From e905702803ffd6e4ba52c1fed7e1b2b09939230c Mon Sep 17 00:00:00 2001
From: Kolyunya <oleynikovny@mail.ru>
Date: Mon, 19 Dec 2022 12:45:46 +0200
Subject: [PATCH] Eliminate magic constants usage

---
 README.md                                   | 2 +-
 examples/recaptcha-v2-checkbox-explicit.php | 8 +++++---
 examples/recaptcha-v2-checkbox.php          | 8 +++++---
 examples/recaptcha-v2-invisible.php         | 8 +++++---
 src/ReCaptcha/ReCaptcha.php                 | 6 ++++++
 5 files changed, 22 insertions(+), 10 deletions(-)

diff --git a/README.md b/README.md
index 4a765c6..676d725 100644
--- a/README.md
+++ b/README.md
@@ -66,7 +66,7 @@ This library comes in when you need to verify the user's response. On the PHP
 side you need the response from the reCAPTCHA service and secret key from your
 credentials. Instantiate the `ReCaptcha` class with your secret key, specify any
 additional validation rules, and then call `verify()` with the reCAPTCHA
-response (usually in `$_POST['g-recaptcha-response']` or the response from
+response (usually in `$_POST[\ReCaptcha\ReCaptcha::USER_TOKEN_PARAMETER]` or the response from
 `grecaptcha.execute()` in JS which is in `$gRecaptchaResponse` in the example)
 and user's IP address. For example:
 
diff --git a/examples/recaptcha-v2-checkbox-explicit.php b/examples/recaptcha-v2-checkbox-explicit.php
index fb429a2..a6d6153 100644
--- a/examples/recaptcha-v2-checkbox-explicit.php
+++ b/examples/recaptcha-v2-checkbox-explicit.php
@@ -37,6 +37,8 @@
 // not install via Composer.
 require_once __DIR__ . '/../vendor/autoload.php';
 
+use ReCaptcha\ReCaptcha;
+
 // Register API keys at https://www.google.com/recaptcha/admin
 $siteKey = '';
 $secret = '';
@@ -77,7 +79,7 @@
     <h2>Add your keys</h2>
     <p>If you do not have keys already then visit <kbd> <a href = "https://www.google.com/recaptcha/admin">https://www.google.com/recaptcha/admin</a></kbd> to generate them. Edit this file and set the respective keys in the <kbd>config.php</kbd> file or directly to <kbd>$siteKey</kbd> and <kbd>$secret</kbd>. Reload the page after this.</p>
     <?php
-elseif (isset($_POST['g-recaptcha-response'])):
+elseif (isset($_POST[ReCaptcha::USER_TOKEN_PARAMETER])):
     // The POST data here is unfiltered because this is an example.
     // In production, *always* sanitise and validate your input'
     ?>
@@ -86,7 +88,7 @@
         <?php
     // If the form submission includes the "g-captcha-response" field
     // Create an instance of the service using your secret
-    $recaptcha = new \ReCaptcha\ReCaptcha($secret);
+    $recaptcha = new ReCaptcha($secret);
 
     // If file_get_contents() is locked down on your PHP installation to disallow
     // its use with URLs, then you can use the alternative request method instead.
@@ -94,7 +96,7 @@
     //  $recaptcha = new \ReCaptcha\ReCaptcha($secret, new \ReCaptcha\RequestMethod\SocketPost());
     // Make the call to verify the response and also pass the user's IP address
     $resp = $recaptcha->setExpectedHostname($_SERVER['SERVER_NAME'])
-                      ->verify($_POST['g-recaptcha-response'], $_SERVER['REMOTE_ADDR']);
+                      ->verify($_POST[ReCaptcha::USER_TOKEN_PARAMETER], $_SERVER['REMOTE_ADDR']);
 
     if ($resp->isSuccess()):
         // If the response is a success, that's it!
diff --git a/examples/recaptcha-v2-checkbox.php b/examples/recaptcha-v2-checkbox.php
index 9395d59..6227ea4 100644
--- a/examples/recaptcha-v2-checkbox.php
+++ b/examples/recaptcha-v2-checkbox.php
@@ -37,6 +37,8 @@
 // not install via Composer.
 require_once __DIR__ . '/../vendor/autoload.php';
 
