Add hcaptcha support (#166)

Co-authored-by: RealAngeleno <angeleno@screamer.wiki> Reviewed-on: https://git.leftypol.org/leftypol/leftypol/pulls/166 Co-authored-by: Zankaria <zankaria.auxa@skiff.com> Co-committed-by: Zankaria <zankaria.auxa@skiff.com>
2024-08-10 19:58:20 +00:00 · 2024-08-10 19:58:20 +00:00 · d8c5c600a8
commit d8c5c600a8
parent 25089f5cbb
5 changed files with 107 additions and 19 deletions
--- a/post.php
+++ b/post.php
@ -92,6 +92,44 @@ function check_recaptcha($secret, $response, $remote_ip)
    return !!$resp['success'];
 }

+function check_hcaptcha($secret, $response, $remote_ip, $public_key)
+{
+    $data = [
+        'secret' => $secret,
+        'response' => $response,
+        'sitekey' => $public_key,
+    ];
+
+    if ($remote_ip !== null) {
+        $data['remoteip'] = $remote_ip;
+    }
+
+    $c = curl_init();
+    curl_setopt_array($c, [
+        CURLOPT_URL => 'https://api.hcaptcha.com/siteverify',
+        CURLOPT_CUSTOMREQUEST => "POST",
+        CURLOPT_POSTFIELDS => $data,
+        CURLOPT_RETURNTRANSFER => true,
+    ]);
+    $c_ret = curl_exec($c);
+    if ($c_ret === false) {
+        $err_no = curl_errno($c);
+        $err_str = curl_error($c);
+
+        curl_close($c);
+        error_log("hCaptcha call failed. Curl returned: $err_no ($err_str)");
+        return false;
+    }
+    curl_close($c);
+
+    $json_ret = json_decode($c_ret, true);
+    if ($json_ret === null) {
+        error_log("hCaptcha call failed. Malformed json: $c_ret");
+        return false;
+    }
+    return $json_ret['success'] === true;
+}
+
 function check_turnstile($secret, $response, $remote_ip, $expected_action)
 {
    $data = [
@ -736,6 +774,13 @@ function handle_post()
                    if (!check_recaptcha($config['recaptcha_private'], $_POST['g-recaptcha-response'], null)) {
                        error($config['error']['captcha']);
                    }
+                } elseif ($config['hcaptcha']) {
+                    if (!isset($_POST['h-captcha-response'])) {
+                        error($config['error']['bot']);
+                    }
+                    if (!check_hcaptcha($config['hcaptcha_private'], $_POST['h-captcha-response'], null, $config['hcaptcha_public'])) {
+                        error($config['error']['captcha']);
+                    }
                } elseif ($config['turnstile']) {
                    if (!isset($_POST['cf-turnstile-response'])) {
                        error($config['error']['bot']);
@ -755,6 +800,13 @@ function handle_post()
                if (!check_recaptcha($config['recaptcha_private'], $_POST['g-recaptcha-response'], $_SERVER['REMOTE_ADDR'])) {
                    error($config['error']['captcha']);
                }
+            } elseif ($config['hcaptcha']) {
+                if (!isset($_POST['h-captcha-response'])) {
+                    error($config['error']['bot']);
+                }
+                if (!check_hcaptcha($config['hcaptcha_private'], $_POST['h-captcha-response'], $_SERVER['REMOTE_ADDR'], $config['hcaptcha_public'])) {
+                    error($config['error']['captcha']);
+                }
            } elseif ($config['turnstile']) {
                if (!isset($_POST['cf-turnstile-response'])) {
                    error($config['error']['bot']);