/
start.php
115 lines (98 loc) · 4.1 KB
/
start.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
<?php
/**
* recaptcha Plugin
* recaptcha settings are set in Elgg Admin Menu -> Settings -> recaptcha
* recaptcha library is included in /lib
* recaptcha form field is added in /mod/recaptcha/views/default/input/captcha.php
* @see Elggs default view /views/default/input/captcha.php
* @see registration form /views/default/forms/register.php [ echo elgg_view('input/captcha') ]
*/
//register the plugin hook handler
elgg_register_event_handler('init', 'system', 'recaptcha_init');
/**
* plugin init function
*/
function recaptcha_init() {
/* when we create an elgg plugin settings page, elgg tries to handle the form submission
* here we override the elggs default submit action by a custom function
* plugin settings file: /recaptcha/views/default/plugins/recaptcha/settings.php
* submit handler: /recaptcha/actions/recaptcha/settings/save.php
*/
$actions = __DIR__ . '/actions/recaptcha';
elgg_register_action('recaptcha/settings/save', "$actions/settings/save.php", 'admin');
// register form check action when the user registration takes place
elgg_register_plugin_hook_handler('action', 'register', 'recaptcha_check_form');
// unset the validated recaptcha session variable
elgg_register_plugin_hook_handler('register', 'user', 'recaptcha_unset_session');
}
/**
* @param $hook
* @param $type
* @param $returnvalue
* @param $params
*
* @return bool
*
* function called when the below plugin trigger is initiated
* @see /engine/lib/actions.php
* @see elgg_trigger_plugin_hook('action', $action, null, $event_result);
*
* this hook is triggered for the action = "register"
* this hooks is called before the default "register" action handler at /actions/register.php
* checks if recaptcha is valid - if not register an error
*/
function recaptcha_check_form($hook, $type, $returnvalue, $params) {
// retain entered form values and re-populate form fields if validation error
elgg_make_sticky_form('register');
/*-- check if the 'Use Recaptcha for user registration' Plugin setting is enabled --*/
//fetch the plugin settings
$plugin_entity = elgg_get_plugin_from_id('recaptcha');
$plugin_settings = $plugin_entity->getAllSettings();
if(array_key_exists('recaptcha_verified', $_SESSION) && $_SESSION['recaptcha_verified'] == 1) {
; //do nothing
}
else {
if($plugin_settings['require_recaptcha'] == 'on') { //if the setting is enabled
// include the recaptcha lib
require_once('lib/recaptchalib.php');
// check the recaptcha
$resp = recaptcha_check_answer (
$plugin_settings['recaptcha_private_key'],
$_SERVER["REMOTE_ADDR"],
$_POST["recaptcha_challenge_field"],
$_POST["recaptcha_response_field"]
);
if (! $resp->is_valid) {
register_error(elgg_echo('recaptcha:human_verification_failed'));
forward(REFERER);
}
else {
/* note that the user has successfully passed the captcha
* in case the form submission fails due to other factors, we do not want to
* ask the user to fill in the captcha details again
* so we store it in a session variable and destroy it after the form is successfully submitted
*/
$_SESSION['recaptcha_verified'] = 1;
}
}
}
return true;
}
/**
* when the user passes recaptcha for the first time, a value is stored in the session variable
* $_SESSION['recaptcha_verified'] = 1 - indicates that recaptcha was successful
* if there is any other error in the form, the user is not presented with the recaptcha again
* in this function, we unset this session variable after the user registration is successful
*
* @param string $hook
* @param string $type
* @param bool $value
* @param array $params
* @return bool
*/
function recaptcha_unset_session($hook, $type, $value, $params) {
if(array_key_exists('recaptcha_verified', $_SESSION)) {
unset($_SESSION['recaptcha_verified']);
}
return true;
}