Rev 1001 | Rev 1016 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log | RSS feed
| Rev | Author | Line No. | Line |
|---|---|---|---|
| 702 | daniel-mar | 1 | <?php |
| 2 | |||
| 3 | /* |
||
| 4 | * OIDplus 2.0 |
||
| 5 | * Copyright 2019 - 2021 Daniel Marschall, ViaThinkSoft |
||
| 6 | * |
||
| 7 | * Licensed under the Apache License, Version 2.0 (the "License"); |
||
| 8 | * you may not use this file except in compliance with the License. |
||
| 9 | * You may obtain a copy of the License at |
||
| 10 | * |
||
| 11 | * http://www.apache.org/licenses/LICENSE-2.0 |
||
| 12 | * |
||
| 13 | * Unless required by applicable law or agreed to in writing, software |
||
| 14 | * distributed under the License is distributed on an "AS IS" BASIS, |
||
| 15 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||
| 16 | * See the License for the specific language governing permissions and |
||
| 17 | * limitations under the License. |
||
| 18 | */ |
||
| 19 | |||
| 20 | if (!defined('INSIDE_OIDPLUS')) die(); |
||
| 21 | |||
| 22 | class OIDplusCaptchaPluginRecaptcha extends OIDplusCaptchaPlugin { |
||
| 23 | |||
| 24 | public static function id(): string { |
||
| 25 | return 'ReCAPTCHA'; |
||
| 26 | } |
||
| 27 | |||
| 709 | daniel-mar | 28 | public static function isVisible(): bool { |
| 29 | // TODO: Also implement Google invisible CAPTCHAs |
||
| 30 | return true; |
||
| 31 | } |
||
| 32 | |||
| 702 | daniel-mar | 33 | public function captchaDomHead() { |
| 34 | // Here you can add styles and scripts to be included into the HTML <head> part |
||
| 35 | return '<script> |
||
| 36 | function oidplus_captcha_response() { |
||
| 37 | return OIDplusCaptchaPluginRecaptcha.captchaResponse(); |
||
| 38 | } |
||
| 39 | function oidplus_captcha_reset() { |
||
| 40 | return OIDplusCaptchaPluginRecaptcha.captchaReset(); |
||
| 41 | } |
||
| 42 | </script> |
||
| 43 | <script src="https://www.google.com/recaptcha/api.js"></script>'; |
||
| 44 | } |
||
| 45 | |||
| 46 | public function captchaGenerate($header_text=null, $footer_text=null) { |
||
| 47 | return ($header_text ? '<p>'.$header_text.'</p>' : '') . |
||
| 48 | '<noscript>'. |
||
| 49 | '<p><font color="red">'._L('You need to enable JavaScript to solve the CAPTCHA.').'</font></p>'. |
||
| 50 | '</noscript>'. |
||
| 51 | '<div id="g-recaptcha" class="g-recaptcha" data-sitekey="'.OIDplus::baseConfig()->getValue('RECAPTCHA_PUBLIC', '').'"></div>'. |
||
| 52 | //Don't use jQuery, because we might not have included it (e.g. in oobe.php) |
||
| 53 | //'<script> grecaptcha.render($("#g-recaptcha")[0], { "sitekey" : "'.OIDplus::baseConfig()->getValue('RECAPTCHA_PUBLIC', '').'" }); </script>'. |
||
| 54 | // TODO: oobe.php:formatted:42 Uncaught TypeError: grecaptcha.render is not a function at oobe.php:formatted:42 (but it still works?!) |
||
| 55 | '<script> grecaptcha.render(document.getElementById("g-recaptcha"), { "sitekey" : "'.OIDplus::baseConfig()->getValue('RECAPTCHA_PUBLIC', '').'" }); </script>'. |
||
| 56 | ($footer_text ? '<p>'.$footer_text.'</p>' : ''); |
||
| 57 | } |
||
| 58 | |||
| 59 | public function captchaVerify($params, $fieldname=null) { |
||
| 1001 | daniel-mar | 60 | $secret=OIDplus::baseConfig()->getValue('RECAPTCHA_PRIVATE', ''); |
| 61 | |||
| 702 | daniel-mar | 62 | if (is_null($fieldname)) $fieldname = 'g-recaptcha-response'; // no individual field name (created by oidplus_captcha_response()) means that it is a plain POST event (e.g. by oobe.php) |
| 63 | _CheckParamExists($params, $fieldname); |
||
| 64 | $response=$params[$fieldname]; |
||
| 715 | daniel-mar | 65 | $verify=url_get_contents('https://www.google.com/recaptcha/api/siteverify?secret='.urlencode($secret).'&response='.urlencode($response)); |
| 702 | daniel-mar | 66 | if (!$verify) { |
| 67 | throw new OIDplusException(_L('CAPTCHA not successfully verified')); |
||
| 68 | } |
||
| 1001 | daniel-mar | 69 | $captcha_success=@json_decode($verify); |
| 702 | daniel-mar | 70 | if (!$captcha_success || ($captcha_success->success==false)) { |
| 71 | throw new OIDplusException(_L('CAPTCHA not successfully verified')); |
||
| 72 | } |
||
| 73 | } |
||
| 74 | |||
| 75 | public static function setupHTML(): string { |
||
| 76 | return '<div id="CAPTCHAPLUGIN_PARAMS_RECAPTCHA">'. |
||
| 77 | '<p>(<a href="https://developers.google.com/recaptcha/intro" target="_blank">'._L('more information and obtain key').'</a>)</p>'. |
||
| 78 | '<p>'._L('reCAPTCHA Public key').'<br><input id="recaptcha_public" type="text" onkeypress="rebuild()" onkeyup="rebuild()"> <span id="recaptcha_public_warn"></span></p>'. |
||
| 79 | '<p>'._L('reCAPTCHA Private key').'<br><input id="recaptcha_private" type="text" onkeypress="rebuild()" onkeyup="rebuild()"> <span id="recaptcha_private_warn"></span></p>'. |
||
| 80 | '</div>'; |
||
| 81 | } |
||
| 82 | |||
| 1001 | daniel-mar | 83 | function httpHeaderCheck(&$http_headers) { |
| 84 | |||
| 85 | $http_headers["Content-Security-Policy"]["script-src"][] = "https://www.google.com/"; |
||
| 86 | $http_headers["Content-Security-Policy"]["script-src"][] = "https://www.gstatic.com/"; |
||
| 1015 | daniel-mar | 87 | $http_headers["Content-Security-Policy"]["img-src"][] = "https://www.google.com/"; |
| 88 | $http_headers["Content-Security-Policy"]["img-src"][] = "https://www.gstatic.com/"; |
||
| 89 | $http_headers["Content-Security-Policy"]["frame-src"][] = "https://www.google.com/"; |
||
| 90 | $http_headers["Content-Security-Policy"]["frame-src"][] = "https://www.gstatic.com/"; |
||
| 1001 | daniel-mar | 91 | |
| 92 | } |
||
| 93 | |||
| 702 | daniel-mar | 94 | } |