/** * Display recaptcha function * @return string|bool */ public function display() { if (!Setting::readOrFail('Recaptcha.enable')) { return false; } $sitekey = Setting::readOrFail('Recaptcha.sitekey'); $lang = Setting::readOrFail('Recaptcha.lang'); $theme = Setting::readOrFail('Recaptcha.theme'); $type = Setting::readOrFail('Recaptcha.type'); return <<<EOF <script type="text/javascript" src="https://www.google.com/recaptcha/api.js?hl={$lang}" async defer></script> <div class="g-recaptcha" data-sitekey="{$sitekey}" data-theme="{$theme}" data-type="{$type}"></div> <noscript> <div> <div style="width: 302px; height: 422px; position: relative;"> <div style="width: 302px; height: 422px; position: absolute;"> <iframe src="https://www.google.com/recaptcha/api/fallback?k={$sitekey}" frameborder="0" scrolling="no" style="width: 302px; height:422px; border-style: none;"> </iframe> </div> </div> <div style="width: 300px; height: 60px; border-style: none; bottom: 12px; left: 25px; margin: 0px; padding: 0px; right: 25px; background: #f9f9f9; border: 1px solid #c1c1c1; border-radius: 3px;"> <textarea id="g-recaptcha-response" name="g-recaptcha-response" class="g-recaptcha-response" style="width: 250px; height: 40px; border: 1px solid #c1c1c1; margin: 10px 25px; padding: 0px; resize: none;" > </textarea> </div> </div> </noscript> EOF; }
/** * verify recaptcha * @return bool */ public function verify() { if (!Setting::readOrFail('Recaptcha.enable')) { return true; } $controller = $this->_registry->getController(); if (isset($controller->request->data['g-recaptcha-response'])) { $response = (new Client())->post('https://www.google.com/recaptcha/api/siteverify', ['secret' => Setting::readOrFail('Recaptcha.secret'), 'response' => $controller->request->data['g-recaptcha-response'], 'remoteip' => $controller->request->clientIp()]); return json_decode($response->body)->success; } return false; }
/** * Active Account * @param string $token hash from $user->email . $user->token_created . $user->id * @param string $email email * @return Cake\Network\Response */ public function activeAccount($token = null, $email = null) { if (!$token || !$email) { throw new NotFoundException(__('Missing required information. Please read email carefully and try again.')); } $user = $this->Users->findByEmailAndStatus($email, false)->first(); if (!$user) { throw new RecordNotFoundException(__('Account not found or already activated. Please read email carefully and try again.')); } if ($token != Security::hash($user->email . $user->token_created . $user->id, 'sha1', true)) { throw new ForbiddenException(__('Invalid token. Please read email carefully and try again.')); } if (!$user->token_created->wasWithinLast(Setting::readOrFail('Member.RegisterTokenExpired'))) { throw new ForbiddenException(__('Your request has been expired. Please contact to your administrator.')); } unset($user->password); if ($this->request->is('put')) { $allowedToChange = ['password', 're_password', 'full_name']; $data = array_intersect_key($this->request->data, array_flip($allowedToChange)); $user = $this->Users->patchEntity($user, $data, ['validate' => 'ActiveAccount']); $user->status = true; if ($this->Users->save($user)) { unset($user->password); $url = Router::url(['prefix' => 'admin', 'controller' => 'Users', 'action' => 'login', '_full' => true]); TableRegistry::get('EmailQueue')->enqueue($user->email, ['user' => $user, 'url' => $url], ['subject' => __('Your account has been activated'), 'template' => 'Users/account_verified', 'layout' => 'default', 'format' => 'html']); $this->Flash->success(__('Your account has been activated. You can login right now')); return $this->redirect(['action' => 'login']); } } $this->set(compact('user')); }