+use ReCaptcha\ReCaptcha;
+
 // Register API keys at https://www.google.com/recaptcha/admin
 $siteKey = '';
 $secret = '';
@@ -77,7 +79,7 @@
     <h2>Add your keys</h2>
     <p>If you do not have keys already then visit <kbd> <a href = "https://www.google.com/recaptcha/admin">https://www.google.com/recaptcha/admin</a></kbd> to generate them. Edit this file and set the respective keys in the <kbd>config.php</kbd> file or directly to <kbd>$siteKey</kbd> and <kbd>$secret</kbd>. Reload the page after this.</p>
     <?php
-elseif (isset($_POST['g-recaptcha-response'])):
+elseif (isset($_POST[ReCaptcha::USER_TOKEN_PARAMETER])):
     // The POST data here is unfiltered because this is an example.
     // In production, *always* sanitise and validate your input'
     ?>
@@ -86,7 +88,7 @@
         <?php
     // If the form submission includes the "g-captcha-response" field
     // Create an instance of the service using your secret
-    $recaptcha = new \ReCaptcha\ReCaptcha($secret);
+    $recaptcha = new ReCaptcha($secret);
 
     // If file_get_contents() is locked down on your PHP installation to disallow
     // its use with URLs, then you can use the alternative request method instead.
@@ -95,7 +97,7 @@
 
     // Make the call to verify the response and also pass the user's IP address
     $resp = $recaptcha->setExpectedHostname($_SERVER['SERVER_NAME'])
-                      ->verify($_POST['g-recaptcha-response'], $_SERVER['REMOTE_ADDR']);
+                      ->verify($_POST[ReCaptcha::USER_TOKEN_PARAMETER], $_SERVER['REMOTE_ADDR']);
     if ($resp->isSuccess()):
         // If the response is a success, that's it!
         ?>
diff --git a/examples/recaptcha-v2-invisible.php b/examples/recaptcha-v2-invisible.php
index c3b9397..cf8b920 100644
--- a/examples/recaptcha-v2-invisible.php
+++ b/examples/recaptcha-v2-invisible.php
@@ -37,6 +37,8 @@
 // not install via Composer.
 require_once __DIR__ . '/../vendor/autoload.php';
 
+use ReCaptcha\ReCaptcha;
+
 // Register API keys at https://www.google.com/recaptcha/admin
 $siteKey = '';
 $secret = '';
@@ -77,7 +79,7 @@
     <h2>Add your keys</h2>
     <p>If you do not have keys already then visit <kbd> <a href = "https://www.google.com/recaptcha/admin">https://www.google.com/recaptcha/admin</a></kbd> to generate them. Edit this file and set the respective keys in <kbd>$siteKey</kbd> and <kbd>$secret</kbd>. Reload the page after this.</p>
     <?php
-elseif (isset($_POST['g-recaptcha-response'])):
+elseif (isset($_POST[ReCaptcha::USER_TOKEN_PARAMETER])):
     // The POST data here is unfiltered because this is an example.
     // In production, *always* sanitise and validate your input'
     ?>
@@ -86,7 +88,7 @@
         <?php
     // If the form submission includes the "g-captcha-response" field
     // Create an instance of the service using your secret
-    $recaptcha = new \ReCaptcha\ReCaptcha($secret);
+    $recaptcha = new ReCaptcha($secret);
 
     // If file_get_contents() is locked down on your PHP installation to disallow
     // its use with URLs, then you can use the alternative request method instead.
@@ -95,7 +97,7 @@
 
     // Make the call to verify the response and also pass the user's IP address
     $resp = $recaptcha->setExpectedHostname($_SERVER['SERVER_NAME'])
-                      ->verify($_POST['g-recaptcha-response'], $_SERVER['REMOTE_ADDR']);
+                      ->verify($_POST[ReCaptcha::USER_TOKEN_PARAMETER], $_SERVER['REMOTE_ADDR']);
     if ($resp->isSuccess()):
         // If the response is a success, that's it!
         ?>
diff --git a/src/ReCaptcha/ReCaptcha.php b/src/ReCaptcha/ReCaptcha.php
index 31ec44a..58a0887 100644
--- a/src/ReCaptcha/ReCaptcha.php
+++ b/src/ReCaptcha/ReCaptcha.php
@@ -51,6 +51,12 @@ class ReCaptcha
      */
     const SITE_VERIFY_URL = 'https://www.google.com/recaptcha/api/siteverify';
 
+    /**
+     * User response token parameter name
+     * @const string
+     */
+    const USER_TOKEN_PARAMETER = 'g-recaptcha-response';
+
     /**
      * Invalid JSON received
      * @const string