Issues

ZF-3995: [CAPTCHA] isValid function doesn't make sense

Description

note: I added it as Unknown since Captcha isnt in the component list yet.

The isValid function in Zend_Captcha_Word doesn't make any sense at all. I just downloaded the RC2 version of 1.6 and I noticed the Captcha functionality and I really want to test is as it looks very usable. Generating the image with Zend_Captcha_Image works great but validating it is very unclear:

The manual says it should go like this:

// On subsequent request: // Assume captcha setup as before, and $value is the submitted value: if ($captcha->isValid($value)) { // Validated! }

So it makes sense that $value is the value posted by the user but the function isValid accepts 2 params: $value and $context. The first check in the function checks for the existence of $context[$name]['input'] but that wont be there if you supply only the value (just like in the example). According to the function $content may be left out (null) but that doesnt seem correct at all. A few lines behind the first check (which uses $context instead of $value) $value is overwritten by a key in $context[$name]. So, you can supply $value to the function but it will always get overwritten by the value of $context[$name]['input'].

So to sum it all up : - the docs are wrong - $value isnt used in the function although the docs use it as the only parameter - there is no documentation on what $context exactly should be

edit: i dont know how i can comment myself so ill edit it: its not only a documentation thing here, the $value var is never used in the function so the function should be changed so it will be used or the var must be left out at all.

Comments

This is definitely a documentation issue, and I'm scheduling to fix it for RC3.

Assigned right component

Fixed in trunk and 1.6 release branch

Updating for the 1.6.0 release.

The method still makes no sense in the final 1.6.0 release.

Reopened because the method still makes no sense in the final 1.6.0 release. The description of the bugreport still applys.

First of what the hell is $context? Where does it come from? And why should it have input and id keys? And as reported the value of the $value parameter will be overwritten by the $context parameter input key entry.

Validators only need a value, but can also take an optional $context parameter; typically, this will be the set of values being validated, such as $_POST or $_GET. In Zend_Form, we pass the entire set of values being validated in the form to the $context parameter.

$context is used to provide, well, context to the validator. In the case of a captcha, there are usually multiple values in the dataset that are used to identify and validate it: the "id" field is used so that Zend_Captcha knows which session namespace to look for the token in, and the "input" field is the actual user input that is being tested.

While the logic may make no sense to you, it makes sense to those who have developed it, and, more importantly, it simply works.

Closing the ticket again. Please do not re-open.

Sorry but are you kidding me? There are people who do not use Zend_Form at all.

Did you have ever looked at the method? You have to provide a context parameter, else the method tells you that it is missing the input or id key and the validation fails. So when you have NO context it is not possible to validate the input.

Besides that why do you have to provide the first parameter $value if it gets overwritten in any case by the value of the context parameter, see line 331 of Zend_Captcha_Word.

So, please make the method usable without the use of Zend_Form and its Zend_Captcha Element.

in line 330 the content of $value is always overwritten by the context. you cant do anything about it :-)

additionally $context is a mandatory parameter, if its not set the function returns false, line 326 to 329.

    if (!isset($context[$name]['input'])) {
        $this->_error(self::MISSING_VALUE);
        return false;
    }

I think I understand the issue.

The solution is to assume the value provided is an array, and contains both id and input elements within; that way, $context is not necessary.

Scheduling for next mini release (which, due to code freeze for 1.6.1, means 1.6.2).

Please note: this is NOT a show stopper. You can simply pass the context array when not using Zend_Form.

{quote}The solution is to assume the value provided is an array, and contains both id and input elements within; that way, $context is not necessary.{quote} Why not simply check if the $context is null and skip the checks because they are not needed when not using Zend_Form? Beside that why not even remove these checks completly and move them to Zend_Form.

{quote}Please note: this is NOT a show stopper. You can simply pass the context array when not using Zend_Form.{quote} How is this not a "showstopper"? Its nowhere documentated and it says nowhere how that array should be nested with what elements. Besides that the method looks unlogical in the first moment when you do not know about the senseless relation to Zend_Form.

Passing the context array to the method is in no way logic. I guess normal user will fall into dispair when trying to use Zend_Image_Captcha.

isValid() updated in r12803 in trunk and r12805 in 1.7 release branch.