reCAPTCHA v3 support and general tidy up

2019-01-09 14:38:43 +00:00
parent 5546bacae8
commit 895280fed7
7 changed files with 162 additions and 83 deletions
--- a/footer.php
+++ b/footer.php
@@ -10,24 +10,30 @@
 </div>
 <footer class="content site-footer">
-	<p><?php yourls_e( 'Powered by <a href="http://yourls.org/">YOURLS</a>. Designed by <a href="http://tomslominski.net/">Tom Slominski</a>.', 'isq_translation') ?> <a class="icon-github" href="https://github.com/tomslominski/infinity-squared"><?php include('public/images/github.svg'); ?></a></p>
+	<p><?php yourls_e( 'Powered by <a href="http://yourls.org/">YOURLS</a>. Designed by <a href="https://slomin.ski/">Tom Slominski</a>.', 'isq_translation') ?> <a class="icon-github" href="https://github.com/tomslominski/infinity-squared"><?php include('public/images/github.svg'); ?></a></p>
-	<?php if ( !empty(ISQ::$recaptcha['sitekey']) && !empty(ISQ::$recaptcha['secret']) ) { ?>
+	<?php if( 'recaptcha' == is_get_antispam_method() || 'recaptcha_v3' == is_get_antispam_method() ) : ?>
-		<p class="recaptcha-cookie"><?php yourls_e('This site uses cookies for Google reCAPTCHA','isq_translation')?>.<p>
+		<p class="recaptcha-cookie"><?php yourls_e('This site uses cookies for Google reCAPTCHA','isq_translation'); ?>.<p>
-	<?php }; ?>
+	<?php endif; ?>
 </div>
 </div>
 </div>
 <?php global $dependencies; ?>
 <?php if( in_array( 'recaptcha_v3', $dependencies ) ) : ?>
 	<script type="text/template" id="recaptcha-sitekey"><?php echo ISQ::$recaptcha['sitekey']; ?></script>
 	<script src="https://www.google.com/recaptcha/api.js?render=<?php echo ISQ::$recaptcha['sitekey']; ?>"></script>
 <?php elseif( in_array( 'recaptcha', $dependencies ) ) : ?>
 	<script src="https://www.google.com/recaptcha/api.js"></script>
 <?php endif; ?>
 <?php if( in_array( 'clipboard.js', $dependencies ) ) { ?>
 	<script src="public/js/clipboard.min.js"></script>
 	<script src="public/js/app.js"></script>
 <?php }
 if ( in_array( 'reCAPTCHA', $dependencies ) ) { ?>
 	<script src="https://www.google.com/recaptcha/api.js"></script>
 <?php } ?>
 <?php if( in_array( array( 'recaptcha_v3', 'clipboard.js' ), $dependencies ) ) : ?>
 	<script src="public/js/app.js"></script>
 <?php endif; ?>
 </body>
 </html>
--- a/header.php
+++ b/header.php
@@ -10,7 +10,10 @@ if( @include dirname(__FILE__) . '/public/config.php' ) {
 	include( dirname(__FILE__) . '/public/config-sample.php' );
 }
-class ISQ { public static $general = array(), $links = array(), $social = array(), $recaptcha = array(); }
+class ISQ { public static $general = array(), $links = array(), $social = array(), $recaptcha = array(), $recaptcha_v3 = array(); }
 // Load functions
 require_once( dirname(__FILE__) . '/public/functions.php' );
 // Default dependencies
 $dependencies = array();
--- a/index.php
+++ b/index.php
@@ -30,28 +30,34 @@ $title   = isset( $_REQUEST['title'] ) ? yourls_sanitize_title( $_REQUEST['title
 		</div>
 		<?php
-			if ( function_exists( 'yourls_is_valid_user' ) && yourls_is_valid_user() == 1 ) {
+			switch( is_get_antispam_method() ) {
 				case 'login': ?>
 					<input type="hidden" name="antispam_method" value="user_login" class="hidden">
 				<?php break;
-				echo '<input type="hidden" name="antispam_method" value="user_login" class="hidden">';
