?> </button> </p> </form> <?php if (strlen(get_option('login_nocaptcha_key')) > 0 && strlen(get_option('login_nocaptcha_secret')) > 0) { ?> <h3><?php _e('Example', 'login_nocaptcha'); ?> </h3> <?php wp_enqueue_script('login_nocaptcha_google_api'); ?> <?php LoginNocaptcha::login_form(); ?> <h3><?php _e('Next Steps', 'login_nocaptcha'); ?> </h3> <ol> <li><?php _e('If you see an error message above, check your keys before proceeding.', 'login_nocaptcha'); ?> </li> <li><?php _e('If the reCAPTCHA displays correctly above, proceed as follows:', 'login_nocaptcha'); ?> </li> <ol>
public static function authenticate($user, $username, $password) { if (isset($_POST['g-recaptcha-response'])) { $response = LoginNocaptcha::filter_string($_POST['g-recaptcha-response']); $remoteip = $_SERVER["REMOTE_ADDR"]; $secret = get_option('login_nocaptcha_secret'); $payload = array('secret' => $secret, 'response' => $response, 'remoteip' => $remoteip); $result = wp_remote_post('https://www.google.com/recaptcha/api/siteverify', array('body' => $payload)); if (is_a($result, 'WP_Error')) { // disable SSL verification for older cURL clients $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, 'https://www.google.com/recaptcha/api/siteverify'); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); $result = curl_exec($ch); $g_response = json_decode($result); } else { $g_response = json_decode($result['body']); } if (is_object($g_response)) { if ($g_response->success) { update_option('login_nocaptcha_working', true); return $user; // success, let them in } else { if (isset($g_response->{'error-codes'}) && $g_response->{'error-codes'} && in_array('missing-input-response', $g_response->{'error-codes'})) { update_option('login_nocaptcha_working', true); return new WP_Error('denied', __('Please check the ReCaptcha box.', 'login_nocaptcha')); } else { if (isset($g_response->{'error-codes'}) && $g_response->{'error-codes'} && (in_array('missing-input-secret', $g_response->{'error-codes'}) || in_array('invalid-input-secret', $g_response->{'error-codes'}))) { update_option('login_nocaptcha_working', false); update_option('login_nocaptcha_google_error', 'error'); update_option('login_nocaptcha_error', sprintf(__('Login NoCaptcha is not working. <a href="%s">Please check your settings</a>. The message from Google was: %s', 'login_nocaptcha'), 'options-general.php?page=login-recaptcha/admin.php', get_google_errors_as_string($g_response))); return $user; //invalid secret entered; prevent lockouts } else { if (isset($g_response->{'error-codes'})) { update_option('login_nocaptcha_working', true); return new WP_Error('denied', __('Incorrect ReCaptcha, please try again.', 'login_nocaptcha')); } else { update_option('login_nocaptcha_working', false); update_option('login_nocaptcha_google_error', 'error'); update_option('login_nocaptcha_error', sprintf(__('Login NoCaptcha is not working. <a href="%s">Please check your settings</a>.', 'login_nocaptcha'), 'options-general.php?page=login-recaptcha/admin.php') . ' ' . __('The response from Google was not valid.', 'login_nocaptcha')); return $user; //not a sane response, prevent lockouts } } } } } else { update_option('login_nocaptcha_working', false); update_option('login_nocaptcha_google_error', 'error'); update_option('login_nocaptcha_error', sprintf(__('Login NoCaptcha is not working. <a href="%s">Please check your settings</a>.', 'login_nocaptcha'), 'options-general.php?page=login-recaptcha/admin.php') . ' ' . __('The response from Google was not valid.', 'login_nocaptcha')); return $user; //not a sane response, prevent lockouts } } else { update_option('login_nocaptcha_working', false); update_option('login_nocaptcha_google_error', 'error'); update_option('login_nocaptcha_error', sprintf(__('Login NoCaptcha is not working. <a href="%s">Please check your settings</a>.', 'login_nocaptcha'), 'options-general.php?page=login-recaptcha/admin.php') . ' ' . __('There was no response from Google.', 'login_nocaptcha')); return $user; //no response from Google } }