diff --git a/README.md b/README.md
index beee542..a60f5cb 100644
--- a/README.md
+++ b/README.md
@@ -14,7 +14,9 @@ See [TinyIB Installations](https://gitlab.com/tslocum/tinyib/wikis/Home) for dem
- GIF, JPG, PNG, SWF, MP4 and WebM upload.
- YouTube, Vimeo and SoundCloud embedding.
- - CAPTCHA (A simple implementation is included, reCAPTCHA is also supported)
+ - CAPTCHA
+ - A simple, self-hosted implementation is included
+ - [ReCAPTCHA](https://www.google.com/recaptcha/about/) is supported but [not recommended](https://nearcyan.com/you-probably-dont-need-recaptcha/)
- Reference links >>###
- Delete post via password.
- Management panel:
diff --git a/imgboard.php b/imgboard.php
index b2b10a8..949effd 100644
--- a/imgboard.php
+++ b/imgboard.php
@@ -80,14 +80,6 @@ if (!defined('TINYIB_LOCALE') || TINYIB_LOCALE == '') {
$translator->register();
}
-if (TINYIB_TRIPSEED == '' || TINYIB_ADMINPASS == '') {
- fancyDie(__('TINYIB_TRIPSEED and TINYIB_ADMINPASS must be configured.'));
-}
-
-if (TINYIB_CAPTCHA === 'recaptcha' && (TINYIB_RECAPTCHA_SITE == '' || TINYIB_RECAPTCHA_SECRET == '')) {
- fancyDie(__('TINYIB_RECAPTCHA_SITE and TINYIB_RECAPTCHA_SECRET must be configured.'));
-}
-
$database_modes = array('flatfile', 'mysql', 'mysqli', 'sqlite', 'sqlite3', 'pdo');
if (!in_array(TINYIB_DBMODE, $database_modes)) {
fancyDie(__('Unknown database mode specified.'));
@@ -196,6 +188,14 @@ foreach ($includes as $include) {
require $include;
}
+if (TINYIB_TRIPSEED == '' || TINYIB_ADMINPASS == '') {
+ fancyDie(__('TINYIB_TRIPSEED and TINYIB_ADMINPASS must be configured.'));
+}
+
+if ((TINYIB_CAPTCHA === 'recaptcha' || TINYIB_MANAGECAPTCHA === 'recaptcha') && (TINYIB_RECAPTCHA_SITE == '' || TINYIB_RECAPTCHA_SECRET == '')) {
+ fancyDie(__('TINYIB_RECAPTCHA_SITE and TINYIB_RECAPTCHA_SECRET must be configured.'));
+}
+
if (TINYIB_TIMEZONE != '') {
date_default_timezone_set(TINYIB_TIMEZONE);
}
@@ -211,7 +211,7 @@ if (!isset($_GET['delete']) && !isset($_GET['manage']) && (isset($_POST['name'])
$rawpost = isRawPost();
$rawposttext = '';
if (!$loggedin) {
- checkCAPTCHA();
+ checkCAPTCHA(TINYIB_CAPTCHA);
checkBanned();
checkMessageSize();
checkFlood();
diff --git a/inc/defines.php b/inc/defines.php
index a9bdd0d..f29811d 100644
--- a/inc/defines.php
+++ b/inc/defines.php
@@ -37,6 +37,9 @@ if (!defined('TINYIB_NOFILEOK')) {
if (!defined('TINYIB_CAPTCHA')) {
define('TINYIB_CAPTCHA', '');
}
+if (!defined('TINYIB_MANAGECAPTCHA')) {
+ define('TINYIB_MANAGECAPTCHA', '');
+}
if (!defined('TINYIB_REQMOD')) {
define('TINYIB_REQMOD', '');
}
diff --git a/inc/functions.php b/inc/functions.php
index 5fcf6ca..9ab2fa6 100644
--- a/inc/functions.php
+++ b/inc/functions.php
@@ -196,8 +196,8 @@ function deletePostImages($post) {
}
}
-function checkCAPTCHA() {
- if (TINYIB_CAPTCHA === 'recaptcha') {
+function checkCAPTCHA($mode) {
+ if ($mode === 'recaptcha') {
require_once 'inc/recaptcha/autoload.php';
$captcha = isset($_POST['g-recaptcha-response']) ? $_POST['g-recaptcha-response'] : '';
@@ -228,7 +228,7 @@ function checkCAPTCHA() {
