From 984e62e0959f3845d643b16d15c49effd3e86152 Mon Sep 17 00:00:00 2001
From: Znote <stefan_brannfjell@live.no>
Date: Sun, 22 Jan 2017 05:06:37 +0100
Subject: [PATCH] Adding Google reCaptcha system Also disable all shop and
 buypoints functionality as default in config.php

---
 config.php      |  9 ++++++---
 helpdesk.php    | 30 ++++++++++++++++++++++--------
 layout/head.php |  1 +
 recovery.php    | 30 ++++++++++++++++++++++--------
 register.php    | 31 ++++++++++++++++++++++---------
 5 files changed, 73 insertions(+), 28 deletions(-)

diff --git a/config.php b/config.php
index a10d155..cf3f74c 100644
--- a/config.php
+++ b/config.php
@@ -753,7 +753,10 @@
 		// SECURITY STUFF  \\
 		// --------------- \\
 	$config['use_token'] = false;
+	// Set up captcha keys on https://www.google.com/recaptcha/
 	$config['use_captcha'] = false;
+	$config['captcha_secret_key'] = "Secret key";
+	$config['captcha_site_key'] = "Site key";
 
 	// Session prefix, if you are hosting multiple sites, make the session name different to avoid conflict.
 	$config['session_prefix'] = 'znote_';
@@ -826,7 +829,7 @@
 	/////////////////
 	// Write your pagseguro address here, and what currency you want to recieve money in.
 	$config['pagseguro'] = array(
-		'enabled' => true,
+		'enabled' => false,
 		'sandbox' => false,
 		'email' => '', // Example: pagseguro@mail.com
 		'token' => '',
@@ -854,7 +857,7 @@
 	// You can configure paygol to send each month, then they will send money
 	// to you 1 month after recieving 50+ eur.
 	$config['paygol'] = array(
-		'enabled' => true,
+		'enabled' => false,
 		'serviceID' => 86648,// Service ID from paygol.com
 		'currency' => 'SEK',
 		'price' => 20,
@@ -869,7 +872,7 @@
 	////////////
 	// If useDB is set to true, player can shop in-game as well using Znote LUA shop system plugin.
 	$config['shop'] = array(
-		'enabled' => true,
+		'enabled' => false,
 		'enableShopConfirmation' => true, // Verify that user wants to buy with popup
 		'useDB' => false, // Fetch offers from database, or the below config array
 		'showImage' => true,
diff --git a/helpdesk.php b/helpdesk.php
index db9ea9a..d618026 100644
--- a/helpdesk.php
+++ b/helpdesk.php
@@ -108,10 +108,27 @@ if ($view !== false) {
 				$errors[] = 'Token is invalid.';
 			}
 			if ($config['use_captcha']) {
-				include_once 'captcha/securimage.php';
-				$securimage = new Securimage();
-				if ($securimage->check($_POST['captcha_code']) == false) {
-				  $errors[] = 'Captcha image verification was submitted wrong.';
+				$captcha = (isset($_POST['g-recaptcha-response'])) ? $_POST['g-recaptcha-response'] : false;
+				if(!$captcha) {
+					$errors[] = 'Please check the the captcha form.';
+				} else {
+					$secretKey = $config['captcha_secret_key'];
+					$ip = $_SERVER['REMOTE_ADDR'];
+					// curl start
+					$curl_connection = curl_init("https://www.google.com/recaptcha/api/siteverify");
+					$post_string = "secret=".$secretKey."&response=".$captcha."&remoteip=".$ip;
+					curl_setopt($curl_connection, CURLOPT_CONNECTTIMEOUT, 5);
+					curl_setopt($curl_connection, CURLOPT_RETURNTRANSFER, true);
+					curl_setopt($curl_connection, CURLOPT_SSL_VERIFYPEER, false);
+					curl_setopt($curl_connection, CURLOPT_FOLLOWLOCATION, 0);
+					curl_setopt($curl_connection, CURLOPT_POSTFIELDS, $post_string);
+					$response = curl_exec($curl_connection);
+					curl_close($curl_connection);
+					// Curl end
+					$responseKeys = json_decode($response,true);
+					if(intval($responseKeys["success"]) !== 1) {
+						$errors[] = 'Captcha failed.';
+					}
 				}
 			}
 			// Reversed this if, so: first check if you need to validate, then validate. 
@@ -205,10 +222,7 @@ if ($view !== false) {
 				if ($config['use_captcha']) {
 					?>
 					<li>
-						<b>Write the image symbols in the text field to verify that you are a human:</b>
-						<img id="captcha" src="captcha/securimage_show.php" alt="CAPTCHA Image" /><br>
-						<input type="text" name="captcha_code" size="10" maxlength="6" />
-						<a href="#" onclick="document.getElementById('captcha').src = 'captcha/securimage_show.php?' + Math.random(); return false">[ Different Image ]</a><br><br>
+						 <div class="g-recaptcha" data-sitekey="<?php echo $config['captcha_site_key']; ?>"></div>
 					</li>
 					<?php
 				}
diff --git a/layout/head.php b/layout/head.php
index 9d01239..0f626a8 100644
--- a/layout/head.php
+++ b/layout/head.php
@@ -6,4 +6,5 @@
   <link rel="stylesheet" type="text/css" href="layout/css/style.css" />
   <!-- modernizr enables HTML5 elements and feature detects -->
   <script type="text/javascript" src="layout/js/modernizr-1.5.min.js"></script>
+  <script src='https://www.google.com/recaptcha/api.js'></script>
 </head>
\ No newline at end of file
diff --git a/recovery.php b/recovery.php
index 935d482..e1254b1 100644
--- a/recovery.php
+++ b/recovery.php
@@ -13,10 +13,27 @@ if ($config['mailserver']['accountRecovery']) {
 	if (!empty($_POST)) {
 		$status = true;
 		if ($config['use_captcha']) {
-			include_once 'captcha/securimage.php';
-			$securimage = new Securimage();
-			if ($securimage->check($_POST['captcha_code']) == false) {
-			  $status = false;
+			$captcha = (isset($_POST['g-recaptcha-response'])) ? $_POST['g-recaptcha-response'] : false;
+			if(!$captcha) {
+				$status = false;
+			} else {
+				$secretKey = $config['captcha_secret_key'];
+				$ip = $_SERVER['REMOTE_ADDR'];
+				// curl start
+				$curl_connection = curl_init("https://www.google.com/recaptcha/api/siteverify");
+				$post_string = "secret=".$secretKey."&response=".$captcha."&remoteip=".$ip;
+				curl_setopt($curl_connection, CURLOPT_CONNECTTIMEOUT, 5);
+				curl_setopt($curl_connection, CURLOPT_RETURNTRANSFER, true);
+				curl_setopt($curl_connection, CURLOPT_SSL_VERIFYPEER, false);
+				curl_setopt($curl_connection, CURLOPT_FOLLOWLOCATION, 0);
+				curl_setopt($curl_connection, CURLOPT_POSTFIELDS, $post_string);
+				$response = curl_exec($curl_connection);
+				curl_close($curl_connection);
+				// Curl end
+				$responseKeys = json_decode($response,true);
+				if(intval($responseKeys["success"]) !== 1) {
+					$status = false;
+				}
 			}
 		}
 		if ($status) {
@@ -175,10 +192,7 @@ if ($config['mailserver']['accountRecovery']) {
 
