From 4cf3ac8310591b679802e451dea6c29fc022e925 Mon Sep 17 00:00:00 2001 From: gtbu Date: Sat, 22 Feb 2025 20:02:59 +0100 Subject: [PATCH] recaptcha 1.3.0m update from google recaptcha 1.2.4 auf 1.3.0 --- include/thirdparty/recaptcha/LICENSE | 29 ++++ include/thirdparty/recaptcha/README.md | 147 ++++++++++++++++++ .../recaptcha/ReCaptcha/ReCaptcha.php | 30 ++-- .../recaptcha/ReCaptcha/RequestMethod.php | 1 - .../ReCaptcha/RequestMethod/Curl.php | 1 - .../ReCaptcha/RequestMethod/SocketPost.php | 2 + .../recaptcha/ReCaptcha/Response.php | 10 +- .../recaptcha/ReCaptcha/autoload.php | 69 ++++++++ 8 files changed, 270 insertions(+), 19 deletions(-) create mode 100644 include/thirdparty/recaptcha/LICENSE create mode 100644 include/thirdparty/recaptcha/README.md create mode 100644 include/thirdparty/recaptcha/ReCaptcha/autoload.php diff --git a/include/thirdparty/recaptcha/LICENSE b/include/thirdparty/recaptcha/LICENSE new file mode 100644 index 0000000..d147b35 --- /dev/null +++ b/include/thirdparty/recaptcha/LICENSE @@ -0,0 +1,29 @@ +BSD 3-Clause License + +Copyright (c) 2019, Google Inc. +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + +1. Redistributions of source code must retain the above copyright notice, this + list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + +3. Neither the name of the copyright holder nor the names of its + contributors may be used to endorse or promote products derived from + this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/include/thirdparty/recaptcha/README.md b/include/thirdparty/recaptcha/README.md new file mode 100644 index 0000000..67044a7 --- /dev/null +++ b/include/thirdparty/recaptcha/README.md @@ -0,0 +1,147 @@ +# reCAPTCHA PHP client library + +[![Build Status](https://travis-ci.org/google/recaptcha.svg)](https://travis-ci.org/google/recaptcha) +[![Coverage Status](https://coveralls.io/repos/github/google/recaptcha/badge.svg)](https://coveralls.io/github/google/recaptcha) +[![Latest Stable Version](https://poser.pugx.org/google/recaptcha/v/stable.svg)](https://packagist.org/packages/google/recaptcha) +[![Total Downloads](https://poser.pugx.org/google/recaptcha/downloads.svg)](https://packagist.org/packages/google/recaptcha) + +reCAPTCHA is a free CAPTCHA service that protects websites from spam and abuse. +This is a PHP library that wraps up the server-side verification step required +to process responses from the reCAPTCHA service. This client supports both v2 +and v3. + +- reCAPTCHA: https://www.google.com/recaptcha +- This repo: https://github.com/google/recaptcha +- Hosted demo: https://recaptcha-demo.appspot.com/ +- Version: 1.3.0 +- License: BSD, see [LICENSE](LICENSE) + +## Installation + +### Composer (recommended) + +Use [Composer](https://getcomposer.org) to install this library from Packagist: +[`google/recaptcha`](https://packagist.org/packages/google/recaptcha) + +Run the following command from your project directory to add the dependency: + +```sh +composer require google/recaptcha "^1.3" +``` + +Alternatively, add the dependency directly to your `composer.json` file: + +```json +"require": { + "google/recaptcha": "^1.3" +} +``` + +### Support for earlier versions of PHP + +The 1.3 release moves to PHP 8 and up. For earlier versions, you will need to +stay with the 1.2 releases. + +### Direct download + +Download the [ZIP file](https://github.com/google/recaptcha/archive/master.zip) +and extract into your project. An autoloader script is provided in +`src/autoload.php` which you can require into your script. For example: + +```php +require_once '/path/to/recaptcha/src/autoload.php'; +$recaptcha = new \ReCaptcha\ReCaptcha($secret); +``` + +The classes in the project are structured according to the +[PSR-4](https://www.php-fig.org/psr/psr-4/) standard, so you can also use your +own autoloader or require the needed files directly in your code. + +## Usage + +First obtain the appropriate keys for the type of reCAPTCHA you wish to +integrate for v2 at https://www.google.com/recaptcha/admin or v3 at +https://g.co/recaptcha/v3. + +Then follow the [integration guide on the developer +site](https://developers.google.com/recaptcha/intro) to add the reCAPTCHA +functionality into your frontend. + +This library comes in when you need to verify the user's response. On the PHP +side you