feat(form): setting to enable captcha

useful to avoid captcha in trusted intranet

Signed-off-by: Thierry Bugier <tbugier@teclib.com>

Author: btry

front/form_profile.form.php

@@ -31,21 +31,22 @@
 
 include ('../../../inc/includes.php');
 
-Session::checkRight("entity", UPDATE);
+Session::checkRight('entity', UPDATE);
 
 // Check if plugin is activated...
 $plugin = new Plugin();
-if (!$plugin->isActivated("formcreator")) {
+if (!$plugin->isActivated('formcreator')) {
    Html::displayNotFoundError();
 }
 
 $formFk = PluginFormcreatorForm::getForeignKeyField();
-if (isset($_POST["profiles_id"]) && isset($_POST[$formFk])) {
+if (isset($_POST['profiles_id']) && isset($_POST[$formFk])) {
    if (isset($_POST['access_rights'])) {
       $form = new PluginFormcreatorForm();
       $form->update([
          'id'            => (int) $_POST[$formFk],
-         'access_rights' => (int) $_POST['access_rights']
+         'access_rights' => (int) $_POST['access_rights'],
+         'is_captcha_enabled' => $_POST['is_captcha_enabled'],
       ]);
    }
 
@@ -54,7 +55,7 @@
          $formFk    => (int) $_POST[$formFk],
    ]);
 
-   foreach ($_POST["profiles_id"] as $profile_id) {
+   foreach ($_POST['profiles_id'] as $profile_id) {
       if ($profile_id != 0) {
          $form_profile = new PluginFormcreatorForm_Profile();
          $form_profile->add([
@@ -63,7 +64,5 @@
          ]);
       }
    }
-   Html::back();
-} else {
-   Html::back();
 }
+Html::back();

front/formdisplay.php

@@ -41,64 +41,63 @@
 
 PluginFormcreatorForm::header();
 
-if (isset($_REQUEST['id'])
-   && is_numeric($_REQUEST['id'])) {
+if (!isset($_REQUEST['id'])
+   || !is_numeric($_REQUEST['id'])) {
+   $message = __("The form has been successfully saved!");
+   Html::displayTitle($CFG_GLPI['root_doc']."/pics/ok.png", $message, $message);
+}
 
-   $criteria = [
-      'id'        => (int) $_REQUEST['id'],
-      'is_active' => '1',
-      'is_deleted'=> '0',
-   ];
-   $form = new PluginFormcreatorForm();
-   if (!$form->getFromDBByCrit($criteria)) {
-      Html::displayNotFoundError();
-   }
+$criteria = [
+   'id'        => (int) $_REQUEST['id'],
+   'is_active' => '1',
+   'is_deleted'=> '0',
+];
+$form = new PluginFormcreatorForm();
+if (!$form->getFromDBByCrit($criteria)) {
+   Html::displayNotFoundError();
+}
 
-   if ($form->fields['access_rights'] != PluginFormcreatorForm::ACCESS_PUBLIC) {
-      Session::checkLoginUser();
-      if (!$form->checkEntity(true)) {
-         Html::displayRightError();
-         exit();
-      }
+if ($form->fields['access_rights'] != PluginFormcreatorForm::ACCESS_PUBLIC) {
+   Session::checkLoginUser();
+   if (!$form->checkEntity(true)) {
+      Html::displayRightError();
+      exit();
    }
+}
 
