WordPress.org
Get WordPress

Making WordPress.org


Ignore:
Timestamp:
09/23/2019 06:26:14 AM (7 years ago)
Author:
dd32
Message:

Login: Add reCaptcha v3 in logging-only mode for registration.

See #4739.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/functions.php

    r9146 r9147  
    8181        'rest_url' => esc_url_raw( rest_url( "wporg/v1" ) )
    8282    ) );
     83
     84    // reCaptcha v3 is loaded on all login pages, not just the registration flow.
     85    wp_enqueue_script( 'recaptcha-api-v3', 'https://www.google.com/recaptcha/api.js?onload=reCaptcha_v3_init&render=' . RECAPTCHA_V3_PUBKEY, array(), '3' );
     86    wp_add_inline_script(
     87        'recaptcha-api-v3',
     88        'function reCaptcha_v3_init() {
     89            grecaptcha.execute(' .
     90                json_encode( RECAPTCHA_V3_PUBKEY ) .
     91                ', {action: ' . json_encode(
     92                    str_replace( '-', '_', WP_WPOrg_SSO::$matched_route ?: 'login' ) // Must match ^[a-Z_ ]$, but we use -
     93                ) .' }
     94            ).then( function( token ) {
     95                // Add the token to the "primary" form
     96                var input = document.createElement( "input" );
     97                input.setAttribute( "type", "hidden" );
     98                input.setAttribute( "name", "_reCaptcha_v3_token" );
     99                input.setAttribute( "value", token );
     100
     101                document.getElementsByTagName("form")[0].appendChild( input );
     102            });
     103        }'
     104    );
    83105}
    84106add_action( 'init', 'wporg_login_register_scripts' );
     
    273295add_action( 'wp_footer', 'wporg_login_language_switcher', 1 );
    274296add_action( 'login_footer', 'wporg_login_language_switcher', 1 );
     297
     298/**
     299 * Simple API for accessing the reCaptcha verify api.
     300 */
     301function wporg_login_recaptcha_api( $token, $key ) {
     302    $verify = array(
     303        'secret'   => $key,
     304        'remoteip' => $_SERVER['REMOTE_ADDR'],
     305        'response' => $token,
     306    );
     307
     308    $resp = wp_remote_post( 'https://www.google.com/recaptcha/api/siteverify', array( 'body' => $verify ) );
     309    if ( is_wp_error( $resp ) || 200 != wp_remote_retrieve_response_code( $resp ) ) {
     310        return false;
     311    }
     312
     313    return json_decode( wp_remote_retrieve_body( $resp ), true );
     314}
Note: See TracChangeset for help on using the changeset viewer.