From 23bf4e393739225e9ea9c569d472164944e23c29 Mon Sep 17 00:00:00 2001 From: Trevor Slocum Date: Wed, 10 Mar 2021 10:45:54 -0800 Subject: [PATCH] Add hCaptcha support --- README.md | 1 + imgboard.php | 4 ++++ inc/functions.php | 22 +++++++++++++++++++++- inc/html.php | 23 ++++++++++++++++++++--- settings.default.php | 10 +++++++--- 5 files changed, 53 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 1724563..8bb4d5a 100644 --- a/README.md +++ b/README.md @@ -16,6 +16,7 @@ See [TinyIB Installations](https://gitlab.com/tslocum/tinyib/wikis/Home) for dem - YouTube, Vimeo and SoundCloud embedding. - CAPTCHA - A simple, self-hosted implementation is included. + - [hCaptcha](https://hcaptcha.com) is supported. - [ReCAPTCHA](https://www.google.com/recaptcha/about/) is supported but [not recommended](https://nearcyan.com/you-probably-dont-need-recaptcha/). - Reference links. `>>###` - Delete posts via password. diff --git a/imgboard.php b/imgboard.php index 39c236f..97bb146 100644 --- a/imgboard.php +++ b/imgboard.php @@ -207,6 +207,10 @@ if (TINYIB_TRIPSEED == '' || TINYIB_ADMINPASS == '') { fancyDie(__('TINYIB_TRIPSEED and TINYIB_ADMINPASS must be configured.')); } +if ((TINYIB_CAPTCHA === 'hcaptcha' || TINYIB_MANAGECAPTCHA === 'hcaptcha') && (TINYIB_HCAPTCHA_SITE == '' || TINYIB_HCAPTCHA_SECRET == '')) { + fancyDie(__('TINYIB_HCAPTCHA_SITE and TINYIB_HCAPTCHA_SECRET must be configured.')); +} + if ((TINYIB_CAPTCHA === 'recaptcha' || TINYIB_MANAGECAPTCHA === 'recaptcha') && (TINYIB_RECAPTCHA_SITE == '' || TINYIB_RECAPTCHA_SECRET == '')) { fancyDie(__('TINYIB_RECAPTCHA_SITE and TINYIB_RECAPTCHA_SECRET must be configured.')); } diff --git a/inc/functions.php b/inc/functions.php index 75aaf5a..4b8a103 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -232,7 +232,27 @@ function deletePost($id) { } function checkCAPTCHA($mode) { - if ($mode === 'recaptcha') { + if ($mode === 'hcaptcha') { + $captcha = isset($_POST['h-captcha-response']) ? $_POST['h-captcha-response'] : ''; + if ($captcha == '') { + fancyDie('Failed CAPTCHA. Reason:
Please click the checkbox labeled "I am human".'); + } + + $data = array( + 'secret' => TINYIB_HCAPTCHA_SECRET, + 'response' => $captcha + ); + $verify = curl_init(); + curl_setopt($verify, CURLOPT_URL, "https://hcaptcha.com/siteverify"); + curl_setopt($verify, CURLOPT_POST, true); + curl_setopt($verify, CURLOPT_POSTFIELDS, http_build_query($data)); + curl_setopt($verify, CURLOPT_RETURNTRANSFER, true); + $verifyResponse = curl_exec($verify); + $responseData = json_decode($verifyResponse); + if (!isset($responseData->success) || !$responseData->success) { + fancyDie('Failed CAPTCHA.'); + } + } else if ($mode === 'recaptcha') { require_once 'inc/recaptcha/autoload.php'; $captcha = isset($_POST['g-recaptcha-response']) ? $_POST['g-recaptcha-response'] : ''; diff --git a/inc/html.php b/inc/html.php index ff9e484..1b5db6c 100644 --- a/inc/html.php +++ b/inc/html.php @@ -4,7 +4,13 @@ if (!defined('TINYIB_BOARD')) { } function pageHeader() { - $js_captcha = (TINYIB_CAPTCHA === 'recaptcha' || TINYIB_MANAGECAPTCHA === 'recaptcha') ? '' : ''; + $js_captcha = ''; + if (TINYIB_CAPTCHA === 'hcaptcha' || TINYIB_MANAGECAPTCHA === 'hcaptcha') { + $js_captcha .= ''; + } + if (TINYIB_CAPTCHA === 'recaptcha' || TINYIB_MANAGECAPTCHA === 'recaptcha') { + $js_captcha .= ''; + } $return = << @@ -149,7 +155,12 @@ EOF; $captcha_html = ''; if (TINYIB_CAPTCHA && !$raw_post) { - if (TINYIB_CAPTCHA === 'recaptcha') { + if (TINYIB_CAPTCHA === 'hcaptcha') { + $captcha_inner_html = ' +