need the response from the reCAPTCHA service and secret key from your +credentials. Instantiate the `ReCaptcha` class with your secret key, specify any +additional validation rules, and then call `verify()` with the reCAPTCHA +response (usually in `$_POST['g-recaptcha-response']` or the response from +`grecaptcha.execute()` in JS which is in `$gRecaptchaResponse` in the example) +and user's IP address. For example: + +```php +setExpectedHostname('recaptcha-demo.appspot.com') + ->verify($gRecaptchaResponse, $remoteIp); +if ($resp->isSuccess()) { + // Verified! +} else { + $errors = $resp->getErrorCodes(); +} +``` + +The following methods are available: + +- `setExpectedHostname($hostname)`: ensures the hostname matches. You must do + this if you have disabled "Domain/Package Name Validation" for your + credentials. +- `setExpectedApkPackageName($apkPackageName)`: if you're verifying a response + from an Android app. Again, you must do this if you have disabled + "Domain/Package Name Validation" for your credentials. +- `setExpectedAction($action)`: ensures the action matches for the v3 API. +- `setScoreThreshold($threshold)`: set a score threshold for responses from the + v3 API +- `setChallengeTimeout($timeoutSeconds)`: set a timeout between the user passing + the reCAPTCHA and your server processing it. + +Each of the `set`\*`()` methods return the `ReCaptcha` instance so you can chain +them together. For example: + +```php +setExpectedHostname('recaptcha-demo.appspot.com') + ->setExpectedAction('homepage') + ->setScoreThreshold(0.5) + ->verify($gRecaptchaResponse, $remoteIp); + +if ($resp->isSuccess()) { + // Verified! +} else { + $errors = $resp->getErrorCodes(); +} +``` + +You can find the constants for the libraries error codes in the `ReCaptcha` +class constants, e.g. `ReCaptcha::E_HOSTNAME_MISMATCH` + +For more details on usage and structure, see [ARCHITECTURE](ARCHITECTURE.md). + +### Examples + +You can see examples of each reCAPTCHA type in [examples/](examples/). You can +run the examples locally by using the Composer script: + +```sh +composer run-script serve-examples +``` + +This makes use of the in-built PHP dev server to host the examples at +http://localhost:8080/ + +These are also hosted on Google AppEngine Flexible environment at +https://recaptcha-demo.appspot.com/. This is configured by +[`app.yaml`](./app.yaml) which you can also use to [deploy to your own AppEngine +project](https://cloud.google.com/appengine/docs/flexible/php/download). + +## Contributing + +No one ever has enough engineers, so we're very happy to accept contributions +via Pull Requests. For details, see [CONTRIBUTING](CONTRIBUTING.md) diff --git a/include/thirdparty/recaptcha/ReCaptcha/ReCaptcha.php b/include/thirdparty/recaptcha/ReCaptcha/ReCaptcha.php index 31ec44a..d75ce1f 100644 --- a/include/thirdparty/recaptcha/ReCaptcha/ReCaptcha.php +++ b/include/thirdparty/recaptcha/ReCaptcha/ReCaptcha.php @@ -43,73 +43,73 @@ class ReCaptcha * Version of this client library. * @const string */ - const VERSION = 'php_1.2.4'; + public const VERSION = 'php_1.3.0'; /** * URL for reCAPTCHA siteverify API * @const string */ - const SITE_VERIFY_URL = 'https://www.google.com/recaptcha/api/siteverify'; + public const SITE_VERIFY_URL = 'https://www.google.com/recaptcha/api/siteverify'; /** * Invalid JSON received * @const string */ - const E_INVALID_JSON = 'invalid-json'; + public const E_INVALID_JSON = 'invalid-json'; /** * Could not connect to service * @const string */ - const E_CONNECTION_FAILED = 'connection-failed'; + public const E_CONNECTION_FAILED = 'connection-failed'; /** * Did not receive a 200 from the service * @const string */ - const E_BAD_RESPONSE = 'bad-response'; + public const E_BAD_RESPONSE = 'bad-response'; /** * Not a success, but no error codes received! * @const string */ - const E_UNKNOWN_ERROR = 'unknown-error'; + public const E_UNKNOWN_ERROR = 'unknown-error'; /** * ReCAPTCHA response not provided * @const string */ - const E_MISSING_INPUT_RESPONSE = 'missing-input-response'; + public const E_MISSING_INPUT_RESPONSE = 'missing-input-response'; /** * Expected hostname did not match * @const string */ - const E_HOSTNAME_MISMATCH = 'hostname-mismatch'; + public const E_HOSTNAME_MISMATCH = 'hostname-mismatch'; /** * Expected APK package name did not