forked from Business/AccountHub
		
	Switch from reCAPTCHA to Captcheck
This commit is contained in:
		
							parent
							
								
									fea9e372c8
								
							
						
					
					
						commit
						606b286b1e
					
				
							
								
								
									
										11
									
								
								index.php
									
									
									
									
									
								
							
							
						
						
									
										11
									
								
								index.php
									
									
									
									
									
								
							| @ -1,5 +1,4 @@ | |||||||
| <?php | <?php | ||||||
| 
 |  | ||||||
| /* This Source Code Form is subject to the terms of the Mozilla Public | /* This Source Code Form is subject to the terms of the Mozilla Public | ||||||
|  * License, v. 2.0. If a copy of the MPL was not distributed with this |  * License, v. 2.0. If a copy of the MPL was not distributed with this | ||||||
|  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | ||||||
| @ -24,7 +23,7 @@ $multiauth = false; | |||||||
| $change_password = false; | $change_password = false; | ||||||
| if ($VARS['progress'] == "1") { | if ($VARS['progress'] == "1") { | ||||||
|     engageRateLimit(); |     engageRateLimit(); | ||||||
|     if (!RECAPTCHA_ENABLED || (RECAPTCHA_ENABLED && verifyReCaptcha($VARS['g-recaptcha-response']))) { |     if (!CAPTCHA_ENABLED || (CAPTCHA_ENABLED && verifyCaptcheck($VARS['captcheck_session_code'], $VARS['captcheck_selected_answer'], CAPTCHA_SERVER . "/api.php"))) { | ||||||
|         $autherror = ""; |         $autherror = ""; | ||||||
|         if (user_exists($VARS['username'])) { |         if (user_exists($VARS['username'])) { | ||||||
|             $status = get_account_status($VARS['username'], $error); |             $status = get_account_status($VARS['username'], $error); | ||||||
| @ -149,8 +148,8 @@ if ($VARS['progress'] == "1") { | |||||||
|         <link href="static/css/font-awesome.min.css" rel="stylesheet"> |         <link href="static/css/font-awesome.min.css" rel="stylesheet"> | ||||||
|         <link href="static/css/material-color/material-color.min.css" rel="stylesheet"> |         <link href="static/css/material-color/material-color.min.css" rel="stylesheet"> | ||||||
|         <link href="static/css/app.css" rel="stylesheet"> |         <link href="static/css/app.css" rel="stylesheet"> | ||||||
|         <?php if (RECAPTCHA_ENABLED) { ?>
 |         <?php if (CAPTCHA_ENABLED) { ?>
 | ||||||
|             <script src='https://www.google.com/recaptcha/api.js'></script> |             <script src="<?php echo CAPTCHA_SERVER ?>/captcheck.dist.js"></script> | ||||||
|         <?php } ?>
 |         <?php } ?>
 | ||||||
|     </head> |     </head> | ||||||
|     <body> |     <body> | ||||||
| @ -202,8 +201,8 @@ if ($VARS['progress'] == "1") { | |||||||
|                                     ?>
 |                                     ?>
 | ||||||
|                                     <input type="text" class="form-control" name="username" placeholder="<?php lang("username"); ?>" required="required" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false" autofocus /><br /> |                                     <input type="text" class="form-control" name="username" placeholder="<?php lang("username"); ?>" required="required" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false" autofocus /><br /> | ||||||
