To receive notifications about scheduled maintenance, please subscribe to the mailing-list gitlab-operations@sympa.ethz.ch. You can subscribe to the mailing-list at https://sympa.ethz.ch

Commit 9b0bb0e3 authored by Reto Da Forno's avatar Reto Da Forno

recaptcha code updated to support v2 + keys exported to the user.ini config file

parent 9d4c1350
......@@ -62,3 +62,7 @@ bindir = releases/moterunner-8.2-beta/linux64/bin/ ;Path to moterunner bin d
[viz]
dir = /home/flocklab/testmanagement/viz/
; Recaptcha
[recaptcha]
sitekey = [your_site_key] ;get one at https://www.google.com/recaptcha/admin/create
secretkey = [your_secret_key]
\ No newline at end of file
<?php
/*
* __author__ = "Reto Da Forno <reto.daforno@tik.ee.ethz.ch>"
* __copyright__ = "Copyright 2018, ETH Zurich, Switzerland, Reto Da Forno"
* __license__ = "GPL"
* __version__ = "$Revision$"
* __date__ = "$Date$"
* __id__ = "$Id$"
* __source__ = "$URL$"
*/
?>
<?php require_once('config.php'); ?>
<?php
/*
* Helper functions for Google reCAPTCHA v2
*
* Notes
* - insert the following line within the <head> section:
* <script src='https://www.google.com/recaptcha/api.js'></script>
* - insert the following line where you want the captcha to appear (must be within a <form>):
* <?php recaptcha_print(); ?>
*/
/* CONFIG */
define("RECAPTCHA_SITEKEY", $CONFIG['recaptcha']['sitekey']);
define("RECAPTCHA_SECRETKEY", $CONFIG['recaptcha']['secretkey']);
define("RECAPTCHA_VERIFY_SERVER", "https://www.google.com/recaptcha/api/siteverify");
if (RECAPTCHA_SECRETKEY == null || RECAPTCHA_SECRETKEY == '') {
flocklab_die("To use reCAPTCHA you must get an API key from <a href='https://www.google.com/recaptcha/admin/create'>https://www.google.com/recaptcha/admin/create</a>");
}
function recaptcha_qsencode($data)
{
$req = "";
foreach ( $data as $key => $value )
$req .= $key . '=' . urlencode( stripslashes($value) ) . '&';
return substr($req, 0, strlen($req) - 1); // remove '&' at end
}
/*
##############################################################################
#
# recaptcha_print
#
# prints (inserts) the CAPTCHA challenge
#
##############################################################################
*/
function recaptcha_print()
{
echo '<div class="g-recaptcha" data-sitekey="'.RECAPTCHA_SITEKEY.'"></div>';
}
/*
##############################################################################
#
# recaptcha_verify
#
# verifies a previously submitted captcha response
#
# @return: true if response is valid, false otherwise
#
##############################################################################
*/
function recaptcha_verify()
{
$response = $_POST["g-recaptcha-response"];
if ($response == null || strlen($response) == 0) {
return false;
}
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, RECAPTCHA_VERIFY_SERVER);
// Set so curl_exec returns the result instead of outputting it.
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, recaptcha_qsencode(array ('secret' => RECAPTCHA_SECRETKEY,
'response' => $response,
'remoteip' => $_SERVER["REMOTE_ADDR"])));
// Get the response and close the channel.
$response = curl_exec($ch);
if ($response === false) {
echo "cURL failed: ".curl_error($ch)."<br />";
return false;
}
curl_close($ch);
$answers = explode("\n", $response[0]);
return $answers[0];
}
?>
\ No newline at end of file
This diff is collapsed.
......@@ -10,29 +10,24 @@
*/
?>
<?php require_once('include/libflocklab.php');?>
<?php require_once('include/recaptchalib.php');
$publickey = "6LfPbb8SAAAAAKiAyL3oAvgnBnasZLyV8b1r5CuV";
$privatekey = "6LfPbb8SAAAAAL7DZnFnomv8Nrqwzs7QHpVCzUI5";
?>
<?php require_once('include/recaptcha.php');?>
<?php
$first = ($_POST['first'] == "no") ? false : true;
$error = false;
$errors = array();
// If the page is called for the second time, validate and process form:
// If the page is called for the second time, validate and process form:
if (!$first) {
$emailaddress = $_POST['emailaddress'];
/* Check necessary fields */
// Check necessary fields:
if ($emailaddress=="") {
$error = true;
array_push($errors, "Please fill out all fields marked with an asterisk.");
}
}
// Check captcha:
$rs = recaptcha_check_answer ($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]);
if (!$rs->is_valid) {
if (recaptcha_verify() == false) {
$error = true;
