[TASK] added Feature #120

2026-04-19 03:56:21 +05:30 · 2014-12-14 18:39:52 +01:00 · 2014-12-14 18:39:52 +01:00 · 5eefbe93f8
commit 5eefbe93f8
parent 7421b6266e
4 changed files with 39 additions and 2 deletions
--- a/config/config.ini.example
+++ b/config/config.ini.example
@ -43,6 +43,13 @@ google.publisher = ""
 ; Google analytics
 google.analytics.id = ""

+; Google reCaptcha
+; https://www.google.com/recaptcha/admin
+
+google.reCaptcha = false
+google.reCaptcha.public = ""
+google.reCaptcha.private = ""
+
 ; Pagination, RSS, and JSON
 posts.perpage = "5"
 tag.perpage = "10"
--- a/system/admin/views/login.html.php
+++ b/system/admin/views/login.html.php
@ -9,6 +9,11 @@
 		Password <span class="required">*</span> <br>
 		<input type="password" class="<?php if (isset($password)) { if (empty($password)) { echo 'error';}} ?>" name="password"/><br><br>
 		<input type="hidden" name="csrf_token" value="<?php echo get_csrf()?>">
+        <?php if(config("google.reCaptcha")):?>
+            <script src='https://www.google.com/recaptcha/api.js'></script>
+            <div class="g-recaptcha" data-sitekey="<?php echo config("google.reCaptcha.public"); ?>"></div>
+            <br/>
+        <?php endif;?>
 		<input type="submit" name="submit" value="Login"/>
 	</form>
 <?php } else {header('location: admin');} ?>
--- a/system/htmly.php
+++ b/system/htmly.php
@ -57,11 +57,12 @@ get('/index', function () {
 // Get submitted login data
 post('/login', function () {

-    $proper = is_csrf_proper(from($_REQUEST, 'csrf_token'));
+    $proper = (is_csrf_proper(from($_REQUEST, 'csrf_token')));
+    $captcha = isCaptcha(from($_REQUEST, 'g-recaptcha-response'));

    $user = from($_REQUEST, 'user');
    $pass = from($_REQUEST, 'password');
-    if ($proper && !empty($user) && !empty($pass)) {
+    if ($proper && $captcha && !empty($user) && !empty($pass)) {

        session($user, $pass, null);
        $log = session($user, $pass, null);
@ -88,6 +89,9 @@ post('/login', function () {
        if (!$proper) {
            $message['error'] .= '<li>CSRF Token not correct.</li>';
        }
+        if(!$captcha) {
+            $message['error'] .= '<li>reCaptcha not correct.</li>';
+        }

        config('views.root', 'system/admin/views');

--- a/system/includes/functions.php
+++ b/system/includes/functions.php
@ -1758,3 +1758,24 @@ function remove_html_comments($content)
 {
    return trim(preg_replace('/(\s|)<!--(.*)-->(\s|)/', '', $content));
 }
+
+function isCaptcha($reCaptchaResponse){
+    if(! config("google.reCaptcha")){
+        return true;
+    }
+    $url = "https://www.google.com/recaptcha/api/siteverify";
+    $options = array(
+        "secret" => config("google.reCaptcha.private"),
+        "response" => $reCaptchaResponse,
+        "remoteip" => $_SERVER['REMOTE_ADDR'],
+    );
+    $fileContent = @file_get_contents($url . "?" . http_build_query($options));
+    if($fileContent === false) {
+        return false;
+    }
+    $json = json_decode($fileContent, true);
+    if($json == false){
+        return false;
+    }
+    return ($json['success']);
+}