reCAPTCHA v3 support and general tidy up
This commit is contained in:
Tom Slominski
24
footer.php
24
footer.php
@@ -10,24 +10,30 @@
|
||||
</div>
|
||||
|
||||
<footer class="content site-footer">
|
||||
<p><?php yourls_e( 'Powered by <a href="http://yourls.org/">YOURLS</a>. Designed by <a href="http://tomslominski.net/">Tom Slominski</a>.', 'isq_translation') ?> <a class="icon-github" href="https://github.com/tomslominski/infinity-squared"><?php include('public/images/github.svg'); ?></a></p>
|
||||
<?php if ( !empty(ISQ::$recaptcha['sitekey']) && !empty(ISQ::$recaptcha['secret']) ) { ?>
|
||||
<p class="recaptcha-cookie"><?php yourls_e('This site uses cookies for Google reCAPTCHA','isq_translation')?>.<p>
|
||||
<?php }; ?>
|
||||
<p><?php yourls_e( 'Powered by <a href="http://yourls.org/">YOURLS</a>. Designed by <a href="https://slomin.ski/">Tom Slominski</a>.', 'isq_translation') ?> <a class="icon-github" href="https://github.com/tomslominski/infinity-squared"><?php include('public/images/github.svg'); ?></a></p>
|
||||
<?php if( 'recaptcha' == is_get_antispam_method() || 'recaptcha_v3' == is_get_antispam_method() ) : ?>
|
||||
<p class="recaptcha-cookie"><?php yourls_e('This site uses cookies for Google reCAPTCHA','isq_translation'); ?>.<p>
|
||||
<?php endif; ?>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<?php global $dependencies; ?>
|
||||
|
||||
<?php if( in_array( 'recaptcha_v3', $dependencies ) ) : ?>
|
||||
<script type="text/template" id="recaptcha-sitekey"><?php echo ISQ::$recaptcha['sitekey']; ?></script>
|
||||
<script src="https://www.google.com/recaptcha/api.js?render=<?php echo ISQ::$recaptcha['sitekey']; ?>"></script>
|
||||
<?php elseif( in_array( 'recaptcha', $dependencies ) ) : ?>
|
||||
<script src="https://www.google.com/recaptcha/api.js"></script>
|
||||
<?php endif; ?>
|
||||
|
||||
<?php if( in_array( 'clipboard.js', $dependencies ) ) { ?>
|
||||
<script src="public/js/clipboard.min.js"></script>
|
||||
<script src="public/js/app.js"></script>
|
||||
<?php }
|
||||
|
||||
if ( in_array( 'reCAPTCHA', $dependencies ) ) { ?>
|
||||
<script src="https://www.google.com/recaptcha/api.js"></script>
|
||||
<?php } ?>
|
||||
|
||||
<?php if( in_array( array( 'recaptcha_v3', 'clipboard.js' ), $dependencies ) ) : ?>
|
||||
<script src="public/js/app.js"></script>
|
||||
<?php endif; ?>
|
||||
|
||||
</body>
|
||||
</html>
|
||||
|
||||
@@ -10,7 +10,10 @@ if( @include dirname(__FILE__) . '/public/config.php' ) {
|
||||
include( dirname(__FILE__) . '/public/config-sample.php' );
|
||||
}
|
||||
|
||||
class ISQ { public static $general = array(), $links = array(), $social = array(), $recaptcha = array(); }
|
||||
class ISQ { public static $general = array(), $links = array(), $social = array(), $recaptcha = array(), $recaptcha_v3 = array(); }
|
||||
|
||||
// Load functions
|
||||
require_once( dirname(__FILE__) . '/public/functions.php' );
|
||||
|
||||
// Default dependencies
|
||||
$dependencies = array();
|
||||
|
||||
34
index.php
34
index.php
@@ -30,28 +30,34 @@ $title = isset( $_REQUEST['title'] ) ? yourls_sanitize_title( $_REQUEST['title
|
||||
</div>
|
||||
|
||||
<?php
|
||||
