Replace reCAPTCHA with Captcheck

index.php

@@ -18,7 +18,7 @@ $userpass_ok = false;
 $multiauth = false;
 if (checkLoginServer()) {
     if ($VARS['progress'] == "1") {
-        if (!RECAPTCHA_ENABLED || (RECAPTCHA_ENABLED && verifyReCaptcha($VARS['g-recaptcha-response']))) {
+        if (!CAPTCHA_ENABLED || (CAPTCHA_ENABLED && verifyCaptcheck($VARS['captcheck_session_code'], $VARS['captcheck_selected_answer'], CAPTCHA_SERVER . "/api.php"))) {
             $errmsg = "";
             if (authenticate_user($VARS['username'], $VARS['password'], $errmsg)) {
                 switch (get_account_status($VARS['username'])) {
@@ -97,8 +97,8 @@ header("Link: <static/js/bootstrap.min.js>; rel=preload; as=script", false);
         <link href="static/css/bootstrap.min.css" rel="stylesheet">
         <link href="static/css/material-color/material-color.min.css" rel="stylesheet">
         <link href="static/css/index.css" rel="stylesheet">
-        <?php if (RECAPTCHA_ENABLED) { ?>
+        <?php if (CAPTCHA_ENABLED) { ?>
-            <script src='https://www.google.com/recaptcha/api.js'></script>
+            <script src="<?php echo CAPTCHA_SERVER ?>/captcheck.js"></script>
         <?php } ?>
     </head>
     <body>
@@ -125,8 +125,8 @@ header("Link: <static/js/bootstrap.min.js>; rel=preload; as=script", false);
                             ?>
                             <input type="text" class="form-control" name="username" placeholder="<?php lang("username"); ?>" required="required" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false" autofocus /><br />
                             <input type="password" class="form-control" name="password" placeholder="<?php lang("password"); ?>" required="required" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false" /><br />
-                            <?php if (RECAPTCHA_ENABLED) { ?>
+                            <?php if (CAPTCHA_ENABLED) { ?>
-                                <div class="g-recaptcha" data-sitekey="<?php echo RECAPTCHA_SITE_KEY; ?>"></div>
+                                <div class="captcheck_container" data-stylenonce="<?php echo $SECURE_NONCE; ?>"></div>
                                 <br />
                             <?php } ?>
                             <input type="hidden" name="progress" value="1" />

lib/login.php

@@ -308,29 +308,26 @@ function simLogin($username, $password) {
     }
 }
 
-function verifyReCaptcha($code) {
+function verifyCaptcheck($session, $answer, $url) {
-    try {
+    $data = [
-        $client = new GuzzleHttp\Client();
+        'session_id' => $session,
-
+        'answer_id' => $answer,
-        $response = $client
+        'action' => "verify"
-                ->request('POST', "https://www.google.com/recaptcha/api/siteverify", [
+    ];
-            'form_params' => [
+    $options = [
-                'secret' => RECAPTCHA_SECRET_KEY,
+        'http' => [
-                'response' => $code
+            'header' => "Content-type: application/x-www-form-urlencoded\r\n",
-            ]
+            'method' => 'POST',
-        ]);
+            'content' => http_build_query($data)
-
+        ]
-        if ($response->getStatusCode() != 200) {
+    ];
-            return false;
+    $context = stream_context_create($options);
-        }
+    $result = file_get_contents($url, false, $context);
-
+    $resp = json_decode($result, TRUE);
-        $resp = json_decode($response->getBody(), TRUE);
+    if (!$resp['result']) {
-        if ($resp['success'] === true) {
-            return true;
-        }
-        return false;
-    } catch (Exception $e) {
         return false;
+    } else {
+        return true;
     }
 }
 

required.php

@@ -8,6 +8,9 @@
  * This file contains global settings and utility functions.
  */
 ob_start(); // allow sending headers after content
+// Settings file
+require __DIR__ . '/settings.php';
+
 // Unicode, solves almost all stupid encoding problems
 header('Content-Type: text/html; charset=utf-8');
 
@@ -28,6 +31,7 @@ session_start(); // stick some cookies in it
 // renew session cookie
 setcookie(session_name(), session_id(), time() + $session_length);
 
+$captcha_server = (CAPTCHA_ENABLED === true ? preg_replace("/http(s)?:\/\//", "", CAPTCHA_SERVER) : "");
 if ($_SESSION['mobile'] === TRUE) {
     header("Content-Security-Policy: "
             . "default-src 'self';"
@@ -37,8 +41,8 @@ if ($_SESSION['mobile'] === TRUE) {
             . "frame-src 'none'; "
             . "font-src 'self'; "
             . "connect-src *; "
-            . "style-src 'self' 'unsafe-inline'; "
+            . "style-src 'self' 'unsafe-inline' $captcha_server; "
-            . "script-src 'self' 'unsafe-inline'");
+            . "script-src 'self' 'unsafe-inline' $captcha_server");
 } else {
     header("Content-Security-Policy: "
             . "default-src 'self';"
@@ -48,16 +52,14 @@ if ($_SESSION['mobile'] === TRUE) {
             . "frame-src 'none'; "
             . "font-src 'self'; "
             . "connect-src *; "
-            . "style-src 'self' 'nonce-$SECURE_NONCE'; "
+            . "style-src 'self' 'nonce-$SECURE_NONCE' $captcha_server; "
-            . "script-src 'self' 'nonce-$SECURE_NONCE'");
+            . "script-src 'self' 'nonce-$SECURE_NONCE' $captcha_server");
 }
 
 //
 // Composer
 require __DIR__ . '/vendor/autoload.php';
 
-// Settings file
-require __DIR__ . '/settings.php';
 // List of alert messages
 require __DIR__ . '/lang/messages.php';
 // text strings (i18n)

settings.template.php

@@ -20,33 +20,24 @@ define("DB_CHARSET", "utf8");
 // Name of the app.
 define("SITE_TITLE", "Web App Template");
 
-// Which pages to show the app icon on:
+
-// index, app, both, none
+// URL of the AccountHub API endpoint
-define("SHOW_ICON", "both");
-// Where to put the icon: top or menu
-// Overridden to 'menu' if MENU_BAR_STYLE is 'fixed'.
-define("ICON_POSITION", "menu");
-// App menu bar style: fixed or static
-define("MENU_BAR_STYLE", "fixed");
-
-// URL of the Business Portal API endpoint
 define("PORTAL_API", "http://localhost/accounthub/api.php");
-// URL of the Portal home page
+// URL of the AccountHub home page
 define("PORTAL_URL", "http://localhost/accounthub/home.php");
-// Business Portal API Key
+// AccountHub API Key
 define("PORTAL_KEY", "123");
 
 // For supported values, see http://php.net/manual/en/timezones.php
 define("TIMEZONE", "America/Denver");
 
 // Base URL for site links.
-define('URL', 'http://localhost/app');
+define('URL', '.');
 
-// Use reCAPTCHA on login screen
+// Use Captcheck on login screen
-// https://www.google.com/recaptcha/
+// https://captcheck.netsyms.com
-define("RECAPTCHA_ENABLED", FALSE);
+define("CAPTCHA_ENABLED", FALSE);
-define('RECAPTCHA_SITE_KEY', '');
+define('CAPTCHA_SERVER', 'https://captcheck.netsyms.com');
-define('RECAPTCHA_SECRET_KEY', '');
 
 // See lang folder for language options
 define('LANGUAGE', "en_us");