Changeset 9167 for sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/functions-registration.php

Timestamp:

10/09/2019 07:07:07 AM (7 years ago)

Author:

dd32

Message:

Login: Require a valid reCaptcha v3 score during registration, add reCaptcha to the account confirmation screen as well.

See #4739.

File:

• sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/functions-registration.php (modified) (2 diffs)

sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/functions-registration.php

@@ -1 +1 @@
 <?php
 
-function wporg_login_check_recapcha_status() {
+function wporg_login_check_recapcha_status( $check_v3_action = false ) {
+
+    // reCaptcha V3 Checks
+    if ( $check_v3_action ) {
+        if ( empty( $_POST['_reCaptcha_v3_token'] ) ) {
+            return false;
+        }
+        $result = wporg_login_recaptcha_api(
+            $_POST['_reCaptcha_v3_token'],
+            RECAPTCHA_V3_PRIVKEY
+        );
+
+        if (
+            ! $result ||
+            ! $result['success'] ||
+            $check_v3_action !== $result['action']
+        ) {
+            return false;
+        }
+
+        // Block super-low scores.
+        if ( (float)$result['score'] < (float) get_option( 'recaptcha_v3_threshold', 0.2 ) ) {
+            return false;
+        }
+    }
+
+    // reCaptcha V2 Checks
     if ( empty( $_POST['g-recaptcha-response'] ) ) {
         return false;
@@ -14 +40 @@
         return false;
     }
+
     return (bool) $result['success'];
 }