tfirst attempt at integrating reCAPTCHA challenge - cosmo - front and backend f… | |
git clone git://src.adamsgaard.dk/cosmo | |
Log | |
Files | |
Refs | |
README | |
LICENSE | |
--- | |
commit 7d7cfbecd22e4be49e70bd582edbe1c82484f9f2 | |
parent b086816eb59e04f1539e120800a0145e0382de78 | |
Author: Anders Damsgaard <[email protected]> | |
Date: Tue, 10 Nov 2015 13:15:19 +0100 | |
first attempt at integrating reCAPTCHA challenge | |
Diffstat: | |
M head.html | 3 +++ | |
M index.php | 25 ++++++++++++++++++++++++- | |
M pages/history.html | 4 ++++ | |
A recaptchalib.php | 140 +++++++++++++++++++++++++++++… | |
M uploadhistory.php | 23 ++++++++++++++++++++++- | |
5 files changed, 193 insertions(+), 2 deletions(-) | |
--- | |
diff --git a/head.html b/head.html | |
t@@ -30,3 +30,6 @@ | |
<link type="text/css" rel="stylesheet" href="css/materialize.css" | |
media="screen,projection"/> | |
+ <!-- Google reCAPTCHA --> | |
+ <script src='https://www.google.com/recaptcha/api.js'></script> | |
+ | |
diff --git a/index.php b/index.php | |
t@@ -1,5 +1,28 @@ | |
-<?php include('head.html'); ?> | |
<?php | |
+ | |
+// reCAPTCHA setup | |
+require_once('recaptchalib.php'); | |
+ | |
+// your secret key | |
+$secret = "6LeMrRATAAAAAOdcvVGi6PfR__XGOVoUP7lCqHp1"; | |
+ | |
+// empty response | |
+$response = null; | |
+ | |
+// check secret key | |
+$reCaptcha = new ReCaptcha($secret); | |
+ | |
+// if submitted check response | |
+if ($_POST["g-recaptcha-response"]) { | |
+ $response = $reCaptcha->verifyResponse( | |
+ $_SERVER["REMOTE_ADDR"], | |
+ $_POST["g-recaptcha-response"] | |
+ ); | |
+} | |
+ | |
+// include top of html template | |
+include('head.html'); | |
+ | |
if (isset($_GET['wait_id']) && !empty($_GET['wait_id'])) { | |
// read status file contents | |
diff --git a/pages/history.html b/pages/history.html | |
t@@ -421,6 +421,10 @@ | |
</div> | |
</div> | |
+ <!-- Google reCAPTCHA --> | |
+ <div class="g-recaptcha" | |
+ data-sitekey="6LeMrRATAAAAAF7YHequ2Az9UzuHuwi9NUvjZgRZ"> | |
+ </div> | |
</form> | |
</div> | |
diff --git a/recaptchalib.php b/recaptchalib.php | |
t@@ -0,0 +1,140 @@ | |
+<?php | |
+/** | |
+ * This is a PHP library that handles calling reCAPTCHA. | |
+ * - Documentation and latest version | |
+ * https://developers.google.com/recaptcha/docs/php | |
+ * - Get a reCAPTCHA API Key | |
+ * https://www.google.com/recaptcha/admin/create | |
+ * - Discussion group | |
+ * http://groups.google.com/group/recaptcha | |
+ * | |
+ * @copyright Copyright (c) 2014, Google Inc. | |
+ * @link http://www.google.com/recaptcha | |
+ * | |
+ * Permission is hereby granted, free of charge, to any person obtaining a copy | |
+ * of this software and associated documentation files (the "Software"), to de… | |
+ * in the Software without restriction, including without limitation the rights | |
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | |
+ * copies of the Software, and to permit persons to whom the Software is | |
+ * furnished to do so, subject to the following conditions: | |
+ * | |
+ * The above copyright notice and this permission notice shall be included in | |
+ * all copies or substantial portions of the Software. | |
+ * | |
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | |
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | |
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | |
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | |
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FRO… | |
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN | |
+ * THE SOFTWARE. | |
+ */ | |
+ | |
+/** | |
+ * A ReCaptchaResponse is returned from checkAnswer(). | |
+ */ | |
+class ReCaptchaResponse | |
+{ | |
+ public $success; | |
+ public $errorCodes; | |
+} | |
+ | |
+class ReCaptcha | |
+{ | |
+ private static $_signupUrl = "https://www.google.com/recaptcha/admin"; | |
+ private static $_siteVerifyUrl = | |
+ "https://www.google.com/recaptcha/api/siteverify?"; | |