if ( function_exists( 'yourls_is_valid_user' ) && yourls_is_valid_user() == 1 ) {
|
||||
switch( is_get_antispam_method() ) {
|
||||
case 'login': ?>
|
||||
<input type="hidden" name="antispam_method" value="user_login" class="hidden">
|
||||
<?php break;
|
||||
|
||||
echo '<input type="hidden" name="antispam_method" value="user_login" class="hidden">';
|
||||
|
||||
} else if ( !empty(ISQ::$recaptcha['sitekey']) && !empty(ISQ::$recaptcha['secret']) ) {
|
||||
|
||||
$dependencies[] = 'reCAPTCHA';
|
||||
|
||||
echo '<input type="hidden" name="antispam_method" value="recaptcha" class="hidden">';
|
||||
case 'recaptcha_v3':
|
||||
$dependencies[] = 'recaptcha_v3';
|
||||
?>
|
||||
<input type="hidden" name="antispam_method" value="recaptcha_v3" class="hidden">
|
||||
<input type="hidden" name="recaptcha_token" id="recaptcha_token" class="hidden">
|
||||
<?php break;
|
||||
|
||||
case 'recaptcha':
|
||||
$dependencies[] = 'recaptcha';
|
||||
?>
|
||||
<input type="hidden" name="antispam_method" value="recaptcha" class="hidden">
|
||||
|
||||
<div class="form-item recaptcha-container">
|
||||
<p><label class="primary" title=""><?php yourls_e( 'Verification', 'isq_translation'); ?></label></p>
|
||||
<p><label class="secondary"><?php yourls_e( 'reCAPTCHA verification used to ensure you are not a bot.', 'isq_translation'); ?></label></p>
|
||||
<div class="g-recaptcha" data-sitekey="<?php echo ISQ::$recaptcha['sitekey']; ?>"></div>
|
||||
</div>
|
||||
<?php
|
||||
|
||||
} else {
|
||||
|
||||
echo '<input type="hidden" name="antispam_method" value="basic" class="hidden">';
|
||||
echo '<input type="hidden" name="basic_antispam" class="hidden">';
|
||||
<?php break;
|
||||
|
||||
default: ?>
|
||||
<input type="hidden" name="antispam_method" value="basic" class="hidden">
|
||||
<input type="hidden" name="basic_antispam" class="hidden">
|
||||
<?php break;
|
||||
}
|
||||
?>
|
||||
|
||||
|
||||
@@ -52,4 +52,11 @@ ISQ::$recaptcha = array(
|
||||
'secret' => ''
|
||||
);
|
||||
|
||||
// Separate API keys for reCAPTCHA v3
|
||||
ISQ::$recaptcha_v3 = array(
|
||||
'sitekey' => '',
|
||||
'secret' => '',
|
||||
'threshold' => '0.5',
|
||||
);
|
||||
|
||||
?>
|
||||
|
||||
67
public/functions.php
Normal file
67
public/functions.php
Normal file
@@ -0,0 +1,67 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* Return which method is being used for preventing spam,
|
||||
* based on the site config.
|
||||
*
|
||||
* @return string login/recaptcha_v3/recaptcha/basic
|
||||
*/
|
||||
function is_get_antispam_method() {
|
||||
if( 1 == yourls_is_valid_user() ) {
|
||||
return 'login';
|
||||
} elseif( isset( ISQ::$recaptcha_v3['sitekey'] ) && ISQ::$recaptcha_v3['sitekey'] && isset( ISQ::$recaptcha_v3['secret'] ) && ISQ::$recaptcha_v3['secret'] ) {
|
||||
return 'recaptcha_v3';
|
||||
} elseif( isset( ISQ::$recaptcha['sitekey'] ) && ISQ::$recaptcha['sitekey'] && isset( ISQ::$recaptcha['secret'] ) && ISQ::$recaptcha['secret'] ) {
|
||||
return 'recaptcha';
|
||||
} else {
|
||||
return 'basic';
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Terminate the request without shortening the URL and
|
||||
* display an error.
