alphanumeric characters) displayed is automatically
generated and can be configured in several ways. To specify the length of characters
in the token, set {@link setMinTokenLength MinTokenLength} and {@link setMaxTokenLength MaxTokenLength}.
To use case-insensitive comparison and generate upper-case-only token, set {@link setCaseSensitive CaseSensitive}
to false. Advanced users can try to set {@link setTokenAlphabet TokenAlphabet}, which
specifies what characters can appear in tokens.
The validation of the token is related with two properties: {@link setTestLimit TestLimit}
and {@link setTokenExpiry TokenExpiry}. The former specifies how many times a token can
be tested with on the server side, and the latter says when a generated token will expire.
To specify the appearance of the generated token image, set {@link setTokenImageTheme TokenImageTheme}
to be an integer between 0 and 63. And to adjust the generated image size, set {@link setTokenFontSize TokenFontSize}
(you may also set {@link TWebControl::setWidth Width}, but the scaled image may not look good.)
By setting {@link setChangingTokenBackground ChangingTokenBackground} to true, the image background
of the token will be variating even though the token is the same during postbacks.
Upon postback, user input can be validated by calling {@link validate()}.
The {@link TCaptchaValidator} control can also be used to do validation, which provides
client-side validation besides the server-side validation. By default, the token will
remain the same during multiple postbacks. A new one can be generated by calling
{@link regenerateToken()} manually.
The following template shows a typical use of TCaptcha control:
Показать файл
Открыть проект
Открытые методы
Защищенные методы
Описание методов
checkRequirements()
публичный статический Метод
TCaptach requires GD2 with TrueType font support and PNG image support.
generatePrivateKeyFile()
защищенный Метод
Generates a file with a randomly generated private key.
generateRandomKey()
защищенный Метод
generateToken()
защищенный Метод
protected generateToken ( $publicKey, $privateKey, $alphabet, $tokenLength, $caseSensitive ) : string |
Результат |
string |
the token generated. |
getCaptchaScriptFile()
защищенный Метод
getCaseSensitive()
публичный Метод
getChangingTokenBackground()
публичный Метод
getFontFile()
защищенный Метод
getIsTokenExpired()
публичный Метод
getMaxTokenLength()
публичный Метод
getMinTokenLength()
публичный Метод
getPrivateKey()
публичный Метод
public getPrivateKey ( ) : string |
Результат |
string |
the private key used for generating the token. This is randomly generated and kept in a file for persistency. |
getPublicKey()
публичный Метод
public getPublicKey ( ) : string |
Результат |
string |
the public key used for generating the token. A random one will be generated and returned if this is not set. |
getTestLimit()
публичный Метод
getToken()
публичный Метод
getTokenAlphabet()
публичный Метод
public getTokenAlphabet ( ) : string |
Результат |
string |
the characters that may appear in the token. Defaults to '234578adefhijmnrtABDEFGHJLMNRT'. |
getTokenExpiry()
публичный Метод
public getTokenExpiry ( ) : integer |
Результат |
integer |
the number of seconds that a generated token will remain valid. Defaults to 600 seconds (10 minutes). |
getTokenFontSize()
публичный Метод
getTokenImageOptions()
защищенный Метод
getTokenImageTheme()
публичный Метод
getTokenLength()
защищенный Метод
hash2string()
защищенный Метод
Converts a hash string into a string with characters consisting of alphanumeric characters.
onPreRender()
публичный Метод
Configures the image URL that shows the token.
regenerateToken()
публичный Метод
By default, a token, once generated, will remain the same during the following page postbacks.
Calling this method will generate a new token.
setCaseSensitive()
публичный Метод
setChangingTokenBackground()
публичный Метод
setMaxTokenLength()
публичный Метод
setMinTokenLength()
публичный Метод
setPublicKey()
публичный Метод
setTestLimit()
публичный Метод
setTokenAlphabet()
публичный Метод
setTokenExpiry()
публичный Метод
setTokenFontSize()
публичный Метод
This property affects the generated token image size.
The image width is proportional to this font size.
setTokenImageTheme()
публичный Метод
You may test each theme to find out the one you like the most.
Below is the explanation of the theme value:
It is treated as a 5-bit integer. Each bit toggles a specific feature of the image.
Bit 0 (the least significant): whether the image is opaque (1) or transparent (0).
Bit 1: whether we should add white noise to the image (1) or not (0).
Bit 2: whether we should add a grid to the image (1) or not (0).
Bit 3: whether we should add some scribbles to the image (1) or not (0).
Bit 4: whether the image background should be morphed (1) or not (0).
Bit 5: whether the token text should cast a shadow (1) or not (0).
validate()
публичный Метод
Validates a user input with the token.