array_push($errors, "Captcha was not entered correctly.");
}
......@@ -57,9 +52,9 @@
if (isset($newpassword)) {
$subject = "[FlockLab] Request for password recovery";
$message = "A request for a FlockLab password recovery has been placed on the FlockLab user interface.\n";
$message = $message . "If this request has not been placed by you, please contact us on flocklab@tik.ee.ethz.ch.\n\n";
$message = $message . "If this request has not been placed by you, please contact us on ".$CONFIG['smtp']['email'].".\n\n";
$message = $message . "Your password has been reset to the following new password: \n\n$newpassword\n\n";
$message = $message . "Please login at https://user.flocklab.ethz.ch and change the password in your account settings afterwards.\n";
$message = $message . "Please login at ".$CONFIG['xml']['namespace']."/user and change the password in your account settings afterwards.\n";
$message = $message . "\n";
$message = wordwrap($message, 70);
$header = 'X-Mailer: PHP/' . phpversion();
......@@ -83,7 +78,7 @@
<meta name="COPYRIGHT" content="ETH Zurich, Switzerland">
<meta name="LANGUAGE" content="English">
<meta name="ROBOTS" content="noindex, nofollow">
<meta name="DATE" content="2011-2013">
<meta name="DATE" content="2011-2013">
<script type="text/javascript" src="scripts/jquery-latest.js"></script>
<script type="text/javascript" src="scripts/jquery.validate.min.js"></script>
......@@ -98,14 +93,8 @@
}
});
});
</script>
<script type="text/javascript">
var RecaptchaOptions = {
lang : 'en',
theme : 'white',
};
</script>
</script>
<script src='https://www.google.com/recaptcha/api.js'></script>
</head>
<body>
<div id="container" class="container">
......@@ -128,7 +117,7 @@
?>
<p>Please fill out the form below to request a new password for your FlockLab account. Fields marked with * are mandatory.</p>
<span class="formfield">E-mail Address:*</span><input type="text" name="emailaddress" id="emailaddress" value="<?php echo $emailaddress;?>"><br>
<span class="formfield">Captcha:*</span><?php echo recaptcha_get_html($publickey, null, true); ?>
<span class="formfield">Captcha:*</span><?php recaptcha_print(); ?>
<p>
<input type="hidden" name="first" value="no">
<input type="submit" value="Request new Password">&nbsp;&nbsp;
......
......@@ -9,11 +9,8 @@
* __source__ = "$URL$"
*/
?>
<?php require_once('include/libflocklab.php');?>
<?php require_once('include/recaptchalib.php');
$publickey = "6LfPbb8SAAAAAKiAyL3oAvgnBnasZLyV8b1r5CuV";
$privatekey = "6LfPbb8SAAAAAL7DZnFnomv8Nrqwzs7QHpVCzUI5";
?>
<?php require_once('include/libflocklab.php'); ?>
<?php require_once('include/recaptcha.php'); ?>
<?php
$first = ($_POST['first'] == "no") ? false : true;
$error = false;
......@@ -62,8 +59,7 @@
}
// Check captcha:
$rs = recaptcha_check_answer ($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]);
if (!$rs->is_valid) {
if (recaptcha_verify() == false) {
$error = true;
array_push($errors, "Captcha was not entered correctly.");
}
......@@ -178,12 +174,7 @@
});
});
</script>
<script type="text/javascript">
var RecaptchaOptions = {
theme : 'white'
};
</script>
<script src='https://www.google.com/recaptcha/api.js'></script>
</head>
<body>
<div id="container" class="container">
......@@ -229,7 +220,7 @@
<span class="formfield">What do you want to do with FlockLab (Please be specific, e.g. what kind of node platform or protocols you intend to use; ...):*</span><textarea name="description" id="description" cols="50" rows="5"><?php echo $description;?></textarea><br>
<span class="formfield">Comments:</span><textarea name="comments" id="comments" cols="50" rows="5"><?php echo $comments;?></textarea><br>
<span class="formfield">Terms of use:*</span><input type="checkbox" name="termsofuse" id="termsofuse" value="yes" <?php echo $termsofuse=='yes' ? 'checked' : '' ;?>> I accept the <a href="http://user.flocklab.ethz.ch/terms_of_use.php" target="_blank">terms of use</a>.<br>
<span class="formfield">Captcha:*</span><?php echo recaptcha_get_html($publickey, null, true); ?>
<span class="formfield">Captcha:*</span><?php recaptcha_print(); ?>
<p>
<input type="hidden" name="first" value="no">
<input type="submit" value="Request Account">&nbsp;&nbsp;
......
USER=username
PASSWORD=password
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment