diff --git a/public/include/config/admin_settings.inc.php b/public/include/config/admin_settings.inc.php
index 9c8e27a1..fb7c28de 100644
--- a/public/include/config/admin_settings.inc.php
+++ b/public/include/config/admin_settings.inc.php
@@ -355,7 +355,21 @@ $aSettings['recaptcha'][] = array(
'options' => array( 0 => 'No', 1 => 'Yes' ),
'default' => 0,
'name' => 'recaptcha_enabled', 'value' => $setting->getValue('recaptcha_enabled'),
- 'tooltip' => 'Enable or Disable re-Captcha. This will require user input on registraion and other forms.'
+ 'tooltip' => 'Enable or Disable re-Captcha globally.'
+);
+$aSettings['recaptcha'][] = array(
+ 'display' => 'Enable re-Captcha Registration', 'type' => 'select',
+ 'options' => array( 0 => 'No', 1 => 'Yes' ),
+ 'default' => 0,
+ 'name' => 'recaptcha_enabled_registrations', 'value' => $setting->getValue('recaptcha_enabled_registrations'),
+ 'tooltip' => 'Enable or Disable re-Captcha. Adds a re-Captcha to the registration form.'
+);
+$aSettings['recaptcha'][] = array(
+ 'display' => 'Enable re-Captcha Logins', 'type' => 'select',
+ 'options' => array( 0 => 'No', 1 => 'Yes' ),
+ 'default' => 0,
+ 'name' => 'recaptcha_enabled_logins', 'value' => $setting->getValue('recaptcha_enabled_logins'),
+ 'tooltip' => 'Enable or Disable re-Captcha. Adds a re-Captcha to the login form.'
);
$aSettings['recaptcha'][] = array(
'display' => 're-Captcha Private Key', 'type' => 'text',
diff --git a/public/include/pages/login.inc.php b/public/include/pages/login.inc.php
index 5c26848d..7122d22b 100644
--- a/public/include/pages/login.inc.php
+++ b/public/include/pages/login.inc.php
@@ -3,9 +3,28 @@
// Make sure we are called from index.php
if (!defined('SECURITY')) die('Hacking attempt');
+
+// ReCaptcha handling if enabled
+if ($setting->getValue('recaptcha_enabled') && $setting->getValue('recaptcha_enabled_logins')) {
+ require_once(INCLUDE_DIR . '/lib/recaptchalib.php');
+ if (!empty($_POST['username']) && !empty($_POST['password'])) {
+ // Load re-captcha specific data
+ $rsp = recaptcha_check_answer (
+ $setting->getValue('recaptcha_private_key'),
+ $_SERVER["REMOTE_ADDR"],
+ ( (isset($_POST["recaptcha_challenge_field"])) ? $_POST["recaptcha_challenge_field"] : null ),
+ ( (isset($_POST["recaptcha_response_field"])) ? $_POST["recaptcha_response_field"] : null )
+ );
+ $smarty->assign("RECAPTCHA", recaptcha_get_html($setting->getValue('recaptcha_public_key'), $rsp->error, true));
+ if (!$rsp->is_valid) $_SESSION['POPUP'][] = array('CONTENT' => 'Invalid Captcha, please try again.', 'TYPE' => 'errormsg');
+ } else {
+ $smarty->assign("RECAPTCHA", recaptcha_get_html($setting->getValue('recaptcha_public_key'), null, true));
+ }
+}
+
if ($setting->getValue('maintenance') && !$user->isAdmin($user->getUserId($_POST['username']))) {
$_SESSION['POPUP'][] = array('CONTENT' => 'You are not allowed to login during maintenace.', 'TYPE' => 'info');
-} else if (isset($_POST['username']) && isset($_POST['password'])) {
+} else if (!empty($_POST['username']) && !empty($_POST['password'])) {
$nocsrf = 1;
if ($config['csrf']['enabled'] && $config['csrf']['forms']['login']) {
if ((isset($_POST['ctoken']) && $_POST['ctoken'] !== $user->getCSRFToken($_SERVER['REMOTE_ADDR'], 'login')) || (!isset($_POST['ctoken']))) {
@@ -13,9 +32,9 @@ if ($setting->getValue('maintenance') && !$user->isAdmin($user->getUserId($_POST
$nocsrf = 0;
}
}
- if ($nocsrf == 1 || (!$config['csrf']['enabled'] || !$config['csrf']['forms']['login'])) {
- $checklogin = $user->checkLogin($_POST['username'], $_POST['password']);
- if ($checklogin) {
+ // Check if recaptcha is enabled, process form data if valid
+ if (($setting->getValue('recaptcha_enabled') != 1 || $setting->getValue('recaptcha_enabled_logins') != 1 || $rsp->is_valid) && ($nocsrf == 1 || (!$config['csrf']['enabled'] || !$config['csrf']['forms']['login']))) {
