Digitalstack/ZnoteAAC
2
0
Fork 0
mirror of https://github.com/Znote/ZnoteAAC.git synced 2025-04-29 18:59:21 +02:00
Code Issues Packages Projects Releases Wiki Activity

Adding Google reCaptcha system

Browse Source 
Also disable all shop and buypoints functionality as default in config.php
This commit is contained in:
Znote 2017-01-22 05:06:37 +01:00
parent 05800d282d
commit 984e62e095
5 changed files with 73 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
config.php
View File

@ -753,7 +753,10 @@
// SECURITY STUFF \\ // SECURITY STUFF \\
// --------------- \\ // --------------- \\
$config['use_token'] = false; $config['use_token'] = false;
// Set up captcha keys on https://www.google.com/recaptcha/
$config['use_captcha'] = false; $config['use_captcha'] = false;
$config['captcha_secret_key'] = "Secret key";
$config['captcha_site_key'] = "Site key";
// Session prefix, if you are hosting multiple sites, make the session name different to avoid conflict. // Session prefix, if you are hosting multiple sites, make the session name different to avoid conflict.
$config['session_prefix'] = 'znote_'; $config['session_prefix'] = 'znote_';
@ -826,7 +829,7 @@
///////////////// /////////////////
// Write your pagseguro address here, and what currency you want to recieve money in. // Write your pagseguro address here, and what currency you want to recieve money in.
$config['pagseguro'] = array( $config['pagseguro'] = array(
'enabled' => true, 'enabled' => false,
'sandbox' => false, 'sandbox' => false,
'email' => '', // Example: pagseguro@mail.com 'email' => '', // Example: pagseguro@mail.com
'token' => '', 'token' => '',
@ -854,7 +857,7 @@
// You can configure paygol to send each month, then they will send money // You can configure paygol to send each month, then they will send money
// to you 1 month after recieving 50+ eur. // to you 1 month after recieving 50+ eur.
$config['paygol'] = array( $config['paygol'] = array(
'enabled' => true, 'enabled' => false,
'serviceID' => 86648,// Service ID from paygol.com 'serviceID' => 86648,// Service ID from paygol.com
'currency' => 'SEK', 'currency' => 'SEK',
'price' => 20, 'price' => 20,
@ -869,7 +872,7 @@
//////////// ////////////
// If useDB is set to true, player can shop in-game as well using Znote LUA shop system plugin. // If useDB is set to true, player can shop in-game as well using Znote LUA shop system plugin.
$config['shop'] = array( $config['shop'] = array(
'enabled' => true, 'enabled' => false,
'enableShopConfirmation' => true, // Verify that user wants to buy with popup 'enableShopConfirmation' => true, // Verify that user wants to buy with popup
'useDB' => false, // Fetch offers from database, or the below config array 'useDB' => false, // Fetch offers from database, or the below config array
'showImage' => true, 'showImage' => true,

30
helpdesk.php
View File

@ -108,10 +108,27 @@ if ($view !== false) {
$errors[] = 'Token is invalid.'; $errors[] = 'Token is invalid.';
} }
if ($config['use_captcha']) { if ($config['use_captcha']) {
include_once 'captcha/securimage.php'; $captcha = (isset($_POST['g-recaptcha-response'])) ? $_POST['g-recaptcha-response'] : false;
$securimage = new Securimage(); if(!$captcha) {
if ($securimage->check($_POST['captcha_code']) == false) { $errors[] = 'Please check the the captcha form.';
$errors[] = 'Captcha image verification was submitted wrong.'; } else {
$secretKey = $config['captcha_secret_key'];
$ip = $_SERVER['REMOTE_ADDR'];
// curl start
$curl_connection = curl_init("https://www.google.com/recaptcha/api/siteverify");
$post_string = "secret=".$secretKey."&response=".$captcha."&remoteip=".$ip;
curl_setopt($curl_connection, CURLOPT_CONNECTTIMEOUT, 5);
curl_setopt($curl_connection, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl_connection, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl_connection, CURLOPT_FOLLOWLOCATION, 0);
curl_setopt($curl_connection, CURLOPT_POSTFIELDS, $post_string);
$response = curl_exec($curl_connection);
curl_close($curl_connection);
// Curl end
$responseKeys = json_decode($response,true);
if(intval($responseKeys["success"]) !== 1) {
$errors[] = 'Captcha failed.';
}
} }
} }
// Reversed this if, so: first check if you need to validate, then validate. // Reversed this if, so: first check if you need to validate, then validate.
@ -205,10 +222,7 @@ if ($view !== false) {
if ($config['use_captcha']) { if ($config['use_captcha']) {
?> ?>
<li> <li>
<b>Write the image symbols in the text field to verify that you are a human:</b> <div class="g-recaptcha" data-sitekey="<?php echo $config['captcha_site_key']; ?>"></div>
<img id="captcha" src="captcha/securimage_show.php" alt="CAPTCHA Image" /><br>
<input type="text" name="captcha_code" size="10" maxlength="6" />
<a href="#" onclick="document.getElementById('captcha').src = 'captcha/securimage_show.php?' + Math.random(); return false">[ Different Image ]</a><br><br>
</li> </li>
<?php <?php
} }

