diff --git a/lib/API/JSON/API.php b/lib/API/JSON/API.php
index 7421ffc3d4..af8bdc8ec9 100644
--- a/lib/API/JSON/API.php
+++ b/lib/API/JSON/API.php
@@ -2,6 +2,7 @@
namespace MailPoet\API\JSON;
use MailPoet\Config\AccessControl;
+use MailPoet\Models\Setting;
use MailPoet\Util\Helpers;
use MailPoet\Util\Security;
use MailPoet\WP\Hooks;
@@ -56,7 +57,13 @@ class API {
Hooks::doAction('mailpoet_api_setup', array($this));
$this->setRequestData($_POST);
- if($this->checkToken() === false) {
+ $ignoreToken = (
+ Setting::getValue('re_captcha.enabled') &&
+ $this->_request_endpoint == 'subscribers' &&
+ $this->_request_method == 'subscribe'
+ );
+
+ if(!$ignoreToken && $this->checkToken() === false) {
$error_message = __('Sorry, but we couldn\'t connect to the MailPoet server. Please refresh the web page and try again.', 'mailpoet');
$error_response = $this->createErrorResponse(Error::UNAUTHORIZED, $error_message, Response::STATUS_UNAUTHORIZED);
return $error_response->send();
diff --git a/lib/API/JSON/v1/Subscribers.php b/lib/API/JSON/v1/Subscribers.php
index e7448ac4fa..036e8f4548 100644
--- a/lib/API/JSON/v1/Subscribers.php
+++ b/lib/API/JSON/v1/Subscribers.php
@@ -5,9 +5,10 @@ namespace MailPoet\API\JSON\v1;
use MailPoet\API\JSON\Endpoint as APIEndpoint;
use MailPoet\API\JSON\Error as APIError;
use MailPoet\Config\AccessControl;
-use MailPoet\Listing;
use MailPoet\Form\Util\FieldNameObfuscator;
+use MailPoet\Listing;
use MailPoet\Models\Form;
+use MailPoet\Models\Setting;
use MailPoet\Models\StatisticsForms;
use MailPoet\Models\Subscriber;
use MailPoet\Newsletter\Scheduler\Scheduler;
@@ -76,6 +77,8 @@ class Subscribers extends APIEndpoint {
$form = Form::findOne($form_id);
unset($data['form_id']);
+ $recaptcha = Setting::getValue('re_captcha');
+
if(!$form) {
return $this->badRequest(array(
APIError::BAD_REQUEST => __('Please specify a valid form ID.', 'mailpoet')
@@ -87,6 +90,26 @@ class Subscribers extends APIEndpoint {
));
}
+ if($recaptcha['enabled'] && !isset($data['recaptcha'])) {
+ return $this->badRequest(array(
+ APIError::BAD_REQUEST => __('Please check the reCAPTCHA.', 'mailpoet')
+ ));
+ }
+
+ if($recaptcha['enabled']) {
+ $res = wp_remote_post('https://www.google.com/recaptcha/api/siteverify', array(
+ 'body' => array(
+ 'secret' => $recaptcha['secret_token'],
+ 'response' => $data['recaptcha']
+ )
+ ));
+ if(is_wp_error($res) || !$res['body']['success']) {
+ return $this->badRequest(array(
+ APIError::BAD_REQUEST => __('Error while validating the reCAPTCHA.', 'mailpoet')
+ ));
+ }
+ }
+
$data = $this->deobfuscateFormPayload($data);
$segment_ids = (!empty($data['segments'])
diff --git a/lib/Form/Renderer.php b/lib/Form/Renderer.php
index e137b7ddeb..83b04fa075 100644
--- a/lib/Form/Renderer.php
+++ b/lib/Form/Renderer.php
@@ -1,6 +1,8 @@
' . __('Please leave this field empty', 'mailpoet') . '' :
'';
foreach($blocks as $key => $block) {
- $html .= static::renderBlock($block) . PHP_EOL;
+ $html[] = static::renderBlock($block) . PHP_EOL;
}
- return $html;
+ if(Setting::getValue('re_captcha.enabled')) {
+ $submit = array_pop($html);
+ $site_key = Setting::getValue('re_captcha.site_token');
+ $html[] = '';
+ $html[] = $submit;
+ }
+
+ return implode('', $html);
}
static function renderBlock($block = array()) {
diff --git a/lib/Form/Widget.php b/lib/Form/Widget.php
index c12b761359..845eb37b39 100644
--- a/lib/Form/Widget.php
+++ b/lib/Form/Widget.php
@@ -7,6 +7,7 @@ use MailPoet\Config\Env;
use MailPoet\Config\Renderer as ConfigRenderer;
use MailPoet\Form\Renderer as FormRenderer;
use MailPoet\Models\Form;
+use MailPoet\Models\Setting;
use MailPoet\Util\Security;
use MailPoet\WP\Hooks;
@@ -48,6 +49,9 @@ class Widget extends \WP_Widget {
wp_print_scripts('jquery');
wp_print_scripts('mailpoet_vendor');
wp_print_scripts('mailpoet_public');
+ if(Setting::getValue('re_captcha.enabled')) {
+ echo '';
+ }
$scripts = ob_get_contents();
ob_end_clean();
@@ -320,4 +324,4 @@ EOL;
return $output;
}
}
-}
\ No newline at end of file
+}