+				case 'recaptcha_v3':
-
+					$dependencies[] = 'recaptcha_v3';
 			} else if ( !empty(ISQ::$recaptcha['sitekey']) && !empty(ISQ::$recaptcha['secret']) ) {
 				$dependencies[] = 'reCAPTCHA';
 				echo '<input type="hidden" name="antispam_method" value="recaptcha" class="hidden">';
 				?>
 					<input type="hidden" name="antispam_method" value="recaptcha_v3" class="hidden">
 					<input type="hidden" name="recaptcha_token" id="recaptcha_token" class="hidden">
 				<?php break;
 				case 'recaptcha':
 					$dependencies[] = 'recaptcha';
 				?>
 					<input type="hidden" name="antispam_method" value="recaptcha" class="hidden">
 					<div class="form-item recaptcha-container">
 						<p><label class="primary" title=""><?php yourls_e( 'Verification', 'isq_translation'); ?></label></p>
 						<p><label class="secondary"><?php yourls_e( 'reCAPTCHA verification used to ensure you are not a bot.', 'isq_translation'); ?></label></p>
 						<div class="g-recaptcha" data-sitekey="<?php echo ISQ::$recaptcha['sitekey']; ?>"></div>
 					</div>
-			<?php
+				<?php break;
 			} else {
 				echo '<input type="hidden" name="antispam_method" value="basic" class="hidden">';
 				echo '<input type="hidden" name="basic_antispam" class="hidden">';
 				default: ?>
 					<input type="hidden" name="antispam_method" value="basic" class="hidden">
 					<input type="hidden" name="basic_antispam" class="hidden">
 				<?php break;
 			}
 		?>
--- a/public/config-sample.php
+++ b/public/config-sample.php
@@ -52,4 +52,11 @@ ISQ::$recaptcha = array(
 	'secret' => ''
 );
 // Separate API keys for reCAPTCHA v3
 ISQ::$recaptcha_v3 = array(
 	'sitekey' => '',
 	'secret' => '',
 	'threshold' => '0.5',
 );
 ?>
--- a/public/functions.php
+++ b/public/functions.php
@@ -0,0 +1,67 @@
 <?php
 /**
 * Return which method is being used for preventing spam,
 * based on the site config.
 *
 * @return string login/recaptcha_v3/recaptcha/basic
 */
 function is_get_antispam_method() {
 	if( 1 == yourls_is_valid_user() ) {
 		return 'login';
 	} elseif( isset( ISQ::$recaptcha_v3['sitekey'] ) && ISQ::$recaptcha_v3['sitekey'] && isset( ISQ::$recaptcha_v3['secret'] ) && ISQ::$recaptcha_v3['secret'] ) {
 		return 'recaptcha_v3';
 	} elseif( isset( ISQ::$recaptcha['sitekey'] ) && ISQ::$recaptcha['sitekey'] && isset( ISQ::$recaptcha['secret'] ) && ISQ::$recaptcha['secret'] ) {
 		return 'recaptcha';
 	} else {
 		return 'basic';
 	}
 }
 /**
 * Terminate the request without shortening the URL and
 * display an error.
 *
 * @param string $message Error message.
 * @param string $action Action message, defaults to "Go home".
 */
 function display_error( $message, $action = null ) {
 	echo '<div class="content error">';
 		echo '<p class="message">' . $message . '</p>';
 		echo '<p class="action">';
 			if( !empty( $action ) ) {
 				echo $action;
 			} else {
 				echo '<a href="' . YOURLS_SITE . '" class="button">' . yourls__( '&larr; Go home and try again', 'isq_translation' ) . '</a>';
 			}
 		echo '</p>';
 	echo '</div>';
 	include('footer.php');
 	die();
 }
 /**
 * Get remote file, either using CURL or file_get_contents
 * depending on server configuration.
 *
 * @param string $url Remote file URL.
 * @return string Remote file contents.