+ if ($user->checkLogin(@$_POST['username'], @$_POST['password']) ) {
empty($_POST['to']) ? $to = $_SERVER['SCRIPT_NAME'] : $to = $_POST['to'];
$port = ($_SERVER["SERVER_PORT"] == "80" or $_SERVER["SERVER_PORT"] == "443") ? "" : (":".$_SERVER["SERVER_PORT"]);
$location = @$_SERVER['HTTPS'] === true ? 'https://' . $_SERVER['SERVER_NAME'] . $port . $to : 'http://' . $_SERVER['SERVER_NAME'] . $port . $to;
@@ -24,18 +43,17 @@ if ($setting->getValue('maintenance') && !$user->isAdmin($user->getUserId($_POST
} else {
$_SESSION['POPUP'][] = array('CONTENT' => 'Unable to login: '. $user->getError(), 'TYPE' => 'errormsg');
}
- } else {
+ } else if ($nocsrf == 0) {
$img = "
";
$_SESSION['POPUP'][] = array('CONTENT' => "Login token expired, please try again $img", 'TYPE' => 'info');
}
-} else if (@$_POST['username'] && @$_POST['password']) {
- $_SESSION['POPUP'][] = array('CONTENT' => 'Unable to login: '. $user->getError(), 'TYPE' => 'errormsg');
}
// csrf token - update if it's enabled
$token = '';
if ($config['csrf']['enabled'] && $config['csrf']['forms']['login']) {
$token = $user->getCSRFToken($_SERVER['REMOTE_ADDR'], 'login');
}
+
// Load login template
$smarty->assign('CONTENT', 'default.tpl');
$smarty->assign('CTOKEN', $token);
diff --git a/public/include/pages/register.inc.php b/public/include/pages/register.inc.php
index 608d3b9e..692c3e42 100644
--- a/public/include/pages/register.inc.php
+++ b/public/include/pages/register.inc.php
@@ -10,7 +10,7 @@ if ($setting->getValue('lock_registration') && $setting->getValue('disable_invit
$_SESSION['POPUP'][] = array('CONTENT' => 'Only invited users are allowed to register.', 'TYPE' => 'errormsg');
$smarty->assign("CONTENT", "disabled.tpl");
} else {
- if ($setting->getValue('recaptcha_enabled')) {
+ if ($setting->getValue('recaptcha_enabled') && $setting->getValue('recaptcha_enabled_registrations')) {
require_once(INCLUDE_DIR . '/lib/recaptchalib.php');
$smarty->assign("RECAPTCHA", recaptcha_get_html($setting->getValue('recaptcha_public_key'), null, true));
}
diff --git a/public/include/pages/register/register.inc.php b/public/include/pages/register/register.inc.php
index f9854d65..7090a1c4 100644
--- a/public/include/pages/register/register.inc.php
+++ b/public/include/pages/register/register.inc.php
@@ -2,15 +2,18 @@
// Make sure we are called from index.php
if (!defined('SECURITY')) die('Hacking attempt');
-if ($setting->getValue('recaptcha_enabled')) {
- // Load re-captcha specific data
+// ReCaptcha handling if enabled
+if ($setting->getValue('recaptcha_enabled') && $setting->getValue('recaptcha_enabled_registrations')) {
require_once(INCLUDE_DIR . '/lib/recaptchalib.php');
+ // Load re-captcha specific data
$rsp = recaptcha_check_answer (
$setting->getValue('recaptcha_private_key'),
$_SERVER["REMOTE_ADDR"],
( (isset($_POST["recaptcha_challenge_field"])) ? $_POST["recaptcha_challenge_field"] : null ),
( (isset($_POST["recaptcha_response_field"])) ? $_POST["recaptcha_response_field"] : null )
);
+ $smarty->assign("RECAPTCHA", recaptcha_get_html($setting->getValue('recaptcha_public_key'), $rsp->error, true));
+ if (!$rsp->is_valid) $_SESSION['POPUP'][] = array('CONTENT' => 'Invalid Captcha, please try again.', 'TYPE' => 'errormsg');
}
if ($setting->getValue('disable_invitations') && $setting->getValue('lock_registration')) {
@@ -18,26 +21,8 @@ if ($setting->getValue('disable_invitations') && $setting->getValue('lock_regist
} else if ($setting->getValue('lock_registration') && !$setting->getValue('disable_invitations') && !isset($_POST['token'])) {
$_SESSION['POPUP'][] = array('CONTENT' => 'Only invited users are allowed to register.', 'TYPE' => 'errormsg');
} else {
- // Check if recaptcha is enabled, process form data if valid
- if($setting->getValue('recaptcha_enabled') && isset($_POST["recaptcha_response_field"]) && $_POST["recaptcha_response_field"]!=''){
