recaptcha 1.3.0m

update from  google recaptcha 1.2.4 auf 1.3.0

include/thirdparty/recaptcha/LICENSE

@@ -0,0 +1,29 @@
+BSD 3-Clause License
+
+Copyright (c) 2019, Google Inc.
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this
+   list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice,
+   this list of conditions and the following disclaimer in the documentation
+   and/or other materials provided with the distribution.
+
+3. Neither the name of the copyright holder nor the names of its
+   contributors may be used to endorse or promote products derived from
+   this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

include/thirdparty/recaptcha/README.md

@@ -0,0 +1,147 @@
+# reCAPTCHA PHP client library
+
+[![Build Status](https://travis-ci.org/google/recaptcha.svg)](https://travis-ci.org/google/recaptcha)
+[![Coverage Status](https://coveralls.io/repos/github/google/recaptcha/badge.svg)](https://coveralls.io/github/google/recaptcha)
+[![Latest Stable Version](https://poser.pugx.org/google/recaptcha/v/stable.svg)](https://packagist.org/packages/google/recaptcha)
+[![Total Downloads](https://poser.pugx.org/google/recaptcha/downloads.svg)](https://packagist.org/packages/google/recaptcha)
+
+reCAPTCHA is a free CAPTCHA service that protects websites from spam and abuse.
+This is a PHP library that wraps up the server-side verification step required
+to process responses from the reCAPTCHA service. This client supports both v2
+and v3.
+
+- reCAPTCHA: https://www.google.com/recaptcha
+- This repo: https://github.com/google/recaptcha
+- Hosted demo: https://recaptcha-demo.appspot.com/
+- Version: 1.3.0
+- License: BSD, see [LICENSE](LICENSE)
+
+## Installation
+
+### Composer (recommended)
+
+Use [Composer](https://getcomposer.org) to install this library from Packagist:
+[`google/recaptcha`](https://packagist.org/packages/google/recaptcha)
+
+Run the following command from your project directory to add the dependency:
+
+```sh
+composer require google/recaptcha "^1.3"
+```
+
+Alternatively, add the dependency directly to your `composer.json` file:
+
+```json
+"require": {
+    "google/recaptcha": "^1.3"
+}
+```
+
+### Support for earlier versions of PHP
+
+The 1.3 release moves to PHP 8 and up. For earlier versions, you will need to
+stay with the 1.2 releases.
+
+### Direct download
+
+Download the [ZIP file](https://github.com/google/recaptcha/archive/master.zip)
+and extract into your project. An autoloader script is provided in
+`src/autoload.php` which you can require into your script. For example:
+
+```php
+require_once '/path/to/recaptcha/src/autoload.php';
+$recaptcha = new \ReCaptcha\ReCaptcha($secret);
+```
+
+The classes in the project are structured according to the
+[PSR-4](https://www.php-fig.org/psr/psr-4/) standard, so you can also use your
+own autoloader or require the needed files directly in your code.
+
+## Usage
+
+First obtain the appropriate keys for the type of reCAPTCHA you wish to
+integrate for v2 at https://www.google.com/recaptcha/admin or v3 at
+https://g.co/recaptcha/v3.
+
+Then follow the [integration guide on the developer
+site](https://developers.google.com/recaptcha/intro) to add the reCAPTCHA
+functionality into your frontend.
+
+This library comes in when you need to verify the user's response. On the PHP
+side you need the response from the reCAPTCHA service and secret key from your
+credentials. Instantiate the `ReCaptcha` class with your secret key, specify any
+additional validation rules, and then call `verify()` with the reCAPTCHA
+response (usually in `$_POST['g-recaptcha-response']` or the response from
+`grecaptcha.execute()` in JS which is in `$gRecaptchaResponse` in the example)
+and user's IP address. For example:
+
+```php
+<?php
+$recaptcha = new \ReCaptcha\ReCaptcha($secret);
+$resp = $recaptcha->setExpectedHostname('recaptcha-demo.appspot.com')
+                  ->verify($gRecaptchaResponse, $remoteIp);
+if ($resp->isSuccess()) {
+    // Verified!
+} else {
+    $errors = $resp->getErrorCodes();
+}
+```
+
+The following methods are available:
+
+- `setExpectedHostname($hostname)`: ensures the hostname matches. You must do
+  this if you have disabled "Domain/Package Name Validation" for your
+  credentials.
+- `setExpectedApkPackageName($apkPackageName)`: if you're verifying a response
+  from an Android app. Again, you must do this if you have disabled
+  "Domain/Package Name Validation" for your credentials.
+- `setExpectedAction($action)`: ensures the action matches for the v3 API.
+- `setScoreThreshold($threshold)`: set a score threshold for responses from the
+  v3 API
+- `setChallengeTimeout($timeoutSeconds)`: set a timeout between the user passing
+  the reCAPTCHA and your server processing it.
+
+Each of the `set`\*`()` methods return the `ReCaptcha` instance so you can chain
+them together. For example:
+
+```php
+<?php
+$recaptcha = new \ReCaptcha\ReCaptcha($secret);
+$resp = $recaptcha->setExpectedHostname('recaptcha-demo.appspot.com')
+                  ->setExpectedAction('homepage')
+                  ->setScoreThreshold(0.5)
+                  ->verify($gRecaptchaResponse, $remoteIp);
+
+if ($resp->isSuccess()) {
+    // Verified!
+} else {
+    $errors = $resp->getErrorCodes();
+}
+```
+
+You can find the constants for the libraries error codes in the `ReCaptcha`
+class constants, e.g. `ReCaptcha::E_HOSTNAME_MISMATCH`
+
+For more details on usage and structure, see [ARCHITECTURE](ARCHITECTURE.md).
+
+### Examples
+
+You can see examples of each reCAPTCHA type in [examples/](examples/). You can
+run the examples locally by using the Composer script:
+
+```sh
+composer run-script serve-examples
+```
+
+This makes use of the in-built PHP dev server to host the examples at
+http://localhost:8080/
+
+These are also hosted on Google AppEngine Flexible environment at
+https://recaptcha-demo.appspot.com/. This is configured by
+[`app.yaml`](./app.yaml) which you can also use to [deploy to your own AppEngine
+project](https://cloud.google.com/appengine/docs/flexible/php/download).
+
+## Contributing
+
+No one ever has enough engineers, so we're very happy to accept contributions
+via Pull Requests. For details, see [CONTRIBUTING](CONTRIBUTING.md)

