Update Google reCAPTCHA plugin

Switch to new “no CAPTCHA”

qa-plugin/recaptcha-captcha/qa-recaptcha-captcha.php

@@ -23,39 +23,56 @@
 class qa_recaptcha_captcha
 {
 	private $directory;
+	private $errorCodeMessages;
 
 	public function load_module($directory, $urltoroot)
 	{
-		$this->directory=$directory;
+		$this->directory = $directory;
+
+		// human-readable error messages (though these are not currently displayed anywhere)
+		$this->errorCodeMessages = array(
+			'missing-input-secret' => 'The secret parameter is missing.',
+			'invalid-input-secret' => 'The secret parameter is invalid or malformed.',
+			'missing-input-response' => 'The response parameter is missing.',
+			'invalid-input-response' => 'The response parameter is invalid or malformed.',
+		);
 	}
 
-
 	public function admin_form()
 	{
-		$saved=false;
+		$saved = false;
 
 		if (qa_clicked('recaptcha_save_button')) {
 			qa_opt('recaptcha_public_key', qa_post_text('recaptcha_public_key_field'));
 			qa_opt('recaptcha_private_key', qa_post_text('recaptcha_private_key_field'));
 
-			$saved=true;
+			$saved = true;
 		}
 
-		$form=array(
+		$pub = trim(qa_opt('recaptcha_public_key'));
+		$pri = trim(qa_opt('recaptcha_private_key'));
+
+		$error = null;
+		if (!strlen($pub) || !strlen($pri)) {
+			require_once $this->directory.'recaptchalib.php';
+			$error = 'To use reCAPTCHA, you must <a href="'.qa_html(ReCaptcha::getSignupUrl()).'" target="_blank">sign up</a> to get these keys.';
+		}
+
+		$form = array(
 			'ok' => $saved ? 'reCAPTCHA settings saved' : null,
 
 			'fields' => array(
 				'public' => array(
 					'label' => 'reCAPTCHA public key:',
-					'value' => qa_opt('recaptcha_public_key'),
+					'value' => $pub,
 					'tags' => 'name="recaptcha_public_key_field"',
 				),
 
 				'private' => array(
 					'label' => 'reCAPTCHA private key:',
-					'value' => qa_opt('recaptcha_private_key'),
+					'value' => $pri,
 					'tags' => 'name="recaptcha_private_key_field"',
-					'error' => $this->recaptcha_error_html(),
+					'error' => $error,
 				),
 			),
 
@@ -70,67 +87,73 @@ class qa_recaptcha_captcha
 		return $form;
 	}
 
-
-	public function recaptcha_error_html()
-	{
-		if (!function_exists('fsockopen'))
-			return 'To use reCAPTCHA, the fsockopen() PHP function must be enabled on your server. Please check with your system administrator.';
-
-		elseif ( (!strlen(trim(qa_opt('recaptcha_public_key')))) || (!strlen(trim(qa_opt('recaptcha_private_key')))) ) {
-			require_once $this->directory.'recaptchalib.php';
-
-			$url=recaptcha_get_signup_url(@$_SERVER['HTTP_HOST'], qa_opt('site_title'));
-
-			return 'To use reCAPTCHA, you must <a href="'.qa_html($url).'">sign up</a> to get these keys.';
-		}
-
-		return null;
-	}
-
-
+	/**
+	 * Only allow reCAPTCHA if the keys are set up (new reCAPTCHA has no special requirements)
+	 */
 	public function allow_captcha()
 	{
-		return function_exists('fsockopen') && strlen(trim(qa_opt('recaptcha_public_key'))) && strlen(trim(qa_opt('recaptcha_private_key')));
-	}
+		$pub = trim(qa_opt('recaptcha_public_key'));
+		$pri = trim(qa_opt('recaptcha_private_key'));
 
+		return strlen($pub) && strlen($pri);
+	}
 
+	/**
+	 * Return HTML for reCAPTCHA, including non-JS fallback. New reCAPTCHA auto-detects the user's language.
+	 */
 	public function form_html(&$qa_content, $error)
 	{
-		require_once $this->directory.'recaptchalib.php';
-
-		$language=qa_opt('site_language');
-		if (strpos('|en|nl|fr|de|pt|ru|es|tr|', '|'.$language.'|')===false) // supported as of 3/2010
-			$language='en';
-
-		$qa_content['script_lines'][]=array(
-			"var RecaptchaOptions={",
-			"\ttheme:'white',",
-			"\tlang:".qa_js($language),
-			"};",
+		$pub = qa_opt('recaptcha_public_key');
+
+		$htmlLines = array(
+			// currently we cannot add async/defer attributes via $qa_content so we insert script here
+			'<script src="https://www.google.com/recaptcha/api.js" async defer></script>',
+			'<div class="g-recaptcha" data-sitekey="'.$pub.'"></div>',
+
+			// non-JS falback
+			'<noscript>',
+			'  <div style="width: 302px; height: 352px;">',
+			'    <div style="width: 302px; height: 352px; position: relative;">',
+			'      <div style="width: 302px; height: 352px; position: absolute;">',
+			'        <iframe src="https://www.google.com/recaptcha/api/fallback?k='.$pub.'"',
+			'                frameborder="0" scrolling="no"',
+			'                style="width: 302px; height:352px; border-style: none;">',
+			'        </iframe>',
+			'      </div>',
+			'      <div style="width: 250px; height: 80px; position: absolute; border-style: none;',
+			'                  bottom: 21px; left: 25px; margin: 0px; padding: 0px; right: 25px;">',
+			'        <textarea id="g-recaptcha-response" name="g-recaptcha-response"',
+			'                  class="g-recaptcha-response"',
+			'                  style="width: 250px; height: 80px; border: 1px solid #c1c1c1;',
+			'                         margin: 0px; padding: 0px; resize: none;" value=""></textarea>',
+			'      </div>',
+			'    </div>',
+			'  </div>',
+			'</noscript>',
 		);
 
-		return recaptcha_get_html(qa_opt('recaptcha_public_key'), $error, qa_is_https_probably());
+		return implode("\n", $htmlLines);
 	}
 
-
+	/**
+	 * Check that the CAPTCHA was entered correctly. reCAPTCHA sets a long string in 'g-recaptcha-response'
+	 * when the CAPTCHA is completed; we check that with the reCAPTCHA API.
+	 */
 	public function validate_post(&$error)
 	{
-		if ( (!empty($_POST['recaptcha_challenge_field'])) && (!empty($_POST['recaptcha_response_field'])) ) {
-			require_once $this->directory.'recaptchalib.php';
+		require_once $this->directory.'recaptchalib.php';
 
-			$answer=recaptcha_check_answer(
-				qa_opt('recaptcha_private_key'),
-				qa_remote_ip_address(),
-				$_POST['recaptcha_challenge_field'],
-				$_POST['recaptcha_response_field']
-			);
+		$recaptcha = new ReCaptcha(qa_opt('recaptcha_private_key'));
+		$remoteIp = qa_remote_ip_address();
+		$userResponse = qa_post_text('g-recaptcha-response');
 
-			if ($answer->is_valid)
-				return true;
+		$recResponse = $recaptcha->verifyResponse($remoteIp, $userResponse);
 
-			$error=@$answer->error;
+		foreach ($recResponse->errorCodes as $code) {
+			if (isset($this->errorCodeMessages[$code]))
+				$error .= $this->errorCodeMessages[$code] . "\n";
 		}
 
-		return false;
+		return $recResponse->success;
 	}
 }