Skip to content

Commit

Permalink
Merge pull request #32 from REJack/master
Browse files Browse the repository at this point in the history
reCAPTCHA integration merged
  • Loading branch information
Emre Akay committed Dec 23, 2014
2 parents 2e21f57 + 1006f88 commit d3617a0
Show file tree
Hide file tree
Showing 4 changed files with 281 additions and 46 deletions.
5 changes: 5 additions & 0 deletions application/config/aauth.php
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,11 @@
//if it is true, the user will be banned temporary when he exceed the login 'try'
'ddos_protection' => true,

'recaptcha_active' => false,
'recaptcha_login_attempts' => 4,
'recaptcha_siteKey' => '',
'recaptcha_secret' => '',

// login attempts time interval
// default 20 times in one hour
'max_login_attempt' => 10,
Expand Down
141 changes: 141 additions & 0 deletions application/helpers/recaptchalib_helper.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,141 @@
<?php
/**
* This is a PHP library that handles calling reCAPTCHA.
* - Documentation and latest version
* https://developers.google.com/recaptcha/docs/php
* - Get a reCAPTCHA API Key
* https://www.google.com/recaptcha/admin/create
* - Discussion group
* http://groups.google.com/group/recaptcha
*
* @copyright Copyright (c) 2014, Google Inc.
* @link http://www.google.com/recaptcha
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/

/**
* A ReCaptchaResponse is returned from checkAnswer().
*/
class ReCaptchaResponse
{
public $success;
public $errorCodes;
}

class ReCaptcha
{
private static $_signupUrl = "https://www.google.com/recaptcha/admin";
private static $_siteVerifyUrl =
"https://www.google.com/recaptcha/api/siteverify?";
private $_secret;
private static $_version = "php_1.0";

/**
* Constructor.
*
* @param string $secret shared secret between site and ReCAPTCHA server.
*/
function ReCaptcha($secret)
{
if ($secret == null || $secret == "") {
die("To use reCAPTCHA you must get an API key from <a href='"
. self::$_signupUrl . "'>" . self::$_signupUrl . "</a>");
}
$this->_secret=$secret;
}

/**
* Encodes the given data into a query string format.
*
* @param array $data array of string elements to be encoded.
*
* @return string - encoded request.
*/
private function _encodeQS($data)
{
$req = "";
foreach ($data as $key => $value) {
$req .= $key . '=' . urlencode(stripslashes($value)) . '&';
}

// Cut the last '&'
$req=substr($req, 0, strlen($req)-1);
return $req;
}

/**
* Submits an HTTP GET to a reCAPTCHA server.
*
* @param string $path url path to recaptcha server.
* @param array $data array of parameters to be sent.
*
* @return array response
*/
private function _submitHTTPGet($path, $data)
{
$req = $this->_encodeQS($data);
$response = file_get_contents($path . $req);
return $response;
}

/**
* Calls the reCAPTCHA siteverify API to verify whether the user passes
* CAPTCHA test.
*
* @param string $remoteIp IP address of end user.
* @param string $response response string from recaptcha verification.
*
* @return ReCaptchaResponse
*/
public function verifyResponse($remoteIp, $response)
{
// Discard empty solution submissions
if ($response == null || strlen($response) == 0) {
$recaptchaResponse = new ReCaptchaResponse();
$recaptchaResponse->success = false;
$recaptchaResponse->errorCodes = 'missing-input';
return $recaptchaResponse;
}

$getResponse = $this->_submitHttpGet(
self::$_siteVerifyUrl,
array (
'secret' => $this->_secret,
'remoteip' => $remoteIp,
'v' => self::$_version,
'response' => $response
)
);
$answers = json_decode($getResponse, true);
$recaptchaResponse = new ReCaptchaResponse();

print_r($answers);
if (trim($answers['success']) == true) {
$recaptchaResponse->success = true;
} else {
$recaptchaResponse->success = false;
$recaptchaResponse->errorCodes = $answers['error-codes'];
}

return $recaptchaResponse;
}
}

?>
1 change: 1 addition & 0 deletions application/language/english/aauth_lang.php
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@
//
$lang['wrong'] = 'E-mail or Password is wrong.';
$lang['exceeded'] = 'Login try limit exceeded.';
$lang['recaptcha_not_correct'] = 'reCAPTCHA is incorrect.';
$lang['no_user'] = 'User not Exist';
$lang['not_verified'] = 'Please verify your account.';
$lang['group_exist'] = 'Group already exists';
Expand Down
Loading

0 comments on commit d3617a0

Please sign in to comment.