-   if ($form->fields['access_rights'] == PluginFormcreatorForm::ACCESS_RESTRICTED) {
-      $iterator = $DB->request(PluginFormcreatorForm_Profile::getTable(), [
-         'WHERE' => [
-            'profiles_id'                 => $_SESSION['glpiactiveprofile']['id'],
-            'plugin_formcreator_forms_id' => $form->getID()
-         ],
-         'LIMIT' => 1
-      ]);
-      if (count($iterator) == 0) {
-         Html::displayRightError();
-         exit();
-      }
+if ($form->fields['access_rights'] == PluginFormcreatorForm::ACCESS_RESTRICTED) {
+   $iterator = $DB->request(PluginFormcreatorForm_Profile::getTable(), [
+      'WHERE' => [
+         'profiles_id'                 => $_SESSION['glpiactiveprofile']['id'],
+         'plugin_formcreator_forms_id' => $form->getID()
+      ],
+      'LIMIT' => 1
+   ]);
+   if (count($iterator) == 0) {
+      Html::displayRightError();
+      exit();
    }
-   if (($form->fields['access_rights'] == PluginFormcreatorForm::ACCESS_PUBLIC) && (!isset($_SESSION['glpiID']))) {
-      // If user is not authenticated, create temporary user
-      if (!isset($_SESSION['glpiname'])) {
-         $_SESSION['formcreator_forms_id'] = $form->getID();
-         $_SESSION['glpiname'] = 'formcreator_temp_user';
-         $_SESSION['valid_id'] = session_id();
-         $_SESSION['glpiactiveentities'] = [$form->fields['entities_id']];
-         $subentities = getSonsOf('glpi_entities', $form->fields['entities_id']);
-         $_SESSION['glpiactiveentities_string'] = (!empty($subentities))
-                                                ? "'" . implode("', '", $subentities) . "'"
-                                                : "'" . $form->fields['entities_id'] . "'";
-      }
+}
+if (($form->fields['access_rights'] == PluginFormcreatorForm::ACCESS_PUBLIC) && (!isset($_SESSION['glpiID']))) {
+   // If user is not authenticated, create temporary user
+   if (!isset($_SESSION['glpiname'])) {
+      $_SESSION['formcreator_forms_id'] = $form->getID();
+      $_SESSION['glpiname'] = 'formcreator_temp_user';
+      $_SESSION['valid_id'] = session_id();
+      $_SESSION['glpiactiveentities'] = [$form->fields['entities_id']];
+      $subentities = getSonsOf('glpi_entities', $form->fields['entities_id']);
+      $_SESSION['glpiactiveentities_string'] = (!empty($subentities))
+                                             ? "'" . implode("', '", $subentities) . "'"
+                                             : "'" . $form->fields['entities_id'] . "'";
    }
+}
 
-   $form->displayUserForm();
+$form->displayUserForm();
 
-   // If user was not authenticated, remove temporary user
-   if ($_SESSION['glpiname'] == 'formcreator_temp_user') {
-      session_write_close();
-      unset($_SESSION['glpiname']);
-   }
-} else if (isset($_GET['answer_saved'])) {
-   $message = __("The form has been successfully saved!");
-   Html::displayTitle($CFG_GLPI['root_doc']."/pics/ok.png", $message, $message);
+// If user was not authenticated, remove temporary user
+if ($_SESSION['glpiname'] == 'formcreator_temp_user') {
+   session_write_close();
+   unset($_SESSION['glpiname']);
 }
 
 PluginFormcreatorForm::footer();

inc/form.class.php

@@ -286,15 +286,14 @@ public static function getSpecificValueToSelect($field, $name = '', $values = ''
             break;
 
          case 'access_rights' :
-            return Dropdown::showFromArray($name, [
-               self::ACCESS_PUBLIC => __('Public access', 'formcreator'),
-               self::ACCESS_PRIVATE => __('Private access', 'formcreator'),
-               self::ACCESS_RESTRICTED => __('Restricted access', 'formcreator'),
-            ], [
-               'value'               => $values[$field],
-               'display_emptychoice' => false,
-               'display'             => false
-            ]);
+            return Dropdown::showFromArray(
+               $name,
+               self::getEnumAccessType(), [
+                  'value'               => $values[$field],
+                  'display_emptychoice' => false,
+                  'display'             => false
+               ]
+            );
             break;
 
          case 'language' :
@@ -608,8 +607,10 @@ public function showForm($ID, $options = []) {
       echo '<tr>';
       echo '<td>'.__('Default form in service catalog', 'formcreator').'</td>';
       echo '<td>';
-      Dropdown::showYesNo("is_default", $this->fields["is_default"]);
+      Dropdown::showYesNo('is_default', $this->fields['is_default']);
       echo '</td>';
+      echo '<td></td>';
+      echo '<td></td>';
       echo '</tr>';
 
       if (!$this->canPurgeItem()) {
@@ -1252,7 +1253,8 @@ public function displayUserForm() : void {
       }
 
       // Captcha for anonymous forms
-      if ($this->fields['access_rights'] == PluginFormcreatorForm::ACCESS_PUBLIC) {
+      if ($this->fields['access_rights'] == PluginFormcreatorForm::ACCESS_PUBLIC
+         && $this->fields['is_captcha_enabled'] != '0') {
          $captchaTime = time();
          $captchaId = md5($captchaTime . $this->getID());
          $captcha = PluginFormcreatorCommon::getCaptcha($captchaId);
@@ -2173,11 +2175,11 @@ public static function footer() {
     * Is the form accessible anonymously (without being logged in) ?
     * @return boolean true if the form is accessible anonymously
     */
-   public function isPublicAccess() {
+   public function isPublicAccess() : bool {
       if ($this->isNewItem()) {
          return false;
       }
-      return ($this->fields['access_rights'] == \PluginFormcreatorForm::ACCESS_PUBLIC);
+      return ($this->fields['access_rights'] == self::ACCESS_PUBLIC);
    }
 
