diff options
| -rw-r--r-- | public/captcha.php | 63 | ||||
| -rw-r--r-- | src/accounts.php | 5 |
2 files changed, 68 insertions, 0 deletions
diff --git a/public/captcha.php b/public/captcha.php new file mode 100644 index 0000000..d6e53e8 --- /dev/null +++ b/public/captcha.php @@ -0,0 +1,63 @@ +<?php +include_once "../src/config.php"; +include_once "../src/alert.php"; + +if (!HCAPTCHA_ENABLE) { + generate_alert("/404.php", "Captcha is not enabled on this instance", 404); + exit; +} + +session_start(); + +if (isset($_SESSION["captcha_solved"]) && $_SESSION["captcha_solved"]) { + header("Location: /"); + exit; +} + +if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST["h-captcha-response"])) { + // sending a request to captcha api + $request = curl_init("https://hcaptcha.com/siteverify"); + curl_setopt($request, CURLOPT_POST, 1); + curl_setopt($request, CURLOPT_HTTPHEADER, ['User-Agent: alright.party/1.0']); + curl_setopt( + $request, + CURLOPT_POSTFIELDS, + http_build_query(array("secret" => HCAPTCHA_SECRETKEY, "response" => $_POST["h-captcha-response"])) + ); + curl_setopt($request, CURLOPT_RETURNTRANSFER, true); + + $response = curl_exec($request); + curl_close($request); + + $json = json_decode($response); + + if ($json->success) { + $_SESSION["captcha_solved"] = true; + header("Location: /"); + exit; + } +} +?> + +<html> + +<head> + <title>Resolving a hCaptcha for alright.party</title> + <link rel="stylesheet" href="/static/style.css"> + <script src='https://www.hCaptcha.com/1/api.js' async defer></script> +</head> + +<body> + <noscript>JavaScript is required to solve hCaptcha</noscript> + <div class="container"> + <div class="wrapper"> + <section class="row" style="padding: 4px; justify-content: center;"> + <section class="box"> + <div class="h-captcha" data-sitekey="<?php echo HCAPTCHA_SITEKEY ?>"></div> + </section> + </section> + </div> + </div> +</body> + +</html>
\ No newline at end of file diff --git a/src/accounts.php b/src/accounts.php index f97998a..35ca0c3 100644 --- a/src/accounts.php +++ b/src/accounts.php @@ -5,6 +5,11 @@ function authorize_user(bool $required = false): bool { session_start(); + if (!isset($_SESSION["captcha_solved"]) && !CLIENT_REQUIRES_JSON) { + header("Location: /captcha.php"); + exit; + } + if (!isset($_COOKIE["secret_key"]) && !isset($_SERVER["HTTP_AUTHORIZATION"])) { if (isset($_SESSION["user_id"])) { session_unset(); |