Merge pull request #124 from Kanti/master

using reCaptcha for login
11 years ago · 20177f62f1
--- a/changelog.txt
+++ b/changelog.txt
@ -1,8 +0,0 @@
 2014-06-27: File cache support
 2014-06-14: Foreign Char Support
 2014-02-25: HTTPS Support
 2014-02-15: HTMLy v1.2
 2014-02-08: HTMLy v1.1.
 2014-02-01: HTMLy v1.0.
 2014-01-26: RC version.
 2014-01-01: Initial release.
--- a/config/config.ini.example
+++ b/config/config.ini.example
@ -43,6 +43,13 @@ google.publisher = ""
 ; Google analytics
 google.analytics.id = ""
 ; Google reCaptcha
 ; https://www.google.com/recaptcha/admin
 google.reCaptcha = false
 google.reCaptcha.public = ""
 google.reCaptcha.private = ""
 ; Pagination, RSS, and JSON
 posts.perpage = "5"
 tag.perpage = "10"
--- a/system/admin/views/login.html.php
+++ b/system/admin/views/login.html.php
@ -9,6 +9,11 @@
 		Password <span class="required">*</span> <br>
 		<input type="password" class="<?php if (isset($password)) { if (empty($password)) { echo 'error';}} ?>" name="password"/><br><br>
 		<input type="hidden" name="csrf_token" value="<?php echo get_csrf()?>">
        <?php if(config("google.reCaptcha")):?>
            <script src='https://www.google.com/recaptcha/api.js'></script>
            <div class="g-recaptcha" data-sitekey="<?php echo config("google.reCaptcha.public"); ?>"></div>
            <br/>
        <?php endif;?>
 		<input type="submit" name="submit" value="Login"/>
 	</form>
 <?php } else {header('location: admin');} ?>
--- a/system/htmly.php
+++ b/system/htmly.php
@ -57,11 +57,12 @@ get('/index', function () {
 // Get submitted login data
 post('/login', function () {
    $proper = is_csrf_proper(from($_REQUEST, 'csrf_token'));
    $proper = (is_csrf_proper(from($_REQUEST, 'csrf_token')));
    $captcha = isCaptcha(from($_REQUEST, 'g-recaptcha-response'));
    $user = from($_REQUEST, 'user');
    $pass = from($_REQUEST, 'password');
    if ($proper && !empty($user) && !empty($pass)) {
    if ($proper && $captcha && !empty($user) && !empty($pass)) {
        session($user, $pass, null);
        $log = session($user, $pass, null);
@ -88,6 +89,9 @@ post('/login', function () {
        if (!$proper) {
            $message['error'] .= '<li>CSRF Token not correct.</li>';
        }
        if(!$captcha) {
            $message['error'] .= '<li>reCaptcha not correct.</li>';
        }
        config('views.root', 'system/admin/views');
--- a/system/includes/functions.php
+++ b/system/includes/functions.php
@ -1758,3 +1758,24 @@ function remove_html_comments($content)
 {
    return trim(preg_replace('/(\s|)<!--(.*)-->(\s|)/', '', $content));
 }
 function isCaptcha($reCaptchaResponse){
    if(! config("google.reCaptcha")){
        return true;
    }
    $url = "https://www.google.com/recaptcha/api/siteverify";
    $options = array(
        "secret" => config("google.reCaptcha.private"),
        "response" => $reCaptchaResponse,
        "remoteip" => $_SERVER['REMOTE_ADDR'],
    );
    $fileContent = @file_get_contents($url . "?" . http_build_query($options));
    if($fileContent === false) {
        return false;
    }
    $json = json_decode($fileContent, true);
    if($json == false){
        return false;
    }
    return ($json['success']);
 }