Jeremy Newman : add google captcha check to the account creation form

Jeremy Newman jnewman at winehq.org
Tue Nov 22 11:31:04 CST 2016 

Module: appdb
Branch: master
Commit: 159c60543f698264c3b2c31c800938548582552e
URL:    http://source.winehq.org/git/appdb.git/?a=commit;h=159c60543f698264c3b2c31c800938548582552e

Author: Jeremy Newman <jnewman at codeweavers.com>
Date:   Tue Nov 22 11:27:37 2016 -0600

add google captcha check to the account creation form

---

 account.php                | 20 +++++++++++++++++++-
 include/config.php.sample  |  4 ++++
 include/filter.php         |  4 ++--
 include/form_login_new.php |  6 ++++++
 include/reCaptcha.php      | 34 ++++++++++++++++++++++++++++++++++
 5 files changed, 65 insertions(+), 3 deletions(-)

diff --git a/account.php b/account.php
index 6a6e3cd..f001d15 100644
--- a/account.php
+++ b/account.php
@@ -38,7 +38,7 @@ function do_account($sCmd = null)
     switch($sCmd)
     {
         case "new":
-            apidb_header("New Account");
+            apidb_header("New Account", "<script src='https://www.google.com/recaptcha/api.js'></script>");
             include(BASE."include/"."form_login_new.php");
             apidb_footer();
             exit;
@@ -102,6 +102,24 @@ function cmd_do_new()
         return;
     }
 
+    if (!empty($aClean['g-recaptcha-response']))
+    {
+        // validate captcha
+        require(BASE."include/reCaptcha.php");
+        $reCaptcha = new reCaptcha(RECAPTCHA_SECRET);
+        if (!$reCaptcha->validate($aClean['g-recaptcha-response'], $_SERVER['REMOTE_ADDR']))
+        {
+            // reCAPTCHA failed
+            retry("new", "reCAPTCHA check failed!");
+            return;
+        }
+    }
+    else
+    {
+        retry("new", "reCAPTCHA check failed!");
+        return;
+    }
+
     $oUser = new User();
     $sPassword =  substr(base_convert(rand(0, PHP_INT_MAX),10, 36), 0, 9);
     $iResult = $oUser->create($aClean['sUserEmail'], $sPassword,
diff --git a/include/config.php.sample b/include/config.php.sample
index 53cba20..57f2652 100644
--- a/include/config.php.sample
+++ b/include/config.php.sample
@@ -20,6 +20,10 @@ define("APPDB_OWNER_EMAIL","appdb at winehq.org"); // e-mail of this product/compan
 define("APPDB_SENDER_EMAIL","appdb-noreply at winehq.org"); // The e-mail address which appears as the sender in mails sent by the AppDB
 define("BUGZILLA_ROOT","https://bugs.winehq.org/"); // path to bugzilla
 
+// Google reCaptcha Secret Key - required on account creations
+define("RECAPTCHA_KEY","");
+define("RECAPTCHA_SECRET","");
+
 // AppDB developers: Use this define to disable email from being sent from the appdb during testing
 //if(!defined("DISABLE_EMAIL"))
 // define("DISABLE_EMAIL", true); // disable email, see mail_appdb() in include/mail.php
diff --git a/include/filter.php b/include/filter.php
index 404e3a1..aa3fa6d 100644
--- a/include/filter.php
+++ b/include/filter.php
@@ -40,8 +40,8 @@ function filter_gpc()
            (strpos($aKeys[$i], "XinhaColorPicker") === 0) || // Xinha variables
            ($aKeys[$i] == "cx")  ||  // google custom search variable
            ($aKeys[$i] == "cof") ||  // google custom search variable
-           ($aKeys[$i] == "q"))      // google custom search variable
-
+           ($aKeys[$i] == "q")   ||  // google custom search variable
+           ($aKeys[$i] == "g-recaptcha-response")) // google reCaptcha variable
         {
             // copy the key over to the clean array
             // NOTE: we do not strip html tags or trim any Xinha variables
diff --git a/include/form_login_new.php b/include/form_login_new.php
index c063e71..00d14d7 100644
--- a/include/form_login_new.php
+++ b/include/form_login_new.php
@@ -34,6 +34,12 @@ $sReturnTo = (!empty($aClean['sReturnTo']) ? $aClean['sReturnTo'] : '');
     </div>
 </div>
 <div class="form-group">
+    <label class="col-sm-2 control-label"></label>
+    <div class="col-sm-10">
+        <div class="g-recaptcha" data-sitekey="<?php echo RECAPTCHA_KEY; ?>"></div>
+    </div>
+</div>
+<div class="form-group">
     <div class="col-sm-offset-2 col-sm-10">
         <button type="submit" name="sCreate" class="btn btn-default"><i class="fa fa-sign-in"></i> Create Account</button>
     </div>
diff --git a/include/reCaptcha.php b/include/reCaptcha.php
new file mode 100644
index 0000000..09446d3
--- /dev/null
+++ b/include/reCaptcha.php
@@ -0,0 +1,34 @@
+<?php
+
+/*
+  Google Re-Captcha Class
+  by Jeremy Newman <jnewman at codeweavers.com>
+*/
+
+class reCaptcha
+{
+    private $reCaptchaSecret = '';
+    public $res = false;
+    public function __construct ($secret = '')
+    {
+        $this->reCaptchaSecret = $secret;
+        return true;
+    }
+    public function validate ($resp, $ip)
+    {
+        if (empty($resp) or empty($ip))
+            return false;
+        $post = array('secret' => $this->reCaptchaSecret, 'response' => $resp, 'remoteip' => $ip);
+        $ch = curl_init('https://www.google.com/recaptcha/api/siteverify');
+        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+        curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
+        $res = json_decode(curl_exec($ch));
+        $this->res = $res;
+        curl_close($ch);
+        if (!empty($res->success) and $res->success)
+            return true;
+        return false;
+    }
+}
+
+?>
\ No newline at end of file

More information about the wine-cvs mailing list