diff options
| author | Carson Fleming <cflems@cflems.net> | 2022-12-12 05:58:56 -0800 |
|---|---|---|
| committer | Carson Fleming <cflems@cflems.net> | 2022-12-12 05:58:56 -0800 |
| commit | a8445664e8453ac643f123b43823a6a9df83c421 (patch) | |
| tree | 25594330d99ab3dd7328771822d87f324a689ff7 | |
| parent | acef8733bff13217ab3483055e1c0d7297393ba3 (diff) | |
| download | bulletin-a8445664e8453ac643f123b43823a6a9df83c421.tar.gz | |
Attempt to verify captcha result
| -rw-r--r-- | inc/functions.php | 24 | ||||
| -rw-r--r-- | signup.php | 12 |
2 files changed, 34 insertions, 2 deletions
diff --git a/inc/functions.php b/inc/functions.php index c381ab7..d3aa93e 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -104,4 +104,28 @@ function pwgen ($len) { $pass .= $alpha[mt_rand(0, $alen-1)]; return $pass; } + +function recaptcha_verify ($response) { + global $b_config; + + $endpoint = 'https://google.com/recaptcha/api/siteverify'; + $data = json_encode(array( + 'secret' => $b_config['recaptcha_api_secret'], + 'response' => $response, + )); + $ctx = stream_context_create(array( + 'http' => array( + 'method' => 'POST', + 'header' => 'Content-Type: application/json' . "\r\n" + . 'Content-Length: ' . strlen($data) . "\r\n", + 'content' => $data + ) + )); + $result = file_get_contents($endpoint, false, $ctx); + if (!$result) return false; + $result = json_decode($result); + if (!$result) return false; + return isset($result['success']) && isset($result['hostname']) && + $result['success'] && $result['hostname'] == $_SERVER['HTTP_HOST']; +} ?> @@ -25,6 +25,10 @@ if (!empty($_POST['signup'])) { $e = 100; goto err; } + if (!empty($b_config['recaptcha_api_key']) && !recaptcha_verify($_POST['g-recaptcha-response'])) { + $e = 102; + goto err; + } $db = new bdb(); $area = (intval($_POST['phone1'])>0)?intval($_POST['phone1']):intval(substr($_POST['phone1'], 1, -1)); @@ -62,6 +66,7 @@ err: if ($e > 0 && $e < 100) $e_msg = 'The fields indicated are not valid.'; else if ($e == 100) $e_msg = 'The passwords do not match.'; else if ($e == 101) $e_msg = 'A user with your email or phone number already exists.'; +else if ($e == 102) $e_msg = 'Your CAPTCHA solution was not valid.'; else $e_msg = 'An unknown error has occurred.'; ?> <!DOCTYPE html> @@ -139,14 +144,17 @@ if ($e == 2 || $e == 101) </div> <?php if (!empty($b_config['recaptcha_api_key'])) { + if ($e == 102) + echo ' <div class="fullrow err">'.PHP_EOL; + else + echo ' <div class="fullrow">'.PHP_EOL; ?> - <div class="fullrow"> <div class="g-recaptcha" data-sitekey="<?=$b_config['recaptcha_api_key']; ?>"></div> </div> <?php } ?> - <div class="fullrow text-center"> + <div class="fullrow"> <input type="submit" name="signup" value="Sign Up" /> </div> </form> |