From a836f6bdb6104b29209f0eb6e1d4f5a1a4267647 Mon Sep 17 00:00:00 2001
From: Arpit Singla <arpit270896@gmail.com>
Date: Sat, 5 Mar 2016 18:55:21 +0530
Subject: [PATCH 1/4] adds google recaptcha on login form

---
 controller/class.LoginController.php | 10 +++++++++-
 model/common/class.Utils.php         | 19 +++++++++++++++++++
 sample.config.inc.php                |  4 ++++
 view/user_login.tpl                  |  6 ++++--
 4 files changed, 36 insertions(+), 3 deletions(-)

diff --git a/controller/class.LoginController.php b/controller/class.LoginController.php
index d3705815..22314610 100644
--- a/controller/class.LoginController.php
+++ b/controller/class.LoginController.php
@@ -59,7 +59,8 @@ public function go() {
 				die();
 			}
 			if (isset($_POST['submit']) && $_POST['submit']=='Login'
-					&& isset($_POST['username']) && isset($_POST['pwd']) ) {
+					&& isset($_POST['username']) && isset($_POST['pwd'])
+					&& isset($_POST['g-recaptcha-response']) ) {
 				if ($_POST['username']=='' || $_POST['pwd']=='') {
 					if ($_POST['username']=='') {
 						$this->addErrorMessage("Username must not be empty");
@@ -84,6 +85,13 @@ public function go() {
 						header('Location:'.SOURCE_ROOT_PATH."?url=mainlogin&msg=activate");
 						die();
 					} else {
+						// verify recaptcha
+						$recaptcha_response = $_POST['g-recaptcha-response'];
+						$recaptcha_verify = Utils::verifyReCaptcha($recaptcha_response);
+						if(!$recaptcha_verify) {
+							header('Location:'.SOURCE_ROOT_PATH."?url=mainlogin&msg=recaptcha");
+							die();
+						}
 						// start the session
 						$session->completeLogin($user);
 						if($user->type){
diff --git a/model/common/class.Utils.php b/model/common/class.Utils.php
index a9a5167c..cd92e82a 100644
--- a/model/common/class.Utils.php
+++ b/model/common/class.Utils.php
@@ -77,4 +77,23 @@ public static function sanitizeInput($input) {
     		$input = htmlspecialchars($input);
     		return $input;
 	}
+
+	public static function verifyReCaptcha($input) {
+		$url = 'https://www.google.com/recaptcha/api/siteverify';
+		$payload = array(
+			'response' => $input,
+			'secret' => G_SECRET_KEY
+			);
+
+		$ch = curl_init($url);
+		curl_setopt($ch, CURLOPT_POST, 1);
+		curl_setopt($ch, CURLOPT_POSTFIELDS, $payload);
+		curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+		$response = curl_exec($ch);
+		curl_close($ch);
+
+		$json_response = json_decode($response, true);
+
+		return $json_response['success'];
+	}
 }
diff --git a/sample.config.inc.php b/sample.config.inc.php
index 09c967ef..7c66912f 100755
--- a/sample.config.inc.php
+++ b/sample.config.inc.php
@@ -77,6 +77,10 @@
 //the installation language
 define('LANG','EN');
 
+//Google recaptcha site_key and secret_key obtained from https://www.google.com/recaptcha/admin
+define('G_SITE_KEY', '#GOOGLE_RECAPTCHA_SITE_KEY');
+define('G_SECRET_KEY', '#GOOGLE_RECAPTCHA_SECRET_KEY');
+
 /* Unit Testing Variables*/
 define('TEST_USERNAME_ADMIN','#THE_USERNAME_FOR_TESTS');
 define('TEST_PASSWORD_ADMIN','#THE_PASSWORD_FOR_tESTS');
diff --git a/view/user_login.tpl b/view/user_login.tpl
index 50dfbe42..4f5a4eea 100755
--- a/view/user_login.tpl
+++ b/view/user_login.tpl
@@ -6,10 +6,12 @@
 	    <input name="username" type="text" autofocus required>
 	    <label> Password </label>
 	    <input name="pwd" id="password" type="password" required>
+	    <br><br>
+	    <div class="g-recaptcha" data-sitekey="{$smarty.const.G_SITE_KEY}"></div>
 	    <input class="submit" name="submit" type="submit" id="submit" value="Login"><br/>
 	    <a href="{$site_root_path}?url=forgotpassword"> Forgot your password </a><br/>
 	    <a href="{$site_root_path}?url=register"> Create an account </a>
-        </fieldset>
+    </fieldset>
     </form>
 </div>
-        
\ No newline at end of file
+<script src='https://www.google.com/recaptcha/api.js'></script>
\ No newline at end of file

