From d776643f7e7fc5185d94cae754279a4d81ab3c86 Mon Sep 17 00:00:00 2001 From: Olusesan Ameye Date: Sat, 11 Jun 2022 23:36:12 -0400 Subject: [PATCH] Added hCaptcha --- .../controllers/Password_recovery.php | 50 ++++++++++++++++--- .../views/site3/external/view_resetpass.php | 4 ++ 2 files changed, 46 insertions(+), 8 deletions(-) diff --git a/www/application/controllers/Password_recovery.php b/www/application/controllers/Password_recovery.php index 1af8d9d2..dfd9a689 100644 --- a/www/application/controllers/Password_recovery.php +++ b/www/application/controllers/Password_recovery.php @@ -5,18 +5,29 @@ defined('BASEPATH') OR exit('No direct script access allowed'); class Password_recovery extends CI_Controller { public function index() { + $data = []; + $data['hcaptcha_site_key'] = "416c2382-9d6e-4131-bb58-e61b33f46a8b"; + $data['hcaptcha_secret'] = "0x371da01B1407137aCb0FcCB387753450DFD096BC"; + $data['action_message'] = ""; if ($_POST) { - $data['email'] = $this->input->post('email'); - if ($data['email'] == '') { - $out['error'] = 'Please specify valid emal to continue'; - $data['action_message'] = "
" . $out['error'] . "
"; + $data['h-captcha-response'] = $this->input->post('h-captcha-response'); + if ($this->verifyCaptcha($data)) { + $data['email'] = $this->input->post('email'); + if ($data['email'] == '') { + $out['error'] = 'Please specify valid emal to continue'; + $data['action_message'] = "
" . $out['error'] . "
"; + } else { + $this->resetMemberPass($data['email']); + $out['error'] = "  If we find your email, you will receive a link to reset your password. Please use or contact form if you did not get our message after few minutes. "; + $data['action_message'] = "
" . $out['error'] . "
"; + } } else { - $this->resetMemberPass($data['email']); - $out['error'] = "  If we find your email, you will receive a link to reset your password. Please use or contact form if you did not get our message after few minutes. "; - $data['action_message'] = "
" . $out['error'] . "
"; + $out['error'] = 'Please verify that you are human'; + $data['action_message'] = "
" . $out['error'] . "
"; } + } $data["message"] = "Enter your account username, Email.
We will send you an email to reset your password"; // $this->load->view('users/view_external_header'); @@ -48,4 +59,27 @@ href='https://www.wrenchboard.com/contact'>contact form if you did not get o return $this->actionMessage; } + private function verifyCaptcha($verify_data) { + if (!is_array($verify_data) || !array_key_exists('hcaptcha_secret',$verify_data) || $verify_data['hcaptcha_secret']=='' + || !array_key_exists('h-captcha-response',$verify_data) || $verify_data['h-captcha-response']=='') { + return false; + } + $data = array( + 'secret' => $verify_data['hcaptcha_secret'], + 'response' => $verify_data['h-captcha-response'] + ); + $verify = curl_init(); + curl_setopt($verify, CURLOPT_URL, "https://hcaptcha.com/siteverify"); + curl_setopt($verify, CURLOPT_POST, true); + curl_setopt($verify, CURLOPT_POSTFIELDS, http_build_query($data)); + curl_setopt($verify, CURLOPT_RETURNTRANSFER, true); + $response = curl_exec($verify); + // var_dump($response); + $responseData = json_decode($response); + if(is_object($responseData) && property_exists($responseData, 'success') && $responseData->success) { + return true; + } + return false; + } + } diff --git a/www/application/views/site3/external/view_resetpass.php b/www/application/views/site3/external/view_resetpass.php index 8d357afe..7bea04ff 100644 --- a/www/application/views/site3/external/view_resetpass.php +++ b/www/application/views/site3/external/view_resetpass.php @@ -4,6 +4,7 @@ + @@ -39,6 +40,9 @@ +
+
+