Bläddra i källkod

Remove captcha-related code, since login is done by AccountHub now

master
Skylar Ittner 11 månader sedan
förälder
incheckning
106e697fc3
4 ändrade filer med 4 tillägg och 44 borttagningar
  1. 0
    1
      langs/en/core.json
  2. 0
    23
      lib/Login.lib.php
  3. 4
    5
      required.php
  4. 0
    15
      settings.template.php

+ 0
- 1
langs/en/core.json Visa fil

@@ -11,6 +11,5 @@
"invalid parameters": "Invalid request parameters.",
"login server error": "The login server returned an error: {arg}",
"login server user data error": "The login server refused to provide account information. Try again or contact technical support.",
"captcha error": "There was a problem with the CAPTCHA (robot test). Try again.",
"no access permission": "You do not have permission to access this system."
}

+ 0
- 23
lib/Login.lib.php Visa fil

@@ -45,29 +45,6 @@ class Login {
return Login::LOGIN_OK;
}

public static function verifyCaptcha(string $session, string $answer, string $url): bool {
$data = [
'session_id' => $session,
'answer_id' => $answer,
'action' => "verify"
];
$options = [
'http' => [
'header' => "Content-type: application/x-www-form-urlencoded\r\n",
'method' => 'POST',
'content' => http_build_query($data)
]
];
$context = stream_context_create($options);
$result = file_get_contents($url, false, $context);
$resp = json_decode($result, TRUE);
if (!$resp['result']) {
return false;
} else {
return true;
}
}

/**
* Check the login server API for sanity
* @return boolean true if OK, else false

+ 4
- 5
required.php Visa fil

@@ -32,7 +32,6 @@ session_start(); // stick some cookies in it
// renew session cookie
setcookie(session_name(), session_id(), time() + $session_length, "/", false, false);

$captcha_server = ($SETTINGS['captcha']['enabled'] === true ? preg_replace("/http(s)?:\/\//", "", $SETTINGS['captcha']['server']) : "");
if ($_SESSION['mobile'] === TRUE) {
header("Content-Security-Policy: "
. "default-src 'self';"
@@ -42,8 +41,8 @@ if ($_SESSION['mobile'] === TRUE) {
. "frame-src 'none'; "
. "font-src 'self'; "
. "connect-src *; "
. "style-src 'self' 'unsafe-inline' $captcha_server; "
. "script-src 'self' 'unsafe-inline' $captcha_server");
. "style-src 'self' 'unsafe-inline'; "
. "script-src 'self' 'unsafe-inline'");
} else {
header("Content-Security-Policy: "
. "default-src 'self';"
@@ -53,8 +52,8 @@ if ($_SESSION['mobile'] === TRUE) {
. "frame-src 'none'; "
. "font-src 'self'; "
. "connect-src *; "
. "style-src 'self' 'nonce-$SECURE_NONCE' $captcha_server; "
. "script-src 'self' 'nonce-$SECURE_NONCE' $captcha_server");
. "style-src 'self' 'nonce-$SECURE_NONCE'; "
. "script-src 'self' 'nonce-$SECURE_NONCE'");
}

//

+ 0
- 15
settings.template.php Visa fil

@@ -15,7 +15,6 @@ $SETTINGS = [
// Turning this on in production is a security risk and can sometimes break
// things, such as JSON output where extra content is not expected.
"debug" => false,

// Database connection settings
// See http://medoo.in/api/new for info
"database" => [
@@ -26,10 +25,8 @@ $SETTINGS = [
"password" => "",
"charset" => "utf8"
],

// Name of the app.
"site_title" => "Web App Template",

// Settings for connecting to the AccountHub server.
"accounthub" => [
// URL for the API endpoint
@@ -39,26 +36,14 @@ $SETTINGS = [
// API key
"key" => "123"
],

// For supported values, see http://php.net/manual/en/timezones.php
"timezone" => "America/Denver",

// Use Captcheck on login screen to slow down bots
// https://captcheck.netsyms.com
"captcha" => [
"enabled" => false,
"server" => "https://captcheck.netsyms.com"
],

// Language to use for localization. See langs folder to add a language.
"language" => "en",

// Shown in the footer of all the pages.
"footer_text" => "",

// Also shown in the footer, but with "Copyright <current_year>" in front.
"copyright" => "Netsyms Technologies",

// Base URL for building links relative to the location of the app.
// Only used when there's no good context for the path.
// The default is almost definitely fine.

Laddar…
Avbryt
Spara