@@ -202,8 +201,8 @@ if ($VARS['progress'] == "1") {
?>
" required="required" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false" autofocus />
" required="required" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false" />
-
-
+
+
diff --git a/lib/login.php b/lib/login.php
index 00b8975..b3660f6 100644
--- a/lib/login.php
+++ b/lib/login.php
@@ -52,8 +52,8 @@ function adduser($username, $password, $realname, $email = null, $phone1 = "", $
* @param string $old The current password
* @param string $new The new password
* @param string $new2 New password again
- * @param [string] $error If the function returns false, this will have an array
- * with a message ID from `lang/messages.php` and (depending on the message) an
+ * @param [string] $error If the function returns false, this will have an array
+ * with a message ID from `lang/messages.php` and (depending on the message) an
* extra string for that message.
* @return boolean true if the password is changed, else false
*/
@@ -282,7 +282,7 @@ function doLoginUser($username, $password) {
/**
* Send an alert email to the system admin
- *
+ *
* Used when an account with the status ALERT_ON_ACCESS logs in
* @param String $username the account username
* @return Mixed TRUE if successful, error string if not
@@ -296,7 +296,7 @@ function sendLoginAlertEmail($username, $appname = SITE_TITLE) {
}
$username = strtolower($username);
-
+
$mail = new PHPMailer;
if (DEBUG) {
@@ -341,30 +341,26 @@ function insertAuthLog($type, $uid = null, $data = "") {
$database->insert("authlog", ['logtime' => date("Y-m-d H:i:s"), 'logtype' => $type, 'uid' => $uid, 'ip' => $ip, 'otherdata' => $data]);
}
-function verifyReCaptcha($response) {
- try {
- $client = new GuzzleHttp\Client();
-
- $response = $client
- ->request('POST', "https://www.google.com/recaptcha/api/siteverify", [
- 'form_params' => [
- 'secret' => RECAPTCHA_SECRET_KEY,
- 'response' => $response
- ]
- ]);
-
- if ($response->getStatusCode() != 200) {
- return false;
- }
-
- $resp = json_decode($response->getBody(), TRUE);
- if ($resp['success'] === true) {
- return true;
- } else {
- return false;
- }
- } catch (Exception $e) {
+function verifyCaptcheck($session, $answer, $url) {
+ $data = [
+ 'session_id' => $session,
+ 'answer_id' => $answer,
+ 'action' => "verify"
+ ];
+ $options = [
+ 'http' => [
+ 'header' => "Content-type: application/x-www-form-urlencoded\r\n",
+ 'method' => 'POST',
+ 'content' => http_build_query($data)
+ ]
+ ];
+ $context = stream_context_create($options);
+ $result = file_get_contents($url, false, $context);
+ $resp = json_decode($result, TRUE);
+ if (!$resp['result']) {
return false;
+ } else {
+ return true;
}
}
diff --git a/required.php b/required.php
index 790d725..1801afb 100644
--- a/required.php
+++ b/required.php
@@ -8,6 +8,13 @@
* This file contains global settings and utility functions.
*/
ob_start(); // allow sending headers after content
+//
+// Composer
+require __DIR__ . '/vendor/autoload.php';
+
+// Settings file
+require __DIR__ . '/settings.php';
+
// Unicode, solves almost all stupid encoding problems
header('Content-Type: text/html; charset=utf-8');
@@ -27,6 +34,7 @@ session_start(); // stick some cookies in it
//// renew session cookie
setcookie(session_name(), session_id(), time() + $session_length);
+$captcha_server = (CAPTCHA_ENABLED === true ? preg_replace("/http(s)?:\/\//", "", CAPTCHA_SERVER) : "");
if ($_SESSION['mobile'] === TRUE) {
header("Content-Security-Policy: "
. "default-src 'self';"
@@ -37,7 +45,7 @@ if ($_SESSION['mobile'] === TRUE) {
. "font-src 'self'; "
. "connect-src *; "
. "style-src 'self' 'unsafe-inline'; "
- . "script-src 'self' 'unsafe-inline'");
+ . "script-src 'self' 'unsafe-inline' $captcha_server");
} else {
header("Content-Security-Policy: "
. "default-src 'self';"
@@ -48,14 +56,9 @@ if ($_SESSION['mobile'] === TRUE) {
. "font-src 'self'; "
. "connect-src *; "
. "style-src 'self' 'nonce-$SECURE_NONCE'; "
- . "script-src 'self' 'nonce-$SECURE_NONCE'");
+ . "script-src 'self' 'nonce-$SECURE_NONCE' $captcha_server");
}
-//
-// Composer
-require __DIR__ . '/vendor/autoload.php';
-// Settings file
-require __DIR__ . '/settings.php';
// List of alert messages
require __DIR__ . '/lang/messages.php';
// text strings (i18n)
@@ -76,7 +79,7 @@ function sendError($error) {
. "
A fatal application error has occurred.
"
. "(This isn't your fault.)"
. "
Details:
"
- . "
". htmlspecialchars($error) . "
");
+ . "
" . htmlspecialchars($error) . "
");
}
date_default_timezone_set(TIMEZONE);
@@ -183,7 +186,7 @@ function addLangStrings($strings) {
}
/**
- * Add strings to the i18n global array. Accepts an array of language code
+ * Add strings to the i18n global array. Accepts an array of language code
* keys, with the values a key-value array of strings.
* @param array $strings ['en_us' => ['key' => 'value']]
*/
@@ -417,12 +420,12 @@ function getClientIP() {
}
/**
- * Check if the client's IP has been doing too many brute-force-friendly
+ * Check if the client's IP has been doing too many brute-force-friendly
* requests lately.
- * Kills the script with a "friendly" error and response code 429
+ * Kills the script with a "friendly" error and response code 429
* (Too Many Requests) if the last access time in the DB is too near.
- *
- * Also updates the rate_limit table with the latest data and purges old rows.
+ *
+ * Also updates the rate_limit table with the latest data and purges old rows.
* @global type $database
*/
function engageRateLimit() {
diff --git a/settings.template.php b/settings.template.php
index a91eae4..db9da2e 100644
--- a/settings.template.php
+++ b/settings.template.php
@@ -64,11 +64,10 @@ define("MOBILE_ENABLED", TRUE);
// Base URL for site links.
define('URL', 'http://localhost/accounthub');
-// Use reCAPTCHA on login screen
-// https://www.google.com/recaptcha/
-define("RECAPTCHA_ENABLED", FALSE);
-define('RECAPTCHA_SITE_KEY', '');
-define('RECAPTCHA_SECRET_KEY', '');
+// Use Captcheck on login screen
+// https://captcheck.netsyms.com
+define("CAPTCHA_ENABLED", FALSE);
+define('CAPTCHA_SERVER', 'https://captcheck.netsyms.com');
// API URL and index URL for TaskFloor
define('TASKFLOOR_API', 'http://localhost/taskfloor/api.php');