Class \Prado\Web\UI\WebControls\TCaptcha
Notice: while this class is easy to use and implement, it does not provide full security. In fact, it's easy to bypass the checks reusing old, already-validated tokens (reply attack). A better alternative is provided by TReCaptcha.
TCaptcha displays a CAPTCHA (a token displayed as an image) that can be used to determine if the input is entered by a real user instead of some program.
Unlike other CAPTCHA scripts, TCaptcha does not need session or cookie.
The token (a string consisting of alphanumeric characters) displayed is automatically generated and can be configured in several ways. To specify the length of characters in the token, set \Prado\Web\UI\WebControls\setMinTokenLength and \Prado\Web\UI\WebControls\setMaxTokenLength. To use case-insensitive comparison and generate upper-case-only token, set \Prado\Web\UI\WebControls\setCaseSensitive to false. Advanced users can try to set \Prado\Web\UI\WebControls\setTokenAlphabet, which specifies what characters can appear in tokens.
The validation of the token is related with two properties: \Prado\Web\UI\WebControls\setTestLimit and \Prado\Web\UI\WebControls\setTokenExpiry. The former specifies how many times a token can be tested with on the server side, and the latter says when a generated token will expire.
To specify the appearance of the generated token image, set \Prado\Web\UI\WebControls\setTokenImageTheme to be an integer between 0 and 63. And to adjust the generated image size, set \Prado\Web\UI\WebControls\setTokenFontSize (you may also set \Prado\Web\UI\WebControls\TWebControl::setWidth, but the scaled image may not look good.) By setting \Prado\Web\UI\WebControls\setChangingTokenBackground to true, the image background of the token will be variating even though the token is the same during postbacks.
Upon postback, user input can be validated by calling validate(). The TCaptchaValidator control can also be used to do validation, which provides client-side validation besides the server-side validation. By default, the token will remain the same during multiple postbacks. A new one can be generated by calling regenerateToken() manually.
The following template shows a typical use of TCaptcha control:
<com:TCaptcha ID="Captcha" />
<com:TTextBox ID="Input" />
<com:TCaptchaValidator CaptchaControl="Captcha"
ControlToValidate="Input"
ErrorMessage="You are challenged!" />
Class hierarchy
- \Prado\Web\UI\WebControls\TCaptcha
-
\Prado\Web\UI\WebControls\TImage
implements
IDataRenderer -
\Prado\Web\UI\WebControls\TWebControl
implements
IStyleable
-
\Prado\Web\UI\TControl
implements
IRenderable, IBindable
-
\Prado\TApplicationComponent
-
\Prado\TComponent
Since: 3.1.1
public
static
|
checkRequirements() : bool
Checks the requirements needed for generating CAPTCHA images.
TCaptach requires GD2 with TrueType font support and PNG image support. |
public
|
|
public
|
|
public
|
|
public
|
|
public
|
|
public
|
|
public
|
|
public
|
|
public
|
|
public
|
|
public
|
|
public
|
|
public
|
|
public
|
|
public
|
regenerateToken() : mixed
Regenerates the token to be displayed.
By default, a token, once generated, will remain the same during the following page postbacks. Calling this method will generate a new token. |
public
|
|
public
|
|
public
|
|
public
|
|
public
|
|
public
|
|
public
|
|
public
|
|
public
|
setTokenFontSize(int $value) : mixed
Sets the font size used for displaying the token in an image.
This property affects the generated token image size. The image width is proportional to this font size. |
public
|
setTokenImageTheme(int $value) : mixed
Sets the theme of the token image.
You may test each theme to find out the one you like the most. Below is the explanation of the theme value: It is treated as a 5-bit integer. Each bit toggles a specific feature of the image. Bit 0 (the least significant): whether the image is opaque (1) or transparent (0). Bit 1: whether we should add white noise to the image (1) or not (0). Bit 2: whether we should add a grid to the image (1) or not (0). Bit 3: whether we should add some scribbles to the image (1) or not (0). Bit 4: whether the image background should be morphed (1) or not (0). Bit 5: whether the token text should cast a shadow (1) or not (0). |
public
|
|
protected
|
|
protected
|
|
protected
|
generateToken(string $publicKey, string $privateKey, mixed $alphabet, int $tokenLength, bool $caseSensitive) : string
Generates the token.
|
protected
|
|
protected
|
|
protected
|
|
protected
|
|
protected
|
hash2string(string $hex[, string $alphabet = '' ]) : string
Converts a hash string into a string with characters consisting of alphanumeric characters.
|
public
mixed
|
MAX_TOKEN_LENGTH
|
40
|
public
mixed
|
MIN_TOKEN_LENGTH
|
2
|