Fixed an issue with error checking if cookie expired and attempting t…

…o refresh access #496 Added options for the reCAPTCHA functionality
impress-org · Mar 25, 2016 · d93812e · d93812e
1 parent 03baa20
commit d93812e
Show file tree

Hide file tree

Showing 3 changed files with 82 additions and 58 deletions.
diff --git a/includes/admin/register-settings.php b/includes/admin/register-settings.php
@@ -580,7 +580,7 @@ public function give_settings( $active_tab ) {
 				'show_on'    => array( 'key' => 'options-page', 'value' => array( $this->key, ), ),
 				'fields'     => apply_filters( 'give_settings_advanced', array(
 						array(
-							'name' => __( 'Session Control', 'give' ),
+							'name' => __( 'Access Control', 'give' ),
 							'desc' => '',
 							'id'   => 'give_title_session_control_1',
 							'type' => 'give_title'
@@ -603,6 +603,20 @@ public function give_settings( $active_tab ) {
 							'id'   => 'email_access',
 							'type' => 'checkbox',
 						),
+						array(
+							'id'      => 'recaptcha_key',
+							'name'    => __( 'reCAPTCHA Site Key', 'give' ),
+							'desc'    => sprintf( __( 'If you would like to prevent spam on the email access form navigate to %1$sthe reCAPTCHA website%2$s and sign up for an API key. The reCAPTCHA uses Google\'s user-friendly single click verification method.', 'give' ), '<a href="https://www.google.com/recaptcha/" target="_blank">', '</a>' ),
+							'default' => '',
+							'type'    => 'text'
+						),
+						array(
+							'id'      => 'recaptcha_secret',
+							'name'    => __( 'reCAPTCHA Secret Key', 'give' ),
+							'desc'    => __( 'Please paste the reCAPTCHA secret key here from your manage reCAPTCHA API Keys panel.', 'give' ),
+							'default' => '',
+							'type'    => 'text'
+						),
 						array(
 							'name' => __( 'Data Control', 'give' ),
 							'desc' => '',

diff --git a/includes/class-give-no-logins.php b/includes/class-give-no-logins.php
@@ -2,7 +2,7 @@
 /**
  * Class for allowing donors access to their donation w/o logging in;
  *
- * Based on the work from Matt Gibbs -
+ * Based on the work from Matt Gibbs - https://github.com/FacetWP/edd-no-logins
  *
  * @package     Give
  * @copyright   Copyright (c) 2016, WordImpress
@@ -135,12 +135,45 @@ function check_for_token() {
 			}
 
 			$this->token_exists = true;
-
 			// Set cookie
 			setcookie( 'give_nl', $token );
 		}
 	}
 
+	/**
+	 * Is this a valid token?
+	 *
+	 * @param $token
+	 *
+	 * @return bool
+	 */
+	function is_valid_token( $token ) {
+
+		global $wpdb;
+
+		// Make sure token isn't expired
+		$expires = date( 'Y-m-d H:i:s', time() - $this->token_expiration );
+
+		$email = $wpdb->get_var(
+			$wpdb->prepare( "SELECT email FROM {$wpdb->prefix}give_customers WHERE token = %s AND verify_throttle >= %s LIMIT 1", $token, $expires )
+		);
+
+		if ( ! empty( $email ) ) {
+			$this->token_email = $email;
+			$this->token       = $token;
+
+			return true;
+		}
+
+		//Set error only if email access form isn't being submitted
+		if ( ! isset( $_POST['give_email'] )  && ! isset( $_POST['_wpnonce'] ) ) {
+			give_set_error( 'give_email_token_expired', apply_filters( 'give_email_token_expired_message', 'Sorry, your access token has expired. Please request a new one below:', 'give' ) );
+		}
+
+
+		return false;
+
+	}
 
 	/**
 	 * Add the verify key to DB
@@ -172,38 +205,6 @@ function set_verify_key( $customer_id, $email, $verify_key ) {
 		}
 	}
 
-
-	/**
-	 * Is this a valid token?
-	 *
-	 * @param $token
-	 *
-	 * @return bool
-	 */
-	function is_valid_token( $token ) {
-
-		global $wpdb;
-
-		// Make sure token isn't expired
-		$expires = date( 'Y-m-d H:i:s', time() - $this->token_expiration );
-
-		$email = $wpdb->get_var(
-			$wpdb->prepare( "SELECT email FROM {$wpdb->prefix}give_customers WHERE token = %s AND verify_throttle >= %s LIMIT 1", $token, $expires )
-		);
-
-		if ( ! empty( $email ) ) {
-			$this->token_email = $email;
-			$this->token       = $token;
-
-			return true;
-		}
-
-		give_set_error( 'give_email_token_expired', apply_filters( 'give_email_token_expired_message', 'Sorry, your access token has expired', 'give' ) );
-
-		return false;
-	}
-
-
 	/**
 	 * Is this a valid verify key?
 	 */

diff --git a/templates/email-login-form.php b/templates/email-login-form.php
@@ -8,14 +8,19 @@
 $show_form = true;
 $email     = isset( $_POST['give_email'] ) ? $_POST['give_email'] : '';
 
