Changeset 9167
- Timestamp:
- 10/09/2019 07:07:07 AM (5 years ago)
- Location:
- sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login
- Files:
-
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/functions-registration.php
r9147 r9167 1 1 <?php 2 2 3 function wporg_login_check_recapcha_status() { 3 function wporg_login_check_recapcha_status( $check_v3_action = false ) { 4 5 // reCaptcha V3 Checks 6 if ( $check_v3_action ) { 7 if ( empty( $_POST['_reCaptcha_v3_token'] ) ) { 8 return false; 9 } 10 $result = wporg_login_recaptcha_api( 11 $_POST['_reCaptcha_v3_token'], 12 RECAPTCHA_V3_PRIVKEY 13 ); 14 15 if ( 16 ! $result || 17 ! $result['success'] || 18 $check_v3_action !== $result['action'] 19 ) { 20 return false; 21 } 22 23 // Block super-low scores. 24 if ( (float)$result['score'] < (float) get_option( 'recaptcha_v3_threshold', 0.2 ) ) { 25 return false; 26 } 27 } 28 29 // reCaptcha V2 Checks 4 30 if ( empty( $_POST['g-recaptcha-response'] ) ) { 5 31 return false; … … 14 40 return false; 15 41 } 42 16 43 return (bool) $result['success']; 17 44 } -
sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/functions.php
r9154 r9167 75 75 function wporg_login_register_scripts() { 76 76 wp_register_script( 'recaptcha-api', 'https://www.google.com/recaptcha/api.js', array(), '2' ); 77 wp_add_inline_script( 'recaptcha-api', 'function onSubmit(token) { document.getElementById("registerform").submit(); }' ); 77 wp_add_inline_script( 78 'recaptcha-api', 79 'function onSubmit(token) { 80 var form = document.getElementById("registerform"); 81 82 if ( form.dataset.submitReady ) { 83 form.submit(); 84 } else { 85 // Still waiting on reCaptcha V3, disable/please wait the submit button. 86 form.dataset.submitReady = true; 87 document.getElementById("wp-submit").disabled = true; 88 document.getElementById("wp-submit").value = ' . json_encode( __( 'Please Wait..', 'wporg') ) . '; 89 } 90 }' 91 ); 78 92 79 93 wp_register_script( 'wporg-registration', get_template_directory_uri() . '/js/registration.js', array( 'recaptcha-api', 'jquery' ), '20170219' ); … … 99 113 ).then( function( token ) { 100 114 // Add the token to the "primary" form 101 var input = document.createElement( "input" ); 115 var input = document.createElement( "input" ), 116 form = document.getElementsByTagName("form")[0]; 117 102 118 input.setAttribute( "type", "hidden" ); 103 119 input.setAttribute( "name", "_reCaptcha_v3_token" ); 104 120 input.setAttribute( "value", token ); 105 121 106 document.getElementsByTagName("form")[0].appendChild( input ); 122 form.appendChild( input ); 123 124 if ( form.dataset.submitReady ) { 125 form.submit(); 126 } else { 127 form.dataset.submitReady = true; 128 } 107 129 }); 108 130 }' … … 305 327 */ 306 328 function wporg_login_recaptcha_api( $token, $key ) { 329 // Just a basic cache for multiple calls on the same token on the same pageload. 330 static $cache = array(); 331 307 332 $verify = array( 308 333 'secret' => $key, … … 310 335 'response' => $token, 311 336 ); 312 313 $resp = wp_remote_post( 'https://www.google.com/recaptcha/api/siteverify', array( 'body' => $verify ) ); 314 if ( is_wp_error( $resp ) || 200 != wp_remote_retrieve_response_code( $resp ) ) { 315 return false; 316 } 317 318 return json_decode( wp_remote_retrieve_body( $resp ), true ); 319 } 337 $cache_key = implode( ':', $verify ); 338 339 if ( ! isset( $cache[ $cache_key ] ) ) { 340 $resp = wp_remote_post( 'https://www.google.com/recaptcha/api/siteverify', array( 'body' => $verify ) ); 341 if ( is_wp_error( $resp ) || 200 != wp_remote_retrieve_response_code( $resp ) ) { 342 $cache[ $cache_key ] = false; 343 return false; 344 } 345 346 $cache[ $cache_key ] = json_decode( wp_remote_retrieve_body( $resp ), true ); 347 } 348 349 return $cache[ $cache_key ]; 350 } -
sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/pending-create.php
r9146 r9167 42 42 } 43 43 44 // Check reCaptcha status 45 $error_recapcha_status = false; 46 if ( isset( $_POST['user_pass'] ) ) { 47 if ( ! wporg_login_check_recapcha_status( 'pending_create' ) ) { 48 // No no. "Please try again." 49 $error_recapcha_status = true; 50 unset( $_POST['user_pass'] ); 51 } 52 } 53 54 if ( wporg_login_save_profile_fields( $pending_user ) ) { 55 // re-fetch the user, it's probably changed. 56 $pending_user = wporg_get_pending_user( $activation_user ); 57 } 58 44 59 if ( isset( $_POST['user_pass'] ) ) { 45 60 $user_pass = wp_unslash( $_POST['user_pass'] ); … … 52 67 } 53 68 } 54 55 wporg_login_save_profile_fields();56 69 57 70 wp_safe_redirect( 'https://wordpress.org/support/' ); … … 91 104 include __DIR__ . '/partials/register-profilefields.php'; 92 105 ?> 106 <?php 107 if ( $error_recapcha_status ) { 108 echo '<div class="message error"><p>' . __( 'Please try again.', 'wporg' ) . '</p></div>'; 109 } 110 ?> 93 111 94 112 <p class="login-submit"> 95 <input type="submit" name="wp-submit" id="wp-submit" class="button button-primary" value="<?php esc_attr_e( 'Create Account', 'wporg' ); ?>" />113 <input data-sitekey="<?php echo esc_attr( RECAPTCHA_INVIS_PUBKEY ); ?>" data-callback='onSubmit' type="submit" name="wp-submit" id="wp-submit" class="g-recaptcha button button-primary button-large" value="<?php esc_attr_e( 'Create Account', 'wporg' ); ?>" /> 96 114 </p> 97 115 -
sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/register.php
r9146 r9167 25 25 // handle user registrations. 26 26 if ( ! $error_user_login && ! $error_user_email ) { 27 if ( ! wporg_login_check_recapcha_status( ) ) {27 if ( ! wporg_login_check_recapcha_status( 'register' ) ) { 28 28 $error_recapcha_status = true; 29 29 } else {
Note: See TracChangeset
for help on using the changeset viewer.