- if ($rsp->is_valid) {
- $smarty->assign("RECAPTCHA", recaptcha_get_html($setting->getValue('recaptcha_public_key'), null, true));
- isset($_POST['token']) ? $token = $_POST['token'] : $token = '';
- if ($user->register(@$_POST['username'], @$_POST['password1'], @$_POST['password2'], @$_POST['pin'], @$_POST['email1'], @$_POST['email2'], @$_POST['tac'], $token)) {
- ! $setting->getValue('accounts_confirm_email_disabled') ? $_SESSION['POPUP'][] = array('CONTENT' => 'Please check your mailbox to activate this account') : $_SESSION['POPUP'][] = array('CONTENT' => 'Account created, please login');
- } else {
- $_SESSION['POPUP'][] = array('CONTENT' => 'Unable to create account: ' . $user->getError(), 'TYPE' => 'errormsg');
- }
- } else {
- $smarty->assign("RECAPTCHA", recaptcha_get_html($setting->getValue('recaptcha_public_key'), $rsp->error, true));
- $_SESSION['POPUP'][] = array('CONTENT' => 'Invalid Captcha, please try again. (' . $rsp->error . ')', 'TYPE' => 'errormsg');
- }
- // Empty captcha
- } else if ($setting->getValue('recaptcha_enabled')) {
- $smarty->assign("RECAPTCHA", recaptcha_get_html($setting->getValue('recaptcha_public_key'), $rsp->error, true));
- $_SESSION['POPUP'][] = array('CONTENT' => 'Empty Captcha, please try again.', 'TYPE' => 'errormsg');
- // Captcha disabled
- } else {
+ // Check if recaptcha is enabled, process form data if valid or disabled
+ if ($setting->getValue('recaptcha_enabled') != 1 || $setting->getValue('recaptcha_enabled_registrations') != 1 || $rsp->is_valid) {
isset($_POST['token']) ? $token = $_POST['token'] : $token = '';
if ($user->register(@$_POST['username'], @$_POST['password1'], @$_POST['password2'], @$_POST['pin'], @$_POST['email1'], @$_POST['email2'], @$_POST['tac'], $token)) {
! $setting->getValue('accounts_confirm_email_disabled') ? $_SESSION['POPUP'][] = array('CONTENT' => 'Please check your mailbox to activate this account') : $_SESSION['POPUP'][] = array('CONTENT' => 'Account created, please login');
diff --git a/public/include/smarty_globals.inc.php b/public/include/smarty_globals.inc.php
index f059d477..b858214c 100644
--- a/public/include/smarty_globals.inc.php
+++ b/public/include/smarty_globals.inc.php
@@ -67,6 +67,8 @@ $aGlobal = array(
'twofactor' => $config['twofactor'],
'csrf' => $config['csrf'],
'config' => array(
+ 'recaptcha_enabled' => $setting->getValue('recaptcha_enabled'),
+ 'recaptcha_enabled_logins' => $setting->getValue('recaptcha_enabled_logins'),
'disable_navbar' => $setting->getValue('disable_navbar'),
'disable_navbar_api' => $setting->getValue('disable_navbar_api'),
'disable_payouts' => $setting->getValue('disable_payouts'),
diff --git a/public/templates/mobile/login/default.tpl b/public/templates/mobile/login/default.tpl
index cb5c0cfa..2a44cebb 100644
--- a/public/templates/mobile/login/default.tpl
+++ b/public/templates/mobile/login/default.tpl
@@ -1,7 +1,9 @@
Forgot your password?
diff --git a/public/templates/mpos/global/header.tpl b/public/templates/mpos/global/header.tpl
index a41835a9..4d5d7345 100644
--- a/public/templates/mpos/global/header.tpl
+++ b/public/templates/mpos/global/header.tpl
@@ -2,4 +2,4 @@
{$GLOBAL.website.name|default:"Unknown Pool"}
{if $smarty.request.action|escape|default:""}{$smarty.request.action|escape|capitalize}{else}{$smarty.request.page|escape|default:"home"|capitalize}{/if}
- {include file="login/small.tpl"}
+ {if $GLOBAL.config.recaptcha_enabled|default:"0" != 1 || $GLOBAL.config.recaptcha_enabled_logins|default:"0" != 1}{nocache}{include file="login/small.tpl"}{/nocache}{/if}
diff --git a/public/templates/mpos/login/default.tpl b/public/templates/mpos/login/default.tpl
index 9b8eefec..c10467a4 100644
--- a/public/templates/mpos/login/default.tpl
+++ b/public/templates/mpos/login/default.tpl
@@ -14,6 +14,7 @@
+ {nocache}{$RECAPTCHA|default:"" nofilter}{/nocache}