system/form_security.class.php - www.eclipse.org/eclipse.org-common - Git at Google

 <?php
 /*
  * Name: form_security.class.php
  * Function: contains routines created to stop people from using 'bots' to auto complete the forms with spam info.
  * I/O: functions take various parmaters, Some return values.
  * By: M. Ward
  *
  */

 class FormSecurity {

   protected $Crypted;

   /*******************************************
   * name: getStoredCrypt
   * function: returns a (presumably) encrypted value from the class variable $Crypted
   * I/O: returns the contents of $Crypted
   * Date: 04/24/08
   * By: M. Ward
   *******************************************/
   function getStoredCrypt() {
     return $this->Crypted;
   }
   /*******************************************
   * name: setStoredCrypt
   * function: stores a (presumably) encrypted value in the class variable $Crypted
   * I/O: stores the passed value in $Crypted
   * Date: 04/24/08
   * By: M. Ward
   *******************************************/
   function setStoredCrypt($_Crypted) {
     $this->Crypted = $_Crypted;
   }

   /**************************************
   *
   * Name: HardSecureQuestion
   * Function: This function generates a relatively hard(2 operations and 3 values) random mathematical question and prints it to the bottom
   * of the calling page.
   * I/O: takes the following inputs:
   *		random salt string(will error if not provided), limit on the random values(1..X) defaults to 100
   *	      produces the following output
   *		the text for the question, or an error if no salt was given
   * hidden input type.
   * Date: Nov 21/05
   * Updated: Apr 23/08
   * By: M. Ward
   *
   ***************************************/
   function HardSecureQuestion( $salt = "", $limit = 100 ) {
     //get the  3 values and 2 functions
     $Security_Values = array(mt_rand(1,$limit), mt_rand(1,$limit), mt_rand(1,$limit), mt_rand(0,1),mt_rand(0,1) );
     //sort out the operators
     $Operators = array('+','-');

     //check to see if salt is blank
     if( $salt == "" ) {
       print("<p>Error in SecureQuestion:  You didn't specify a salt value to encrypt with.</p>");
       return;
     }

     //compute the result the hard way.
     if ( $Security_Values[3] == 0)
       $Result = $Security_Values[0] + $Security_Values[1];
     else
       $Result = $Security_Values[0] - $Security_Values[1];
     if ( $Security_Values[4] == 0)
       $Result = $Result + $Security_Values[2];
     else
       $Result = $Result - $Security_Values[2];

     $this->setStoredCrypt($this->Crypt($Result,$salt) );

     //return the computation string
     return ($Security_Values[0]." ".$Operators[$Security_Values[3]]." ".$Security_Values[1]." ".$Operators[$Security_Values[4]]." ".$Security_Values[2]);

   }

   /**************************************
   *
   * Name: EasySecureQuestion
   * Function: This function generates a relatively easy(1 operation and 2 values) random mathematical question and prints it to the bottom
   * of the calling page.
   * I/O: takes the following inputs:
   *		random salt string(will error if not provided), limit on the random values(1..X) defaults to 10
   *	      produces the following output
   *		the text for the question, or an error if no salt was given
   * hidden input type.
   * Date: Apr 24/08
   * By: M. Ward
   *
   ***************************************/
   function EasySecureQuestion( $salt = "", $limit = 10 ) {
     //get the  2 values and 1 function
     $Security_Values = array(mt_rand(1,$limit), mt_rand(1,$limit), mt_rand(0,1) );
     //sort out the operators
     $Operators = array('+','-');

     //check to see if salt is blank
     if( $salt == "" ) {
       print("<p>Error in SecureQuestion:  You didn't specify a salt value to encrypt with.</p>");
       return;
     }

     //compute the result .
     if ( $Security_Values[2] == 0)
       $Result = $Security_Values[0] + $Security_Values[1];
     else
       $Result = $Security_Values[0] - $Security_Values[1];

     $this->setStoredCrypt($this->Crypt($Result,$salt) );

     //return the computation string
     return ($Security_Values[0]." ".$Operators[$Security_Values[2]]." ".$Security_Values[1]);