From 6e6429d1b9a2ddb92e377f13766a0b985ee6c4db Mon Sep 17 00:00:00 2001
From: Arpit Singla <arpit270896@gmail.com>
Date: Sat, 5 Mar 2016 19:01:04 +0530
Subject: [PATCH 2/4] change to conventional method for verifying recaptcha

---
 controller/class.LoginController.php | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/controller/class.LoginController.php b/controller/class.LoginController.php
index 22314610..1de72564 100644
--- a/controller/class.LoginController.php
+++ b/controller/class.LoginController.php
@@ -74,6 +74,7 @@ public function go() {
 					$username = $_POST['username'];
 					$this->addToView('username', $username);
 					$user=User::findByUsername($username);
+					$recaptcha_response = $_POST['g-recaptcha-response'];
 
 					if (!$user) {
 						header('Location:'.SOURCE_ROOT_PATH."?url=mainlogin&msg=username");
@@ -84,14 +85,10 @@ public function go() {
 					} elseif ($user->is_activated != 1){
 						header('Location:'.SOURCE_ROOT_PATH."?url=mainlogin&msg=activate");
 						die();
+					} elseif (!Utils::verifyReCaptcha($recaptcha_response)) {
+						header('Location:'.SOURCE_ROOT_PATH."?url=mainlogin&msg=recaptcha");
+						die();
 					} else {
-						// verify recaptcha
-						$recaptcha_response = $_POST['g-recaptcha-response'];
-						$recaptcha_verify = Utils::verifyReCaptcha($recaptcha_response);
-						if(!$recaptcha_verify) {
-							header('Location:'.SOURCE_ROOT_PATH."?url=mainlogin&msg=recaptcha");
-							die();
-						}
 						// start the session
 						$session->completeLogin($user);
 						if($user->type){

From f3f2df221994751a282fb1b7d9ec1c055f843ee7 Mon Sep 17 00:00:00 2001
From: Arpit Singla <arpit270896@gmail.com>
Date: Sat, 5 Mar 2016 19:03:53 +0530
Subject: [PATCH 3/4] extracts sendPostRequest method from verifyRecaptcha
 method in Utils model

---
 model/common/class.Utils.php | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/model/common/class.Utils.php b/model/common/class.Utils.php
index cd92e82a..e144c859 100644
--- a/model/common/class.Utils.php
+++ b/model/common/class.Utils.php
@@ -85,15 +85,21 @@ public static function verifyReCaptcha($input) {
 			'secret' => G_SECRET_KEY
 			);
 
+		$response = Utils::sendPostRequest($url, $payload);
+		$json_response = json_decode($response, true);
+		return $json_response['success'];
+	}
+
+	public static function sendPostRequest($url, $payload) {
 		$ch = curl_init($url);
+
 		curl_setopt($ch, CURLOPT_POST, 1);
 		curl_setopt($ch, CURLOPT_POSTFIELDS, $payload);
 		curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+
 		$response = curl_exec($ch);
 		curl_close($ch);
 
-		$json_response = json_decode($response, true);
-
-		return $json_response['success'];
+		return $response;
 	}
 }

From 8da990abef8c38b09653afe6fe736f6b55ac8fc4 Mon Sep 17 00:00:00 2001
From: Arpit Singla <arpit270896@gmail.com>
Date: Sat, 5 Mar 2016 19:12:26 +0530
Subject: [PATCH 4/4] fixes minor bugs

---
 model/common/class.Utils.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/model/common/class.Utils.php b/model/common/class.Utils.php
index e144c859..ac453a53 100644
--- a/model/common/class.Utils.php
+++ b/model/common/class.Utils.php
@@ -61,7 +61,7 @@ public function validateEmail($email = '') {
 
 	public static function hash($password){
 		$hash = password_hash($password);
-		if (FALSE === $hash)){
+		if (FALSE === $hash){
 			throw new Exception('Password could not be hashed');
 			return false;
 		}