diff --git a/www/application/controllers/Password_recovery.php b/www/application/controllers/Password_recovery.php
index 1af8d9d2..dfd9a689 100644
--- a/www/application/controllers/Password_recovery.php
+++ b/www/application/controllers/Password_recovery.php
@@ -5,18 +5,29 @@ defined('BASEPATH') OR exit('No direct script access allowed');
class Password_recovery extends CI_Controller {
public function index() {
+ $data = [];
+ $data['hcaptcha_site_key'] = "416c2382-9d6e-4131-bb58-e61b33f46a8b";
+ $data['hcaptcha_secret'] = "0x371da01B1407137aCb0FcCB387753450DFD096BC";
+
$data['action_message'] = "";
if ($_POST) {
- $data['email'] = $this->input->post('email');
- if ($data['email'] == '') {
- $out['error'] = 'Please specify valid emal to continue';
- $data['action_message'] = "
" . $out['error'] . "
";
+ $data['h-captcha-response'] = $this->input->post('h-captcha-response');
+ if ($this->verifyCaptcha($data)) {
+ $data['email'] = $this->input->post('email');
+ if ($data['email'] == '') {
+ $out['error'] = 'Please specify valid emal to continue';
+ $data['action_message'] = "
" . $out['error'] . "
";
+ } else {
+ $this->resetMemberPass($data['email']);
+ $out['error'] = " If we find your email, you will receive a link to reset your password. Please use or contact form if you did not get our message after few minutes. ";
+ $data['action_message'] = "
" . $out['error'] . "
";
+ }
} else {
- $this->resetMemberPass($data['email']);
- $out['error'] = " If we find your email, you will receive a link to reset your password. Please use or contact form if you did not get our message after few minutes. ";
- $data['action_message'] = "
" . $out['error'] . "
";
+ $out['error'] = 'Please verify that you are human';
+ $data['action_message'] = "
" . $out['error'] . "
";
}
+
}
$data["message"] = "Enter your account username, Email. We will send you an email to reset your password";
// $this->load->view('users/view_external_header');
@@ -48,4 +59,27 @@ href='https://www.wrenchboard.com/contact'>contact form if you did not get o
return $this->actionMessage;
}
+ private function verifyCaptcha($verify_data) {
+ if (!is_array($verify_data) || !array_key_exists('hcaptcha_secret',$verify_data) || $verify_data['hcaptcha_secret']==''
+ || !array_key_exists('h-captcha-response',$verify_data) || $verify_data['h-captcha-response']=='') {
+ return false;
+ }
+ $data = array(
+ 'secret' => $verify_data['hcaptcha_secret'],
+ 'response' => $verify_data['h-captcha-response']
+ );
+ $verify = curl_init();
+ curl_setopt($verify, CURLOPT_URL, "https://hcaptcha.com/siteverify");
+ curl_setopt($verify, CURLOPT_POST, true);
+ curl_setopt($verify, CURLOPT_POSTFIELDS, http_build_query($data));
+ curl_setopt($verify, CURLOPT_RETURNTRANSFER, true);
+ $response = curl_exec($verify);
+ // var_dump($response);
+ $responseData = json_decode($response);
+ if(is_object($responseData) && property_exists($responseData, 'success') && $responseData->success) {
+ return true;
+ }
+ return false;
+ }
+
}
diff --git a/www/application/views/site3/external/view_resetpass.php b/www/application/views/site3/external/view_resetpass.php
index 8d357afe..7bea04ff 100644
--- a/www/application/views/site3/external/view_resetpass.php
+++ b/www/application/views/site3/external/view_resetpass.php
@@ -4,6 +4,7 @@
+
@@ -39,6 +40,9 @@
+