Merge 49030914f9 into 192c797fe1

4 years ago · a570d40953
parent 192c797fe1 49030914f9
commit a570d40953
3 changed files with 28 additions and 1 deletions
--- a/functions.inc.php
+++ b/functions.inc.php
@ -2241,4 +2241,21 @@ function getRemoteAddr() {
    return $REMOTE_ADDR;
 }

+function validate_recaptcha()
+{
+    global $CONF;
+    $response = $_POST['g-recaptcha-response'];
+    $recaptcha_check_url = 'https://www.google.com/recaptcha/api/siteverify?secret=';
+
+    // Add the site private key to config.local.php
+    $verifyResponse = file_get_contents($recaptcha_check_url.$CONF['recaptcha_secret'].'&response='.$response);
+
+    // Enable recaptchav2 in config.local.php
+    if ($CONF['recaptcha_enabled']) {
+            if (json_decode($verifyResponse)->success) return TRUE;
+            else return FALSE;
+    } else return TRUE;
+}
+
+
 /* vim: set expandtab softtabstop=4 tabstop=4 shiftwidth=4: */
--- a/public/login.php
+++ b/public/login.php
@ -55,7 +55,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
    }

    $h = new AdminHandler();
-    if ($h->login($fUsername, $fPassword)) {
+    if ($h->login($fUsername, $fPassword) && validate_recaptcha()) {
        init_session($fUsername, true);

        # they've logged in, so see if they are a domain admin, as well.
--- a/templates/login.tpl
+++ b/templates/login.tpl
@ -34,6 +34,16 @@
 		<td colspan="2"><a href="users/">{$PALANG.pLogin_login_users}</a></td>
 	</tr>
 {/if}
+<!-- Enable recaptchav2 in config.local.php -->
+{if $CONF['recaptcha_enabled']}
+        <tr>
+                <td><form action="" method="POST"></td>
+		<!-- Add the site public key to config.local.php -->
+                <td><div class="g-recaptcha" data-sitekey="{$CONF['recaptcha_sitekey']}"></div></td>
+                <td><script src="https://www.google.com/recaptcha/api.js" async defer></script></td>
+                <td></form></td>
+        </tr>
+{/if}
 </table>
 </form>
 {literal}