include/thirdparty/recaptcha/ReCaptcha/ReCaptcha.php

@@ -43,73 +43,73 @@ class ReCaptcha
      * Version of this client library.
      * @const string
      */
-    const VERSION = 'php_1.2.4';
+    public const VERSION = 'php_1.3.0';
 
     /**
      * URL for reCAPTCHA siteverify API
      * @const string
      */
-    const SITE_VERIFY_URL = 'https://www.google.com/recaptcha/api/siteverify';
+    public const SITE_VERIFY_URL = 'https://www.google.com/recaptcha/api/siteverify';
 
     /**
      * Invalid JSON received
      * @const string
      */
-    const E_INVALID_JSON = 'invalid-json';
+    public const E_INVALID_JSON = 'invalid-json';
 
     /**
      * Could not connect to service
      * @const string
      */
-    const E_CONNECTION_FAILED = 'connection-failed';
+    public const E_CONNECTION_FAILED = 'connection-failed';
 
     /**
      * Did not receive a 200 from the service
      * @const string
      */
-    const E_BAD_RESPONSE = 'bad-response';
+    public const E_BAD_RESPONSE = 'bad-response';
 
     /**
      * Not a success, but no error codes received!
      * @const string
      */
-    const E_UNKNOWN_ERROR = 'unknown-error';
+    public const E_UNKNOWN_ERROR = 'unknown-error';
 
     /**
      * ReCAPTCHA response not provided
      * @const string
      */
-    const E_MISSING_INPUT_RESPONSE = 'missing-input-response';
+    public const E_MISSING_INPUT_RESPONSE = 'missing-input-response';
 
     /**
      * Expected hostname did not match
      * @const string
      */
-    const E_HOSTNAME_MISMATCH = 'hostname-mismatch';
+    public const E_HOSTNAME_MISMATCH = 'hostname-mismatch';
 
     /**
      * Expected APK package name did not match
      * @const string
      */
-    const E_APK_PACKAGE_NAME_MISMATCH = 'apk_package_name-mismatch';
+    public const E_APK_PACKAGE_NAME_MISMATCH = 'apk_package_name-mismatch';
 
     /**
      * Expected action did not match
      * @const string
      */
-    const E_ACTION_MISMATCH = 'action-mismatch';
+    public const E_ACTION_MISMATCH = 'action-mismatch';
 
     /**
      * Score threshold not met
      * @const string
      */
-    const E_SCORE_THRESHOLD_NOT_MET = 'score-threshold-not-met';
+    public const E_SCORE_THRESHOLD_NOT_MET = 'score-threshold-not-met';
 
     /**
      * Challenge timeout
      * @const string
      */
-    const E_CHALLENGE_TIMEOUT = 'challenge-timeout';
+    public const E_CHALLENGE_TIMEOUT = 'challenge-timeout';
 
