now with more captcha

webtools/firefox_survey/.htaccess

@@ -1,5 +1,6 @@
 <IfModule mod_rewrite.c>
     RewriteEngine on
+    RewriteBase /~clouserw/firefox_survey
     RewriteRule    ^$    webroot/    [L]
     RewriteRule    (.*) webroot/$1    [L]
 </IfModule>

webtools/firefox_survey/controllers/users_controller.php

@@ -18,6 +18,38 @@ class UsersController extends AppController {
         }
         else
         {
+            /**
+             * @todo The captcha stuff should be moved to a component (instead of a vendor
+             * package).  The manual error handling and vendor code was added because
+             * of time constraints (namely, this needs to be done in the next 22
+             * minutes)
+             */
+
+            // They didn't fill in a value
+            if (empty($_SESSION['freecap_word_hash']) || empty($this->params['data']['captcha'][0])) {
+                $form_captcha_error = 'You must enter the code above.  If you are unable to see the code, please <a href="mailto:firefoxsurvey@mozilla.com">email us.</a>';
+                $this->set('form_captcha_error',$form_captcha_error);
+                return;
+            }
+
+            // Just some sanity checking.  If a user messes with their cookie
+            // manually, they could be trying to execute custom functions
+            if (!in_array($_SESSION['hash_func'], array('sha1','md5','crc32'))) {
+                // fail silently?
+                return;
+            }
+
+            // Check the captcha values
+            if( $_SESSION['hash_func'](strtolower($this->params['data']['captcha'][0])) != $_SESSION['freecap_word_hash']) {
+                $form_captcha_error = 'The code you entered did not match the picture.  Please try again.';
+                $this->set('form_captcha_error',$form_captcha_error);
+                return;
+            } else {
+                //reset session values
+                $_SESSION['freecap_attempts'] = 0;
+                $_SESSION['freecap_word_hash'] = false;
+            }
+
             // If they've already signed up, send them another email
             if ($this->User->findByEmail($this->params['data']['User']['email'])) {
                     $mail_params = array(

webtools/firefox_survey/views/users/add.thtml

@@ -9,6 +9,14 @@
             <?php echo $html->input('User/email', array('size' => '40'))?>
             <?php echo $html->tagErrorMsg('User/email', 'A properly formatted email address is required.') ?>
         </p>
+        
+        <p class="captcha"><?php echo $html->image('freecap.php'); ?></p>
+        <p><label class="captcha-entry" for="captcha">Enter the code above:<span class="required">*</span></label> <?php echo $html->input('captcha', array('size' => '40')); ?>
+            <a href="mailto:firefoxsurvey@mozilla.com"><?php echo $html->image('accessibility.jpg',array('class' => 'captcha-entry'));?></a>
+        </p>
+        <?php if (!empty($form_captcha_error)) : ?>
+        <p class="error_message"><?php echo $form_captcha_error; ?></p>
+        <?php endif; ?>
         <p><?php echo $html->submit('Send') ?></p>
     </form>
 </div>

webtools/firefox_survey/webroot/.htaccess

@@ -1,6 +1,8 @@
 <IfModule mod_rewrite.c>
     RewriteEngine On
 
+    RewriteBase /~clouserw/firefox_survey
+
     RewriteCond %{REQUEST_FILENAME} !-d
     RewriteCond %{REQUEST_FILENAME} !-f
     RewriteRule ^(.*)$ index.php?url=$1 [QSA,L]

webtools/firefox_survey/webroot/css/screen.css

@@ -6,9 +6,22 @@
 
  div#UsersAdd label {
      float:left;
-     width:12em;
+     width:13em;
  }
 
  .center {
      text-align:center;
  }
+
+ .captcha {
+     padding-left:13em;
+ }
+
+ .captcha-entry {
+     vertical-align:bottom;
+ }
+
+ .error_message {
+     color:#e11;
+     padding-left:5em;
+ }

webtools/firefox_survey/webroot/img/freecap.php

@@ -0,0 +1,6 @@
+<?php
+//freecap has a couple warnings in it
+error_reporting(0);
+require_once '../../config/defines.php';
+require_once '../../vendors/captcha/freecap.php';
+?>