    /**

inc/form_profile.class.php

@@ -64,7 +64,6 @@ public function prepareInputForAdd($input) {
          || empty($input['uuid'])) {
          $input['uuid'] = plugin_formcreator_getUuid();
       }
-
       return $input;
    }
 
@@ -82,16 +81,19 @@ public static function showForForm(CommonDBTM $item, $withtemplate = '') {
       echo "<form name='form_profiles_form' id='form_profiles_form'
              method='post' action=' ";
       echo Toolbox::getItemTypeFormURL(__CLASS__)."'>";
-      echo "<table class    ='tab_cadre_fixe'>";
+      echo '<table class="tab_cadre_fixe">';
 
       echo '<tr><th colspan="2">'._n('Access type', 'Access types', 1, 'formcreator').'</th>';
       echo '</tr>';
+
+      // Access type
+      echo '<tr>';
       echo '<td>';
       Dropdown::showFromArray(
          'access_rights',
          PluginFormcreatorForm::getEnumAccessType(),
          [
-            'value' => (isset($item->fields["access_rights"])) ? $item->fields["access_rights"] : 1,
+            'value' => (isset($item->fields['access_rights'])) ? $item->fields['access_rights'] : '1',
          ]
       );
       echo '</td>';
@@ -108,10 +110,20 @@ public static function showForForm(CommonDBTM $item, $withtemplate = '') {
          echo '<i class="fas fa-envelope"><i/>';
          echo '</a>';
       } else {
-         echo __('Please active the form to view the link', 'formcreator');
+         echo __('Please activate the form to view the link', 'formcreator');
       }
       echo '</td>';
-      echo "</tr>";
+      echo '</tr>';
+
+      // Captcha
+      if ($item->fields["access_rights"] == PluginFormcreatorForm::ACCESS_PUBLIC) {
+         echo '<tr>';
+         echo '<td>' . __('Enable captcha', 'formcreator') . '</td>';
+         echo '<td>';
+         Dropdown::showYesNo('is_captcha_enabled', $item->fields['is_captcha_enabled']);
+         echo '</td>';
+         echo '</tr>';
+      }
 
       if ($item->fields["access_rights"] == PluginFormcreatorForm::ACCESS_RESTRICTED) {
          echo '<tr><th colspan="2">'.self::getTypeName(2).'</th></tr>';

install/mysql/plugin_formcreator_empty.sql

@@ -53,6 +53,7 @@ CREATE TABLE IF NOT EXISTS `glpi_plugin_formcreator_forms` (
   `validation_required` tinyint(1) NOT NULL DEFAULT '0',
   `usage_count` int(11) NOT NULL DEFAULT '0',
   `is_default` tinyint(1) NOT NULL DEFAULT '0',
+  `is_captcha_enabled` tinyint(1) NOT NULL DEFAULT '0',
   `show_rule` INT(11) NOT NULL DEFAULT '1' COMMENT 'Conditions setting to show the submit button',
   `uuid` varchar(255) DEFAULT NULL,
   PRIMARY KEY (`id`),

install/upgrade_to_2.11.php

@@ -29,6 +29,7 @@
  * ---------------------------------------------------------------------
  */
 class PluginFormcreatorUpgradeTo2_11 {
+   /** @var Migration */
    protected $migration;
 
    /**
@@ -156,6 +157,7 @@ public function upgrade(Migration $migration) {
       // Merge targettickets_actors and targetchanges_actors
       $this->migrateTargetTicket_Actor();
       $this->migrateTargetChange_Actor();
+      $this->addCaptchaOption();
    }
 
    /**
@@ -288,4 +290,9 @@ public function migrateTargetChange_Actor() {
       $table = 'glpi_plugin_formcreator_targetchanges_actors';
       $this->migration->backupTables([$table]);
    }
+
+   public function addCaptchaOption() {
+      $table = 'glpi_plugin_formcreator_forms';
+      $this->migration->addField($table, 'is_captcha_enabled', 'bool', ['after' => 'is_default']);
+   }
 }