handling recaptcha on the PHP side
This commit is contained in:
Amine Ben hammou
@ -2,6 +2,7 @@
|
||||
namespace MailPoet\API\JSON;
|
||||
|
||||
use MailPoet\Config\AccessControl;
|
||||
use MailPoet\Models\Setting;
|
||||
use MailPoet\Util\Helpers;
|
||||
use MailPoet\Util\Security;
|
||||
use MailPoet\WP\Hooks;
|
||||
@ -56,7 +57,13 @@ class API {
|
||||
Hooks::doAction('mailpoet_api_setup', array($this));
|
||||
$this->setRequestData($_POST);
|
||||
|
||||
if($this->checkToken() === false) {
|
||||
$ignoreToken = (
|
||||
Setting::getValue('re_captcha.enabled') &&
|
||||
$this->_request_endpoint == 'subscribers' &&
|
||||
$this->_request_method == 'subscribe'
|
||||
);
|
||||
|
||||
if(!$ignoreToken && $this->checkToken() === false) {
|
||||
$error_message = __('Sorry, but we couldn\'t connect to the MailPoet server. Please refresh the web page and try again.', 'mailpoet');
|
||||
$error_response = $this->createErrorResponse(Error::UNAUTHORIZED, $error_message, Response::STATUS_UNAUTHORIZED);
|
||||
return $error_response->send();
|
||||
|
||||
@ -5,9 +5,10 @@ namespace MailPoet\API\JSON\v1;
|
||||
use MailPoet\API\JSON\Endpoint as APIEndpoint;
|
||||
use MailPoet\API\JSON\Error as APIError;
|
||||
use MailPoet\Config\AccessControl;
|
||||
use MailPoet\Listing;
|
||||
use MailPoet\Form\Util\FieldNameObfuscator;
|
||||
use MailPoet\Listing;
|
||||
use MailPoet\Models\Form;
|
||||
use MailPoet\Models\Setting;
|
||||
use MailPoet\Models\StatisticsForms;
|
||||
use MailPoet\Models\Subscriber;
|
||||
use MailPoet\Newsletter\Scheduler\Scheduler;
|
||||
@ -76,6 +77,8 @@ class Subscribers extends APIEndpoint {
|
||||
$form = Form::findOne($form_id);
|
||||
unset($data['form_id']);
|
||||
|
||||
$recaptcha = Setting::getValue('re_captcha');
|
||||
|
||||
if(!$form) {
|
||||
return $this->badRequest(array(
|
||||
APIError::BAD_REQUEST => __('Please specify a valid form ID.', 'mailpoet')
|
||||
@ -87,6 +90,26 @@ class Subscribers extends APIEndpoint {
|
||||
));
|
||||
}
|
||||
|
||||
if($recaptcha['enabled'] && !isset($data['recaptcha'])) {
|
||||
return $this->badRequest(array(
|
||||
APIError::BAD_REQUEST => __('Please check the reCAPTCHA.', 'mailpoet')
|
||||
));
|
||||
}
|
||||
|
||||
if($recaptcha['enabled']) {
|
||||
$res = wp_remote_post('https://www.google.com/recaptcha/api/siteverify', array(
|
||||
'body' => array(
|
||||
'secret' => $recaptcha['secret_token'],
|
||||
'response' => $data['recaptcha']
|
||||
)
|
||||
));
|
||||
if(is_wp_error($res) || !$res['body']['success']) {
|
||||
return $this->badRequest(array(
|
||||
APIError::BAD_REQUEST => __('Error while validating the reCAPTCHA.', 'mailpoet')
|
||||
));
|
||||
}
|
||||
}
|
||||
|
||||
$data = $this->deobfuscateFormPayload($data);
|
||||
|
||||
$segment_ids = (!empty($data['segments'])
|
||||
|
||||
@ -1,6 +1,8 @@
|
||||
<?php
|
||||
namespace MailPoet\Form;
|
||||
|
||||
use MailPoet\Models\Setting;
|
||||
|
||||
if(!defined('ABSPATH')) exit;
|
||||
|
||||
class Renderer {
|
||||
@ -39,15 +41,23 @@ class Renderer {
|
||||
}
|
||||
|
||||
static function renderBlocks($blocks = array(), $honeypot_enabled = true) {
|
||||
$html = array();
|
||||
// add honeypot for spambots
|
||||
$html = ($honeypot_enabled) ?
|
||||
$html[] = ($honeypot_enabled) ?
|
||||
'<label class="mailpoet_hp_email_label">' . __('Please leave this field empty', 'mailpoet') . '<input type="email" name="data[email]"></label>' :
|
||||
'';
|
||||
foreach($blocks as $key => $block) {
|
||||
$html .= static::renderBlock($block) . PHP_EOL;
|
||||
$html[] = static::renderBlock($block) . PHP_EOL;
|
||||
}
|
||||
|
||||
return $html;
|
||||
if(Setting::getValue('re_captcha.enabled')) {
|
||||
$submit = array_pop($html);
|
||||
$site_key = Setting::getValue('re_captcha.site_token');
|
||||
$html[] = '<div class="g-recaptcha" data-sitekey="'. $site_key .'"></div>';
|
||||
$html[] = $submit;
|
||||
}
|
||||
|
||||
return implode('', $html);
|
||||
}
|
||||
|
||||
static function renderBlock($block = array()) {
|
||||
|
||||
@ -7,6 +7,7 @@ use MailPoet\Config\Env;
|
||||
use MailPoet\Config\Renderer as ConfigRenderer;
|
||||
use MailPoet\Form\Renderer as FormRenderer;
|
||||
use MailPoet\Models\Form;
|
||||
use MailPoet\Models\Setting;
|
||||
use MailPoet\Util\Security;
|
||||
use MailPoet\WP\Hooks;
|
||||
|
||||
@ -48,6 +49,9 @@ class Widget extends \WP_Widget {
|
||||
wp_print_scripts('jquery');
|
||||
wp_print_scripts('mailpoet_vendor');
|
||||
wp_print_scripts('mailpoet_public');
|
||||
if(Setting::getValue('re_captcha.enabled')) {
|
||||
echo '<script src="https://www.google.com/recaptcha/api.js"></script>';
|
||||
}
|
||||
$scripts = ob_get_contents();
|
||||
ob_end_clean();
|
||||
|
||||
|
||||
Reference in New Issue
Block a user