tfirst attempt at integrating reCAPTCHA challenge - cosmo - front and backend for Markov-Chain Monte Carlo inversion of cosmogenic nuclide concentrations
(HTM) git clone git://src.adamsgaard.dk/cosmo
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
(DIR) LICENSE
---
(DIR) commit 7d7cfbecd22e4be49e70bd582edbe1c82484f9f2
(DIR) parent b086816eb59e04f1539e120800a0145e0382de78
(HTM) Author: Anders Damsgaard <anders.damsgaard@geo.au.dk>
Date: Tue, 10 Nov 2015 13:15:19 +0100
first attempt at integrating reCAPTCHA challenge
Diffstat:
M head.html | 3 +++
M index.php | 25 ++++++++++++++++++++++++-
M pages/history.html | 4 ++++
A recaptchalib.php | 140 +++++++++++++++++++++++++++++++
M uploadhistory.php | 23 ++++++++++++++++++++++-
5 files changed, 193 insertions(+), 2 deletions(-)
---
(DIR) diff --git a/head.html b/head.html
t@@ -30,3 +30,6 @@
<link type="text/css" rel="stylesheet" href="css/materialize.css"
media="screen,projection"/>
+ <!-- Google reCAPTCHA -->
+ <script src='https://www.google.com/recaptcha/api.js'></script>
+
(DIR) diff --git a/index.php b/index.php
t@@ -1,5 +1,28 @@
-<?php include('head.html'); ?>
<?php
+
+// reCAPTCHA setup
+require_once('recaptchalib.php');
+
+// your secret key
+$secret = "6LeMrRATAAAAAOdcvVGi6PfR__XGOVoUP7lCqHp1";
+
+// empty response
+$response = null;
+
+// check secret key
+$reCaptcha = new ReCaptcha($secret);
+
+// if submitted check response
+if ($_POST["g-recaptcha-response"]) {
+ $response = $reCaptcha->verifyResponse(
+ $_SERVER["REMOTE_ADDR"],
+ $_POST["g-recaptcha-response"]
+ );
+}
+
+// include top of html template
+include('head.html');
+
if (isset($_GET['wait_id']) && !empty($_GET['wait_id'])) {
// read status file contents
(DIR) diff --git a/pages/history.html b/pages/history.html
t@@ -421,6 +421,10 @@
</div>
</div>
+ <!-- Google reCAPTCHA -->
+ <div class="g-recaptcha"
+ data-sitekey="6LeMrRATAAAAAF7YHequ2Az9UzuHuwi9NUvjZgRZ">
+ </div>
</form>
</div>
(DIR) diff --git a/recaptchalib.php b/recaptchalib.php
t@@ -0,0 +1,140 @@
+<?php
+/**
+ * This is a PHP library that handles calling reCAPTCHA.
+ * - Documentation and latest version
+ * https://developers.google.com/recaptcha/docs/php
+ * - Get a reCAPTCHA API Key
+ * https://www.google.com/recaptcha/admin/create
+ * - Discussion group
+ * http://groups.google.com/group/recaptcha
+ *
+ * @copyright Copyright (c) 2014, Google Inc.
+ * @link http://www.google.com/recaptcha
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+/**
+ * A ReCaptchaResponse is returned from checkAnswer().
+ */
+class ReCaptchaResponse
+{
+ public $success;
+ public $errorCodes;
+}
+
+class ReCaptcha
+{
+ private static $_signupUrl = "https://www.google.com/recaptcha/admin";
+ private static $_siteVerifyUrl =
+ "https://www.google.com/recaptcha/api/siteverify?";
+ private $_secret;
+ private static $_version = "php_1.0";
+
+ /**
+ * Constructor.
+ *
+ * @param string $secret shared secret between site and ReCAPTCHA server.