   }


   /*********************************************
   *
   * Name: Crypt
   * Function:  encrypts the passed key and returns the binary safe result
   * I/O: Takes the value to be encrypted, and it's salt and returns the encrypted data
   * Date: Nov 23/05
   * Updated: Apr 24/08
   * By: M. Ward
   *
   * ********************************************/
   function Crypt( $key,$salt ) {
     if( $salt == "" ) {
       print("<p>Error in Crypt:  You didn't specify a password to encrypt with.</p>");
       return -1;
     }
     if( !isset($key) ) {
       print("<p>Error in Crypt:  You didn't specify a value to encrypt.</p>");
       return -1;
     }
     $crypt = crypt($key,$salt);
     //now serialise the data
     $crypt = serialize($crypt);
     //binary safe encode
     $crypt = base64_encode($crypt);
     //return value
     return $crypt;
   }

   /*********************************************
   *
   * Name: DeCrypt
   * Function: de-packs the binary safe result of the Cryp function above into the plain crypto text
   * I/O: Takes the value to be unpacked
   * Date: Nov 23/05
   * Updated: Apr 24/08
   * By: M. Ward
   *
   *********************************************/
   function DeCrypt ( $crypto ) {
     if( $crypto == "" ) {
       print("<p>Error in DeCrypt:  You didn't specify a value to decrypt.</p>");
       return -1;
     }
     //decode
     $crypt = base64_decode($crypto);
     //unserialize
     $crypt = unserialize($crypt);
     return $crypt;
   }

   /********************************************
   * Name: Verify
   * Function: given a key, a salt and the results from the Crypt function above, it determines if the encrypted
   * result of key and salt equals the unpacked crypto value.
   * I/O: Takes the key and it's encryption salt(which must match what was used to generate $crypto), and the binary safe results of the Crypt function.
   * Returns 1 if they are equal, 0 otherwise.
   * Date: Apr 24/08
   * By: M. Ward
   *******************************************/
   function Verify( $key, $salt, $crypto ) {
     //check to see if salt is blank
     if( $salt == "" ) {
       print("<p>Error in Verify:  You didn't specify a password to encrypt with.</p>");
       return -1;
     }
     if( !isset($key) ) {
       print("<p>Error in Verify:  You didn't specify a value to encrypt.</p>");
       return -1;
     }
     if( $crypto == "" ) {
       print("<p>Error in Verify:  You didn't specify a crypto value to compare.</p>");
       return -1;
     }

     $crypt = $this->DeCrypt( $crypto );
     if( crypt( $key, $salt ) == $crypt ) return 1; else return 0;
   }
 }
 ?>
	<?php
	/*
	* Name: form_security.class.php
	* Function: contains routines created to stop people from using 'bots' to auto complete the forms with spam info.
	* I/O: functions take various parmaters, Some return values.
	* By: M. Ward
	*
	*/

	class FormSecurity {

	protected $Crypted;

	/*******************************************
	* name: getStoredCrypt
	* function: returns a (presumably) encrypted value from the class variable $Crypted
	* I/O: returns the contents of $Crypted
	* Date: 04/24/08
	* By: M. Ward
	*******************************************/
	function getStoredCrypt() {
	return $this->Crypted;
	}
	/*******************************************
	* name: setStoredCrypt
	* function: stores a (presumably) encrypted value in the class variable $Crypted
	* I/O: stores the passed value in $Crypted
	* Date: 04/24/08
	* By: M. Ward
	*******************************************/
	function setStoredCrypt($_Crypted) {
	$this->Crypted = $_Crypted;
	}

	/**************************************
	*
	* Name: HardSecureQuestion
	* Function: This function generates a relatively hard(2 operations and 3 values) random mathematical question and prints it to the bottom
	* of the calling page.
	* I/O: takes the following inputs:
	* random salt string(will error if not provided), limit on the random values(1..X) defaults to 100
	* produces the following output
	* the text for the question, or an error if no salt was given
	* hidden input type.
	* Date: Nov 21/05
	* Updated: Apr 23/08
	* By: M. Ward
	*
	***************************************/
	function HardSecureQuestion( $salt = "", $limit = 100 ) {
	//get the 3 values and 2 functions
	$Security_Values = array(mt_rand(1,$limit), mt_rand(1,$limit), mt_rand(1,$limit), mt_rand(0,1),mt_rand(0,1) );
	//sort out the operators
	$Operators = array('+','-');

	//check to see if salt is blank
	if( $salt == "" ) {
	print("<p>Error in SecureQuestion: You didn't specify a salt value to encrypt with.</p>");
	return;
	}

