From 368cb6bbbfcbd91ddedad1397aa7ca9505b737fc Mon Sep 17 00:00:00 2001 From: Skylar Ittner Date: Sat, 4 Jul 2020 17:00:59 -0600 Subject: [PATCH] Add text captcha to signup --- langs/en/signup.json | 3 ++- signup/index.php | 28 +++++++++++++++++++++++++++- 2 files changed, 29 insertions(+), 2 deletions(-) diff --git a/langs/en/signup.json b/langs/en/signup.json index bef509b..dfa8b50 100644 --- a/langs/en/signup.json +++ b/langs/en/signup.json @@ -9,5 +9,6 @@ "That email address doesn't look right.": "That email address doesn't look right.", "Please enter your username (4-100 characters, alphanumeric).": "Please enter your username (4-100 characters, alphanumeric).", "That password is one of the most popular and insecure ever, make a better one.": "That password is one of the most popular and insecure ever, make a better one.", - "Account creation not allowed. Contact the site administrator for an account.": "Account creation not allowed. Contact the site administrator for an account." + "Account creation not allowed. Contact the site administrator for an account.": "Account creation not allowed. Contact the site administrator for an account.", + "CAPTCHA answer incorrect.": "CAPTCHA answer incorrect." } diff --git a/signup/index.php b/signup/index.php index a429954..5ced7a1 100644 --- a/signup/index.php +++ b/signup/index.php @@ -13,6 +13,15 @@ if ($SETTINGS['signups_enabled'] !== true) { function showHTML($errormsg = null, $genform = true, $noformcontent = "", $title = null) { global $SETTINGS, $SECURE_NONCE, $Strings; + + try { + $textcaptcha = json_decode(file_get_contents("https://api.textcaptcha.com/netsyms.com.json")); + $captchaquestion = $textcaptcha->q; + $_SESSION["textcaptchaanswers"] = $textcaptcha->a; + } catch (Exception $ex) { + $captchaquestion = ""; + } + $form = new FormBuilder("", "", "", "POST"); $form->setID("signupform"); @@ -21,6 +30,11 @@ function showHTML($errormsg = null, $genform = true, $noformcontent = "", $title $form->addInput("password", "", "password", true, null, null, "Password", "fas fa-lock", 6, $SETTINGS['min_password_length'], 255, "", $Strings->build("Your password must be at least {n} characters long.", ["n" => $SETTINGS['min_password_length']], false)); $form->addInput("email", "", "email", false, null, null, "Email", "fas fa-envelope", 6, 5, 255, "", $Strings->get("That email address doesn't look right.", false)); $form->addInput("name", "", "text", true, null, null, "Name", "fas fa-user", 6, 2, 200, "", $Strings->get("Enter your name.", false)); + if (!empty($captchaquestion)) { + $form->addInput("textcaptcha", "", "text", true, null, null, "$captchaquestion", "fas fa-robot", 12, 1, 200, "", ""); + } else { + $form->addHiddenInput("textcaptcha", "DISABLE" . hash("sha1", hash("md5", date("Ymd")))); + } $form->addHiddenInput("code", empty($_GET["code"]) ? "" : $_GET["code"]); $form->addHiddenInput("redirect", empty($_GET["redirect"]) ? "" : $_GET["code"]); @@ -150,6 +164,18 @@ if (!empty($_POST['email']) && !filter_var($_POST['email'], FILTER_VALIDATE_EMAI if (empty($_POST['name'])) { showHTML($Strings->get("Enter your name.", false)); } +if ($_POST["textcaptcha"] != "DISABLE" . hash("sha1", hash("md5", date("Ymd")))) { + $answer = hash("md5", strtolower($_POST["textcaptcha"])); + $ok = false; + foreach ($_SESSION["textcaptchaanswers"] as $ans) { + if ($ans == $answer) { + $ok = true; + } + } + if (!$ok) { + showHTML($Strings->get("CAPTCHA answer incorrect.", false)); + } +} // Create account @@ -167,7 +193,7 @@ if (!empty($code)) { END , $Strings->get("Account Created", false)); } else { - showHTML(null, false, <<
$signinstr