Jeremy Newman : add google captcha check to the account creation form

22 Nov 2016

Module: appdb
Branch: master
Commit: 159c60543f698264c3b2c31c800938548582552e
URL:    http://source.winehq.org/git/appdb.git/?a=commit;h=159c60543f698264c3b2c31c8...
Author: Jeremy Newman jnewman@codeweavers.com
Date:   Tue Nov 22 11:27:37 2016 -0600
add google captcha check to the account creation form
---
account.php                | 20 +++++++++++++++++++-
 include/config.php.sample  |  4 ++++
 include/filter.php         |  4 ++--
 include/form_login_new.php |  6 ++++++
 include/reCaptcha.php      | 34 ++++++++++++++++++++++++++++++++++
 5 files changed, 65 insertions(+), 3 deletions(-)

diff --git a/account.php b/account.php
index 6a6e3cd..f001d15 100644
--- a/account.php
+++ b/account.php
@@ -38,7 +38,7 @@ function do_account($sCmd = null)
     switch($sCmd)
     {
         case "new":
-            apidb_header("New Account");
+            apidb_header("New Account", "<script src='https://www.google.com/recaptcha/api.js'></script>");
             include(BASE."include/"."form_login_new.php");
             apidb_footer();
             exit;
@@ -102,6 +102,24 @@ function cmd_do_new()
         return;
     }
+    if (!empty($aClean['g-recaptcha-response']))
+    {
+        // validate captcha
+        require(BASE."include/reCaptcha.php");
+        $reCaptcha = new reCaptcha(RECAPTCHA_SECRET);
+        if (!$reCaptcha->validate($aClean['g-recaptcha-response'], $_SERVER['REMOTE_ADDR']))
+        {
+            // reCAPTCHA failed
+            retry("new", "reCAPTCHA check failed!");
+            return;
+        }
+    }
+    else
+    {
+        retry("new", "reCAPTCHA check failed!");
+        return;
+    }
+
     $oUser = new User();
     $sPassword =  substr(base_convert(rand(0, PHP_INT_MAX),10, 36), 0, 9);
     $iResult = $oUser->create($aClean['sUserEmail'], $sPassword,
diff --git a/include/config.php.sample b/include/config.php.sample
index 53cba20..57f2652 100644
--- a/include/config.php.sample
+++ b/include/config.php.sample
@@ -20,6 +20,10 @@ define("APPDB_OWNER_EMAIL","appdb@winehq.org"); // e-mail of this product/compan
 define("APPDB_SENDER_EMAIL","appdb-noreply@winehq.org"); // The e-mail address which appears as the sender in mails sent by the AppDB
 define("BUGZILLA_ROOT","https://bugs.winehq.org/"); // path to bugzilla
+// Google reCaptcha Secret Key - required on account creations
+define("RECAPTCHA_KEY","");
+define("RECAPTCHA_SECRET","");
+
 // AppDB developers: Use this define to disable email from being sent from the appdb during testing
 //if(!defined("DISABLE_EMAIL"))
 // define("DISABLE_EMAIL", true); // disable email, see mail_appdb() in include/mail.php
diff --git a/include/filter.php b/include/filter.php
index 404e3a1..aa3fa6d 100644
--- a/include/filter.php
+++ b/include/filter.php
@@ -40,8 +40,8 @@ function filter_gpc()
            (strpos($aKeys[$i], "XinhaColorPicker") === 0) || // Xinha variables
            ($aKeys[$i] == "cx")  ||  // google custom search variable
            ($aKeys[$i] == "cof") ||  // google custom search variable
-           ($aKeys[$i] == "q"))      // google custom search variable
-
+           ($aKeys[$i] == "q")   ||  // google custom search variable
+           ($aKeys[$i] == "g-recaptcha-response")) // google reCaptcha variable
         {
             // copy the key over to the clean array
             // NOTE: we do not strip html tags or trim any Xinha variables
diff --git a/include/form_login_new.php b/include/form_login_new.php
index c063e71..00d14d7 100644
--- a/include/form_login_new.php
+++ b/include/form_login_new.php
@@ -34,6 +34,12 @@ $sReturnTo = (!empty($aClean['sReturnTo']) ? $aClean['sReturnTo'] : '');
     </div>
 </div>
 <div class="form-group">
+    <label class="col-sm-2 control-label"></label>
+    <div class="col-sm-10">
+        <div class="g-recaptcha" data-sitekey="<?php echo RECAPTCHA_KEY; ?>"></div>
+    </div>
+</div>
+<div class="form-group">
     <div class="col-sm-offset-2 col-sm-10">
         <button type="submit" name="sCreate" class="btn btn-default"><i class="fa fa-sign-in"></i> Create Account</button>
     </div>
diff --git a/include/reCaptcha.php b/include/reCaptcha.php
new file mode 100644
index 0000000..09446d3
--- /dev/null
+++ b/include/reCaptcha.php
@@ -0,0 +1,34 @@
+<?php
+
+/*
+  Google Re-Captcha Class
+  by Jeremy Newman <jnewman@codeweavers.com>
+*/
+
+class reCaptcha
+{
+    private $reCaptchaSecret = '';
+    public $res = false;
+    public function __construct ($secret = '')
+    {
+        $this->reCaptchaSecret = $secret;
+        return true;
+    }
+    public function validate ($resp, $ip)
+    {
+        if (empty($resp) or empty($ip))
+            return false;
+        $post = array('secret' => $this->reCaptchaSecret, 'response' => $resp, 'remoteip' => $ip);
+        $ch = curl_init('https://www.google.com/recaptcha/api/siteverify');
+        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+        curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
+        $res = json_decode(curl_exec($ch));
+        $this->res = $res;
+        curl_close($ch);
+        if (!empty($res->success) and $res->success)
+            return true;
+        return false;
+    }
+}
+
+?>
\ No newline at end of file

    

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

Jeremy Newman : add google captcha check to the account creation form