match * @const string */ - const E_APK_PACKAGE_NAME_MISMATCH = 'apk_package_name-mismatch'; + public const E_APK_PACKAGE_NAME_MISMATCH = 'apk_package_name-mismatch'; /** * Expected action did not match * @const string */ - const E_ACTION_MISMATCH = 'action-mismatch'; + public const E_ACTION_MISMATCH = 'action-mismatch'; /** * Score threshold not met * @const string */ - const E_SCORE_THRESHOLD_NOT_MET = 'score-threshold-not-met'; + public const E_SCORE_THRESHOLD_NOT_MET = 'score-threshold-not-met'; /** * Challenge timeout * @const string */ - const E_CHALLENGE_TIMEOUT = 'challenge-timeout'; + public const E_CHALLENGE_TIMEOUT = 'challenge-timeout'; /** * Shared secret for the site. @@ -123,6 +123,12 @@ class ReCaptcha */ private $requestMethod; + private $hostname; + private $apkPackageName; + private $action; + private $threshold; + private $timeoutSeconds; + /** * Create a configured instance to use the reCAPTCHA service. * diff --git a/include/thirdparty/recaptcha/ReCaptcha/RequestMethod.php b/include/thirdparty/recaptcha/ReCaptcha/RequestMethod.php index 0a2a671..bd2a949 100644 --- a/include/thirdparty/recaptcha/ReCaptcha/RequestMethod.php +++ b/include/thirdparty/recaptcha/ReCaptcha/RequestMethod.php @@ -39,7 +39,6 @@ namespace ReCaptcha; */ interface RequestMethod { - /** * Submit the request with the specified parameters. * diff --git a/include/thirdparty/recaptcha/ReCaptcha/RequestMethod/Curl.php b/include/thirdparty/recaptcha/ReCaptcha/RequestMethod/Curl.php index eb99842..2d3b389 100644 --- a/include/thirdparty/recaptcha/ReCaptcha/RequestMethod/Curl.php +++ b/include/thirdparty/recaptcha/ReCaptcha/RequestMethod/Curl.php @@ -39,7 +39,6 @@ namespace ReCaptcha\RequestMethod; */ class Curl { - /** * @see http://php.net/curl_init * @param string $url diff --git a/include/thirdparty/recaptcha/ReCaptcha/RequestMethod/SocketPost.php b/include/thirdparty/recaptcha/ReCaptcha/RequestMethod/SocketPost.php index 464bc28..19d50ab 100644 --- a/include/thirdparty/recaptcha/ReCaptcha/RequestMethod/SocketPost.php +++ b/include/thirdparty/recaptcha/ReCaptcha/RequestMethod/SocketPost.php @@ -51,6 +51,8 @@ class SocketPost implements RequestMethod */ private $socket; + private $siteVerifyUrl; + /** * Only needed if you want to override the defaults * diff --git a/include/thirdparty/recaptcha/ReCaptcha/Response.php b/include/thirdparty/recaptcha/ReCaptcha/Response.php index 55838c0..8a5d3aa 100644 --- a/include/thirdparty/recaptcha/ReCaptcha/Response.php +++ b/include/thirdparty/recaptcha/ReCaptcha/Response.php @@ -95,11 +95,11 @@ class Response return new Response(false, array(ReCaptcha::E_INVALID_JSON)); } - $hostname = isset($responseData['hostname']) ? $responseData['hostname'] : null; - $challengeTs = isset($responseData['challenge_ts']) ? $responseData['challenge_ts'] : null; - $apkPackageName = isset($responseData['apk_package_name']) ? $responseData['apk_package_name'] : null; + $hostname = isset($responseData['hostname']) ? $responseData['hostname'] : ''; + $challengeTs = isset($responseData['challenge_ts']) ? $responseData['challenge_ts'] : ''; + $apkPackageName = isset($responseData['apk_package_name']) ? $responseData['apk_package_name'] : ''; $score = isset($responseData['score']) ? floatval($responseData['score']) : null; - $action = isset($responseData['action']) ? $responseData['action'] : null; + $action = isset($responseData['action']) ? $responseData['action'] : ''; if (isset($responseData['success']) && $responseData['success'] == true) { return new Response(true, array(), $hostname, $challengeTs, $apkPackageName, $score, $action); @@ -123,7 +123,7 @@ class Response * @param string $action * @param array $errorCodes */ - public function __construct($success, array $errorCodes = array(), $hostname = null, $challengeTs = null, $apkPackageName = null, $score = null, $action = null) + public function __construct($success, array $errorCodes = array(), $hostname = '', $challengeTs = '', $apkPackageName = '', $score = null, $action = '') { $this->success = $success; $this->hostname = $hostname; diff --git a/include/thirdparty/recaptcha/ReCaptcha/autoload.php b/include/thirdparty/recaptcha/ReCaptcha/autoload.php new file mode 100644 index 0000000..7947a10 --- /dev/null +++ b/include/thirdparty/recaptcha/ReCaptcha/autoload.php @@ -0,0 +1,69 @@ +