website/includes/captcha.php

<?php
/**
 * Simple Captcha System for Comment Forms
 */

class Captcha {
    private static $sessionKey = 'captcha_code';
    
    /**
     * Generate a simple math captcha
     */
    public static function generate() {
        // Start session if not already started
        if (session_status() === PHP_SESSION_NONE) {
            session_start();
        }
        
        // Generate random numbers
        $num1 = rand(1, 10);
        $num2 = rand(1, 10);
        $operators = ['+', '-'];
        $operator = $operators[array_rand($operators)];
        
        // Calculate answer
        if ($operator === '+') {
            $answer = $num1 + $num2;
        } else {
            $answer = $num1 - $num2;
        }
        
        // Store answer in session
        $_SESSION[self::$sessionKey] = $answer;
        
        // Return the question
        return [
            'question' => "$num1 $operator $num2 = ?",
            'num1' => $num1,
            'num2' => $num2,
            'operator' => $operator
        ];
    }
    
    /**
     * Verify captcha answer
     */
    public static function verify($answer) {
        // Start session if not already started
        if (session_status() === PHP_SESSION_NONE) {
            session_start();
        }
        
        // Check if captcha exists in session
        if (!isset($_SESSION[self::$sessionKey])) {
            return false;
        }
        
        // Verify answer
        $isValid = (int)$answer === $_SESSION[self::$sessionKey];
        
        // Clear captcha after verification
        unset($_SESSION[self::$sessionKey]);
        
        return $isValid;
    }
    
    /**
     * Get HTML for captcha display
     */
    public static function getHtml() {
        $captcha = self::generate();
        
        ob_start();
        ?>
        <div class="captcha-container">
            <div class="captcha-question">
                <span class="captcha-numbers"><?php echo $captcha['num1']; ?></span>
                <span class="captcha-operator"><?php echo $captcha['operator']; ?></span>
                <span class="captcha-numbers"><?php echo $captcha['num2']; ?></span>
                <span class="captcha-equals">=</span>
                <input type="number" name="captcha_answer" class="captcha-input" required 
                       placeholder="?" min="-20" max="20" autocomplete="off">
            </div>
            <small class="captcha-help"><?php echo t('captcha_help'); ?></small>
        </div>
        <?php
        return ob_get_clean();
    }
    
    /**
     * Get captcha for AJAX requests
     */
    public static function getAjaxCaptcha() {
        $captcha = self::generate();
        return [
            'question' => $captcha['question'],
            'num1' => $captcha['num1'],
            'num2' => $captcha['num2'],
            'operator' => $captcha['operator']
        ];
    }
    
    /**
     * Refresh captcha (for AJAX)
     */
    public static function refresh() {
        return self::generate();
    }
    
    /**
     * Check if captcha is required for current user
     */
    public static function isRequired() {
        // Check if user is logged in as admin
        if (session_status() === PHP_SESSION_NONE) {
            session_start();
        }
        
        if (isset($_SESSION['user_id']) && isset($_SESSION['user_role'])) {
            return $_SESSION['user_role'] !== 'admin';
        }
        
        return true; // Captcha required for non-admin users
    }
}