From 8d6cb83506bcaa6b48aa1b24c31678a83b69374b Mon Sep 17 00:00:00 2001
From: ilotterytea <iltsu@alright.party>
Date: Tue, 29 Apr 2025 14:25:32 +0500
Subject: feat: captcha

---
 public/captcha.php | 63 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 src/accounts.php   |  5 +++++
 2 files changed, 68 insertions(+)
 create mode 100644 public/captcha.php

diff --git a/public/captcha.php b/public/captcha.php
new file mode 100644
index 0000000..d6e53e8
--- /dev/null
+++ b/public/captcha.php
@@ -0,0 +1,63 @@
+<?php
+include_once "../src/config.php";
+include_once "../src/alert.php";
+
+if (!HCAPTCHA_ENABLE) {
+    generate_alert("/404.php", "Captcha is not enabled on this instance", 404);
+    exit;
+}
+
+session_start();
+
+if (isset($_SESSION["captcha_solved"]) && $_SESSION["captcha_solved"]) {
+    header("Location: /");
+    exit;
+}
+
+if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST["h-captcha-response"])) {
+    // sending a request to captcha api
+    $request = curl_init("https://hcaptcha.com/siteverify");
+    curl_setopt($request, CURLOPT_POST, 1);
+    curl_setopt($request, CURLOPT_HTTPHEADER, ['User-Agent: alright.party/1.0']);
+    curl_setopt(
+        $request,
+        CURLOPT_POSTFIELDS,
+        http_build_query(array("secret" => HCAPTCHA_SECRETKEY, "response" => $_POST["h-captcha-response"]))
+    );
+    curl_setopt($request, CURLOPT_RETURNTRANSFER, true);
+
+    $response = curl_exec($request);
+    curl_close($request);
+
+    $json = json_decode($response);
+
+    if ($json->success) {
+        $_SESSION["captcha_solved"] = true;
+        header("Location: /");
+        exit;
+    }
+}
+?>
+
+<html>
+
+<head>
+    <title>Resolving a hCaptcha for alright.party</title>
+    <link rel="stylesheet" href="/static/style.css">
+    <script src='https://www.hCaptcha.com/1/api.js' async defer></script>
+</head>
+
+<body>
+    <noscript>JavaScript is required to solve hCaptcha</noscript>
+    <div class="container">
+        <div class="wrapper">
+            <section class="row" style="padding: 4px; justify-content: center;">
+                <section class="box">
+                    <div class="h-captcha" data-sitekey="<?php echo HCAPTCHA_SITEKEY ?>"></div>
+                </section>
+            </section>
+        </div>
+    </div>
+</body>
+
+</html>
\ No newline at end of file
diff --git a/src/accounts.php b/src/accounts.php
index f97998a..35ca0c3 100644
--- a/src/accounts.php
+++ b/src/accounts.php
@@ -5,6 +5,11 @@ function authorize_user(bool $required = false): bool
 {
     session_start();
 
+    if (!isset($_SESSION["captcha_solved"]) && !CLIENT_REQUIRES_JSON) {
+        header("Location: /captcha.php");
+        exit;
+    }
+
     if (!isset($_COOKIE["secret_key"]) && !isset($_SERVER["HTTP_AUTHORIZATION"])) {
         if (isset($_SESSION["user_id"])) {
             session_unset();
-- 
cgit v1.2.3