ZoneMinder
/
zoneminder
mirror of https://github.com/ZoneMinder/zoneminder.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #1066 from pliablepixels/1065-recaptcha-ui-fix-when-vars-dont-exist 

fixed recaptcha showing up pre DB update
pull/1088/head
Isaac Connor 2015-09-28 10:00:46 -04:00
parent 4baebb4f47 727486d8f3
commit b53603dee1
4 changed files with 48 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
web/includes/actions.php
View File

@ -22,6 +22,7 @@
// PP - POST request handler for PHP which does not need extensions // PP - POST request handler for PHP which does not need extensions
// credit: http://wezfurlong.org/blog/2006/nov/http-post-from-php-without-curl/ // credit: http://wezfurlong.org/blog/2006/nov/http-post-from-php-without-curl/
function do_post_request($url, $data, $optional_headers = null) function do_post_request($url, $data, $optional_headers = null)
{ {
$params = array('http' => array( $params = array('http' => array(
@ -67,8 +68,15 @@ if ( ZM_OPT_USE_AUTH && ZM_AUTH_HASH_LOGINS && empty($user) && !empty($_REQUEST[
if ( !empty($action) ) if ( !empty($action) )
{ {
// PP - lets validate reCaptcha if it exists if ( $action == "login" && isset($_REQUEST['username']) && ( ZM_AUTH_TYPE == "remote" || isset($_REQUEST['password']) ) )
if (ZM_OPT_USE_GOOG_RECAPTCHA && ZM_OPT_GOOG_RECAPTCHA_SECRETKEY && ZM_OPT_GOOG_RECAPTCHA_SITEKEY) {
// if true, a popup will display after login
// PP - lets validate reCaptcha if it exists
if ( defined('ZM_OPT_USE_GOOG_RECAPTCHA')
&& defined('ZM_OPT_GOOG_RECAPTCHA_SECRETKEY')
&& defined('ZM_OPT_GOOG_RECAPTCHA_SITEKEY')
&& ZM_OPT_USE_GOOG_RECAPTCHA && ZM_OPT_GOOG_RECAPTCHA_SECRETKEY
&& ZM_OPT_GOOG_RECAPTCHA_SITEKEY)
{ {
$url = 'https://www.google.com/recaptcha/api/siteverify'; $url = 'https://www.google.com/recaptcha/api/siteverify';
$fields = array ( $fields = array (
@ -78,16 +86,38 @@ if ( !empty($action) )
); );
$res= do_post_request($url, http_build_query($fields)); $res= do_post_request($url, http_build_query($fields));
$result = json_decode($res); $responseData = json_decode($res,true);
if ($result->success != 'true') // PP - credit: https://github.com/google/recaptcha/blob/master/src/ReCaptcha/Response.php
// if recaptcha resulted in error, we might have to deny login
if (isset($responseData['success']) && $responseData['success'] == false)
{ {
userLogout(); // PP - before we deny auth, let's make sure the error was not 'invalid secret'
$view='login'; // because that means the user did not configure the secret key correctly
$refreshParent = true; // in this case, we prefer to let him login in and display a message to correct
// the key. Unfortunately, there is no way to check for invalid site key in code
// as it produces the same error as when you don't answer a recaptcha
if (isset($responseData['error-codes']) && is_array($responseData['error-codes']))
{
if (!in_array('invalid-input-secret',$responseData['error-codes']))
{
Error ("reCaptcha authentication failed");
userLogout();
$view='login';
$refreshParent = true;
}
else
{
//Let them login but show an error
echo '<script type="text/javascript">alert("'.translate('RecaptchaWarning').'"); </script>';
Error ("Invalid recaptcha secret detected");
}
}
} }
} }
}
// General scope actions // General scope actions
if ( $action == "login" && isset($_REQUEST['username']) && ( ZM_AUTH_TYPE == "remote" || isset($_REQUEST['password']) ) ) if ( $action == "login" && isset($_REQUEST['username']) && ( ZM_AUTH_TYPE == "remote" || isset($_REQUEST['password']) ) )

1
web/lang/en_gb.php
View File

@ -578,6 +578,7 @@ $SLANG = array(
'Progress' => 'Progress', 'Progress' => 'Progress',
'Protocol' => 'Protocol', 'Protocol' => 'Protocol',
'Rate' => 'Rate', 'Rate' => 'Rate',
'RecaptchaWarning' => 'Your reCaptcha secret key is invalid. Please correct it, or reCaptcha will not work', // added Sep 24 2015 - PP
'Real' => 'Real', 'Real' => 'Real',
'Record' => 'Record', 'Record' => 'Record',
'RefImageBlendPct' => 'Reference Image Blend %ge', 'RefImageBlendPct' => 'Reference Image Blend %ge',

4
web/skins/classic/views/js/console.js.php
View File

@ -26,3 +26,7 @@ elseif ( ZM_DYN_SHOW_DONATE_REMINDER )
?> ?>
var showVersionPopup = <?php echo isset($showVersionPopup )?'true':'false' ?>; var showVersionPopup = <?php echo isset($showVersionPopup )?'true':'false' ?>;
var showDonatePopup = <?php echo isset($showDonatePopup )?'true':'false' ?>; var showDonatePopup = <?php echo isset($showDonatePopup )?'true':'false' ?>;

9
web/skins/classic/views/login.php
View File

@ -22,7 +22,7 @@ xhtmlHeaders(__FILE__, translate('Login') );
?> ?>
<!-- PP: Add recaptcha script if enabled --> <!-- PP: Add recaptcha script if enabled -->
<?php <?php
if (ZM_OPT_USE_GOOG_RECAPTCHA) if (defined('ZM_OPT_USE_GOOG_RECAPTCHA') && ZM_OPT_USE_GOOG_RECAPTCHA)
{ {
echo "<head> <script src='https://www.google.com/recaptcha/api.js'></script> </head>"; echo "<head> <script src='https://www.google.com/recaptcha/api.js'></script> </head>";
} }
@ -52,9 +52,12 @@ xhtmlHeaders(__FILE__, translate('Login') );
<input type="submit" value="<?php echo translate('Login') ?>"/> <input type="submit" value="<?php echo translate('Login') ?>"/>
<!-- PP: Added recaptcha widget if enabled --> <!-- PP: Added recaptcha widget if enabled -->
<?php <?php
if (ZM_OPT_USE_GOOG_RECAPTCHA && ZM_OPT_GOOG_RECAPTCHA_SITEKEY && ZM_OPT_GOOGLE_RECAPTCHA_SECRETKEY) if (defined('ZM_OPT_USE_GOOG_RECAPTCHA')
&& defined('ZM_OPT_GOOG_RECAPTCHA_SITEKEY')
&& defined('ZM_OPT_GOOG_RECAPTCHA_SECRETKEY')
&& ZM_OPT_USE_GOOG_RECAPTCHA && ZM_OPT_GOOG_RECAPTCHA_SITEKEY && ZM_OPT_GOOG_RECAPTCHA_SECRETKEY)
{ {
echo "<br/><br/><center> <div class='g-recaptcha' data-sitekey='".ZM_OPT_GOOG_RECAPTCHA_SITEKEY."'></div> </center>"; echo "<br/><br/><center> <div class='g-recaptcha' data-sitekey='".ZM_OPT_GOOG_RECAPTCHA_SITEKEY."'></div> </center>";
} }
?> ?>
</form> </form>