|                                     <input type="password" class="form-control" name="password" placeholder="<?php lang("password"); ?>" required="required" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false" /><br /> |                                     <input type="password" class="form-control" name="password" placeholder="<?php lang("password"); ?>" required="required" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false" /><br /> | ||||||
|                                     <?php if (RECAPTCHA_ENABLED) { ?>
 |                                     <?php if (CAPTCHA_ENABLED) { ?>
 | ||||||
|                                         <div class="g-recaptcha" data-sitekey="<?php echo RECAPTCHA_SITE_KEY; ?>"></div> |                                         <div class="captcheck_container" data-stylenonce="<?php echo $SECURE_NONCE; ?>"></div> | ||||||
|                                         <br /> |                                         <br /> | ||||||
|                                     <?php } ?>
 |                                     <?php } ?>
 | ||||||
|                                     <input type="hidden" name="progress" value="1" /> |                                     <input type="hidden" name="progress" value="1" /> | ||||||
|  | |||||||
| @ -341,30 +341,26 @@ function insertAuthLog($type, $uid = null, $data = "") { | |||||||
|     $database->insert("authlog", ['logtime' => date("Y-m-d H:i:s"), 'logtype' => $type, 'uid' => $uid, 'ip' => $ip, 'otherdata' => $data]); |     $database->insert("authlog", ['logtime' => date("Y-m-d H:i:s"), 'logtype' => $type, 'uid' => $uid, 'ip' => $ip, 'otherdata' => $data]); | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| function verifyReCaptcha($response) { | function verifyCaptcheck($session, $answer, $url) { | ||||||
|     try { |     $data = [ | ||||||
|         $client = new GuzzleHttp\Client(); |         'session_id' => $session, | ||||||
| 
 |         'answer_id' => $answer, | ||||||
|         $response = $client |         'action' => "verify" | ||||||
|                 ->request('POST', "https://www.google.com/recaptcha/api/siteverify", [ |     ]; | ||||||
|             'form_params' => [ |     $options = [ | ||||||
|                 'secret' => RECAPTCHA_SECRET_KEY, |         'http' => [ | ||||||
|                 'response' => $response |             'header' => "Content-type: application/x-www-form-urlencoded\r\n", | ||||||
|  |             'method' => 'POST', | ||||||
|  |             'content' => http_build_query($data) | ||||||
|         ] |         ] | ||||||
|         ]); |     ]; | ||||||
| 
 |     $context = stream_context_create($options); | ||||||
|         if ($response->getStatusCode() != 200) { |     $result = file_get_contents($url, false, $context); | ||||||
|  |     $resp = json_decode($result, TRUE); | ||||||
|  |     if (!$resp['result']) { | ||||||
|         return false; |         return false; | ||||||
|         } |  | ||||||
| 
 |  | ||||||
|         $resp = json_decode($response->getBody(), TRUE); |  | ||||||
|         if ($resp['success'] === true) { |  | ||||||
|             return true; |  | ||||||
|     } else { |     } else { | ||||||
|             return false; |         return true; | ||||||
|         } |  | ||||||
|     } catch (Exception $e) { |  | ||||||
|         return false; |  | ||||||
|     } |     } | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
|  | |||||||
							
