Browse Source

Replace reCAPTCHA with Captcheck

master
Skylar Ittner 1 year ago
parent
commit
a9eb59c936
4 changed files with 41 additions and 51 deletions
  1. 5
    5
      index.php
  2. 19
    22
      lib/login.php
  3. 8
    6
      required.php
  4. 9
    18
      settings.template.php

+ 5
- 5
index.php View File

@@ -18,7 +18,7 @@ $userpass_ok = false;
18 18
 $multiauth = false;
19 19
 if (checkLoginServer()) {
20 20
     if ($VARS['progress'] == "1") {
21
-        if (!RECAPTCHA_ENABLED || (RECAPTCHA_ENABLED && verifyReCaptcha($VARS['g-recaptcha-response']))) {
21
+        if (!CAPTCHA_ENABLED || (CAPTCHA_ENABLED && verifyCaptcheck($VARS['captcheck_session_code'], $VARS['captcheck_selected_answer'], CAPTCHA_SERVER . "/api.php"))) {
22 22
             $errmsg = "";
23 23
             if (authenticate_user($VARS['username'], $VARS['password'], $errmsg)) {
24 24
                 switch (get_account_status($VARS['username'])) {
@@ -97,8 +97,8 @@ header("Link: <static/js/bootstrap.min.js>; rel=preload; as=script", false);
97 97
         <link href="static/css/bootstrap.min.css" rel="stylesheet">
98 98
         <link href="static/css/material-color/material-color.min.css" rel="stylesheet">
99 99
         <link href="static/css/index.css" rel="stylesheet">
100
-        <?php if (RECAPTCHA_ENABLED) { ?>
101
-            <script src='https://www.google.com/recaptcha/api.js'></script>
100
+        <?php if (CAPTCHA_ENABLED) { ?>
101
+            <script src="<?php echo CAPTCHA_SERVER ?>/captcheck.js"></script>
102 102
         <?php } ?>
103 103
     </head>
104 104
     <body>
@@ -125,8 +125,8 @@ header("Link: <static/js/bootstrap.min.js>; rel=preload; as=script", false);
125 125
                             ?>
126 126
                             <input type="text" class="form-control" name="username" placeholder="<?php lang("username"); ?>" required="required" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false" autofocus /><br />
127 127
                             <input type="password" class="form-control" name="password" placeholder="<?php lang("password"); ?>" required="required" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false" /><br />
128
-                            <?php if (RECAPTCHA_ENABLED) { ?>
129
-                                <div class="g-recaptcha" data-sitekey="<?php echo RECAPTCHA_SITE_KEY; ?>"></div>
128
+                            <?php if (CAPTCHA_ENABLED) { ?>
129
+                                <div class="captcheck_container" data-stylenonce="<?php echo $SECURE_NONCE; ?>"></div>
130 130
                                 <br />
131 131
                             <?php } ?>
132 132
                             <input type="hidden" name="progress" value="1" />

+ 19
- 22
lib/login.php View File

@@ -308,29 +308,26 @@ function simLogin($username, $password) {
308 308
     }
309 309
 }
310 310
 
311
-function verifyReCaptcha($code) {
312
-    try {
313
-        $client = new GuzzleHttp\Client();
314
-
315
-        $response = $client
316
-                ->request('POST', "https://www.google.com/recaptcha/api/siteverify", [
317
-            'form_params' => [
318
-                'secret' => RECAPTCHA_SECRET_KEY,
319
-                'response' => $code
320
-            ]
321
-        ]);
322
-
323
-        if ($response->getStatusCode() != 200) {
324
-            return false;
325
-        }
326
-
327
-        $resp = json_decode($response->getBody(), TRUE);
328
-        if ($resp['success'] === true) {
329
-            return true;
330
-        }
331
-        return false;
332
-    } catch (Exception $e) {
311
+function verifyCaptcheck($session, $answer, $url) {
312
+    $data = [
313
+        'session_id' => $session,
314
+        'answer_id' => $answer,
315
+        'action' => "verify"
316
+    ];
317
+    $options = [
318
+        'http' => [
319
+            'header' => "Content-type: application/x-www-form-urlencoded\r\n",
320
+            'method' => 'POST',
321
+            'content' => http_build_query($data)
322
+        ]
323
+    ];
324
+    $context = stream_context_create($options);
325
+    $result = file_get_contents($url, false, $context);
326
+    $resp = json_decode($result, TRUE);
327
+    if (!$resp['result']) {
333 328
         return false;
329
+    } else {
330
+        return true;
334 331
     }
335 332
 }
336 333
 

