Merge pull request #34 from Flynntes/dev

Implemented Google reCAPTCHA V3

sleeky-backend/plugin.php

@@ -3,7 +3,7 @@
 Plugin Name: Sleeky Backend
 Plugin URI: https://sleeky.flynntes.com
 Description: UI overhaul of the YOURLS backend
-Version: 2.3.0
+Version: 2.4.0
 Author: Flynn Tesoriero
 Author URI: https://flynntes.com
 */

sleeky-frontend/frontend/config.php

@@ -21,6 +21,16 @@
 // Logo for your site, displayed on home page
 define('logo', '/frontend/assets/img/logo-black.png');
 
+// Enable reCAPTCHA V3
+// It is highly recommended you use reCAPTCHA V3. It will stop spam. You can get a site and secret key from here: https://www.google.com/recaptcha/admin/create
+define("enableRecaptcha", true);
+
+// reCAPTCHA V3 Site Key
+define("recaptchaV3SiteKey", 'YOU_SITE_KEY_HERE');
+
+// reCAPTCHA V3 Secret Key
+define("recaptchaV3SecretKey", 'YOU_SECRET_KEY_HERE');
+
 // Enables the custom URL field
 // true or false
 define('enableCustomURL', true);

sleeky-frontend/frontend/footer.php

@@ -1,4 +1,18 @@
 <script src="//code.jquery.com/jquery-3.4.1.min.js"></script>
+<script src="https://www.google.com/recaptcha/api.js?render=<?php echo recaptchaV3SiteKey ?>"></script>
+
+<script>
+	$('#shortenlink').submit(function(event) {
+		event.preventDefault();
+		grecaptcha.ready(function() {
+			grecaptcha.execute('<?php echo recaptchaV3SiteKey ?>', {action: 'shorten_link'}).then(function(token) {
+				$('#shortenlink').prepend('<input type="hidden" name="token" value="' + token + '">');
+				$('#shortenlink').prepend('<input type="hidden" name="action" value="shorten_link">');
+				$('#shortenlink').unbind('submit').submit();
+			});;
+		});
+	});
+</script>
 
 <script>
 	$(document).ready(function() {

sleeky-frontend/index.php

@@ -9,9 +9,41 @@
 	// URL of the public interface
 	$page = YOURLS_SITE . '/index.php' ;
 
+	// Make variables visible to function & UI
+	$shorturl = $message = $title = $status = '';
+
 	// Part to be executed if FORM has been submitted
 	if ( isset( $_REQUEST['url'] ) && $_REQUEST['url'] != 'http://' ) {
+		if (enableRecaptcha) {
+			// Use reCAPTCHA
+			$token = $_POST['token'];
+			$action = $_POST['action'];
+
+			// call curl to POST request
+			$ch = curl_init();
+			curl_setopt($ch, CURLOPT_URL,"https://www.google.com/recaptcha/api/siteverify");
+			curl_setopt($ch, CURLOPT_POST, 1);
+			curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query(array('secret' => recaptchaV3SecretKey, 'response' => $token)));
+			curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+			$response = curl_exec($ch);
+			curl_close($ch);
+			$arrResponse = json_decode($response, true);
+
+			// verify the response
+			if($arrResponse["success"] == '1' && $arrResponse["action"] == $action && $arrResponse["score"] >= 0.5) {
+				// reCAPTCHA succeeded
+				shorten();
+			} else {
+				// reCAPTCHA failed
+				$message = "reCAPTCHA failed";
+			}
+		} else {
+			// Don't use reCAPTCHA
+			shorten();
+		}
+	}
 
+	function shorten() {
 		// Get parameters -- they will all be sanitized in yourls_add_new_link()
 		$url     = $_REQUEST['url'];
 		$keyword = isset( $_REQUEST['keyword'] ) ? $_REQUEST['keyword'] : '' ;
@@ -21,6 +53,9 @@
 		// Create short URL, receive array $return with various information
 		$return  = yourls_add_new_link( $url, $keyword, $title );
 
+		// Make visible to UI
+		global $shorturl, $message, $status, $title;
+
 		$shorturl = isset( $return['shorturl'] ) ? $return['shorturl'] : '';
 		$message  = isset( $return['message'] ) ? $return['message'] : '';
 		$title    = isset( $return['title'] ) ? $return['title'] : '';
@@ -83,7 +118,7 @@
 						</div>	    
 					<?php endif; ?>
 				<?php endif; ?>
-				<form method="post" action="">
+				<form id="shortenlink" method="post" action="">
 					<input type="url" name="url" class="url" id="url" placeholder="PASTE URL, SHORTEN &amp; SHARE" required>
 					<input type="submit" value="Shorten">
 					<?php if (enableCustomURL): ?>