1
layout/head.php
View File

@ -6,4 +6,5 @@
<link rel="stylesheet" type="text/css" href="layout/css/style.css" /> <link rel="stylesheet" type="text/css" href="layout/css/style.css" />
<!-- modernizr enables HTML5 elements and feature detects --> <!-- modernizr enables HTML5 elements and feature detects -->
<script type="text/javascript" src="layout/js/modernizr-1.5.min.js"></script> <script type="text/javascript" src="layout/js/modernizr-1.5.min.js"></script>
<script src='https://www.google.com/recaptcha/api.js'></script>
</head> </head>

30
recovery.php
View File

@ -13,10 +13,27 @@ if ($config['mailserver']['accountRecovery']) {
if (!empty($_POST)) { if (!empty($_POST)) {
$status = true; $status = true;
if ($config['use_captcha']) { if ($config['use_captcha']) {
include_once 'captcha/securimage.php'; $captcha = (isset($_POST['g-recaptcha-response'])) ? $_POST['g-recaptcha-response'] : false;
$securimage = new Securimage(); if(!$captcha) {
if ($securimage->check($_POST['captcha_code']) == false) { $status = false;
$status = false; } else {
$secretKey = $config['captcha_secret_key'];
$ip = $_SERVER['REMOTE_ADDR'];
// curl start
$curl_connection = curl_init("https://www.google.com/recaptcha/api/siteverify");
$post_string = "secret=".$secretKey."&response=".$captcha."&remoteip=".$ip;
curl_setopt($curl_connection, CURLOPT_CONNECTTIMEOUT, 5);
curl_setopt($curl_connection, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl_connection, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl_connection, CURLOPT_FOLLOWLOCATION, 0);
curl_setopt($curl_connection, CURLOPT_POSTFIELDS, $post_string);
$response = curl_exec($curl_connection);
curl_close($curl_connection);
// Curl end
$responseKeys = json_decode($response,true);
if(intval($responseKeys["success"]) !== 1) {
$status = false;
}
} }
} }
if ($status) { if ($status) {
@ -175,10 +192,7 @@ if ($config['mailserver']['accountRecovery']) {
if ($config['use_captcha']) { if ($config['use_captcha']) {
?> ?>
<b>Write the image symbols in the text field to verify that you are a human:</b> <div class="g-recaptcha" data-sitekey="<?php echo $config['captcha_site_key']; ?>"></div>
<img id="captcha" src="captcha/securimage_show.php" alt="CAPTCHA Image" /><br>
<input type="text" name="captcha_code" size="10" maxlength="6" />
<a href="#" onclick="document.getElementById('captcha').src = 'captcha/securimage_show.php?' + Math.random(); return false">[ Different Image ]</a><br><br>
<?php <?php
} }
?> ?>

31
register.php
View File

@ -21,10 +21,27 @@ if (empty($_POST) === false) {
} }
if ($config['use_captcha']) { if ($config['use_captcha']) {
include_once 'captcha/securimage.php'; $captcha = (isset($_POST['g-recaptcha-response'])) ? $_POST['g-recaptcha-response'] : false;
$securimage = new Securimage(); if(!$captcha) {
if ($securimage->check($_POST['captcha_code']) == false) { $errors[] = 'Please check the the captcha form.';
$errors[] = 'Captcha image verification was submitted wrong.'; } else {
$secretKey = $config['captcha_secret_key'];
$ip = $_SERVER['REMOTE_ADDR'];
// curl start
$curl_connection = curl_init("https://www.google.com/recaptcha/api/siteverify");
$post_string = "secret=".$secretKey."&response=".$captcha."&remoteip=".$ip;
curl_setopt($curl_connection, CURLOPT_CONNECTTIMEOUT, 5);
curl_setopt($curl_connection, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl_connection, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl_connection, CURLOPT_FOLLOWLOCATION, 0);
curl_setopt($curl_connection, CURLOPT_POSTFIELDS, $post_string);
$response = curl_exec($curl_connection);
curl_close($curl_connection);
// Curl end
$responseKeys = json_decode($response,true);
if(intval($responseKeys["success"]) !== 1) {
$errors[] = 'Captcha failed.';
}
} }
} }
@ -171,10 +188,7 @@ if (isset($_GET['success']) && empty($_GET['success'])) {
if ($config['use_captcha']) { if ($config['use_captcha']) {
?> ?>
<li> <li>
<b>Write the image symbols in the text field to verify that you are a human:</b> <div class="g-recaptcha" data-sitekey="<?php echo $config['captcha_site_key']; ?>"></div>
<img id="captcha" src="captcha/securimage_show.php" alt="CAPTCHA Image" /><br>
<input type="text" name="captcha_code" size="10" maxlength="6" />
<a href="#" onclick="document.getElementById('captcha').src = 'captcha/securimage_show.php?' + Math.random(); return false">[ Different Image ]</a><br><br>
</li> </li>
<?php <?php
} }
@ -187,7 +201,6 @@ if (isset($_GET['success']) && empty($_GET['success'])) {
<p>No <a href='http://en.wikipedia.org/wiki/Video_game_bot' target="_blank">botting</a> allowed.</p> <p>No <a href='http://en.wikipedia.org/wiki/Video_game_bot' target="_blank">botting</a> allowed.</p>
<p>The staff can delete, ban, do whatever they want with your account and your <br> <p>The staff can delete, ban, do whatever they want with your account and your <br>
submitted information. (Including exposing and logging your IP).</p> submitted information. (Including exposing and logging your IP).</p>
<p></p>
</li> </li>
<li> <li>
Do you agree to follow the server rules?<br> Do you agree to follow the server rules?<br>