Refactor Google ReCaptcha code (#325)

Removed duplicated code (store it in function/general.php)

Captcha doesn't need cURL (made it configurable and optional)

config.php

@@ -780,6 +780,7 @@
 	$config['use_captcha'] = false;
 	$config['captcha_site_key'] = "Site key";
 	$config['captcha_secret_key'] = "Secret key";
+	$config['captcha_use_curl'] = false; // Set to false if you don't have cURL installed, otherwise set it to true
 
 	// Session prefix, if you are hosting multiple sites, make the session name different to avoid conflict.
 	$config['session_prefix'] = 'znote_';

engine/function/general.php

@@ -527,4 +527,34 @@ function generateRandomString($length = 16) {
 	return $randomString;
 }
 
+function verifyGoogleReCaptcha($postResponse = null) {
+	if(!isset($postResponse) || empty($postResponse)) {
+		return false;
+	}
+
+	$recaptcha_api_url = 'https://www.google.com/recaptcha/api/siteverify';
+	$secretKey = config('captcha_secret_key');
+	$ip = $_SERVER['REMOTE_ADDR'];
+	$params = 'secret='.$secretKey.'&response='.$postResponse.'&remoteip='.$ip;
+
+	$useCurl = config('captcha_use_curl');
+	if($useCurl) {
+		$curl_connection = curl_init($recaptcha_api_url);
+
+		curl_setopt($curl_connection, CURLOPT_CONNECTTIMEOUT, 5);
+		curl_setopt($curl_connection, CURLOPT_RETURNTRANSFER, true);
+		curl_setopt($curl_connection, CURLOPT_SSL_VERIFYPEER, false);
+		curl_setopt($curl_connection, CURLOPT_FOLLOWLOCATION, 0);
+		curl_setopt($curl_connection, CURLOPT_POSTFIELDS, $params);
+
+		$response = curl_exec($curl_connection);
+		curl_close($curl_connection);
+	} else {
+		$response = file_get_contents($recaptcha_api_url . '?' . $params);
+	}
+
+	$json = json_decode($response);
+	return isset($json->success) && $json->success;
+}
+
 ?>

helpdesk.php

@@ -108,27 +108,8 @@ if ($view !== false) {
 				$errors[] = 'Token is invalid.';
 			}
 			if ($config['use_captcha']) {
-				$captcha = (isset($_POST['g-recaptcha-response'])) ? $_POST['g-recaptcha-response'] : false;
+				if(!verifyGoogleReCaptcha($_POST['g-recaptcha-response'])) {
-				if(!$captcha) {
+					$errors[] = "Please confirm that you're not a robot.";
-					$errors[] = 'Please check the the captcha form.';
-				} else {
-					$secretKey = $config['captcha_secret_key'];
-					$ip = $_SERVER['REMOTE_ADDR'];
-					// curl start
-					$curl_connection = curl_init("https://www.google.com/recaptcha/api/siteverify");
-					$post_string = "secret=".$secretKey."&response=".$captcha."&remoteip=".$ip;
-					curl_setopt($curl_connection, CURLOPT_CONNECTTIMEOUT, 5);
-					curl_setopt($curl_connection, CURLOPT_RETURNTRANSFER, true);
-					curl_setopt($curl_connection, CURLOPT_SSL_VERIFYPEER, false);
-					curl_setopt($curl_connection, CURLOPT_FOLLOWLOCATION, 0);
-					curl_setopt($curl_connection, CURLOPT_POSTFIELDS, $post_string);
-					$response = curl_exec($curl_connection);
-					curl_close($curl_connection);
-					// Curl end
-					$responseKeys = json_decode($response,true);
-					if(intval($responseKeys["success"]) !== 1) {
-						$errors[] = 'Captcha failed.';
-					}
 				}
 			}
 			// Reversed this if, so: first check if you need to validate, then validate. 

recovery.php

@@ -13,27 +13,8 @@ if ($config['mailserver']['accountRecovery']) {
 	if (!empty($_POST)) {
 		$status = true;
 		if ($config['use_captcha']) {
-			$captcha = (isset($_POST['g-recaptcha-response'])) ? $_POST['g-recaptcha-response'] : false;
+			if(!verifyGoogleReCaptcha($_POST['g-recaptcha-response'])) {
-			if(!$captcha) {
 				$status = false;
-			} else {
-				$secretKey = $config['captcha_secret_key'];
-				$ip = $_SERVER['REMOTE_ADDR'];
-				// curl start
-				$curl_connection = curl_init("https://www.google.com/recaptcha/api/siteverify");
-				$post_string = "secret=".$secretKey."&response=".$captcha."&remoteip=".$ip;
-				curl_setopt($curl_connection, CURLOPT_CONNECTTIMEOUT, 5);
-				curl_setopt($curl_connection, CURLOPT_RETURNTRANSFER, true);
-				curl_setopt($curl_connection, CURLOPT_SSL_VERIFYPEER, false);
-				curl_setopt($curl_connection, CURLOPT_FOLLOWLOCATION, 0);
-				curl_setopt($curl_connection, CURLOPT_POSTFIELDS, $post_string);
-				$response = curl_exec($curl_connection);
-				curl_close($curl_connection);
-				// Curl end
-				$responseKeys = json_decode($response,true);
-				if(intval($responseKeys["success"]) !== 1) {
-					$status = false;
-				}
 			}
 		}
 		if ($status) {

register.php

@@ -22,27 +22,8 @@ if (empty($_POST) === false) {
 		}
 
 		if ($config['use_captcha']) {
-			$captcha = (isset($_POST['g-recaptcha-response'])) ? $_POST['g-recaptcha-response'] : false;
+			if(!verifyGoogleReCaptcha($_POST['g-recaptcha-response'])) {
-			if(!$captcha) {
+				$errors[] = "Please confirm that you're not a robot.";
-				$errors[] = 'Please check the the captcha form.';
-			} else {
-				$secretKey = $config['captcha_secret_key'];
-				$ip = $_SERVER['REMOTE_ADDR'];
-				// curl start
-				$curl_connection = curl_init("https://www.google.com/recaptcha/api/siteverify");
-				$post_string = "secret=".$secretKey."&response=".$captcha."&remoteip=".$ip;
-				curl_setopt($curl_connection, CURLOPT_CONNECTTIMEOUT, 5);
-				curl_setopt($curl_connection, CURLOPT_RETURNTRANSFER, true);
-				curl_setopt($curl_connection, CURLOPT_SSL_VERIFYPEER, false);
-				curl_setopt($curl_connection, CURLOPT_FOLLOWLOCATION, 0);
-				curl_setopt($curl_connection, CURLOPT_POSTFIELDS, $post_string);
-				$response = curl_exec($curl_connection);
-				curl_close($curl_connection);
-				// Curl end
-				$responseKeys = json_decode($response,true);
-				if(intval($responseKeys["success"]) !== 1) {
-					$errors[] = 'Captcha failed.';
-				}
 			}
 		}