 					if ($config['use_captcha']) {
 						?>
-							<b>Write the image symbols in the text field to verify that you are a human:</b>
-							<img id="captcha" src="captcha/securimage_show.php" alt="CAPTCHA Image" /><br>
-							<input type="text" name="captcha_code" size="10" maxlength="6" />
-							<a href="#" onclick="document.getElementById('captcha').src = 'captcha/securimage_show.php?' + Math.random(); return false">[ Different Image ]</a><br><br>
+							<div class="g-recaptcha" data-sitekey="<?php echo $config['captcha_site_key']; ?>"></div>
 						<?php
 					}
 					?>
diff --git a/register.php b/register.php
index 6507848..120e834 100644
--- a/register.php
+++ b/register.php
@@ -21,10 +21,27 @@ if (empty($_POST) === false) {
 		}
 
 		if ($config['use_captcha']) {
-			include_once 'captcha/securimage.php';
-			$securimage = new Securimage();
-			if ($securimage->check($_POST['captcha_code']) == false) {
-			  $errors[] = 'Captcha image verification was submitted wrong.';
+			$captcha = (isset($_POST['g-recaptcha-response'])) ? $_POST['g-recaptcha-response'] : false;
+			if(!$captcha) {
+				$errors[] = 'Please check the the captcha form.';
+			} else {
+				$secretKey = $config['captcha_secret_key'];
+				$ip = $_SERVER['REMOTE_ADDR'];
+				// curl start
+				$curl_connection = curl_init("https://www.google.com/recaptcha/api/siteverify");
+				$post_string = "secret=".$secretKey."&response=".$captcha."&remoteip=".$ip;
+				curl_setopt($curl_connection, CURLOPT_CONNECTTIMEOUT, 5);
+				curl_setopt($curl_connection, CURLOPT_RETURNTRANSFER, true);
+				curl_setopt($curl_connection, CURLOPT_SSL_VERIFYPEER, false);
+				curl_setopt($curl_connection, CURLOPT_FOLLOWLOCATION, 0);
+				curl_setopt($curl_connection, CURLOPT_POSTFIELDS, $post_string);
+				$response = curl_exec($curl_connection);
+				curl_close($curl_connection);
+				// Curl end
+				$responseKeys = json_decode($response,true);
+				if(intval($responseKeys["success"]) !== 1) {
+					$errors[] = 'Captcha failed.';
+				}
 			}
 		}
 		
@@ -171,10 +188,7 @@ if (isset($_GET['success']) && empty($_GET['success'])) {
 			if ($config['use_captcha']) {
 				?>
 				<li>
-					<b>Write the image symbols in the text field to verify that you are a human:</b>
-					<img id="captcha" src="captcha/securimage_show.php" alt="CAPTCHA Image" /><br>
-					<input type="text" name="captcha_code" size="10" maxlength="6" />
-					<a href="#" onclick="document.getElementById('captcha').src = 'captcha/securimage_show.php?' + Math.random(); return false">[ Different Image ]</a><br><br>
+					 <div class="g-recaptcha" data-sitekey="<?php echo $config['captcha_site_key']; ?>"></div>
 				</li>
 				<?php
 			}
@@ -187,7 +201,6 @@ if (isset($_GET['success']) && empty($_GET['success'])) {
 				<p>No <a href='http://en.wikipedia.org/wiki/Video_game_bot' target="_blank">botting</a> allowed.</p>
 				<p>The staff can delete, ban, do whatever they want with your account and your <br>
 					submitted information. (Including exposing and logging your IP).</p>
-				<p></p>
 			</li>
 			<li>
 				Do you agree to follow the server rules?<br>