Skip to content
Permalink
Browse files

Implement optional reCAPTCHA for registrations

  • Loading branch information...
cydrobolt committed May 17, 2017
1 parent 3c669ee commit 6e28bf83942382ab81bd8b45b49eecb8995a3d40
@@ -102,6 +102,10 @@ public static function performSetup(Request $request) {
]);
}
$polr_acct_creation_recaptcha = $request->input('setting:acct_registration_recaptcha');
$polr_recaptcha_site_key = $request->input('setting:recaptcha_site_key');
$polr_recaptcha_secret_key = $request->input('setting:recaptcha_secret_key');
$acct_username = $request->input('acct:username');
$acct_email = $request->input('acct:email');
$acct_password = $request->input('acct:password');
@@ -154,12 +158,15 @@ public static function performSetup(Request $request) {
'ST_PUBLIC_INTERFACE' => $st_public_interface,
'POLR_ALLOW_ACCT_CREATION' => $polr_allow_acct_creation,
'POLR_ACCT_ACTIVATION' => $polr_acct_activation,
'POLR_ACCT_CREATION_RECAPTCHA' => $polr_acct_creation_recaptcha,
'ST_SHORTEN_PERMISSION' => $st_shorten_permission,
'ST_INDEX_REDIRECT' => $st_index_redirect,
'ST_REDIRECT_404' => $st_redirect_404,
'ST_PASSWORD_RECOV' => $st_password_recov,
'ST_RESTRICT_EMAIL_DOMAIN' => $st_restrict_email_domain,
'ST_ALLOWED_EMAIL_DOMAINS' => $st_allowed_email_domains,
'POLR_RECAPTCHA_SITE_KEY' => $polr_recaptcha_site_key,
'POLR_RECAPTCHA_SECRET' => $polr_recaptcha_secret_key,
'MAIL_ENABLED' => $mail_enabled,
'MAIL_HOST' => $mail_host,
@@ -57,6 +57,18 @@ public function performSignup(Request $request) {
return redirect(route('index'))->with('error', 'Sorry, but registration is disabled.');
}
if (env('POLR_ACCT_CREATION_RECAPTCHA')) {
// Verify reCAPTCHA if setting is enabled
$gRecaptchaResponse = $request->input('g-recaptcha-response');
$recaptcha = new \ReCaptcha\ReCaptcha(env('POLR_RECAPTCHA_SECRET_KEY'));
$recaptcha_resp = $recaptcha->verify($gRecaptchaResponse, $request->ip());
if (!$recaptcha_resp->isSuccess()) {
return redirect(route('signup'))->with('error', 'You must complete the reCAPTCHA to register.');
}
}
// Validate signup form data
$this->validate($request, [
'username' => 'required|alpha_dash',
@@ -14,7 +14,8 @@
"torann/geoip": "^1.0",
"geoip2/geoip2": "^2.4",
"nesbot/carbon": "^1.22",
"doctrine/dbal": "^2.5"
"doctrine/dbal": "^2.5",
"google/recaptcha": "~1.1"
},
"require-dev": {
"fzaninotto/faker": "~1.0",

Some generated files are not rendered by default. Learn more.

Oops, something went wrong.
@@ -17,3 +17,7 @@
.login-prompt {
padding-top: 15px;
}

.g-recaptcha {
margin-bottom: 2em;
}
@@ -51,6 +51,11 @@
# Set to true to require activation by email (e.g true/false)
POLR_ACCT_ACTIVATION={{$POLR_ACCT_ACTIVATION}}

# Set to true to require reCAPTCHAs on sign up pages
# If this setting is enabled, you must also provide your reCAPTCHA keys
# in POLR_RECAPTCHA_SITE_KEY and POLR_RECAPTCHA_SECRET_KEY
POLR_ACCT_CREATION_RECAPTCHA={{$POLR_ACCT_CREATION_RECAPTCHA}}

# Set to true to require users to be logged in before shortening URLs
SETTING_SHORTEN_PERMISSION={{$ST_SHORTEN_PERMISSION}}

@@ -86,6 +91,12 @@
# A comma-separated list of permitted email domains
SETTING_ALLOWED_EMAIL_DOMAINS={{$ST_ALLOWED_EMAIL_DOMAINS}}

# reCAPTCHA site key
POLR_RECAPTCHA_SITE_KEY={{$POLR_RECAPTCHA_SITE_KEY}}

# reCAPTCHA secret key
POLR_RECAPTCHA_SECRET_KEY={{$POLR_RECAPTCHA_SECRET}}

# Set each to blank to disable mail
@if($MAIL_ENABLED)
MAIL_DRIVER=smtp
@@ -207,6 +207,34 @@
Please ensure SMTP is properly set up before enabling password recovery.
</p>

<p>
Require reCAPTCHA for Registrations
<setup-tooltip content="You must provide your reCAPTCHA keys to use this feature."></setup-tooltip>
</p>
<select name='setting:acct_registration_recaptcha' class='form-control'>
<option value='false'>Do not require reCAPTCHA for registration</option>
<option value='true'>Require reCATPCHA for registration</option>
</select>

<p>
reCAPTCHA Configuration:
<setup-tooltip content="You must provide reCAPTCHA keys if you intend to use any reCAPTCHA-dependent features."></setup-tooltip>
</p>

<p>
reCAPTCHA Site Key
</p>
<input type='text' class='form-control' name='setting:recaptcha_site_key'>

<p>
reCAPTCHA Secret Key
</p>
<input type='text' class='form-control' name='setting:recaptcha_secret_key'>

<p class='text-muted'>
You can obtain reCAPTCHA keys from <a href="https://www.google.com/recaptcha/admin">Google's reCAPTCHA website</a>.
</p>

<p>Theme (<a href='https://github.com/cydrobolt/polr/wiki/Themes-Screenshots'>screenshots</a>):</p>
<select name='app:stylesheet' class='form-control'>
<option value=''>Modern (default)</option>
@@ -12,6 +12,11 @@
Username: <input type='text' name='username' class='form-control form-field' placeholder='Username' />
Password: <input type='password' name='password' class='form-control form-field' placeholder='Password' />
Email: <input type='email' name='email' class='form-control form-field' placeholder='Email' />

@if (env('POLR_ACCT_CREATION_RECAPTCHA'))
<div class="g-recaptcha" data-sitekey="{{env('POLR_RECAPTCHA_SITE_KEY')}}"></div>
@endif

<input type="hidden" name='_token' value='{{csrf_token()}}' />
<input type="submit" class="btn btn-default btn-success" value="Register"/>
<p class='login-prompt'>
@@ -34,6 +39,9 @@
<h4>Email</h4>
<p>The email you will use to verify your account or to recover your account.</p>
</p>

</div>
@endsection

@section('js')
<script src="https://www.google.com/recaptcha/api.js" async defer></script>
@endsection

0 comments on commit 6e28bf8

Please sign in to comment.
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.