Jetpack_Protect_Math_Authenticate

The math captcha fallback if we can't talk to the Protect API.

Defined (1)

The class is defined in the following location(s).

/modules/protect/math-fallback.php  
  1. class Jetpack_Protect_Math_Authenticate { 
  2.  
  3. static $loaded; 
  4.  
  5. function __construct() { 
  6.  
  7. if ( self::$loaded ) { 
  8. return; 
  9.  
  10. self::$loaded = 1; 
  11.  
  12. add_action( 'login_form', array( $this, 'math_form' ) ); 
  13.  
  14. if( isset( $_POST[ 'jetpack_protect_process_math_form' ] ) ) { 
  15. add_action( 'init', array( $this, 'process_generate_math_page' ) ); 
  16.  
  17. /** 
  18. * Verifies that a user answered the math problem correctly while logging in. 
  19. * @return bool Returns true if the math is correct 
  20. * @throws Error if insuffient $_POST variables are present. 
  21. * @throws Error message if the math is wrong 
  22. */ 
  23. static function math_authenticate() { 
  24. $salt = get_site_option( 'jetpack_protect_key' ) . get_site_option( 'admin_email' ); 
  25. $ans = isset( $_POST['jetpack_protect_num'] ) ? (int) $_POST['jetpack_protect_num'] : '' ; 
  26. $salted_ans = sha1( $salt . $ans ); 
  27. $correct_ans = isset( $_POST[ 'jetpack_protect_answer' ] ) ? $_POST[ 'jetpack_protect_answer' ] : '' ; 
  28.  
  29. if( isset( $_COOKIE[ 'jpp_math_pass' ] ) ) { 
  30. $transient = Jetpack_Protect_Module::get_transient( 'jpp_math_pass_' . $_COOKIE[ 'jpp_math_pass' ] ); 
  31. if( !$transient || $transient < 1 ) { 
  32. Jetpack_Protect_Math_Authenticate::generate_math_page(); 
  33. return true; 
  34.  
  35. if ( ! $correct_ans || !$_POST['jetpack_protect_num'] ) { 
  36. Jetpack_Protect_Math_Authenticate::generate_math_page(); 
  37. } elseif ( $salted_ans != $correct_ans ) { 
  38. wp_die( 
  39. __( '<strong>You failed to correctly answer the math problem.</strong> This is used to combat spam when the Protect API is unavailable. Please use your browser\'s back button to return to the login form, press the "refresh" button to generate a new math problem, and try to log in again.', 'jetpack' ),  
  40. '',  
  41. 401 
  42. ); 
  43. } else { 
  44. return true; 
  45.  
  46. /** 
  47. * Creates an interim page to collect answers to a math captcha 
  48. * @return none, execution stopped 
  49. */ 
  50. static function generate_math_page( $error = false ) { 
  51. $salt = get_site_option( 'jetpack_protect_key' ) . get_site_option( 'admin_email' ); 
  52. $num1 = rand( 0, 10 ); 
  53. $num2 = rand( 1, 10 ); 
  54. $sum = $num1 + $num2; 
  55. $ans = sha1( $salt . $sum ); 
  56. ob_start(); 
  57. ?> 
  58. <h2><?php _e( 'Please solve this math problem to prove that you are not a bot. Once you solve it, you will need to log in again.', 'jetpack' ); ?></h2> 
  59. <?php if ($error): ?> 
  60. <h3><?php _e( 'Your answer was incorrect, please try again.', 'jetpack' ); ?></h3> 
  61. <?php endif ?> 
  62.  
  63. <form action="<?php echo wp_login_url(); ?>" method="post" accept-charset="utf-8"> 
  64. <?php Jetpack_Protect_Math_Authenticate::math_form(); ?> 
  65. <input type="hidden" name="jetpack_protect_process_math_form" value="1" id="jetpack_protect_process_math_form" /> 
  66. <p><input type="submit" value="<?php esc_html_e( 'Continue →', 'jetpack' ); ?>"></p> 
  67. </form> 
  68. <?php 
  69. $mathage = ob_get_contents(); 
  70. ob_end_clean(); 
  71. wp_die( $mathage ); 
  72.  
  73. public function process_generate_math_page() { 
  74. $salt = get_site_option( 'jetpack_protect_key' ) . get_site_option( 'admin_email' ); 
  75. $ans = (int)$_POST['jetpack_protect_num']; 
  76. $salted_ans = sha1( $salt . $ans ); 
  77. $correct_ans = $_POST[ 'jetpack_protect_answer' ]; 
  78.  
  79. if ( $salted_ans != $correct_ans ) { 
  80. Jetpack_Protect_Math_Authenticate::generate_math_page(true); 
  81. } else { 
  82. $temp_pass = substr( sha1( rand( 1, 100000000 ) . get_site_option( 'jetpack_protect_key' ) ), 5, 25 ); 
  83. Jetpack_Protect_Module::set_transient( 'jpp_math_pass_' . $temp_pass, 3, DAY_IN_SECONDS ); 
  84. setcookie('jpp_math_pass', $temp_pass, time() + DAY_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN, false); 
  85. return true; 
  86.  
  87. /** 
  88. * Requires a user to solve a simple equation. Added to any WordPress login form. 
  89. * @return VOID outputs html 
  90. */ 
  91. static function math_form() { 
  92. $salt = get_site_option( 'jetpack_protect_key' ) . get_site_option( 'admin_email' ); 
  93. $num1 = rand( 0, 10 ); 
  94. $num2 = rand( 1, 10 ); 
  95. $sum = $num1 + $num2; 
  96. $ans = sha1( $salt . $sum ); 
  97. ?> 
  98. <div style="margin: 5px 0 20px;"> 
  99. <strong><?php esc_html_e( 'Prove your humanity:', 'jetpack' ); ?> </strong> 
  100. <?php echo $num1 ?>   +   <?php echo $num2 ?>   =   
  101. <input type="input" name="jetpack_protect_num" value="" size="2" /> 
  102. <input type="hidden" name="jetpack_protect_answer" value="<?php echo $ans; ?>" /> 
  103. </div> 
  104. <?php 
  105.