     /**
      * Shared secret for the site.
@@ -123,6 +123,12 @@ class ReCaptcha
      */
     private $requestMethod;
 
+    private $hostname;
+    private $apkPackageName;
+    private $action;
+    private $threshold;
+    private $timeoutSeconds;
+
     /**
      * Create a configured instance to use the reCAPTCHA service.
      *

include/thirdparty/recaptcha/ReCaptcha/RequestMethod.php

@@ -39,7 +39,6 @@ namespace ReCaptcha;
  */
 interface RequestMethod
 {
-
     /**
      * Submit the request with the specified parameters.
      *

include/thirdparty/recaptcha/ReCaptcha/RequestMethod/Curl.php

@@ -39,7 +39,6 @@ namespace ReCaptcha\RequestMethod;
  */
 class Curl
 {
-
     /**
      * @see http://php.net/curl_init
      * @param string $url

include/thirdparty/recaptcha/ReCaptcha/RequestMethod/SocketPost.php

@@ -51,6 +51,8 @@ class SocketPost implements RequestMethod
      */
     private $socket;
 
+    private $siteVerifyUrl;
+
     /**
      * Only needed if you want to override the defaults
      *

include/thirdparty/recaptcha/ReCaptcha/Response.php

@@ -95,11 +95,11 @@ class Response
             return new Response(false, array(ReCaptcha::E_INVALID_JSON));
         }
 
-        $hostname = isset($responseData['hostname']) ? $responseData['hostname'] : null;
-        $challengeTs = isset($responseData['challenge_ts']) ? $responseData['challenge_ts'] : null;
-        $apkPackageName = isset($responseData['apk_package_name']) ? $responseData['apk_package_name'] : null;
+        $hostname = isset($responseData['hostname']) ? $responseData['hostname'] : '';
+        $challengeTs = isset($responseData['challenge_ts']) ? $responseData['challenge_ts'] : '';
+        $apkPackageName = isset($responseData['apk_package_name']) ? $responseData['apk_package_name'] : '';
         $score = isset($responseData['score']) ? floatval($responseData['score']) : null;
-        $action = isset($responseData['action']) ? $responseData['action'] : null;
+        $action = isset($responseData['action']) ? $responseData['action'] : '';
 
         if (isset($responseData['success']) && $responseData['success'] == true) {
             return new Response(true, array(), $hostname, $challengeTs, $apkPackageName, $score, $action);
@@ -123,7 +123,7 @@ class Response
      * @param string $action
      * @param array $errorCodes
      */
-    public function __construct($success, array $errorCodes = array(), $hostname = null, $challengeTs = null, $apkPackageName = null, $score = null, $action = null)
+    public function __construct($success, array $errorCodes = array(), $hostname = '', $challengeTs = '', $apkPackageName = '', $score = null, $action = '')
     {
         $this->success = $success;
         $this->hostname = $hostname;

include/thirdparty/recaptcha/ReCaptcha/autoload.php

@@ -0,0 +1,69 @@
+<?php
+
+/* An autoloader for ReCaptcha\Foo classes. This should be required()
+ * by the user before attempting to instantiate any of the ReCaptcha
+ * classes.
+ *
+ * BSD 3-Clause License
+ * @copyright (c) 2019, Google Inc.
+ * @link https://www.google.com/recaptcha
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 1. Redistributions of source code must retain the above copyright notice, this
+ *    list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the copyright holder nor the names of its
+ *    contributors may be used to endorse or promote products derived from
+ *    this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+spl_autoload_register(function ($class) {
+    if (substr($class, 0, 10) !== 'ReCaptcha\\') {
+        /* If the class does not lie under the "ReCaptcha" namespace,
+         * then we can exit immediately.
+         */
+        return;
+    }
+
+    /* All of the classes have names like "ReCaptcha\Foo", so we need
+     * to replace the backslashes with frontslashes if we want the
+     * name to map directly to a location in the filesystem.
+     */
+    $class = str_replace('\\', '/', $class);
+
+    /* First, check under the current directory. It is important that
+     * we look here first, so that we don't waste time searching for
+     * test classes in the common case.
+     */
+    $path = dirname(__FILE__).'/'.$class.'.php';
+    if (is_readable($path)) {
+        require_once $path;
+
+        return;
+    }
+
+    /* If we didn't find what we're looking for already, maybe it's
+     * a test class?
+     */
+    $path = dirname(__FILE__).'/../tests/'.$class.'.php';
+    if (is_readable($path)) {
+        require_once $path;
+    }
+});