From b9d36bcfc96c2fadb0c2fa5396b398daa1d6ec92 Mon Sep 17 00:00:00 2001 From: Sebastian Grewe Date: Tue, 14 Jan 2014 13:28:15 +0100 Subject: [PATCH] [IMPROVED] Added re-Captcha to Login Page * Enable re-captcha to use it * Disables the mini-login box in header * Requires re-Captcha to be setup in Admin Panel Fixes #1400 once merged. --- public/include/pages/login.inc.php | 32 +++++++++++++++++++------ public/include/smarty_globals.inc.php | 1 + public/templates/mpos/global/header.tpl | 2 +- public/templates/mpos/login/default.tpl | 1 + 4 files changed, 28 insertions(+), 8 deletions(-) diff --git a/public/include/pages/login.inc.php b/public/include/pages/login.inc.php index 5c26848d..8f35d724 100644 --- a/public/include/pages/login.inc.php +++ b/public/include/pages/login.inc.php @@ -3,9 +3,28 @@ // Make sure we are called from index.php if (!defined('SECURITY')) die('Hacking attempt'); + +// ReCaptcha handling if enabled +if ($setting->getValue('recaptcha_enabled')) { + require_once(INCLUDE_DIR . '/lib/recaptchalib.php'); + if (!empty($_POST['username']) && !empty($_POST['password'])) { + // Load re-captcha specific data + $rsp = recaptcha_check_answer ( + $setting->getValue('recaptcha_private_key'), + $_SERVER["REMOTE_ADDR"], + ( (isset($_POST["recaptcha_challenge_field"])) ? $_POST["recaptcha_challenge_field"] : null ), + ( (isset($_POST["recaptcha_response_field"])) ? $_POST["recaptcha_response_field"] : null ) + ); + $smarty->assign("RECAPTCHA", recaptcha_get_html($setting->getValue('recaptcha_public_key'), $rsp->error, true)); + if (!$rsp->is_valid) $_SESSION['POPUP'][] = array('CONTENT' => 'Invalid Captcha, please try again.', 'TYPE' => 'errormsg'); + } else { + $smarty->assign("RECAPTCHA", recaptcha_get_html($setting->getValue('recaptcha_public_key'), null, true)); + } +} + if ($setting->getValue('maintenance') && !$user->isAdmin($user->getUserId($_POST['username']))) { $_SESSION['POPUP'][] = array('CONTENT' => 'You are not allowed to login during maintenace.', 'TYPE' => 'info'); -} else if (isset($_POST['username']) && isset($_POST['password'])) { +} else if (!empty($_POST['username']) && !empty($_POST['password'])) { $nocsrf = 1; if ($config['csrf']['enabled'] && $config['csrf']['forms']['login']) { if ((isset($_POST['ctoken']) && $_POST['ctoken'] !== $user->getCSRFToken($_SERVER['REMOTE_ADDR'], 'login')) || (!isset($_POST['ctoken']))) { @@ -13,9 +32,9 @@ if ($setting->getValue('maintenance') && !$user->isAdmin($user->getUserId($_POST $nocsrf = 0; } } - if ($nocsrf == 1 || (!$config['csrf']['enabled'] || !$config['csrf']['forms']['login'])) { - $checklogin = $user->checkLogin($_POST['username'], $_POST['password']); - if ($checklogin) { + // Check if recaptcha is enabled, process form data if valid + if (($setting->getValue('recaptcha_enabled') != 1 || $rsp->is_valid) && ($nocsrf == 1 || (!$config['csrf']['enabled'] || !$config['csrf']['forms']['login']))) { + if ($user->checkLogin(@$_POST['username'], @$_POST['password']) ) { empty($_POST['to']) ? $to = $_SERVER['SCRIPT_NAME'] : $to = $_POST['to']; $port = ($_SERVER["SERVER_PORT"] == "80" or $_SERVER["SERVER_PORT"] == "443") ? "" : (":".$_SERVER["SERVER_PORT"]); $location = @$_SERVER['HTTPS'] === true ? 'https://' . $_SERVER['SERVER_NAME'] . $port . $to : 'http://' . $_SERVER['SERVER_NAME'] . $port . $to; @@ -24,18 +43,17 @@ if ($setting->getValue('maintenance') && !$user->isAdmin($user->getUserId($_POST } else { $_SESSION['POPUP'][] = array('CONTENT' => 'Unable to login: '. $user->getError(), 'TYPE' => 'errormsg'); } - } else { + } else if ($nocsrf == 0) { $img = ""; $_SESSION['POPUP'][] = array('CONTENT' => "Login token expired, please try again $img", 'TYPE' => 'info'); } -} else if (@$_POST['username'] && @$_POST['password']) { - $_SESSION['POPUP'][] = array('CONTENT' => 'Unable to login: '. $user->getError(), 'TYPE' => 'errormsg'); } // csrf token - update if it's enabled $token = ''; if ($config['csrf']['enabled'] && $config['csrf']['forms']['login']) { $token = $user->getCSRFToken($_SERVER['REMOTE_ADDR'], 'login'); } + // Load login template $smarty->assign('CONTENT', 'default.tpl'); $smarty->assign('CTOKEN', $token); diff --git a/public/include/smarty_globals.inc.php b/public/include/smarty_globals.inc.php index f059d477..98f23a2c 100644 --- a/public/include/smarty_globals.inc.php +++ b/public/include/smarty_globals.inc.php @@ -67,6 +67,7 @@ $aGlobal = array( 'twofactor' => $config['twofactor'], 'csrf' => $config['csrf'], 'config' => array( + 'recaptcha_enabled' => $setting->getValue('recaptcha_enabled'), 'disable_navbar' => $setting->getValue('disable_navbar'), 'disable_navbar_api' => $setting->getValue('disable_navbar_api'), 'disable_payouts' => $setting->getValue('disable_payouts'), diff --git a/public/templates/mpos/global/header.tpl b/public/templates/mpos/global/header.tpl index a41835a9..7362439c 100644 --- a/public/templates/mpos/global/header.tpl +++ b/public/templates/mpos/global/header.tpl @@ -2,4 +2,4 @@

{$GLOBAL.website.name|default:"Unknown Pool"}

{if $smarty.request.action|escape|default:""}{$smarty.request.action|escape|capitalize}{else}{$smarty.request.page|escape|default:"home"|capitalize}{/if}

- {include file="login/small.tpl"} + {if $GLOBAL.config.recaptcha_enabled|default:"0" != 1}{nocache}{include file="login/small.tpl"}{/nocache}{/if} diff --git a/public/templates/mpos/login/default.tpl b/public/templates/mpos/login/default.tpl index 9b8eefec..c10467a4 100644 --- a/public/templates/mpos/login/default.tpl +++ b/public/templates/mpos/login/default.tpl @@ -14,6 +14,7 @@
+
{nocache}{$RECAPTCHA|default:"" nofilter}{/nocache}