diff --git a/config.php b/config.php index a10d155..cf3f74c 100644 --- a/config.php +++ b/config.php @@ -753,7 +753,10 @@ // SECURITY STUFF \\ // --------------- \\ $config['use_token'] = false; + // Set up captcha keys on https://www.google.com/recaptcha/ $config['use_captcha'] = false; + $config['captcha_secret_key'] = "Secret key"; + $config['captcha_site_key'] = "Site key"; // Session prefix, if you are hosting multiple sites, make the session name different to avoid conflict. $config['session_prefix'] = 'znote_'; @@ -826,7 +829,7 @@ ///////////////// // Write your pagseguro address here, and what currency you want to recieve money in. $config['pagseguro'] = array( - 'enabled' => true, + 'enabled' => false, 'sandbox' => false, 'email' => '', // Example: pagseguro@mail.com 'token' => '', @@ -854,7 +857,7 @@ // You can configure paygol to send each month, then they will send money // to you 1 month after recieving 50+ eur. $config['paygol'] = array( - 'enabled' => true, + 'enabled' => false, 'serviceID' => 86648,// Service ID from paygol.com 'currency' => 'SEK', 'price' => 20, @@ -869,7 +872,7 @@ //////////// // If useDB is set to true, player can shop in-game as well using Znote LUA shop system plugin. $config['shop'] = array( - 'enabled' => true, + 'enabled' => false, 'enableShopConfirmation' => true, // Verify that user wants to buy with popup 'useDB' => false, // Fetch offers from database, or the below config array 'showImage' => true, diff --git a/helpdesk.php b/helpdesk.php index db9ea9a..d618026 100644 --- a/helpdesk.php +++ b/helpdesk.php @@ -108,10 +108,27 @@ if ($view !== false) { $errors[] = 'Token is invalid.'; } if ($config['use_captcha']) { - include_once 'captcha/securimage.php'; - $securimage = new Securimage(); - if ($securimage->check($_POST['captcha_code']) == false) { - $errors[] = 'Captcha image verification was submitted wrong.'; + $captcha = (isset($_POST['g-recaptcha-response'])) ? $_POST['g-recaptcha-response'] : false; + if(!$captcha) { + $errors[] = 'Please check the the captcha form.'; + } else { + $secretKey = $config['captcha_secret_key']; + $ip = $_SERVER['REMOTE_ADDR']; + // curl start + $curl_connection = curl_init("https://www.google.com/recaptcha/api/siteverify"); + $post_string = "secret=".$secretKey."&response=".$captcha."&remoteip=".$ip; + curl_setopt($curl_connection, CURLOPT_CONNECTTIMEOUT, 5); + curl_setopt($curl_connection, CURLOPT_RETURNTRANSFER, true); + curl_setopt($curl_connection, CURLOPT_SSL_VERIFYPEER, false); + curl_setopt($curl_connection, CURLOPT_FOLLOWLOCATION, 0); + curl_setopt($curl_connection, CURLOPT_POSTFIELDS, $post_string); + $response = curl_exec($curl_connection); + curl_close($curl_connection); + // Curl end + $responseKeys = json_decode($response,true); + if(intval($responseKeys["success"]) !== 1) { + $errors[] = 'Captcha failed.'; + } } } // Reversed this if, so: first check if you need to validate, then validate. @@ -205,10 +222,7 @@ if ($view !== false) { if ($config['use_captcha']) { ?>
  • - Write the image symbols in the text field to verify that you are a human: - CAPTCHA Image
    - - [ Different Image ]

    +
    • + \ No newline at end of file diff --git a/recovery.php b/recovery.php index 935d482..e1254b1 100644 --- a/recovery.php +++ b/recovery.php @@ -13,10 +13,27 @@ if ($config['mailserver']['accountRecovery']) { if (!empty($_POST)) { $status = true; if ($config['use_captcha']) { - include_once 'captcha/securimage.php'; - $securimage = new Securimage(); - if ($securimage->check($_POST['captcha_code']) == false) { - $status = false; + $captcha = (isset($_POST['g-recaptcha-response'])) ? $_POST['g-recaptcha-response'] : false; + if(!$captcha) { + $status = false; + } else { + $secretKey = $config['captcha_secret_key']; + $ip = $_SERVER['REMOTE_ADDR']; + // curl start + $curl_connection = curl_init("https://www.google.com/recaptcha/api/siteverify"); + $post_string = "secret=".$secretKey."&response=".$captcha."&remoteip=".$ip; + curl_setopt($curl_connection, CURLOPT_CONNECTTIMEOUT, 5); + curl_setopt($curl_connection, CURLOPT_RETURNTRANSFER, true); + curl_setopt($curl_connection, CURLOPT_SSL_VERIFYPEER, false); + curl_setopt($curl_connection, CURLOPT_FOLLOWLOCATION, 0); + curl_setopt($curl_connection, CURLOPT_POSTFIELDS, $post_string); + $response = curl_exec($curl_connection); + curl_close($curl_connection); + // Curl end + $responseKeys = json_decode($response,true); + if(intval($responseKeys["success"]) !== 1) { + $status = false; + } } } if ($status) { @@ -175,10 +192,7 @@ if ($config['mailserver']['accountRecovery']) { if ($config['use_captcha']) { ?> - Write the image symbols in the text field to verify that you are a human: - CAPTCHA Image
    - - [ Different Image ]

    +
    diff --git a/register.php b/register.php index 6507848..120e834 100644 --- a/register.php +++ b/register.php @@ -21,10 +21,27 @@ if (empty($_POST) === false) { } if ($config['use_captcha']) { - include_once 'captcha/securimage.php'; - $securimage = new Securimage(); - if ($securimage->check($_POST['captcha_code']) == false) { - $errors[] = 'Captcha image verification was submitted wrong.'; + $captcha = (isset($_POST['g-recaptcha-response'])) ? $_POST['g-recaptcha-response'] : false; + if(!$captcha) { + $errors[] = 'Please check the the captcha form.'; + } else { + $secretKey = $config['captcha_secret_key']; + $ip = $_SERVER['REMOTE_ADDR']; + // curl start + $curl_connection = curl_init("https://www.google.com/recaptcha/api/siteverify"); + $post_string = "secret=".$secretKey."&response=".$captcha."&remoteip=".$ip; + curl_setopt($curl_connection, CURLOPT_CONNECTTIMEOUT, 5); + curl_setopt($curl_connection, CURLOPT_RETURNTRANSFER, true); + curl_setopt($curl_connection, CURLOPT_SSL_VERIFYPEER, false); + curl_setopt($curl_connection, CURLOPT_FOLLOWLOCATION, 0); + curl_setopt($curl_connection, CURLOPT_POSTFIELDS, $post_string); + $response = curl_exec($curl_connection); + curl_close($curl_connection); + // Curl end + $responseKeys = json_decode($response,true); + if(intval($responseKeys["success"]) !== 1) { + $errors[] = 'Captcha failed.'; + } } } @@ -171,10 +188,7 @@ if (isset($_GET['success']) && empty($_GET['success'])) { if ($config['use_captcha']) { ?>
  • - Write the image symbols in the text field to verify that you are a human: - CAPTCHA Image
    - - [ Different Image ]

    +
    • No botting allowed.

    The staff can delete, ban, do whatever they want with your account and your
    submitted information. (Including exposing and logging your IP).

    -

  • Do you agree to follow the server rules?