+
+
'; + } else if (TINYIB_CAPTCHA === 'recaptcha') { $captcha_inner_html = '
@@ -793,7 +804,13 @@ function manageLogInForm() { $txt_login = __('Log In'); $txt_login_prompt = __('Enter an administrator or moderator password'); $captcha_inner_html = ''; - if (TINYIB_MANAGECAPTCHA === 'recaptcha') { + if (TINYIB_MANAGECAPTCHA === 'hcaptcha') { + $captcha_inner_html = ' +
+
+
+


'; + } else if (TINYIB_MANAGECAPTCHA === 'recaptcha') { $captcha_inner_html = '
diff --git a/settings.default.php b/settings.default.php index ca57d2d..d828d7a 100644 --- a/settings.default.php +++ b/settings.default.php @@ -23,8 +23,8 @@ define('TINYIB_MODPASS', ''); // Moderators only have access to delete ( define('TINYIB_BOARD', 'b'); // Unique identifier for this board using only letters and numbers define('TINYIB_BOARDDESC', 'TinyIB'); // Displayed at the top of every page define('TINYIB_ALWAYSNOKO', false); // Redirect to thread after posting -define('TINYIB_CAPTCHA', ''); // Reduce spam by requiring users to pass a CAPTCHA when posting: simple / recaptcha (click Rebuild All in the management panel after enabling) ['' to disable] -define('TINYIB_MANAGECAPTCHA', ''); // Improve security by requiring users to pass a CAPTCHA when logging in to the management panel: simple / recaptcha ['' to disable] +define('TINYIB_CAPTCHA', ''); // Reduce spam by requiring users to pass a CAPTCHA when posting: simple / hcaptcha / recaptcha (click Rebuild All in the management panel after enabling) ['' to disable] +define('TINYIB_MANAGECAPTCHA', ''); // Improve security by requiring users to pass a CAPTCHA when logging in to the management panel: simple / hcaptcha / recaptcha ['' to disable] define('TINYIB_REPORT', false); // Allow users to report posts define('TINYIB_REQMOD', ''); // Require moderation before displaying posts: files / all ['' to disable] define('TINYIB_DISALLOWTHREADS', ''); // When set, users attempting to post a new thread are shown this message instead ['' to disable] @@ -100,7 +100,11 @@ define('TINYIB_MAXH', 250); // Height define('TINYIB_TRIPSEED', ''); // Enter some random text (used when generating secure tripcodes, hashing passwords and hashing IP addresses) // CAPTCHA -// The following only apply when TINYIB_CAPTCHA is set to recaptcha +// The following settings apply when TINYIB_CAPTCHA is set to hcaptcha +// For API keys visit https://dashboard.hcaptcha.com/signup +define('TINYIB_HCAPTCHA_SITE', ''); // Site key +define('TINYIB_HCAPTCHA_SECRET', ''); // Secret key +// The following settings apply when TINYIB_CAPTCHA is set to recaptcha // For API keys visit https://www.google.com/recaptcha define('TINYIB_RECAPTCHA_SITE', ''); // Site key define('TINYIB_RECAPTCHA_SECRET', '');// Secret key