								
								
									
										19
									
								
								required.php
									
									
									
									
									
								
							
							
						
						
									
										19
									
								
								required.php
									
									
									
									
									
								
							| @ -8,6 +8,13 @@ | |||||||
|  * This file contains global settings and utility functions. |  * This file contains global settings and utility functions. | ||||||
|  */ |  */ | ||||||
| ob_start(); // allow sending headers after content
 | ob_start(); // allow sending headers after content
 | ||||||
|  | //
 | ||||||
|  | // Composer
 | ||||||
|  | require __DIR__ . '/vendor/autoload.php'; | ||||||
|  | 
 | ||||||
|  | // Settings file
 | ||||||
|  | require __DIR__ . '/settings.php'; | ||||||
|  | 
 | ||||||
| // Unicode, solves almost all stupid encoding problems
 | // Unicode, solves almost all stupid encoding problems
 | ||||||
| header('Content-Type: text/html; charset=utf-8'); | header('Content-Type: text/html; charset=utf-8'); | ||||||
| 
 | 
 | ||||||
| @ -27,6 +34,7 @@ session_start(); // stick some cookies in it | |||||||
| //// renew session cookie
 | //// renew session cookie
 | ||||||
| setcookie(session_name(), session_id(), time() + $session_length); | setcookie(session_name(), session_id(), time() + $session_length); | ||||||
| 
 | 
 | ||||||
|  | $captcha_server = (CAPTCHA_ENABLED === true ? preg_replace("/http(s)?:\/\//", "", CAPTCHA_SERVER) : ""); | ||||||
| if ($_SESSION['mobile'] === TRUE) { | if ($_SESSION['mobile'] === TRUE) { | ||||||
|     header("Content-Security-Policy: " |     header("Content-Security-Policy: " | ||||||
|             . "default-src 'self';" |             . "default-src 'self';" | ||||||
| @ -37,7 +45,7 @@ if ($_SESSION['mobile'] === TRUE) { | |||||||
|             . "font-src 'self'; " |             . "font-src 'self'; " | ||||||
|             . "connect-src *; " |             . "connect-src *; " | ||||||
|             . "style-src 'self' 'unsafe-inline'; " |             . "style-src 'self' 'unsafe-inline'; " | ||||||
|             . "script-src 'self' 'unsafe-inline'"); |             . "script-src 'self' 'unsafe-inline' $captcha_server"); | ||||||
| } else { | } else { | ||||||
|     header("Content-Security-Policy: " |     header("Content-Security-Policy: " | ||||||
|             . "default-src 'self';" |             . "default-src 'self';" | ||||||
| @ -48,14 +56,9 @@ if ($_SESSION['mobile'] === TRUE) { | |||||||
|             . "font-src 'self'; " |             . "font-src 'self'; " | ||||||
|             . "connect-src *; " |             . "connect-src *; " | ||||||
|             . "style-src 'self' 'nonce-$SECURE_NONCE'; " |             . "style-src 'self' 'nonce-$SECURE_NONCE'; " | ||||||
|             . "script-src 'self' 'nonce-$SECURE_NONCE'"); |             . "script-src 'self' 'nonce-$SECURE_NONCE' $captcha_server"); | ||||||
| } | } | ||||||
| //
 |  | ||||||
| // Composer
 |  | ||||||
| require __DIR__ . '/vendor/autoload.php'; |  | ||||||
| 
 | 
 | ||||||
| // Settings file
 |  | ||||||
| require __DIR__ . '/settings.php'; |  | ||||||
| // List of alert messages
 | // List of alert messages
 | ||||||
| require __DIR__ . '/lang/messages.php'; | require __DIR__ . '/lang/messages.php'; | ||||||
| // text strings (i18n)
 | // text strings (i18n)
 | ||||||
| @ -76,7 +79,7 @@ function sendError($error) { | |||||||
|             . "<h1>A fatal application error has occurred.</h1>" |             . "<h1>A fatal application error has occurred.</h1>" | ||||||
|             . "<i>(This isn't your fault.)</i>" |             . "<i>(This isn't your fault.)</i>" | ||||||
|             . "<h2>Details:</h2>" |             . "<h2>Details:</h2>" | ||||||
|             . "<p>". htmlspecialchars($error) . "</p>"); |             . "<p>" . htmlspecialchars($error) . "</p>"); | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| date_default_timezone_set(TIMEZONE); | date_default_timezone_set(TIMEZONE); | ||||||
|  | |||||||
| @ -64,11 +64,10 @@ define("MOBILE_ENABLED", TRUE); | |||||||
| // Base URL for site links.
 | // Base URL for site links.
 | ||||||
| define('URL', 'http://localhost/accounthub'); | define('URL', 'http://localhost/accounthub'); | ||||||
| 
 | 
 | ||||||
| // Use reCAPTCHA on login screen
 | // Use Captcheck on login screen
 | ||||||
| // https://www.google.com/recaptcha/
 | // https://captcheck.netsyms.com
 | ||||||
| define("RECAPTCHA_ENABLED", FALSE); | define("CAPTCHA_ENABLED", FALSE); | ||||||
| define('RECAPTCHA_SITE_KEY', ''); | define('CAPTCHA_SERVER', 'https://captcheck.netsyms.com'); | ||||||
| define('RECAPTCHA_SECRET_KEY', ''); |  | ||||||
| 
 | 
 | ||||||
| // API URL and index URL for TaskFloor
 | // API URL and index URL for TaskFloor
 | ||||||
| define('TASKFLOOR_API', 'http://localhost/taskfloor/api.php'); | define('TASKFLOOR_API', 'http://localhost/taskfloor/api.php'); | ||||||
|  | |||||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user