Google recaptcha

controller/class.LoginController.php

@@ -59,7 +59,8 @@ public function go() {
 				die();
 			}
 			if (isset($_POST['submit']) && $_POST['submit']=='Login'
-					&& isset($_POST['username']) && isset($_POST['pwd']) ) {
+					&& isset($_POST['username']) && isset($_POST['pwd'])
+					&& isset($_POST['g-recaptcha-response']) ) {
 				if ($_POST['username']=='' || $_POST['pwd']=='') {
 					if ($_POST['username']=='') {
 						$this->addErrorMessage("Username must not be empty");
@@ -73,6 +74,7 @@ public function go() {
 					$username = $_POST['username'];
 					$this->addToView('username', $username);
 					$user=User::findByUsername($username);
+					$recaptcha_response = $_POST['g-recaptcha-response'];
 
 					if (!$user) {
 						header('Location:'.SOURCE_ROOT_PATH."?url=mainlogin&msg=username");
@@ -83,6 +85,9 @@ public function go() {
 					} elseif ($user->is_activated != 1){
 						header('Location:'.SOURCE_ROOT_PATH."?url=mainlogin&msg=activate");
 						die();
+					} elseif (!Utils::verifyReCaptcha($recaptcha_response)) {
+						header('Location:'.SOURCE_ROOT_PATH."?url=mainlogin&msg=recaptcha");
+						die();
 					} else {
 						// start the session
 						$session->completeLogin($user);

model/common/class.Utils.php

@@ -61,7 +61,7 @@ public function validateEmail($email = '') {
 
 	public static function hash($password){
 		$hash = password_hash($password);
-		if (FALSE === $hash)){
+		if (FALSE === $hash){
 			throw new Exception('Password could not be hashed');
 			return false;
 		}
@@ -77,4 +77,29 @@ public static function sanitizeInput($input) {
     		$input = htmlspecialchars($input);
     		return $input;
 	}
+
+	public static function verifyReCaptcha($input) {
+		$url = 'https://www.google.com/recaptcha/api/siteverify';
+		$payload = array(
+			'response' => $input,
+			'secret' => G_SECRET_KEY
+			);
+
+		$response = Utils::sendPostRequest($url, $payload);
+		$json_response = json_decode($response, true);
+		return $json_response['success'];
+	}
+
+	public static function sendPostRequest($url, $payload) {
+		$ch = curl_init($url);
+
+		curl_setopt($ch, CURLOPT_POST, 1);
+		curl_setopt($ch, CURLOPT_POSTFIELDS, $payload);
+		curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+
+		$response = curl_exec($ch);
+		curl_close($ch);
+
+		return $response;
+	}
 }

sample.config.inc.php

@@ -77,6 +77,10 @@
 //the installation language
 define('LANG','EN');
 
+//Google recaptcha site_key and secret_key obtained from https://www.google.com/recaptcha/admin
+define('G_SITE_KEY', '#GOOGLE_RECAPTCHA_SITE_KEY');
+define('G_SECRET_KEY', '#GOOGLE_RECAPTCHA_SECRET_KEY');
+
 /* Unit Testing Variables*/
 define('TEST_USERNAME_ADMIN','#THE_USERNAME_FOR_TESTS');
 define('TEST_PASSWORD_ADMIN','#THE_PASSWORD_FOR_tESTS');

view/user_login.tpl

@@ -6,10 +6,12 @@
 	    <input name="username" type="text" autofocus required>
 	    <label> Password </label>
 	    <input name="pwd" id="password" type="password" required>
+	    <br><br>
+	    <div class="g-recaptcha" data-sitekey="{$smarty.const.G_SITE_KEY}"></div>
 	    <input class="submit" name="submit" type="submit" id="submit" value="Login"><br/>
 	    <a href="{$site_root_path}?url=forgotpassword"> Forgot your password </a><br/>
 	    <a href="{$site_root_path}?url=register"> Create an account </a>
-        </fieldset>
+    </fieldset>
     </form>
 </div>
-        
+<script src='https://www.google.com/recaptcha/api.js'></script>