0

I have a CodeIgniter Captcha which I am validating using Codeigniter form validation and a call back function for the rules . Below are the two methods inside my register Controller: 

 public function index(){   
    $this->form_validation->set_rules('user_name' , 'Username' , 'trim|required|max_length[32]'); 
    $this->form_validation->set_rules('captcha' , 'Captcha' , 'trim|required|max_length[32]|callback_check_captcha');
    $this->form_validation->set_rules('password', 'Password','trim|required|min_length[5]|max_length[12]');
    $this->form_validation->set_rules('confirm_password', 'Confirm Password','trim|required|min_length[5]|max_length[12]|matches[password]');
    $this->form_validation->set_rules('email', 'Email', 'trim|required|valid_email');
    if ($this->form_validation->run()==FALSE){
    //Captcha code

The call back is :

   private function check_captcha($captcha_input){
    // First, delete old captchas
    $expiration = time() - 7200; // Two hour limit
    $this->db->where('captcha_time < ', $expiration)
            ->delete('captcha');

    // Then see if a captcha exists:
    $sql = 'SELECT COUNT(*) AS count FROM captcha WHERE word = ? AND ip_address = ? AND captcha_time > ?';
    $binds = array($captcha_input, $this->input->ip_address(), $expiration);
    $query = $this->db->query($sql, $binds);
    $row = $query->row();
    if ($row->count == 0){
        $this->form_validation->set_message('check_captcha', 'Captcha Fail');
        return FALSE;
    }else {
        return TRUE;
    }

}

The problem is users will be able to access the callback function using the url (http://[::1]/ci/register/check_captcha). All though , in this case nothing significant is happening but I would like to learn to prevent this nonetheless . Generally , In CI I make functions private which doesnt allow users URl access . If I try making the check_captcha function private I get

Message: Call to private method Register::check_captcha() from context 'CI_Form_validation

I understand form_validation is calling the callback from outside the register class . Could somebody tell me how to restrict URl access to the controller in this case ?

Knownow
  • 377
  • 1
  • 3
  • 13
  • Possible duplicate of [What is the difference between public, private, and protected?](https://stackoverflow.com/questions/4361553/what-is-the-difference-between-public-private-and-protected) – Javier Larroulet Feb 26 '19 at 13:44
  • You should get better acquainted with the concept of Visibility in Object-oriented PHP. A good place to start would be [This SO answer](https://stackoverflow.com/questions/4361553/what-is-the-difference-between-public-private-and-protected) – Javier Larroulet Feb 26 '19 at 13:45
  • I understand visibility and understand that the call back is getting called from outside the Register Class . I have written that in my question . I had specifically asked how to achieve url barring for the callback and calling the callback from outside the class simultaneously in such cases . – Knownow Feb 26 '19 at 14:02
  • Who is going to know about the callback? The method name isn't going to be visible to anyone. How will sombody know enough to attempt accessing it via http? – DFriend Feb 26 '19 at 21:01

0 Answers0