Recaptch for password reminder window

LiveHelperChat · Dec 17, 2021 · 0f45fe4 · 0f45fe4
1 parent 985956f
commit 0f45fe4
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 2 deletions.
diff --git a/lhc_web/design/defaulttheme/tpl/lhuser/forgotpassword.tpl.php b/lhc_web/design/defaulttheme/tpl/lhuser/forgotpassword.tpl.php
@@ -13,6 +13,8 @@
 
 <?php include(erLhcoreClassDesign::designtpl('lhkernel/csfr_token.tpl.php'));?>
 
+<?php include(erLhcoreClassDesign::designtpl('lhkernel/recaptcha.tpl.php'));?>
+
 <input type="submit" class="btn btn-primary btn-sm" value="<?php echo erTranslationClassLhTranslation::getInstance()->getTranslation('user/forgotpassword','Restore password')?>" name="Forgotpassword" />
 
 </form>
diff --git a/lhc_web/modules/lhuser/forgotpassword.php b/lhc_web/modules/lhuser/forgotpassword.php
@@ -28,6 +28,33 @@
         $Errors[] =  erTranslationClassLhTranslation::getInstance()->getTranslation('user/forgotpassword','Invalid e-mail address!');
     }
 
+    $recaptchaData = erLhcoreClassModelChatConfig::fetch('recaptcha_data')->data_value;
+
+    if (is_array($recaptchaData) && isset($recaptchaData['enabled']) && $recaptchaData['enabled'] == 1) {
+        $params = [
+            'secret'    => $recaptchaData['secret_key'],
+            'response'  => $_POST['g-recaptcha']
+        ];
+
+        $ch = curl_init();
+        curl_setopt($ch, CURLOPT_URL, 'https://www.google.com/recaptcha/api/siteverify');
+        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+        curl_setopt($ch, CURLOPT_TIMEOUT, 5);
+        curl_setopt($ch,CURLOPT_POST,1);
+        curl_setopt($ch,CURLOPT_POSTFIELDS,$params);
+        curl_setopt($ch, CURLOPT_CONNECTTIMEOUT , 5);
+        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
+        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
+        @curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); // Some hostings produces warning...
+        $res = curl_exec($ch);
+
+        $res = json_decode($res,true);
+
+        if (!(isset($res['success']) && $res['success'] == 1 && isset($res['score']) && $res['score'] >= 0.1 && $res['action'] == 'login_action')) {
+            $Errors[] = 'Invalid recaptcha!';
+        }
+    }
+
 	if (count($Errors) == 0) {
 
 		if (($userID = erLhcoreClassModelUser::fetchUserByEmail($form->Email)) !== false) {

diff --git a/lhc_web/modules/lhuser/login.php b/lhc_web/modules/lhuser/login.php
@@ -87,10 +87,10 @@
             curl_setopt($ch, CURLOPT_CONNECTTIMEOUT , 5);
             curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
             curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
-            @curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); // Some hostings produces wargning...
+            @curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); // Some hostings produces warning...
             $res = curl_exec($ch);
 
-            $res 		= json_decode($res,true);
+            $res = json_decode($res,true);
 
             if (!(isset($res['success']) && $res['success'] == 1 && isset($res['score']) && $res['score'] >= 0.1 && $res['action'] == 'login_action')) {
                 $valid = false;