[TASK] added Feature #120

config/config.ini.example

@@ -43,6 +43,13 @@ google.publisher = ""
 ; Google analytics
 google.analytics.id = ""
 
+; Google reCaptcha
+; https://www.google.com/recaptcha/admin
+
+google.reCaptcha = false
+google.reCaptcha.public = ""
+google.reCaptcha.private = ""
+
 ; Pagination, RSS, and JSON
 posts.perpage = "5"
 tag.perpage = "10"

system/admin/views/login.html.php

@@ -9,6 +9,11 @@
 		Password <span class="required">*</span> <br>
 		<input type="password" class="<?php if (isset($password)) { if (empty($password)) { echo 'error';}} ?>" name="password"/><br><br>
 		<input type="hidden" name="csrf_token" value="<?php echo get_csrf()?>">
+        <?php if(config("google.reCaptcha")):?>
+            <script src='https://www.google.com/recaptcha/api.js'></script>
+            <div class="g-recaptcha" data-sitekey="<?php echo config("google.reCaptcha.public"); ?>"></div>
+            <br/>
+        <?php endif;?>
 		<input type="submit" name="submit" value="Login"/>
 	</form>
 <?php } else {header('location: admin');} ?>

system/htmly.php

@@ -57,11 +57,12 @@ get('/index', function () {
 // Get submitted login data
 post('/login', function () {
 
-    $proper = is_csrf_proper(from($_REQUEST, 'csrf_token'));
+    $proper = (is_csrf_proper(from($_REQUEST, 'csrf_token')));
+    $captcha = isCaptcha(from($_REQUEST, 'g-recaptcha-response'));
 
     $user = from($_REQUEST, 'user');
     $pass = from($_REQUEST, 'password');
-    if ($proper && !empty($user) && !empty($pass)) {
+    if ($proper && $captcha && !empty($user) && !empty($pass)) {
 
         session($user, $pass, null);
         $log = session($user, $pass, null);
@@ -88,6 +89,9 @@ post('/login', function () {
         if (!$proper) {
             $message['error'] .= '<li>CSRF Token not correct.</li>';
         }
+        if(!$captcha) {
+            $message['error'] .= '<li>reCaptcha not correct.</li>';
+        }
 
         config('views.root', 'system/admin/views');
 

system/includes/functions.php

@@ -1758,3 +1758,24 @@ function remove_html_comments($content)
 {
     return trim(preg_replace('/(\s|)<!--(.*)-->(\s|)/', '', $content));
 }
+
+function isCaptcha($reCaptchaResponse){
+    if(! config("google.reCaptcha")){
+        return true;
+    }
+    $url = "https://www.google.com/recaptcha/api/siteverify";
+    $options = array(
+        "secret" => config("google.reCaptcha.private"),
+        "response" => $reCaptchaResponse,
+        "remoteip" => $_SERVER['REMOTE_ADDR'],
+    );
+    $fileContent = @file_get_contents($url . "?" . http_build_query($options));
+    if($fileContent === false) {
+        return false;
+    }
+    $json = json_decode($fileContent, true);
+    if($json == false){
+        return false;
+    }
+    return ($json['success']);
+}