+ private $_secret; | |
+ private static $_version = "php_1.0"; | |
+ | |
+ /** | |
+ * Constructor. | |
+ * | |
+ * @param string $secret shared secret between site and ReCAPTCHA server. | |
+ */ | |
+ function ReCaptcha($secret) | |
+ { | |
+ if ($secret == null || $secret == "") { | |
+ die("To use reCAPTCHA you must get an API key from <a href='" | |
+ . self::$_signupUrl . "'>" . self::$_signupUrl . "</a>"); | |
+ } | |
+ $this->_secret=$secret; | |
+ } | |
+ | |
+ /** | |
+ * Encodes the given data into a query string format. | |
+ * | |
+ * @param array $data array of string elements to be encoded. | |
+ * | |
+ * @return string - encoded request. | |
+ */ | |
+ private function _encodeQS($data) | |
+ { | |
+ $req = ""; | |
+ foreach ($data as $key => $value) { | |
+ $req .= $key . '=' . urlencode(stripslashes($value)) . '&'; | |
+ } | |
+ | |
+ // Cut the last '&' | |
+ $req=substr($req, 0, strlen($req)-1); | |
+ return $req; | |
+ } | |
+ | |
+ /** | |
+ * Submits an HTTP GET to a reCAPTCHA server. | |
+ * | |
+ * @param string $path url path to recaptcha server. | |
+ * @param array $data array of parameters to be sent. | |
+ * | |
+ * @return array response | |
+ */ | |
+ private function _submitHTTPGet($path, $data) | |
+ { | |
+ $req = $this->_encodeQS($data); | |
+ $response = file_get_contents($path . $req); | |
+ return $response; | |
+ } | |
+ | |
+ /** | |
+ * Calls the reCAPTCHA siteverify API to verify whether the user passes | |
+ * CAPTCHA test. | |
+ * | |
+ * @param string $remoteIp IP address of end user. | |
+ * @param string $response response string from recaptcha verification. | |
+ * | |
+ * @return ReCaptchaResponse | |
+ */ | |
+ public function verifyResponse($remoteIp, $response) | |
+ { | |
+ // Discard empty solution submissions | |
+ if ($response == null || strlen($response) == 0) { | |
+ $recaptchaResponse = new ReCaptchaResponse(); | |
+ $recaptchaResponse->success = false; | |
+ $recaptchaResponse->errorCodes = 'missing-input'; | |
+ return $recaptchaResponse; | |
+ } | |
+ | |
+ $getResponse = $this->_submitHttpGet( | |
+ self::$_siteVerifyUrl, | |
+ array ( | |
+ 'secret' => $this->_secret, | |
+ 'remoteip' => $remoteIp, | |
+ 'v' => self::$_version, | |
+ 'response' => $response | |
+ ) | |
+ ); | |
+ $answers = json_decode($getResponse, true); | |
+ $recaptchaResponse = new ReCaptchaResponse(); | |
+ | |
+ if (trim($answers ['success']) == true) { | |
+ $recaptchaResponse->success = true; | |
+ } else { | |
+ $recaptchaResponse->success = false; | |
+ $recaptchaResponse->errorCodes = $answers [error-codes]; | |
+ } | |
+ | |
+ return $recaptchaResponse; | |
+ } | |
+} | |
+ | |
+?> | |
diff --git a/uploadhistory.php b/uploadhistory.php | |
t@@ -3,6 +3,27 @@ | |
// Validates form data from pages/history.html and writes a file for the Matla… | |
// script file_scanner_mcmc_starter.m to read as input for the MCMC inversion. | |
+// reCAPTCHA setup | |
+require_once('recaptchalib.php'); | |
+ | |
+// your secret key | |
+$secret = "6LeMrRATAAAAAOdcvVGi6PfR__XGOVoUP7lCqHp1"; | |
+ | |
+// empty response | |
+$response = null; | |
+ | |
+// check secret key | |
+$reCaptcha = new ReCaptcha($secret); | |
+ | |
+// if submitted check response | |
+if ($_POST["g-recaptcha-response"]) { | |
+ $response = $reCaptcha->verifyResponse( | |
+ $_SERVER["REMOTE_ADDR"], | |
+ $_POST["g-recaptcha-response"] | |
+ ); | |
+} | |
+ | |
+ | |
//$missing_fields = ''; // string of missing field names | |
$missing_fields = array(); // array of missing field names | |
//die('"' . $_POST['sample_id'] . '", ' . isset($_POST['sample_id'])); | |
t@@ -99,7 +120,7 @@ if ((isset($_POST['ne_conc']) && $_POST['ne_conc'] != '') && | |
// If something is missing, send error to user and make him/her go back | |
-if (count($missing_fields) > 0) { | |
+if (count($missing_fields) > 0 || !$response->success) { | |
//$error_msg = '<html><body>' . | |
//'<h2>Invalid input</h2>'; | |
$error_msg = ' |