 */
 function get_remote_file( $url ) {
 	if( function_exists( 'curl_init' ) ) {
 		$curl = curl_init();
 		curl_setopt( $curl, CURLOPT_URL, $url );
 		curl_setopt( $curl, CURLOPT_RETURNTRANSFER, true );
 		$output = curl_exec( $curl );
 		curl_close( $curl );
 		return $output;
 	} elseif( ini_get( 'allow_url_fopen' ) ) {
 		return file_get_contents( $url );
 	} else {
 		display_error( yourls__( 'Your server doesn\'t support reCAPTCHA. Ask your host to install cURL or turn on allow_url_fopen.', 'isq_translation' ) );
 	}
 }
--- a/public/js/app.js
+++ b/public/js/app.js
@@ -48,3 +48,14 @@ if( document.querySelectorAll( '.copy-button' ).length > 0 ) {
    } );
 }
 // reCAPTCHA
 if( 'object' === typeof grecaptcha ) {
    grecaptcha.ready( function() {
        var sitekey = document.querySelectorAll( '#recaptcha-sitekey' )[0].innerHTML;
        grecaptcha.execute( sitekey, {action: 'homepage'} ).then( function( token ) {
            document.querySelectorAll( '#recaptcha_token' )[0].value = token;
        });
    });
 }
--- a/result.php
+++ b/result.php
@@ -1,38 +1,6 @@
 <?php
 include('header.php');
 function display_error( $message, $action = null ) {
 	echo '<div class="content error">';
 		echo '<p class="message">' . $message . '</p>';
 		echo '<p class="action">';
 			if( !empty( $action ) ) {
 				echo $action;
 			} else {
 				echo '<a href="' . YOURLS_SITE . '" class="button">' . yourls__( '&larr; Go home and try again', 'isq_translation' ) . '</a>';
 			}
 		echo '</p>';
 	echo '</div>';
 	include('footer.php');
 	die();
 }
 function get_remote_file( $url ) {
 	if( function_exists( 'curl_init' ) ) {
 		$curl = curl_init();
 		curl_setopt( $curl, CURLOPT_URL, $url );
 		curl_setopt( $curl, CURLOPT_RETURNTRANSFER, true );
 		$output = curl_exec( $curl );
 		curl_close( $curl );
 		return $output;
 	} elseif( ini_get( 'allow_url_fopen' ) ) {
 		return file_get_contents( $url );
 	} else {
 		display_error( yourls__( 'Your server doesn\'t support reCAPTCHA. Ask your host to install cURL or turn on allow_url_fopen.', 'isq_translation' ) );
 	}
 }
 if ( empty( $_REQUEST['url'] ) ) {
 	display_error( yourls__( 'You haven\'t entered a URL to shorten.', 'isq_translation' ) );
 };
@@ -50,34 +18,45 @@ if ( !empty( $_REQUEST['keyword'] ) && yourls_keyword_is_taken( $_REQUEST['keywo
 // Check what CAPTCHA method was used
 $antispam_method = $_REQUEST['antispam_method'];
-if ( $antispam_method == 'user_login' ) {
+switch( is_get_antispam_method() ) {
 	case 'login':
 		if( !yourls_is_valid_user() ) {
 			display_error( yourls__( 'You are not logged in - please go back and try again.', 'isq_translation' ) );
 		}
 	break;
-	// User is logged into YOURLS
+	case 'recaptcha_v3':
 		$recaptcha_data = get_remote_file( 'https://www.google.com/recaptcha/api/siteverify?secret=' . ISQ::$recaptcha_v3['secret'] . '&response=' . $_POST['recaptcha_token'] );
 		$recaptcha = json_decode( $recaptcha_data );
-} else if ( $antispam_method == 'recaptcha' ) {
+		if( $recaptcha->success != true || $recaptcha->action != 'homepage' || $recaptcha->score < ISQ::$recaptcha_v3['threshold'] ) {
 			display_error( yourls__( 'Are you a bot? Google certainly thinks you are.', 'isq_translation' ) );
 		}
 	break;
 	case 'recaptcha':
 		// Google reCAPTCHA is enabled
-	$recaptcha_data = get_remote_file('https://www.google.com/recaptcha/api/siteverify?secret=' . ISQ::$recaptcha['secret'] . '&response=' . $_REQUEST['g-recaptcha-response']);
+		$recaptcha_data = get_remote_file( 'https://www.google.com/recaptcha/api/siteverify?secret=' . ISQ::$recaptcha['secret'] . '&response=' . $_POST['g-recaptcha-response'] );
-	$recaptcha_json = json_decode($recaptcha_data, TRUE);
+		$recaptcha_json = json_decode( $recaptcha_data, true );
 		// What happens when the reCAPTCHA was completed incorrectly
 		if ( $recaptcha_json['success'] != 'true' ) {
 			display_error( yourls__( 'Are you a bot? Google certainly thinks you are.', 'isq_translation' ) );
 		}
 	break;
-} else if ( $antispam_method == 'basic' ) {
+	case 'basic':
 		// Basic antispam protection fallback
 		// What happens when it was not completed correctly
-	if ( $_REQUEST['basic_antispam'] != "" ) {
+		if( !empty( $_POST['basic_antispam'] ) ) {
-		display_error( yourls__( 'Are you a bot? The verification was not completed successfully.', 'isq_translation' ) );
+			display_error( yourls__( 'Are you a bot? The anti-spam check was not completed successfully.', 'isq_translation' ) );
 		}
 	break;
-} else {
+	default:
-
+		// No anti-spam check was completed at all
-	// No antispam protection was detected
+		display_error( yourls__( 'Are you a bot? No anti-spam check was completed successfully.', 'isq_translation' ) );
-	display_error( yourls__( 'Are you a bot? No antispam protection was completed successfully.', 'isq_translation' ) );
+	break;
 }
 // Get parameters -- they will all be sanitized in yourls_add_new_link()