1
<?php
2
/**
3
 * This file is part of the Shieldon package.
4
 *
5
 * (c) Terry L. <contact@terryl.in>
6
 *
7
 * For the full copyright and license information, please view the LICENSE
8
 * file that was distributed with this source code.
9
 * 
10
 * php version 7.1.0
11
 * 
12
 * @category  Web-security
13
 * @package   Shieldon
14
 * @author    Terry Lin <contact@terryl.in>
15
 * @copyright 2019 terrylinooo
16
 * @license   https://github.com/terrylinooo/shieldon/blob/2.x/LICENSE MIT
17
 * @link      https://github.com/terrylinooo/shieldon
18
 * @see       https://shieldon.io
19
 */
20

21
declare(strict_types=1);
22

23
namespace Shieldon\Firewall\Captcha;
24

25
use Shieldon\Firewall\Captcha\CaptchaProvider;
26

27
use function Shieldon\Firewall\get_request;
28
use function Shieldon\Firewall\unset_superglobal;
29
use function curl_error;
30
use function curl_exec;
31
use function curl_init;
32
use function curl_setopt;
33
use function is_string;
34
use function json_decode;
35

36
/**
37
 * Google reCaptcha.
38
 */
39
class ReCaptcha extends CaptchaProvider
40
{
41
    /**
42
     * The site key.
43
     *
44
     * @var string
45
     */
46
    protected $key = '';
47

48
    /**
49
     * The secret key.
50
     *
51
     * @var string
52
     */
53
    protected $secret = '';
54

55
    /**
56
     * The version.
57
     *
58
     * @var string
59
     */
60
    protected $version = 'v2';
61

62
    /**
63
     * The language code of the UI.
64
     *
65
     * @var string
66
     */
67
    protected $lang = 'en';
68

69
    /**
70
     * The URL of Google ReCaptcha API.
71
     *
72
     * @var string
73
     */
74
    protected $googleServiceUrl = 'https://www.google.com/recaptcha/api/siteverify';
75

76
    /**
77
     * Constructor.
78
     *
79
     * It will implement default configuration settings here.
80
     *
81
     * @param array $config The settings of Google ReCpatcha.
82
     *
83
     * @return void
84
     */
85 3
    public function __construct(array $config = [])
86
    {
87 3
        parent::__construct();
88
        
89 3
        foreach ($config as $k => $v) {
90 3
            if (isset($this->{$k})) {
91 3
                $this->{$k} = $v;
92
            }
93
        }
94
    }
95

96
    /**
97
     * Response the result from Google service server.
98
     *
99
     * @return bool
100
     */
101 3
    public function response(): bool
102
    {
103 3
        $postParams = get_request()->getParsedBody();
104

105 3
        if (empty($postParams['g-recaptcha-response'])) {
106 3
            return false;
107
        }
108

109 3
        $flag = false;
110 3
        $reCaptchaToken = str_replace(["'", '"'], '', $postParams['g-recaptcha-response']);
111

112
        $postData = [
113 3
            'secret' => $this->secret,
114 3
            'response' => $reCaptchaToken,
115
        ];
116

117 3
        $ch = curl_init();
118

119 3
        if (!is_resource($ch)) {
120
            // @codeCoverageIgnoreStart
121
            return false;
122
            // @codeCoverageIgnoreEnd
123
        }
124

125 3
        curl_setopt($ch, CURLOPT_URL, $this->googleServiceUrl);
126 3
        curl_setopt($ch, CURLOPT_HTTPHEADER, array('Expect:'));
127 3
        curl_setopt($ch, CURLOPT_POST, 2);
128 3
        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
129 3
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
130 3
        curl_setopt($ch, CURLOPT_POSTFIELDS, $postData);
131 3
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
132

133 3
        $ret = curl_exec($ch);
134

135
        // @codeCoverageIgnoreStart
136
        if (curl_errno($ch)) {
137
            echo 'error:' . curl_error($ch);
138
        }
139
        // @codeCoverageIgnoreEnd
140

141 3
        if (isset($ret) && is_string($ret)) {
142 3
            $tmp = json_decode($ret);
143 3
            if ($tmp->success == true) {
144 3
                $flag = true;
145
            }
146
        }
147

148 3
        curl_close($ch);
149

150
        // Prevent detecting POST method on RESTful frameworks.
151 3
        unset_superglobal('g-recaptcha-response', 'post');
152

153 3
        return $flag;
154
    }
155

156
    /**
157
     * Output a required HTML for reCaptcha v2.
158
     *
159
     * @return string
160
     */
161 3
    public function form(): string
162
    {
163 3
        $html = '<div>';
164 3
        $html .= '<div style="display: inline-block">';
165 3
        if ('v3' !== $this->version) {
166 3
            $html .= '<script src="https://www.google.com/recaptcha/api.js?hl=' . $this->lang . '"></script>';
167 3
            $html .= '<div class="g-recaptcha" data-sitekey="' . $this->key . '"></div>';
168
        } else {
169 3
            $html .= '<input type="hidden" name="g-recaptcha-response" id="g-recaptcha-response" value="">';
170 3
            $html .= '<script src="https://www.google.com/recaptcha/api.js?render=' . $this->key . '&hl=' . $this->lang . '"></script>';
171 3
            $html .= '<script>';
172 3
            $html .= '    grecaptcha.ready(function() {';
173 3
            $html .= '        grecaptcha.execute("' . $this->key . '", {action: "homepage"}).then(function(token) {';
174 3
            $html .= '            document.getElementById("g-recaptcha-response").value = token;';
175 3
            $html .= '        }); ';
176 3
            $html .= '    });';
177 3
            $html .= '</script>';
178
        }
179 3
        $html .= '</div>';
180 3
        $html .= '</div>';
181

182 3
        return $html;
183
    }
184
}

Read our documentation on viewing source code .

Loading