+//reCAPTCHA
+$recaptcha_key    = give_get_option( 'recaptcha_key' );
+$recaptcha_secret = give_get_option( 'recaptcha_secret' );
+$enable_recaptcha = ( ! empty( $recaptcha_key ) && ! empty( $recaptcha_secret ) ) ? true : false;
+
 // Form submission
 if ( is_email( $email ) && wp_verify_nonce( $_POST['_wpnonce'], 'give' ) ) {
 
 	// Use reCAPTCHA
-	if ( defined( 'RECAPTCHA_KEY' ) ) {
+	if ( $enable_recaptcha ) {
 
 		$args = array(
-			'secret'   => RECAPTCHA_SECRET,
+			'secret'   => $recaptcha_secret,
 			'response' => $_POST['g-recaptcha-response'],
 			'remoteip' => $_POST['give_ip']
 		);
@@ -33,6 +38,7 @@
 
 			} else {
 
+				//Connection issue
 				give_set_error( 'give_recaptcha_connection_issue', apply_filters( 'give_recaptcha_connection_issue_message', __( 'Unable to connect to reCAPTCHA server', 'give' ) ) );
 
 			}
@@ -45,6 +51,7 @@
 		}
 	}
 
+	//If no errors or only expired token key error - then send email
 	if ( ! give_get_errors() ) {
 
 		$customer = Give()->customers->get_customer_by( 'email', $email );
@@ -60,42 +67,44 @@
 	}
 }
 
-?>
-	<script>
-		(function ($) {
-			$(function () {
-				$.getJSON('https://api.ipify.org?format=jsonp&callback=?', function (json) {
-					$('.give_ip').val(json.ip);
-				});
-			});
-		})(jQuery);
-	</script>
-
-	<h3><?php echo apply_filters( 'give_access_donation_history_headline', __( 'Access Your Donation History', 'give' ) ); ?></h3>
+//Print any messages & errors
+give_print_errors( 0 );
 
-<?php give_print_errors( 0 ); ?>
-
-<?php
 //Show the email login form?
 if ( $show_form ) { ?>
 
-	<script src='https://www.google.com/recaptcha/api.js'></script>
 	<div class="give-form">
 		<form method="post" action="">
-			<input type="email" name="give_email" value="" placeholder="<?php _e( 'Your donation email', 'give' ); ?>"/>
+			<label for="give_email"><?php __( 'Donation Email:', 'give' ); ?></label>
+			<input id="give-email" type="email" name="give_email" value="" placeholder="<?php _e( 'Your donation email', 'give' ); ?>"/>
 			<input type="hidden" name="_wpnonce" value="<?php echo wp_create_nonce( 'give' ); ?>"/>
 
-			<?php if ( defined( 'RECAPTCHA_KEY' ) ) : ?>
-				<div class="g-recaptcha" data-sitekey="<?php echo RECAPTCHA_KEY; ?>"></div>
+			<?php
+			//Enable reCAPTCHA?
+			if ( $enable_recaptcha ) { ?>
+
+				<script>
+					//IP verify for reCAPTCHA
+					(function ($) {
+						$(function () {
+							$.getJSON('https://api.ipify.org?format=jsonp&callback=?', function (json) {
+								$('.give_ip').val(json.ip);
+							});
+						});
+					})(jQuery);
+				</script>
+
+				<script src='https://www.google.com/recaptcha/api.js'></script>
+				<div class="g-recaptcha" data-sitekey="<?php echo $recaptcha_key; ?>"></div>
 				<input type="hidden" name="give_ip" class="give_ip" value=""/>
-			<?php endif; ?>
+			<?php } ?>
 
 			<input type="submit" class="give-submit" value="<?php _e( 'Email access token', 'give' ); ?>"/>
 		</form>
 	</div>
 
 <?php } else { ?>
 
-	<?php give_output_error( sprintf( __( 'An email with an access link has been sent to %1$s.', 'give' ), $email ), true, 'success' ); ?>
+	<?php give_output_error( sprintf( __( 'An email with an access link has been sent to %1$s', 'give' ), $email ), true, 'success' ); ?>
 
 <?php } ?>