}
fancyDie($captcha_error);
}
- } else if (TINYIB_CAPTCHA) { // Simple CAPTCHA
+ } else if ($mode) { // Simple CAPTCHA
$captcha = isset($_POST['captcha']) ? strtolower(trim($_POST['captcha'])) : '';
$captcha_solution = isset($_SESSION['tinyibcaptcha']) ? strtolower(trim($_SESSION['tinyibcaptcha'])) : '';
@@ -274,10 +274,14 @@ function manageCheckLogIn() {
$loggedin = false;
$isadmin = false;
if (isset($_POST['managepassword'])) {
+ checkCAPTCHA(TINYIB_MANAGECAPTCHA);
+
if ($_POST['managepassword'] === TINYIB_ADMINPASS) {
$_SESSION['tinyib'] = TINYIB_ADMINPASS;
} elseif (TINYIB_MODPASS != '' && $_POST['managepassword'] === TINYIB_MODPASS) {
$_SESSION['tinyib'] = TINYIB_MODPASS;
+ } else {
+ fancyDie(__('Invalid password.'));
}
}
diff --git a/inc/html.php b/inc/html.php
index c58af9f..36c4d6a 100644
--- a/inc/html.php
+++ b/inc/html.php
@@ -4,7 +4,7 @@ if (!defined('TINYIB_BOARD')) {
}
function pageHeader() {
- $js_captcha = TINYIB_CAPTCHA === 'recaptcha' ? '' : '';
+ $js_captcha = (TINYIB_CAPTCHA === 'recaptcha' || TINYIB_MANAGECAPTCHA === 'recaptcha') ? '' : '';
$return = <<
@@ -610,7 +610,7 @@ EOF;
}
$replies = numRepliesToThreadByID($post['id']);
$subject = trim($post['subject']) != '' ? $post['subject'] : substr(trim(str_ireplace("\n", '', strip_tags($post['message']))), 0, 75);
-
+
return <<
@@ -757,12 +757,38 @@ function manageOnLoad($page) {
function manageLogInForm() {
$txt_login = __('Log In');
$txt_login_prompt = __('Enter an administrator or moderator password');
+ $captcha_inner_html = '';
+ if (TINYIB_MANAGECAPTCHA === 'recaptcha') {
+ $captcha_inner_html = '
+
+
';
+ } else if (TINYIB_MANAGECAPTCHA) { // Simple CAPTCHA
+ $captcha_inner_html = '
+
+ ' . __('(enter the text below)') . '
+
';
+ }
return <<
diff --git a/settings.default.php b/settings.default.php
index 8fc1b03..a331ef1 100644
--- a/settings.default.php
+++ b/settings.default.php
@@ -19,10 +19,12 @@ define('TINYIB_ADMINPASS', ''); // Administrators have full access to the
define('TINYIB_MODPASS', ''); // Moderators only have access to delete (and moderate if TINYIB_REQMOD is set) posts ['' to disable]
// Board description and behavior
+// Warning: Enabling ReCAPTCHA will cause all visitors to be tracked by Google. See https://nearcyan.com/you-probably-dont-need-recaptcha/
define('TINYIB_BOARD', 'b'); // Unique identifier for this board using only letters and numbers
define('TINYIB_BOARDDESC', 'TinyIB'); // Displayed at the top of every page
define('TINYIB_ALWAYSNOKO', false); // Redirect to thread after posting
define('TINYIB_CAPTCHA', ''); // Reduce spam by requiring users to pass a CAPTCHA when posting: simple / recaptcha (click Rebuild All in the management panel after enabling) ['' to disable]
+define('TINYIB_MANAGECAPTCHA', ''); // Improve security by requiring users to pass a CAPTCHA when logging in to the management panel: simple / recaptcha ['' to disable]
define('TINYIB_REQMOD', ''); // Require moderation before displaying posts: files / all ['' to disable]
// Board appearance