	//compute the result the hard way.
	if ( $Security_Values[3] == 0)
	$Result = $Security_Values[0] + $Security_Values[1];
	else
	$Result = $Security_Values[0] - $Security_Values[1];
	if ( $Security_Values[4] == 0)
	$Result = $Result + $Security_Values[2];
	else
	$Result = $Result - $Security_Values[2];

	$this->setStoredCrypt($this->Crypt($Result,$salt) );

	//return the computation string
	return ($Security_Values[0]." ".$Operators[$Security_Values[3]]." ".$Security_Values[1]." ".$Operators[$Security_Values[4]]." ".$Security_Values[2]);

	}

	/**************************************
	*
	* Name: EasySecureQuestion
	* Function: This function generates a relatively easy(1 operation and 2 values) random mathematical question and prints it to the bottom
	* of the calling page.
	* I/O: takes the following inputs:
	* random salt string(will error if not provided), limit on the random values(1..X) defaults to 10
	* produces the following output
	* the text for the question, or an error if no salt was given
	* hidden input type.
	* Date: Apr 24/08
	* By: M. Ward
	*
	***************************************/
	function EasySecureQuestion( $salt = "", $limit = 10 ) {
	//get the 2 values and 1 function
	$Security_Values = array(mt_rand(1,$limit), mt_rand(1,$limit), mt_rand(0,1) );
	//sort out the operators
	$Operators = array('+','-');

	//check to see if salt is blank
	if( $salt == "" ) {
	print("<p>Error in SecureQuestion: You didn't specify a salt value to encrypt with.</p>");
	return;
	}

	//compute the result .
	if ( $Security_Values[2] == 0)
	$Result = $Security_Values[0] + $Security_Values[1];
	else
	$Result = $Security_Values[0] - $Security_Values[1];

	$this->setStoredCrypt($this->Crypt($Result,$salt) );

	//return the computation string
	return ($Security_Values[0]." ".$Operators[$Security_Values[2]]." ".$Security_Values[1]);

	}


	/*********************************************
	*
	* Name: Crypt
	* Function: encrypts the passed key and returns the binary safe result
	* I/O: Takes the value to be encrypted, and it's salt and returns the encrypted data
	* Date: Nov 23/05
	* Updated: Apr 24/08
	* By: M. Ward
	*
	* ********************************************/
	function Crypt( $key,$salt ) {
	if( $salt == "" ) {
	print("<p>Error in Crypt: You didn't specify a password to encrypt with.</p>");
	return -1;
	}
	if( !isset($key) ) {
	print("<p>Error in Crypt: You didn't specify a value to encrypt.</p>");
	return -1;
	}
	$crypt = crypt($key,$salt);
	//now serialise the data
	$crypt = serialize($crypt);
	//binary safe encode
	$crypt = base64_encode($crypt);
	//return value
	return $crypt;
	}

	/*********************************************
	*
	* Name: DeCrypt
	* Function: de-packs the binary safe result of the Cryp function above into the plain crypto text
	* I/O: Takes the value to be unpacked
	* Date: Nov 23/05
	* Updated: Apr 24/08
	* By: M. Ward
	*
	*********************************************/
	function DeCrypt ( $crypto ) {
	if( $crypto == "" ) {
	print("<p>Error in DeCrypt: You didn't specify a value to decrypt.</p>");
	return -1;
	}
	//decode
	$crypt = base64_decode($crypto);
	//unserialize
	$crypt = unserialize($crypt);
	return $crypt;
	}

	/********************************************
	* Name: Verify
	* Function: given a key, a salt and the results from the Crypt function above, it determines if the encrypted
	* result of key and salt equals the unpacked crypto value.
	* I/O: Takes the key and it's encryption salt(which must match what was used to generate $crypto), and the binary safe results of the Crypt function.
	* Returns 1 if they are equal, 0 otherwise.
	* Date: Apr 24/08
	* By: M. Ward
	*******************************************/
	function Verify( $key, $salt, $crypto ) {
	//check to see if salt is blank
	if( $salt == "" ) {
	print("<p>Error in Verify: You didn't specify a password to encrypt with.</p>");
	return -1;
	}
	if( !isset($key) ) {
	print("<p>Error in Verify: You didn't specify a value to encrypt.</p>");
	return -1;
	}
	if( $crypto == "" ) {
	print("<p>Error in Verify: You didn't specify a crypto value to compare.</p>");
	return -1;
	}

	$crypt = $this->DeCrypt( $crypto );
	if( crypt( $key, $salt ) == $crypt ) return 1; else return 0;
	}
	}
	?>