Rev 1001 | Rev 1016 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log | RSS feed
Rev | Author | Line No. | Line |
---|---|---|---|
702 | daniel-mar | 1 | <?php |
2 | |||
3 | /* |
||
4 | * OIDplus 2.0 |
||
5 | * Copyright 2019 - 2021 Daniel Marschall, ViaThinkSoft |
||
6 | * |
||
7 | * Licensed under the Apache License, Version 2.0 (the "License"); |
||
8 | * you may not use this file except in compliance with the License. |
||
9 | * You may obtain a copy of the License at |
||
10 | * |
||
11 | * http://www.apache.org/licenses/LICENSE-2.0 |
||
12 | * |
||
13 | * Unless required by applicable law or agreed to in writing, software |
||
14 | * distributed under the License is distributed on an "AS IS" BASIS, |
||
15 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||
16 | * See the License for the specific language governing permissions and |
||
17 | * limitations under the License. |
||
18 | */ |
||
19 | |||
20 | if (!defined('INSIDE_OIDPLUS')) die(); |
||
21 | |||
22 | class OIDplusCaptchaPluginRecaptcha extends OIDplusCaptchaPlugin { |
||
23 | |||
24 | public static function id(): string { |
||
25 | return 'ReCAPTCHA'; |
||
26 | } |
||
27 | |||
709 | daniel-mar | 28 | public static function isVisible(): bool { |
29 | // TODO: Also implement Google invisible CAPTCHAs |
||
30 | return true; |
||
31 | } |
||
32 | |||
702 | daniel-mar | 33 | public function captchaDomHead() { |
34 | // Here you can add styles and scripts to be included into the HTML <head> part |
||
35 | return '<script> |
||
36 | function oidplus_captcha_response() { |
||
37 | return OIDplusCaptchaPluginRecaptcha.captchaResponse(); |
||
38 | } |
||
39 | function oidplus_captcha_reset() { |
||
40 | return OIDplusCaptchaPluginRecaptcha.captchaReset(); |
||
41 | } |
||
42 | </script> |
||
43 | <script src="https://www.google.com/recaptcha/api.js"></script>'; |
||
44 | } |
||
45 | |||
46 | public function captchaGenerate($header_text=null, $footer_text=null) { |
||
47 | return ($header_text ? '<p>'.$header_text.'</p>' : '') . |
||
48 | '<noscript>'. |
||
49 | '<p><font color="red">'._L('You need to enable JavaScript to solve the CAPTCHA.').'</font></p>'. |
||
50 | '</noscript>'. |
||
51 | '<div id="g-recaptcha" class="g-recaptcha" data-sitekey="'.OIDplus::baseConfig()->getValue('RECAPTCHA_PUBLIC', '').'"></div>'. |
||
52 | //Don't use jQuery, because we might not have included it (e.g. in oobe.php) |
||
53 | //'<script> grecaptcha.render($("#g-recaptcha")[0], { "sitekey" : "'.OIDplus::baseConfig()->getValue('RECAPTCHA_PUBLIC', '').'" }); </script>'. |
||
54 | // TODO: oobe.php:formatted:42 Uncaught TypeError: grecaptcha.render is not a function at oobe.php:formatted:42 (but it still works?!) |
||
55 | '<script> grecaptcha.render(document.getElementById("g-recaptcha"), { "sitekey" : "'.OIDplus::baseConfig()->getValue('RECAPTCHA_PUBLIC', '').'" }); </script>'. |
||
56 | ($footer_text ? '<p>'.$footer_text.'</p>' : ''); |
||
57 | } |
||
58 | |||
59 | public function captchaVerify($params, $fieldname=null) { |
||
1001 | daniel-mar | 60 | $secret=OIDplus::baseConfig()->getValue('RECAPTCHA_PRIVATE', ''); |
61 | |||
702 | daniel-mar | 62 | if (is_null($fieldname)) $fieldname = 'g-recaptcha-response'; // no individual field name (created by oidplus_captcha_response()) means that it is a plain POST event (e.g. by oobe.php) |
63 | _CheckParamExists($params, $fieldname); |
||
64 | $response=$params[$fieldname]; |
||
715 | daniel-mar | 65 | $verify=url_get_contents('https://www.google.com/recaptcha/api/siteverify?secret='.urlencode($secret).'&response='.urlencode($response)); |
702 | daniel-mar | 66 | if (!$verify) { |
67 | throw new OIDplusException(_L('CAPTCHA not successfully verified')); |
||
68 | } |
||
1001 | daniel-mar | 69 | $captcha_success=@json_decode($verify); |
702 | daniel-mar | 70 | if (!$captcha_success || ($captcha_success->success==false)) { |
71 | throw new OIDplusException(_L('CAPTCHA not successfully verified')); |
||
72 | } |
||
73 | } |
||
74 | |||
75 | public static function setupHTML(): string { |
||
76 | return '<div id="CAPTCHAPLUGIN_PARAMS_RECAPTCHA">'. |
||
77 | '<p>(<a href="https://developers.google.com/recaptcha/intro" target="_blank">'._L('more information and obtain key').'</a>)</p>'. |
||
78 | '<p>'._L('reCAPTCHA Public key').'<br><input id="recaptcha_public" type="text" onkeypress="rebuild()" onkeyup="rebuild()"> <span id="recaptcha_public_warn"></span></p>'. |
||
79 | '<p>'._L('reCAPTCHA Private key').'<br><input id="recaptcha_private" type="text" onkeypress="rebuild()" onkeyup="rebuild()"> <span id="recaptcha_private_warn"></span></p>'. |
||
80 | '</div>'; |
||
81 | } |
||
82 | |||
1001 | daniel-mar | 83 | function httpHeaderCheck(&$http_headers) { |
84 | |||
85 | $http_headers["Content-Security-Policy"]["script-src"][] = "https://www.google.com/"; |
||
86 | $http_headers["Content-Security-Policy"]["script-src"][] = "https://www.gstatic.com/"; |
||
1015 | daniel-mar | 87 | $http_headers["Content-Security-Policy"]["img-src"][] = "https://www.google.com/"; |
88 | $http_headers["Content-Security-Policy"]["img-src"][] = "https://www.gstatic.com/"; |
||
89 | $http_headers["Content-Security-Policy"]["frame-src"][] = "https://www.google.com/"; |
||
90 | $http_headers["Content-Security-Policy"]["frame-src"][] = "https://www.gstatic.com/"; |
||
1001 | daniel-mar | 91 | |
92 | } |
||
93 | |||
702 | daniel-mar | 94 | } |