+ */
+ function ReCaptcha($secret)
+ {
+ if ($secret == null || $secret == "") {
+ die("To use reCAPTCHA you must get an API key from <a href='"
+ . self::$_signupUrl . "'>" . self::$_signupUrl . "</a>");
+ }
+ $this->_secret=$secret;
+ }
+
+ /**
+ * Encodes the given data into a query string format.
+ *
+ * @param array $data array of string elements to be encoded.
+ *
+ * @return string - encoded request.
+ */
+ private function _encodeQS($data)
+ {
+ $req = "";
+ foreach ($data as $key => $value) {
+ $req .= $key . '=' . urlencode(stripslashes($value)) . '&';
+ }
+
+ // Cut the last '&'
+ $req=substr($req, 0, strlen($req)-1);
+ return $req;
+ }
+
+ /**
+ * Submits an HTTP GET to a reCAPTCHA server.
+ *
+ * @param string $path url path to recaptcha server.
+ * @param array $data array of parameters to be sent.
+ *
+ * @return array response
+ */
+ private function _submitHTTPGet($path, $data)
+ {
+ $req = $this->_encodeQS($data);
+ $response = file_get_contents($path . $req);
+ return $response;
+ }
+
+ /**
+ * Calls the reCAPTCHA siteverify API to verify whether the user passes
+ * CAPTCHA test.
+ *
+ * @param string $remoteIp IP address of end user.
+ * @param string $response response string from recaptcha verification.
+ *
+ * @return ReCaptchaResponse
+ */
+ public function verifyResponse($remoteIp, $response)
+ {
+ // Discard empty solution submissions
+ if ($response == null || strlen($response) == 0) {
+ $recaptchaResponse = new ReCaptchaResponse();
+ $recaptchaResponse->success = false;
+ $recaptchaResponse->errorCodes = 'missing-input';
+ return $recaptchaResponse;
+ }
+
+ $getResponse = $this->_submitHttpGet(
+ self::$_siteVerifyUrl,
+ array (
+ 'secret' => $this->_secret,
+ 'remoteip' => $remoteIp,
+ 'v' => self::$_version,
+ 'response' => $response
+ )
+ );
+ $answers = json_decode($getResponse, true);
+ $recaptchaResponse = new ReCaptchaResponse();
+
+ if (trim($answers ['success']) == true) {
+ $recaptchaResponse->success = true;
+ } else {
+ $recaptchaResponse->success = false;
+ $recaptchaResponse->errorCodes = $answers [error-codes];
+ }
+
+ return $recaptchaResponse;
+ }
+}
+
+?>
(DIR) diff --git a/uploadhistory.php b/uploadhistory.php
t@@ -3,6 +3,27 @@
// Validates form data from pages/history.html and writes a file for the Matlab
// script file_scanner_mcmc_starter.m to read as input for the MCMC inversion.
+// reCAPTCHA setup
+require_once('recaptchalib.php');
+
+// your secret key
+$secret = "6LeMrRATAAAAAOdcvVGi6PfR__XGOVoUP7lCqHp1";
+
+// empty response
+$response = null;
+
+// check secret key
+$reCaptcha = new ReCaptcha($secret);
+
+// if submitted check response
+if ($_POST["g-recaptcha-response"]) {
+ $response = $reCaptcha->verifyResponse(
+ $_SERVER["REMOTE_ADDR"],
+ $_POST["g-recaptcha-response"]
+ );
+}
+
+
//$missing_fields = ''; // string of missing field names
$missing_fields = array(); // array of missing field names
//die('"' . $_POST['sample_id'] . '", ' . isset($_POST['sample_id']));
t@@ -99,7 +120,7 @@ if ((isset($_POST['ne_conc']) && $_POST['ne_conc'] != '') &&
// If something is missing, send error to user and make him/her go back
-if (count($missing_fields) > 0) {
+if (count($missing_fields) > 0 || !$response->success) {
//$error_msg = '<html><body>' .
//'<h2>Invalid input</h2>';
$error_msg = '