From 6afc876d199362624d03cc3a6f907f6e0d68205b Mon Sep 17 00:00:00 2001
From: xisi <chaeldarrs@gmail.com>
Date: Thu, 16 Jan 2014 07:52:52 -0500
Subject: [PATCH] Merge changes from TheSerapher's pull/1404 Added re-Captcha
 to Login Page

---
 public/include/config/global.inc.dist.php |  2 +-
 public/include/pages/login.inc.php        | 10 ++++++++++
 public/include/version.inc.php            |  2 +-
 public/templates/mpos/global/header.tpl   |  1 +
 4 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/public/include/config/global.inc.dist.php b/public/include/config/global.inc.dist.php
index 7c9eebba..677a4619 100644
--- a/public/include/config/global.inc.dist.php
+++ b/public/include/config/global.inc.dist.php
@@ -7,7 +7,7 @@ if (!defined('SECURITY')) die('Hacking attempt');
  * This is used in the version check to ensure you run the latest version of the configuration file.
  * Once you upgraded your config, change the version here too.
  **/
-$config['version'] = '0.0.4';
+$config['version'] = '0.0.5';
 
 // Our include directory for additional features
 define('INCLUDE_DIR', BASEPATH . 'include');
diff --git a/public/include/pages/login.inc.php b/public/include/pages/login.inc.php
index 7122d22b..7e43ae5a 100644
--- a/public/include/pages/login.inc.php
+++ b/public/include/pages/login.inc.php
@@ -26,6 +26,16 @@ if ($setting->getValue('maintenance') && !$user->isAdmin($user->getUserId($_POST
   $_SESSION['POPUP'][] = array('CONTENT' => 'You are not allowed to login during maintenace.', 'TYPE' => 'info');
 } else if (!empty($_POST['username']) && !empty($_POST['password'])) {
   $nocsrf = 1;
+  $recaptchavalid = 0;
+  if ($setting->getValue('recaptcha_enabled') && $setting->getValue('recaptcha_enabled_logins') && $rsp->is_valid) {
+    if ($rsp->is_valid) {
+      // recaptcha is enabled and valid
+      $recaptchavalid = 1;
+    } else {
+      // error out, invalid captcha
+      $_SESSION['POPUP'][] = array('CONTENT' => 'Unable to login: The captcha you entered was incorrect', 'TYPE' => 'errormsg');
+    }
+  }
   if ($config['csrf']['enabled'] && $config['csrf']['forms']['login']) {
     if ((isset($_POST['ctoken']) && $_POST['ctoken'] !== $user->getCSRFToken($_SERVER['REMOTE_ADDR'], 'login')) || (!isset($_POST['ctoken']))) {
       // csrf protection is on and this token is invalid, error out -> time expired
diff --git a/public/include/version.inc.php b/public/include/version.inc.php
index 21dd0010..e132eb5e 100644
--- a/public/include/version.inc.php
+++ b/public/include/version.inc.php
@@ -5,7 +5,7 @@ if (!defined('SECURITY')) die('Hacking attempt');
 
 define('MPOS_VERSION', '0.0.2');
 define('DB_VERSION', '0.0.3');
-define('CONFIG_VERSION', '0.0.4');
+define('CONFIG_VERSION', '0.0.5');
 
 // Fetch installed database version
 $db_version = $setting->getValue('DB_VERSION');
diff --git a/public/templates/mpos/global/header.tpl b/public/templates/mpos/global/header.tpl
index ecc997c1..493147dd 100644
--- a/public/templates/mpos/global/header.tpl
+++ b/public/templates/mpos/global/header.tpl
@@ -2,3 +2,4 @@
       <h1 class="site_title">{$GLOBAL.website.name|default:"Unknown Pool"}</h1>
       <h2 class="section_title">{if $smarty.request.action|escape|default:""}{$smarty.request.action|escape|capitalize}{else}{$smarty.request.page|escape|default:"home"|capitalize}{/if}</h2>
     </hgroup>
+    {if $GLOBAL.config.recaptcha_enabled|default:"0" != 1 || $GLOBAL.config.recaptcha_enabled_logins|default:"0" != 1}{nocache}{include file="login/small.tpl"}{/nocache}{/if}
\ No newline at end of file