+ 8
- 6
required.php View File

@@ -8,6 +8,9 @@
8 8
  * This file contains global settings and utility functions.
9 9
  */
10 10
 ob_start(); // allow sending headers after content
11
+// Settings file
12
+require __DIR__ . '/settings.php';
13
+
11 14
 // Unicode, solves almost all stupid encoding problems
12 15
 header('Content-Type: text/html; charset=utf-8');
13 16
 
@@ -28,6 +31,7 @@ session_start(); // stick some cookies in it
28 31
 // renew session cookie
29 32
 setcookie(session_name(), session_id(), time() + $session_length);
30 33
 
34
+$captcha_server = (CAPTCHA_ENABLED === true ? preg_replace("/http(s)?:\/\//", "", CAPTCHA_SERVER) : "");
31 35
 if ($_SESSION['mobile'] === TRUE) {
32 36
     header("Content-Security-Policy: "
33 37
             . "default-src 'self';"
@@ -37,8 +41,8 @@ if ($_SESSION['mobile'] === TRUE) {
37 41
             . "frame-src 'none'; "
38 42
             . "font-src 'self'; "
39 43
             . "connect-src *; "
40
-            . "style-src 'self' 'unsafe-inline'; "
41
-            . "script-src 'self' 'unsafe-inline'");
44
+            . "style-src 'self' 'unsafe-inline' $captcha_server; "
45
+            . "script-src 'self' 'unsafe-inline' $captcha_server");
42 46
 } else {
43 47
     header("Content-Security-Policy: "
44 48
             . "default-src 'self';"
@@ -48,16 +52,14 @@ if ($_SESSION['mobile'] === TRUE) {
48 52
             . "frame-src 'none'; "
49 53
             . "font-src 'self'; "
50 54
             . "connect-src *; "
51
-            . "style-src 'self' 'nonce-$SECURE_NONCE'; "
52
-            . "script-src 'self' 'nonce-$SECURE_NONCE'");
55
+            . "style-src 'self' 'nonce-$SECURE_NONCE' $captcha_server; "
56
+            . "script-src 'self' 'nonce-$SECURE_NONCE' $captcha_server");
53 57
 }
54 58
 
55 59
 //
56 60
 // Composer
57 61
 require __DIR__ . '/vendor/autoload.php';
58 62
 
59
-// Settings file
60
-require __DIR__ . '/settings.php';
61 63
 // List of alert messages
62 64
 require __DIR__ . '/lang/messages.php';
63 65
 // text strings (i18n)

+ 9
- 18
settings.template.php View File

@@ -20,33 +20,24 @@ define("DB_CHARSET", "utf8");
20 20
 // Name of the app.
21 21
 define("SITE_TITLE", "Web App Template");
22 22
 
23
-// Which pages to show the app icon on:
24
-// index, app, both, none
25
-define("SHOW_ICON", "both");
26
-// Where to put the icon: top or menu
27
-// Overridden to 'menu' if MENU_BAR_STYLE is 'fixed'.
28
-define("ICON_POSITION", "menu");
29
-// App menu bar style: fixed or static
30
-define("MENU_BAR_STYLE", "fixed");
31
-
32
-// URL of the Business Portal API endpoint
23
+
24
+// URL of the AccountHub API endpoint
33 25
 define("PORTAL_API", "http://localhost/accounthub/api.php");
34
-// URL of the Portal home page
26
+// URL of the AccountHub home page
35 27
 define("PORTAL_URL", "http://localhost/accounthub/home.php");
36
-// Business Portal API Key
28
+// AccountHub API Key
37 29
 define("PORTAL_KEY", "123");
38 30
 
39 31
 // For supported values, see http://php.net/manual/en/timezones.php
40 32
 define("TIMEZONE", "America/Denver");
41 33
 
42 34
 // Base URL for site links.
43
-define('URL', 'http://localhost/app');
35
+define('URL', '.');
44 36
 
45
-// Use reCAPTCHA on login screen
46
-// https://www.google.com/recaptcha/
47
-define("RECAPTCHA_ENABLED", FALSE);
48
-define('RECAPTCHA_SITE_KEY', '');
49
-define('RECAPTCHA_SECRET_KEY', '');
37
+// Use Captcheck on login screen
38
+// https://captcheck.netsyms.com
39
+define("CAPTCHA_ENABLED", FALSE);
40
+define('CAPTCHA_SERVER', 'https://captcheck.netsyms.com');
50 41
 
51 42
 // See lang folder for language options
52 43
 define('LANGUAGE', "en_us");

Loading…
Cancel
Save