Add Google reCAPTCHA to Loris

1. Add a composer dependency
2. Add reCAPTCHA to request account page
3. Add two additional fields to Config table to store public/private
keys

2017-02-10_reCAPTCHA_config.sql

@@ -0,0 +1,15 @@
+SET @parentID = (SELECT ID FROM ConfigSettings WHERE Name = 'APIKeys');
+
+-- Cleanup 
+DELETE FROM ConfigSettings WHERE Name='reCAPTCHAPrivate';
+DELETE FROM ConfigSettings WHERE Name='reCAPTCHAPublic';
+DELETE FROM Config WHERE ConfigID=(SELECT ID FROM ConfigSettings WHERE Name='reCAPTCHAPrivate');
+DELETE FROM Config WHERE ConfigID=(SELECT ID FROM ConfigSettings WHERE Name='reCAPTCHAPublic');
+
+-- Insert
+INSERT INTO ConfigSettings (`Name`, `Description`, `Visible`, `AllowMultiple`, `DataType`, `Parent`, `Label`, `OrderNumber`) VALUES (
+  'reCAPTCHAPrivate', 'Private Key for Google reCAPTCHA', 1, 0, 'text', @parentID, 'reCAPTCHA Private Key', 2
+);
+INSERT INTO ConfigSettings (`Name`, `Description`, `Visible`, `AllowMultiple`, `DataType`, `Parent`, `Label`, `OrderNumber`) VALUES (
+  'reCAPTCHAPublic', 'Public Key for Google reCAPTCHA', 1, 0, 'text', @parentID, 'reCAPTCHA Public Key', 3
+);

SQL/0000-00-03-ConfigTables.sql

@@ -106,7 +106,9 @@ INSERT INTO ConfigSettings (Name, Description, Visible, AllowMultiple, DataType,
 
 -- API keys
 INSERT INTO ConfigSettings (Name, Description, Visible, AllowMultiple, Label, OrderNumber) VALUES ('APIKeys', 'Specify any API keys required for LORIS', 1, 0, 'API Keys', 10);
-INSERT INTO ConfigSettings (Name, Description, Visible, AllowMultiple, DataType, Parent, Label, OrderNumber) SELECT 'JWTKey', 'Secret key for signing JWT tokens on this server. This should be unique and never shared with anyone. ', 1, 0, 'text', ID, 'JWT Secret Key', 9 FROM ConfigSettings WHERE Name="APIKeys";
+INSERT INTO ConfigSettings (Name, Description, Visible, AllowMultiple, DataType, Parent, Label, OrderNumber) SELECT 'JWTKey', 'Secret key for signing JWT tokens on this server. This should be unique and never shared with anyone. ', 1, 0, 'text', ID, 'JWT Secret Key', 1 FROM ConfigSettings WHERE Name="APIKeys";
+INSERT INTO ConfigSettings (Name, Description, Visible, AllowMultiple, DataType, Parent, Label, OrderNumber) SELECT 'reCAPTCHAPrivate', 'Private Key for Google reCAPTCHA', 1, 0, 'text', ID, 'reCAPTCHA Private Key', 2 FROM ConfigSettings WHERE Name="APIKeys";
+INSERT INTO ConfigSettings (Name, Description, Visible, AllowMultiple, DataType, Parent, Label, OrderNumber) SELECT 'reCAPTCHAPublic', 'Public Key for Google reCaptcha', 1, 0, 'text', ID, 'reCAPTCHA Public Key', 3 FROM ConfigSettings WHERE Name="APIKeys";
 
 --
 -- Filling Config table with default values

composer.json

@@ -6,7 +6,8 @@
         "smarty/smarty" : "~3.1",
         "PHPOffice/PHPExcel": "1.8.*",
         "firebase/php-jwt" : "~3.0",
-        "pear-pear.php.net/HTML_QuickForm" : "~3.2"
+        "pear-pear.php.net/HTML_QuickForm" : "~3.2",
+        "google/recaptcha": "~1.1"
     },
     "require-dev" : {
         "squizlabs/php_codesniffer" : "2.5.*",

htdocs/request_account/process_new_account.php

@@ -48,6 +48,15 @@
     $site_list[$elt["CenterID"]] = $elt["Name"];
 }
 
+// Get reCATPCHA keys
+$reCAPTCHAPrivate = $config->getSetting('reCAPTCHAPrivate');
+$reCAPTCHAPublic  = $config->getSetting('reCAPTCHAPublic');
+
+// Display reCAPTCHA if both private and public keys are set
+if ($reCAPTCHAPrivate && $reCAPTCHAPublic) {
+    $tpl_data['captcha_key'] = $reCAPTCHAPublic;
+}
+
 $tpl_data['baseurl']     = $config->getSetting('url');
 $tpl_data['css']         = $config->getSetting('css');
 $tpl_data['rand']        = rand(0, 9999);
@@ -83,6 +92,18 @@
 $err = array();
 if ($_SERVER['REQUEST_METHOD'] == "POST") {
 
