From 483d553fc0990fc8a3eb40e62ebdbb38979e3dc8 Mon Sep 17 00:00:00 2001 From: Zankaria Date: Sat, 25 May 2024 00:32:44 +0200 Subject: [PATCH] Add dynamic captcha support --- inc/config.php | 3 +++ post.php | 26 +++++++++++++++++++++----- templates/main.js | 30 ++++++++++++++++++++++++++++++ templates/post_form.html | 8 ++++++-- 4 files changed, 60 insertions(+), 7 deletions(-) diff --git a/inc/config.php b/inc/config.php index 68723895..a8a0cc9a 100644 --- a/inc/config.php +++ b/inc/config.php @@ -328,6 +328,9 @@ 'answer' => '4' ); */ + // The captcha is dynamically injected on the client if the server replies with the `captcha-required` cookie set to 1. + $config['dynamic_captcha'] = false; + // Enable reCaptcha to make spam even harder. Rarely necessary. $config['recaptcha'] = false; diff --git a/post.php b/post.php index c9ab0b51..b2ffb7c5 100644 --- a/post.php +++ b/post.php @@ -74,14 +74,21 @@ function strip_markup($post_body) */ function check_recaptcha($secret, $response, $remote_ip) { - $resp = json_decode(file_get_contents( - sprintf( + if ($remote_ip !== null) { + $req = sprintf( 'https://www.google.com/recaptcha/api/siteverify?secret=%s&response=%s&remoteip=%s', $secret, urlencode($response), $remote_ip - ) - ), true); + ); + } else { + $req = sprintf( + 'https://www.google.com/recaptcha/api/siteverify?secret=%s&response=%s&remoteip=%s', + $secret, + urlencode($response), + ); + } + $resp = json_decode(file_get_contents($req), true); return !!$resp['success']; } @@ -683,8 +690,17 @@ function handle_post() if (!$dropped_post) { + if ($config['dynamic_captcha'] && $_SERVER['REMOTE_ADDR'] === '127.0.0.1' && $config['recaptcha']) { + if (!isset($_POST['g-recaptcha-response'])) { + error($config['error']['bot']); + } + if (!check_recaptcha($config['recaptcha_private'], $_POST['g-recaptcha-response'], null)) { + error($config['error']['captcha']); + } + } + // Check for CAPTCHA right after opening the board so the "return" link is in there. - if ($config['recaptcha']) { + if (!$config['dynamic_captcha'] && $config['recaptcha']) { if (!isset($_POST['g-recaptcha-response'])) { error($config['error']['bot']); } diff --git a/templates/main.js b/templates/main.js index b981a78b..1fe26b6a 100755 --- a/templates/main.js +++ b/templates/main.js @@ -238,6 +238,36 @@ function get_cookie(cookie_name) { return null; } +{% endraw %} +{% if config.dynamic_captcha %} +function is_dynamic_captcha_enabled() { + let cookie = get_cookie('require-captcha'); + return cookie === '1'; +} + +function get_captcha_pub_key() { +{% if config.recaptcha %} + return "{{ config.recaptcha_public }}"; +{% else %} + return null; +{% endif %} +} + +function init_dynamic_captcha() { + if (!is_dynamic_captcha_enabled()) { + let pub_key = get_captcha_pub_key(); + if (!pub_key) { + console.error("Missing public captcha key!"); + return; + } + + let captcha_hook = document.getElementById('captcha'); + captcha_hook.style = ""; + } +} +{% endif %} +{% raw %} + function highlightReply(id) { if (typeof window.event != "undefined" && event.which == 2) { // don't highlight on middle click diff --git a/templates/post_form.html b/templates/post_form.html index 89b60a09..f65c12f9 100644 --- a/templates/post_form.html +++ b/templates/post_form.html @@ -91,7 +91,11 @@ {% endif %} {% if config.recaptcha %} + {% if config.dynamic_captcha %} + + {% else %} + {% endif %} {% trans %}Verification{% endtrans %} {{ antibot.html() }} @@ -197,7 +201,7 @@ {{ antibot.html() }} - + {% trans %}(For file deletion.){% endtrans %} {{ antibot.html() }} @@ -208,7 +212,7 @@ {{ antibot.html() }} - + {{ antibot.html() }} {% endif %}