recaptcha/src/ReCaptcha/RequestMethod/SocketPost.php at 36d93f1b085a7e446a3a202690c3139e94286e85 · google/recaptcha · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
<?php

declare(strict_types=1);

/**
 * This is a PHP library that handles calling reCAPTCHA.
 *
 * BSD 3-Clause License
 *
 * @copyright (c) 2019, Google Inc.
 *
 * @see https://www.google.com/recaptcha
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are met:
 * 1. Redistributions of source code must retain the above copyright notice, this
 *    list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright notice,
 *    this list of conditions and the following disclaimer in the documentation
 *    and/or other materials provided with the distribution.
 *
 * 3. Neither the name of the copyright holder nor the names of its
 *    contributors may be used to endorse or promote products derived from
 *    this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
 * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

namespace ReCaptcha\RequestMethod;

use ReCaptcha\ReCaptcha;
use ReCaptcha\RequestMethod;
use ReCaptcha\RequestParameters;
use ReCaptcha\Response;

/**
 * Sends a POST request to the reCAPTCHA service, but makes use of fsockopen()
 * instead of get_file_contents(). This is to account for people who may be on
 * servers where allow_url_open is disabled.
 */
class SocketPost implements RequestMethod
{
    private string $siteVerifyUrl;

    /**
     * Only needed if you want to override the defaults.
     *
     * @param null|string $siteVerifyUrl URL for reCAPTCHA siteverify API
     */
    public function __construct(?string $siteVerifyUrl = null)
    {
        $this->siteVerifyUrl = (is_null($siteVerifyUrl)) ? ReCaptcha::SITE_VERIFY_URL : $siteVerifyUrl;
    }

    /**
     * Submit the POST request with the specified parameters.
     *
     * @param RequestParameters $params Request parameters
     *
     * @return string Body of the reCAPTCHA response
     */
    public function submit(RequestParameters $params): string
    {
        $errno = 0;
        $errstr = '';
        $urlParsed = parse_url($this->siteVerifyUrl);

        if (false === $urlParsed || !isset($urlParsed['host']) || !isset($urlParsed['path'])) {
            return Response::errorJson(ReCaptcha::E_CONNECTION_FAILED);
        }

        $handle = fsockopen('ssl://'.$urlParsed['host'], 443, $errno, $errstr, 30);

        if (false === $handle || 0 !== $errno || '' !== $errstr) {
            return Response::errorJson(ReCaptcha::E_CONNECTION_FAILED);
        }

        if (false === stream_set_timeout($handle, 60)) {
            return Response::errorJson(ReCaptcha::E_CONNECTION_FAILED);
        }

        $content = $params->toQueryString();

        $request = 'POST '.$urlParsed['path']." HTTP/1.0\r\n";
        $request .= 'Host: '.$urlParsed['host']."\r\n";
        $request .= "Content-Type: application/x-www-form-urlencoded\r\n";
        $request .= 'Content-length: '.strlen($content)."\r\n";
        $request .= "Connection: close\r\n\r\n";
        $request .= $content."\r\n\r\n";

        fwrite($handle, $request);
        $response = stream_get_contents($handle);

        fclose($handle);

        if (!is_string($response)) {
            $response = '';
        }

        if (1 !== preg_match('#^HTTP/1\.[01] 200 OK#', $response)) {
            return Response::errorJson(ReCaptcha::E_BAD_RESPONSE);
        }

        $parts = preg_split("#\n\\s*\n#Uis", $response);

        if (!is_array($parts) || !isset($parts[1])) {
            return Response::errorJson(ReCaptcha::E_BAD_RESPONSE);
        }

        return $parts[1];
    }
}