+    // Verify reCAPTCHA
+    if (isset($_POST['g-recaptcha-response']) && isset($reCAPTCHAPrivate)) {
+        $recaptcha = new \ReCaptcha\ReCaptcha($reCAPTCHAPrivate);
+        $resp = $recaptcha->verify(
+            $_POST['g-recaptcha-response'], $_SERVER['REMOTE_ADDR']
+        );
+        if (!$resp->isSuccess()) {
+            $errors = $resp->getErrorCodes();
+            $err['captcha'] = 'Please complete the reCaptcha!';
+        }
+    }
+
     if (!checkLen('name')) {
         $err[] = 'The minimum length for First Name field is 3 characters';
     }

smarty/templates/request_account.tpl

@@ -0,0 +1,98 @@
+<script src='https://www.google.com/recaptcha/api.js'></script>
+<div class="panel panel-default panel-center">
+  <div class="panel-heading">
+    <h3 class="panel-title">
+      {if $success}
+        Account requested!
+      {else}
+        {$page_title}
+      {/if}
+    </h3>
+  </div>
+  <div class="panel-body">
+  {if $success}
+    <div class="success-message">
+      <h1>Thank you!</h1>
+      <p>Your request for an account has been received successfully.</p>
+      <a href="/" class="btn btn-primary btn-block">
+        Return to Login Page
+      </a>
+    </div>
+  {else}
+    <p class="text-center">
+      Please fill in the form below to request a LORIS account.<br/>
+      We will contact you once your account has been approved.
+    </p>
+    <form action="/request-account/" method="POST"
+          name="form1" id="form1">
+      <div class="form-group">
+        <input type="text" name="name" class="form-control" id="name" size="20"
+               placeholder="First Name" value="{$form.name}" />
+        <span id="helpBlock" class="help-block">
+          <b class="text-danger">{$error_message['name']}</b>
+        </span>
+      </div>
+      <div class="form-group">
+        <input type="text" name="lastname" class="form-control" id="lastname"
+               placeholder="Last Name" value="{$form.lastname}" />
+        <span id="helpBlock" class="help-block">
+          <b class="text-danger">{$error_message['lastname']}</b>
+        </span>
+      </div>
+      <div class="form-group">
+        <input type="text" name="from" class="form-control" id="from"
+               placeholder="Email" value="{$form.from}" />
+        <span id="helpBlock" class="help-block">
+          <b class="text-danger">{$error_message['from']}</b>
+        </span>
+      </div>
+      <div class="form-group">
+        <select class="form-control" name="site" id="site">
+          <option value="">Choose Site</option>
+          {foreach from=$site_list item=site key=idx}
+            <option value="{$idx}" {if $idx == $form.site}selected{/if}>
+              {$site}
+            </option>
+          {/foreach}
+        </select>
+        <span id="helpBlock" class="help-block">
+          <b class="text-danger">{$error_message['site']}</b>
+        </span>
+      </div>
+      <div class="form-group">
+        <label class="checkbox-inline">
+          <input
+            type="checkbox"
+            name="examiner"
+            id="examiner"
+            {if $form.examiner === "on"}checked{/if}
+          /> Examiner Role
+        </label>
+        <label class="checkbox-inline">
+          <input
+            type="checkbox"
+            name="radiologist"
+            id="radiologist"
+            {if $form.radiologist === "on"}checked{/if}
+          /> Radiologist
+        </label>
+      </div>
+      {if $captcha_key}
+        <div class="form-group">
+          {* Google reCaptcha *}
+          <div class="g-recaptcha" data-sitekey="{$captcha_key}"></div>
+          <span id="helpBlock" class="help-block">
+              <b class="text-danger">{$error_message['captcha']}</b>
+            </span>
+        </div>
+      {/if}
+      <div class="form-group">
+        <input type="submit" name="Submit" class="btn btn-primary btn-block"
+               value="Request Account"/>
+      </div>
+      <div class="form-group">
+        <a href="/">Back to login page</a>
+      </div>
+    {/if}
+  </div>
+</div>