From a9eb59c936c466f39a90a3fdf7489c4a5942aafc Mon Sep 17 00:00:00 2001 From: Skylar Ittner Date: Sun, 15 Apr 2018 19:28:34 -0600 Subject: [PATCH] Replace reCAPTCHA with Captcheck --- index.php | 10 +++++----- lib/login.php | 41 +++++++++++++++++++---------------------- required.php | 14 ++++++++------ settings.template.php | 27 +++++++++------------------ 4 files changed, 41 insertions(+), 51 deletions(-) diff --git a/index.php b/index.php index 4913daf..a34fbf7 100644 --- a/index.php +++ b/index.php @@ -18,7 +18,7 @@ $userpass_ok = false; $multiauth = false; if (checkLoginServer()) { if ($VARS['progress'] == "1") { - if (!RECAPTCHA_ENABLED || (RECAPTCHA_ENABLED && verifyReCaptcha($VARS['g-recaptcha-response']))) { + if (!CAPTCHA_ENABLED || (CAPTCHA_ENABLED && verifyCaptcheck($VARS['captcheck_session_code'], $VARS['captcheck_selected_answer'], CAPTCHA_SERVER . "/api.php"))) { $errmsg = ""; if (authenticate_user($VARS['username'], $VARS['password'], $errmsg)) { switch (get_account_status($VARS['username'])) { @@ -97,8 +97,8 @@ header("Link: ; rel=preload; as=script", false); - - + + @@ -125,8 +125,8 @@ header("Link: ; rel=preload; as=script", false); ?> " required="required" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false" autofocus />
" required="required" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false" />
- -
+ +

diff --git a/lib/login.php b/lib/login.php index cfa7077..46d89e1 100644 --- a/lib/login.php +++ b/lib/login.php @@ -308,29 +308,26 @@ function simLogin($username, $password) { } } -function verifyReCaptcha($code) { - try { - $client = new GuzzleHttp\Client(); - - $response = $client - ->request('POST', "https://www.google.com/recaptcha/api/siteverify", [ - 'form_params' => [ - 'secret' => RECAPTCHA_SECRET_KEY, - 'response' => $code - ] - ]); - - if ($response->getStatusCode() != 200) { - return false; - } - - $resp = json_decode($response->getBody(), TRUE); - if ($resp['success'] === true) { - return true; - } - return false; - } catch (Exception $e) { +function verifyCaptcheck($session, $answer, $url) { + $data = [ + 'session_id' => $session, + 'answer_id' => $answer, + 'action' => "verify" + ]; + $options = [ + 'http' => [ + 'header' => "Content-type: application/x-www-form-urlencoded\r\n", + 'method' => 'POST', + 'content' => http_build_query($data) + ] + ]; + $context = stream_context_create($options); + $result = file_get_contents($url, false, $context); + $resp = json_decode($result, TRUE); + if (!$resp['result']) { return false; + } else { + return true; } } diff --git a/required.php b/required.php index 55e7eec..54cc46f 100644 --- a/required.php +++ b/required.php @@ -8,6 +8,9 @@ * This file contains global settings and utility functions. */ ob_start(); // allow sending headers after content +// Settings file +require __DIR__ . '/settings.php'; + // Unicode, solves almost all stupid encoding problems header('Content-Type: text/html; charset=utf-8'); @@ -28,6 +31,7 @@ session_start(); // stick some cookies in it // renew session cookie setcookie(session_name(), session_id(), time() + $session_length); +$captcha_server = (CAPTCHA_ENABLED === true ? preg_replace("/http(s)?:\/\//", "", CAPTCHA_SERVER) : ""); if ($_SESSION['mobile'] === TRUE) { header("Content-Security-Policy: " . "default-src 'self';" @@ -37,8 +41,8 @@ if ($_SESSION['mobile'] === TRUE) { . "frame-src 'none'; " . "font-src 'self'; " . "connect-src *; " - . "style-src 'self' 'unsafe-inline'; " - . "script-src 'self' 'unsafe-inline'"); + . "style-src 'self' 'unsafe-inline' $captcha_server; " + . "script-src 'self' 'unsafe-inline' $captcha_server"); } else { header("Content-Security-Policy: " . "default-src 'self';" @@ -48,16 +52,14 @@ if ($_SESSION['mobile'] === TRUE) { . "frame-src 'none'; " . "font-src 'self'; " . "connect-src *; " - . "style-src 'self' 'nonce-$SECURE_NONCE'; " - . "script-src 'self' 'nonce-$SECURE_NONCE'"); + . "style-src 'self' 'nonce-$SECURE_NONCE' $captcha_server; " + . "script-src 'self' 'nonce-$SECURE_NONCE' $captcha_server"); } // // Composer require __DIR__ . '/vendor/autoload.php'; -// Settings file -require __DIR__ . '/settings.php'; // List of alert messages require __DIR__ . '/lang/messages.php'; // text strings (i18n) diff --git a/settings.template.php b/settings.template.php index 05dad43..2732b99 100644 --- a/settings.template.php +++ b/settings.template.php @@ -20,33 +20,24 @@ define("DB_CHARSET", "utf8"); // Name of the app. define("SITE_TITLE", "Web App Template"); -// Which pages to show the app icon on: -// index, app, both, none -define("SHOW_ICON", "both"); -// Where to put the icon: top or menu -// Overridden to 'menu' if MENU_BAR_STYLE is 'fixed'. -define("ICON_POSITION", "menu"); -// App menu bar style: fixed or static -define("MENU_BAR_STYLE", "fixed"); - -// URL of the Business Portal API endpoint + +// URL of the AccountHub API endpoint define("PORTAL_API", "http://localhost/accounthub/api.php"); -// URL of the Portal home page +// URL of the AccountHub home page define("PORTAL_URL", "http://localhost/accounthub/home.php"); -// Business Portal API Key +// AccountHub API Key define("PORTAL_KEY", "123"); // For supported values, see http://php.net/manual/en/timezones.php define("TIMEZONE", "America/Denver"); // Base URL for site links. -define('URL', 'http://localhost/app'); +define('URL', '.'); -// Use reCAPTCHA on login screen -// https://www.google.com/recaptcha/ -define("RECAPTCHA_ENABLED", FALSE); -define('RECAPTCHA_SITE_KEY', ''); -define('RECAPTCHA_SECRET_KEY', ''); +// Use Captcheck on login screen +// https://captcheck.netsyms.com +define("CAPTCHA_ENABLED", FALSE); +define('CAPTCHA_SERVER', 'https://captcheck.netsyms.com'); // See lang folder for language options define('LANGUAGE', "en_us");