|
||||
*
|
||||
* @param string $message Error message.
|
||||
* @param string $action Action message, defaults to "Go home".
|
||||
*/
|
||||
function display_error( $message, $action = null ) {
|
||||
echo '<div class="content error">';
|
||||
echo '<p class="message">' . $message . '</p>';
|
||||
|
||||
echo '<p class="action">';
|
||||
if( !empty( $action ) ) {
|
||||
echo $action;
|
||||
} else {
|
||||
echo '<a href="' . YOURLS_SITE . '" class="button">' . yourls__( '← Go home and try again', 'isq_translation' ) . '</a>';
|
||||
}
|
||||
echo '</p>';
|
||||
echo '</div>';
|
||||
|
||||
include('footer.php');
|
||||
die();
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Get remote file, either using CURL or file_get_contents
|
||||
* depending on server configuration.
|
||||
*
|
||||
* @param string $url Remote file URL.
|
||||
* @return string Remote file contents.
|
||||
*/
|
||||
function get_remote_file( $url ) {
|
||||
if( function_exists( 'curl_init' ) ) {
|
||||
$curl = curl_init();
|
||||
curl_setopt( $curl, CURLOPT_URL, $url );
|
||||
curl_setopt( $curl, CURLOPT_RETURNTRANSFER, true );
|
||||
$output = curl_exec( $curl );
|
||||
curl_close( $curl );
|
||||
return $output;
|
||||
} elseif( ini_get( 'allow_url_fopen' ) ) {
|
||||
return file_get_contents( $url );
|
||||
} else {
|
||||
display_error( yourls__( 'Your server doesn\'t support reCAPTCHA. Ask your host to install cURL or turn on allow_url_fopen.', 'isq_translation' ) );
|
||||
}
|
||||
}
|
||||
@@ -48,3 +48,14 @@ if( document.querySelectorAll( '.copy-button' ).length > 0 ) {
|
||||
} );
|
||||
|
||||
}
|
||||
|
||||
// reCAPTCHA
|
||||
if( 'object' === typeof grecaptcha ) {
|
||||
grecaptcha.ready( function() {
|
||||
var sitekey = document.querySelectorAll( '#recaptcha-sitekey' )[0].innerHTML;
|
||||
|
||||
grecaptcha.execute( sitekey, {action: 'homepage'} ).then( function( token ) {
|
||||
document.querySelectorAll( '#recaptcha_token' )[0].value = token;
|
||||
});
|
||||
});
|
||||
}
|
||||
|
||||
71
result.php
71
result.php
@@ -1,38 +1,6 @@
|
||||
<?php
|
||||
include('header.php');
|
||||
|
||||
function display_error( $message, $action = null ) {
|
||||
echo '<div class="content error">';
|
||||
echo '<p class="message">' . $message . '</p>';
|
||||
|
||||
echo '<p class="action">';
|
||||
if( !empty( $action ) ) {
|
||||
echo $action;
|
||||
} else {
|
||||
echo '<a href="' . YOURLS_SITE . '" class="button">' . yourls__( '← Go home and try again', 'isq_translation' ) . '</a>';
|
||||
}
|
||||
echo '</p>';
|
||||
echo '</div>';
|
||||
|
||||
include('footer.php');
|
||||
die();
|
||||
}
|
||||
|
||||
function get_remote_file( $url ) {
|
||||
if( function_exists( 'curl_init' ) ) {
|
||||
$curl = curl_init();
|
||||
curl_setopt( $curl, CURLOPT_URL, $url );
|
||||
curl_setopt( $curl, CURLOPT_RETURNTRANSFER, true );
|
||||
$output = curl_exec( $curl );
|
||||
curl_close( $curl );
|
||||
return $output;
|
||||
} elseif( ini_get( 'allow_url_fopen' ) ) {
|
||||
return file_get_contents( $url );
|
||||
} else {
|
||||
display_error( yourls__( 'Your server doesn\'t support reCAPTCHA. Ask your host to install cURL or turn on allow_url_fopen.', 'isq_translation' ) );
|
||||
}
|
