feat: custom captcha

author: ilotterytea <iltsu@alright.party> 2025-05-15 15:20:53 +0500
committer: ilotterytea <iltsu@alright.party> 2025-05-15 15:20:53 +0500
commit: 20ae2ce5e02539719b971e53222f3e3328ff82a6 (patch)
tree: 1ff0014bf73d73c2f42819a45d50d3a04c53d680 /public
parent: a3522672930578959980e39b7041b120c13cd6cf (diff)
2 files changed, 55 insertions, 49 deletions
diff --git a/public/captcha.php b/public/captcha.php
index 58283bf..b454b7d 100644
--- a/public/captcha.php
+++ b/public/captcha.php
@@ -1,65 +1,59 @@
 <?php
 include_once "../src/config.php";
 include_once "../src/alert.php";
+include_once "../src/captcha.php";
+include_once "../src/utils.php";
 
 session_start();
 
-if (!HCAPTCHA_ENABLE) {
-    $_SESSION["captcha_solved"] = true;
-    header("Location: /");
+if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST["answer"])) {
+    if ($_POST["answer"] == ($_SESSION["captcha_word"] ?? "")) {
+        $_SESSION["captcha_solved"] = true;
+        echo json_response([
+            "status_code" => 200,
+            "message" => "Solved!",
+            "data" => null
+        ]);
+    } else {
+        echo json_response([
+            "status_code" => 400,
+            "message" => "Wrong answer!",
+            "data" => null
+        ], 400);
+    }
     exit;
 }
 
-if (isset($_SESSION["captcha_solved"]) && $_SESSION["captcha_solved"]) {
-    header("Location: /");
+$file_folder = $_SERVER["DOCUMENT_ROOT"] . '/static/img/captcha';
+
+if (!CAPTCHA_ENABLE || ($_SESSION["captcha_solved"] ?? false) || !is_dir($file_folder)) {
+    $_SESSION["captcha_solved"] = true;
+    echo json_response([
+        "status_code" => 200,
+        "message" => "No need to solve captcha",
+        "data" => null
+    ]);
     exit;
 }
 
-if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST["h-captcha-response"])) {
-    // sending a request to captcha api
-    $request = curl_init("https://hcaptcha.com/siteverify");
-    curl_setopt($request, CURLOPT_POST, 1);
-    curl_setopt($request, CURLOPT_HTTPHEADER, [sprintf("User-Agent: %s/1.0", INSTANCE_NAME)]);
-    curl_setopt(
-        $request,
-        CURLOPT_POSTFIELDS,
-        http_build_query(array("secret" => HCAPTCHA_SECRETKEY, "response" => $_POST["h-captcha-response"]))
-    );
-    curl_setopt($request, CURLOPT_RETURNTRANSFER, true);
-
-    $response = curl_exec($request);
-    curl_close($request);
-
-    $json = json_decode($response);
-
-    if ($json->success) {
-        $_SESSION["captcha_solved"] = true;
-        header("Location: /");
-        exit;
-    }
-}
-?>
+$files = scandir($file_folder);
+array_splice($files, 0, 2);
 
-<html>
+$filename = $files[random_int(0, count($files) - 1)];
+$filename = basename($filename, ".png");
 
-<head>
-    <title>Resolving a hCaptcha - <?php echo INSTANCE_NAME ?></title>
-    <link rel="stylesheet" href="/static/style.css">
-    <link rel="shortcut icon" href="/static/favicon.ico" type="image/x-icon">
-    <script src='https://www.hCaptcha.com/1/api.js' async defer></script>
-</head>
+$_SESSION["captcha_word"] = $filename;
 
-<body>
-    <noscript>JavaScript is required to solve hCaptcha</noscript>
-    <div class="container">
-        <div class="wrapper">
-            <section class="row" style="padding: 4px; justify-content: center;">
-                <section class="box">
-                    <div class="h-captcha" data-sitekey="<?php echo HCAPTCHA_SITEKEY ?>"></div>
-                </section>
-            </section>
-        </div>
-    </div>
-</body>
+$image = generate_image_captcha(
+    CAPTCHA_SIZE[0],
+    CAPTCHA_SIZE[1],
+    random_int(1, 3),
+    $filename,
+    $file_folder
+);
 
-</html>
-\ No newline at end of file
+echo json_response([
+    "status_code" => 200,
+    "message" => null,
+    "data" => $image
+]);
+\ No newline at end of file
diff --git a/public/emotes/upload.php b/public/emotes/upload.php
index e4ff6cc..4506152 100644
--- a/public/emotes/upload.php
+++ b/public/emotes/upload.php
@@ -2,6 +2,7 @@
 include "../../src/accounts.php";
 include_once "../../src/config.php";
 include_once "../../src/alert.php";
+include_once "../../src/captcha.php";
 
 if (!EMOTE_UPLOAD) {
     generate_alert("/404.php", "Emote upload is disabled", 403);
@@ -135,6 +136,12 @@ if ($_SERVER['REQUEST_METHOD'] != "POST") {
                         </div>
                     </section>
 
+                    <?php
+                    if (CAPTCHA_ENABLE && (CAPTCHA_FORCE_USERS || !isset($_SESSION["user_id"]))) {
+                        html_captcha_form();
+                    }
+                    ?>
+
                     <section class="box column" id="emote-showcase" style="display: none;">
                         <div class="emote-showcase">
                             <div class="emote-image">
@@ -319,6 +326,11 @@ if ($_SERVER['REQUEST_METHOD'] != "POST") {
     exit;
 }
 
+if (!CLIENT_REQUIRES_JSON && CAPTCHA_ENABLE && !isset($_SESSION["captcha_solved"])) {
+    generate_alert("/404.php", "You haven't solved captcha yet.", 403);
+    exit;
+}
+
 $is_manual = intval($_POST["manual"] ?? "0") == 1;
 
 if ($is_manual && !isset($_FILES["file-1x"], $_FILES["file-2x"], $_FILES["file-3x"])) {
author	ilotterytea <iltsu@alright.party>	2025-05-15 15:20:53 +0500
committer	ilotterytea <iltsu@alright.party>	2025-05-15 15:20:53 +0500
commit	20ae2ce5e02539719b971e53222f3e3328ff82a6 (patch)
tree	1ff0014bf73d73c2f42819a45d50d3a04c53d680 /public
parent	a3522672930578959980e39b7041b120c13cd6cf (diff)