accessible_captcha.php

<?php
require_once dirname(dirname(dirname(__FILE__))).'/include/init.inc';


function sendAccessibleCaptchaEmail($to_email_address, $key)
{
    require_once 'Mail.php';
    require_once 'Mail/mime.php';

    // Strip spaces from around the "To" address in case these are present
    $to_email_address = trim($to_email_address);

    // Provide the name of the system as supplied in the main.inc configuration for use in the email (if it is set)
    $from_address = '"Accessible CAPTCHA Form"';
    if (SQ_CONF_SYSTEM_NAME != '') {
        $from_system_name = 'from the '.SQ_CONF_SYSTEM_NAME.' website ';
        $from_address = SQ_CONF_SYSTEM_NAME;
    }

    // Quote the System Name as it could contain apos'rophes
    $from_address = '"'.$from_address.'"';
    
    $current_url = current_url();
    $body = 'This email has been generated '.$from_system_name."as part of a form submission which includes an Accessible CAPTCHA field.\n\n".
            "Please visit the following page to validate your submission before submitting the form\n\n".
            $current_url.'?key='.$key;

    $mime = new Mail_mime("\n");
    $mime->setTXTBody($body);

    $from_address .= ' <'.SQ_CONF_DEFAULT_EMAIL.'>';

    $headers = Array(
                'From'      => $from_address,
                'Subject'   => 'Accessible CAPTCHA Form Verification',
               );

    $param = Array(
                'head_charset'  => SQ_CONF_DEFAULT_CHARACTER_SET,
                'text_charset'  => SQ_CONF_DEFAULT_CHARACTER_SET,
                'html_charset'  => SQ_CONF_DEFAULT_CHARACTER_SET,
             );
    $body = @$mime->get($param);
    $headers = @$mime->headers($headers);
    $mail =& Mail::factory('mail');
    $status = @$mail->send($to_email_address, $headers, $body);

}//end sendAccessiblecaptchaEmail()


function validateAccessibleCaptcha($key)
{
    $verified_captcha = FALSE;

    if ((isset($_SESSION['SQ_ACCESSIBLE_CAPTCHA_KEY'])) && ($_SESSION['SQ_ACCESSIBLE_CAPTCHA_KEY'] === $key)) {
        // F.A.B - CAPTCHAs are go!
        $verified_captcha = TRUE;
        $_SESSION['SQ_ACCESSIBLE_CAPTCHA_PASSED'] = 1;

        // Clear the CAPTCHA key from the session and access to run this script
        unset($_SESSION['SQ_ACCESSIBLE_CAPTCHA_KEY']);
        unset($_SESSION['SQ_ACCESSIBLE_CAPTCHA_GENERATED']);
    }

    if ($verified_captcha) {
?>
<p>Thank you for verifying the Accessible CAPTCHA input.<br />
Please proceed to submit your form.</p>
<?php
    } else {
?>
<p>This Accessible CAPTCHA key has expired for this session.<br />
Please return to the form to generate a new key.</p>
<?php
    }

}//end validateAccessibleCaptcha()



// Ensure that the request originated from *this* Matrix system, otherwise drop the request like some sort of heavy feather
if (!isset($_SESSION['SQ_ACCESSIBLE_CAPTCHA_GENERATED'])) exit;

// Generate an Accessible CAPTCHA Key
if (isset($_GET['email'])) {

    $user_email = addslashes($_GET['email']);

    // Ensure that we have *one* valid email address
    if ((strpos($user_email, ',') === FALSE) || (strpos($user_email, ';') === FALSE)) {
        // Return a key to be used in an email message to clear this CAPTCHA hurdle
        // The trinity of email address, timestamp, user ID and a locally-generated integer should be unique enough to generate a robust key
        $local_megadice = rand(1, 1000000);

        $submission_time = time();
        $key = md5($user_email.$submission_time.$local_megadice);

        // Log our generated key in the user's session and send a nice email to the user for CAPTCHA validation
        $_SESSION['SQ_ACCESSIBLE_CAPTCHA_KEY'] = $key;
        sendAccessibleCaptchaEmail($user_email, $key);
    }

} else if (isset($_GET['key'])) {
// Verify an Accessible CAPTCHA Key from an email message

    $key = addslashes($_GET['key']);
    validateAccessibleCaptcha($key);

}

?>