||||
}
|
||||
|
||||
if ( empty( $_REQUEST['url'] ) ) {
|
||||
display_error( yourls__( 'You haven\'t entered a URL to shorten.', 'isq_translation' ) );
|
||||
};
|
||||
@@ -50,34 +18,45 @@ if ( !empty( $_REQUEST['keyword'] ) && yourls_keyword_is_taken( $_REQUEST['keywo
|
||||
// Check what CAPTCHA method was used
|
||||
$antispam_method = $_REQUEST['antispam_method'];
|
||||
|
||||
if ( $antispam_method == 'user_login' ) {
|
||||
switch( is_get_antispam_method() ) {
|
||||
case 'login':
|
||||
if( !yourls_is_valid_user() ) {
|
||||
display_error( yourls__( 'You are not logged in - please go back and try again.', 'isq_translation' ) );
|
||||
}
|
||||
break;
|
||||
|
||||
// User is logged into YOURLS
|
||||
case 'recaptcha_v3':
|
||||
$recaptcha_data = get_remote_file( 'https://www.google.com/recaptcha/api/siteverify?secret=' . ISQ::$recaptcha_v3['secret'] . '&response=' . $_POST['recaptcha_token'] );
|
||||
$recaptcha = json_decode( $recaptcha_data );
|
||||
|
||||
} else if ( $antispam_method == 'recaptcha' ) {
|
||||
if( $recaptcha->success != true || $recaptcha->action != 'homepage' || $recaptcha->score < ISQ::$recaptcha_v3['threshold'] ) {
|
||||
display_error( yourls__( 'Are you a bot? Google certainly thinks you are.', 'isq_translation' ) );
|
||||
}
|
||||
break;
|
||||
|
||||
case 'recaptcha':
|
||||
// Google reCAPTCHA is enabled
|
||||
$recaptcha_data = get_remote_file('https://www.google.com/recaptcha/api/siteverify?secret=' . ISQ::$recaptcha['secret'] . '&response=' . $_REQUEST['g-recaptcha-response']);
|
||||
$recaptcha_json = json_decode($recaptcha_data, TRUE);
|
||||
$recaptcha_data = get_remote_file( 'https://www.google.com/recaptcha/api/siteverify?secret=' . ISQ::$recaptcha['secret'] . '&response=' . $_POST['g-recaptcha-response'] );
|
||||
$recaptcha_json = json_decode( $recaptcha_data, true );
|
||||
|
||||
// What happens when the reCAPTCHA was completed incorrectly
|
||||
if ( $recaptcha_json['success'] != 'true' ) {
|
||||
display_error( yourls__( 'Are you a bot? Google certainly thinks you are.', 'isq_translation' ) );
|
||||
}
|
||||
break;
|
||||
|
||||
} else if ( $antispam_method == 'basic' ) {
|
||||
|
||||
case 'basic':
|
||||
// Basic antispam protection fallback
|
||||
// What happens when it was not completed correctly
|
||||
if ( $_REQUEST['basic_antispam'] != "" ) {
|
||||
display_error( yourls__( 'Are you a bot? The verification was not completed successfully.', 'isq_translation' ) );
|
||||
if( !empty( $_POST['basic_antispam'] ) ) {
|
||||
display_error( yourls__( 'Are you a bot? The anti-spam check was not completed successfully.', 'isq_translation' ) );
|
||||
}
|
||||
break;
|
||||
|
||||
} else {
|
||||
|
||||
// No antispam protection was detected
|
||||
display_error( yourls__( 'Are you a bot? No antispam protection was completed successfully.', 'isq_translation' ) );
|
||||
|
||||
default:
|
||||
// No anti-spam check was completed at all
|
||||
display_error( yourls__( 'Are you a bot? No anti-spam check was completed successfully.', 'isq_translation' ) );
|
||||
break;
|
||||
}
|
||||
|
||||
// Get parameters -- they will all be sanitized in yourls_add_new_link()
|
||||
|
||||
Reference in New Issue
Block a user