|
|
|
|
<?php
|
|
|
|
|
/**
|
|
|
|
|
* CodeIgniter-Aauth
|
|
|
|
|
*
|
|
|
|
|
* Aauth is a User Authorization Library for CodeIgniter 4.x, which aims to make
|
|
|
|
|
* easy some essential jobs such as login, permissions and access operations.
|
|
|
|
|
* Despite ease of use, it has also very advanced features like grouping,
|
|
|
|
|
* access management, public access etc..
|
|
|
|
|
*
|
|
|
|
|
* @package CodeIgniter-Aauth
|
|
|
|
|
* @since 3.0.0
|
|
|
|
|
* @author Emre Akay
|
|
|
|
|
* @author Raphael "REJack" Jackstadt
|
|
|
|
|
* @copyright 2014-2019 Emre Akay
|
|
|
|
|
* @license https://opensource.org/licenses/MIT MIT License
|
|
|
|
|
* @link https://github.com/emreakay/CodeIgniter-Aauth
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
namespace App\Libraries\Aauth;
|
|
|
|
|
|
|
|
|
|
use \App\Models\Aauth\LoginAttemptModel;
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Aauth CAPTCHA
|
|
|
|
|
*
|
|
|
|
|
* Class for handling CAPTCHA (reCAPTCHA & hCAPTCHA)
|
|
|
|
|
*
|
|
|
|
|
* @package CodeIgniter-Aauth
|
|
|
|
|
*/
|
|
|
|
|
class CAPTCHA extends \App\Libraries\Aauth
|
|
|
|
|
{
|
|
|
|
|
/**
|
|
|
|
|
* Verify CAPTCHA Response
|
|
|
|
|
*
|
|
|
|
|
* Calls the CAPTCHA site verify API to verify whether the user passes
|
|
|
|
|
* CAPTCHA test.
|
|
|
|
|
*
|
|
|
|
|
* @param string $response Response string from CAPTCHA verification.
|
|
|
|
|
*
|
|
|
|
|
* @return array
|
|
|
|
|
*/
|
|
|
|
|
public function verifyCaptchaResponse($response)
|
|
|
|
|
{
|
|
|
|
|
if ($response === null || strlen($response) === 0)
|
|
|
|
|
{
|
|
|
|
|
return [
|
|
|
|
|
'success' => false,
|
|
|
|
|
'errorCodes' => 'missing-input',
|
|
|
|
|
];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$request = \Config\Services::request();
|
|
|
|
|
$remoteIp = $request->getIPAddress();
|
|
|
|
|
|
|
|
|
|
if ($this->config->captchaType === 'recaptcha')
|
|
|
|
|
{
|
|
|
|
|
$siteUrl = 'https://www.google.com/recaptcha/api/siteverify';
|
|
|
|
|
$request = $this->_submitGet(
|
|
|
|
|
$siteUrl,
|
|
|
|
|
[
|
|
|
|
|
'secret' => $this->config->captchaSecret,
|
|
|
|
|
'remoteip' => $remoteIp,
|
|
|
|
|
'response' => $response,
|
|
|
|
|
'version' => 'php_1.0.0',
|
|
|
|
|
]);
|
|
|
|
|
}
|
|
|
|
|
else if ($this->config->captchaType === 'hcaptcha')
|
|
|
|
|
{
|
|
|
|
|
$siteUrl = 'https://hcaptcha.com/siteverify';
|
|
|
|
|
$request = $this->_submitPost(
|
|
|
|
|
$siteUrl,
|
|
|
|
|
[
|
|
|
|
|
'secret' => $this->config->captchaSecret,
|
|
|
|
|
'response' => $response,
|
|
|
|
|
'remoteip' => $remoteIp,
|
|
|
|
|
]);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$answer = json_decode($request, true);
|
|
|
|
|
|
|
|
|
|
if (ENVIRONMENT === 'testing' && $response === 'testing')
|
|
|
|
|
{
|
|
|
|
|
$answer = ['success' => true];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ($answer['success'] !== true)
|
|
|
|
|
{
|
|
|
|
|
return [
|
|
|
|
|
'success' => false,
|
|
|
|
|
'errorCodes' => $answer['error-codes'],
|
|
|
|
|
];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return ['success' => true];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Generate CAPTCHA HTML
|
|
|
|
|
*
|
|
|
|
|
* @return string
|
|
|
|
|
*/
|
|
|
|
|
public function generateCaptchaHtml()
|
|
|
|
|
{
|
|
|
|
|
$content = '';
|
|
|
|
|
|
|
|
|
|
if ($this->config->loginProtection && $this->config->captchaEnabled && $this->isCaptchaRequired())
|
|
|
|
|
{
|
|
|
|
|
$siteKey = $this->config->captchaSiteKey;
|
|
|
|
|
|
|
|
|
|
if ($this->config->captchaType === 'recaptcha')
|
|
|
|
|
{
|
|
|
|
|
$content = "<div class='g-recaptcha' data-sitekey='{$siteKey}'></div>";
|
|
|
|
|
$content .= '<script src="https://www.google.com/recaptcha/api.js" async defer></script>';
|
|
|
|
|
}
|
|
|
|
|
else if ($this->config->captchaType === 'hcaptcha')
|
|
|
|
|
{
|
|
|
|
|
$content = "<div class='h-captcha' data-sitekey='{$siteKey}'></div>";
|
|
|
|
|
$content .= '<script src="https://hcaptcha.com/1/api.js" async defer></script>';
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return $content;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Is CAPTCHA Required
|
|
|
|
|
*
|
|
|
|
|
* @return boolean
|
|
|
|
|
*/
|
|
|
|
|
public function isCaptchaRequired()
|
|
|
|
|
{
|
|
|
|
|
$loginAttemptModel = new LoginAttemptModel();
|
|
|
|
|
|
|
|
|
|
return $loginAttemptModel->find() >= $this->config->captchaLoginAttempts;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Submit GET
|
|
|
|
|
*
|
|
|
|
|
* Submits an HTTP GET to a CAPTCHA server.
|
|
|
|
|
*
|
|
|
|
|
* @param string $url URL path to CAPTCHA server.
|
|
|
|
|
* @param array $data Array of parameters to be sent.
|
|
|
|
|
*
|
|
|
|
|
* @return string
|
|
|
|
|
*/
|
|
|
|
|
private function _submitGet($url, $data)
|
|
|
|
|
{
|
|
|
|
|
$client = \Config\Services::curlrequest();
|
|
|
|
|
$response = $client->request('GET', $url, [
|
|
|
|
|
'query' => $data,
|
|
|
|
|
]);
|
|
|
|
|
|
|
|
|
|
return $response->getBody();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Submit POST
|
|
|
|
|
*
|
|
|
|
|
* Submits an HTTP POST to a CAPTCHA server.
|
|
|
|
|
*
|
|
|
|
|
* @param string $url URL path to CAPTCHA server.
|
|
|
|
|
* @param array $data Array of parameters to be sent.
|
|
|
|
|
*
|
|
|
|
|
* @return string
|
|
|
|
|
*/
|
|
|
|
|
private function _submitPost($url, $data)
|
|
|
|
|
{
|
|
|
|
|
$client = \Config\Services::curlrequest();
|
|
|
|
|
$response = $client->request('POST', $url, [
|
|
|
|
|
'query' => $data,
|
|
|
|
|
]);
|
|
|
|
|
|
|
|
|
|
return $response->getBody();
|
|
|
|
|
}
|
|
|
|
|
}
|
