Anti-Spam Options - reCAPTCHA v2 Human Verification

(Note: This mod was renamed. The original name was "New reCAPTCHA Human Verification")

What is it?
----------------------------
This mod adds reCAPTCHA v2 as an option in the Human Verification Manager.

Note: The original reCAPTCHA used default keys if you didn't enter your own, so you could leave the key fields blank. This version requires you to have your own keys for your domain. To create them, go to this page (click on the "Get reCAPTCHA" button). It may take a short time after creating the keys before they will work, so if you get "ERROR: Invalid domain for site key", wait a while and try again.

vb3 version is here: https://vborg.vbsupport.ru/showthread.php?t=315964

Installation:
----------------------------
1) Upload the file in the "upload" folder to your server.

2) Import the product XML file from the Product Manager.

3) If you don't already have keys, go to this page and create keys for your domain. (If you already have keys you can get them from that page as well).

4) Go to Settings > Human Verification Manager, select "New reCAPTCHA" for the Verification Library, and click Save.

5) Enter your keys on the options page, and select the light or dark widget as desired (apparently white and black are the only options at this time). You could select "Audio" to default to audio instead of image for the challenge, but the widget seems to have a bug in it at the moment so I recommend leaving it set to "image". Click Save when you're done selecting options.

6) You can check the configuration and do a test by clicking on "Click here to test connection" which appears under the description in the Human Verification Manager.

7) Do a test registration (or other action that requires hv) to test that your keys are entered correctly and everything is working.

8) If you are upgrading from version 0.9, you can remove the file includes/class_humanverify_newrecaptcha.php (the one without the third underscore) from your server.

History:
----------------------------
1.0 (Feb 22, 2015)

• Cached template (required renaming the uploaded file from
  class_humanverify_newrecaptcha.php to class_humanverify_new_recaptcha.php)
• Removed default keys (which didn't work anyway)
• Removed trademark symbols
• Changed execution order of plugins from 5 to 4, to make sure this product
  works with another HV add-on that has a bug.
• If "New reCAPTCHA" is selected when this mod is uninstalled, the hv library
  is switched to 'disabled'.
• Added a test option to print out more information about verification failures

0.9 (Dec 11, 2014)

• Initial Release

[rodriiverduguez]

Quote:

Originally Posted by T.P.

class_humanverify_new_recaptcha.php - Fixxed

PHP Code:

<?php

if (!isset($GLOBALS['vbulletin']->db))
{
    exit;
}

require_once(DIR . '/includes/class_vurl.php');

class vB_HumanVerify_New_Recaptcha extends vB_HumanVerify_Abstract
{
    public static $verify_url = 'https://www.google.com/recaptcha/api/siteverify';
    
    /**
    * Constructor
    *
    * @return    void
    */
    function __construct(&$registry)
    {
        parent::__construct($registry);
    }

    private static function get_error_phrase($result)
    {
        if (isset($result['error-codes']))
            $errormsg = current($result['error-codes']);
        else
            $errormsg = '';
        switch ($errormsg)
        {
            case 'missing-input-secret':
            case 'invalid-input-secret':
                $error = 'humanverify_new_recaptcha_secret';
                break;
            case 'missing-input-response':
                $error = 'humanverify_new_recaptcha_noanswer';
                break;
            case 'invalid-input-response':
            default:
                $error = 'humanverify_new_recaptcha_wronganswer';
        }
        return $error;
    }


    function verify_token($input)
    {
        $this->registry->input->clean_array_gpc('p', array(
            'g-recaptcha-response' => TYPE_STR,
        ));

        if ($this->delete_token($input['hash']) AND isset($this->registry->GPC['g-recaptcha-response']) AND 
                                                    $this->registry->GPC['g-recaptcha-response'] !== '')
        {    
            $secret = urlencode($this->registry->options['hv_new_recaptcha_privatekey']);
            $remoteip = urlencode(IPADDRESS);
            $response = urlencode($this->registry->GPC['g-recaptcha-response']);

            $vurl = new vB_vURL($this->registry);
            $vurl->set_option(VURL_URL, self::$verify_url."?secret=$secret&remoteip=$remoteip&response=$response");
            $vurl->set_option(VURL_USERAGENT, 'vBulletin ' . FILE_VERSION);
            $vurl->set_option(VURL_RETURNTRANSFER, 1);
            $vurl->set_option(VURL_CLOSECONNECTION, 1);

            if (($result = $vurl->exec()) === false || ($result = json_decode($result, true)) === NULL)
            {
                $this->error = 'humanverify_new_recaptcha_unreachable';
                return false;
            }
            else
            {
                if ($result['success'] === true)
                {
                    return true;
                }
                $this->error = self::get_error_phrase($result);
                return false;
            }
        }
        else
        {
            $this->error = 'humanverify_new_recaptcha_wronganswer';
            return false;
        }
    }

    function output_token($var_prefix = 'humanverify')
    {
        global $vbphrase, $show;
        $vbulletin =& $this->registry;

        $humanverify = $this->generate_token();

        $humanverify['publickey'] = ($this->registry->options['hv_new_recaptcha_publickey'] ? $this->registry->options['hv_new_recaptcha_publickey'] : '');
        $humanverify['theme'] = $this->registry->options['hv_new_recaptcha_theme'];
        $humanverify['type'] = $this->registry->options['hv_new_recaptcha_type'];

        if (preg_match('#^([a-z]{2})-?#i', vB_Template_Runtime::fetchStyleVar('languagecode'), $matches))
        {
            $humanverify['hl'] = strtolower($matches[1]);
        }
        
        $templater = vB_Template::create('humanverify_new_recaptcha');
            $templater->register('humanverify', $humanverify);
            $templater->register('var_prefix', $var_prefix);
        $output = $templater->render();

        return $output;
    }

    function fetch_answer()
    {
        return '';
    }
    
    public static function test_check_config()
    {
        global $vbulletin;
        $output = array();
        if (!is_string($vbulletin->options['hv_new_recaptcha_publickey']) || $vbulletin->options['hv_new_recaptcha_publickey']=='')
            $output[] = array(1, 'Site key is not set.');
        else
            $output[] = array(0, 'Site key is set: '.$vbulletin->options['hv_new_recaptcha_publickey']);
        if (!is_string($vbulletin->options['hv_new_recaptcha_privatekey']) || $vbulletin->options['hv_new_recaptcha_privatekey']=='')
            $output[] = array(1, 'Secret key is not set.');
        else
            $output[] = array(0, 'Secret key is set: '.$vbulletin->options['hv_new_recaptcha_privatekey']);
        if (!function_exists('curl_init'))
            $output[] = array(1, 'cURL must be enabled, and any curl_ functions must be removed from disable_functions in php.ini');
        else 
        {
            $output[] = array(0, 'cURL is enabled');
                $curlinfo = curl_version();
           if (empty($curlinfo['ssl_version']))
                $output[] = array(1, 'cURL does not have ssl enabled');
           else
           {
              $o = array("cURL version info:");
              foreach ($curlinfo AS $key=>$value)
              {
                 if ($key == 'features')
                    $value = '0x'.dechex($value);
                 if ($key == 'protocols')
                    $value = implode(', ',$value);
                 $o[] = $key.': '.$value;
              }
              $output[] = array(0, $o);
           }
           if (($ch = curl_init()) === false)
               $output[] = array(1, 'curl_init failed');
           else
                curl_close($ch);
             if (!function_exists('curl_exec'))
              $output[] = array(1, 'Function curl_exec is disabled. curl_exec must be removed from disable_functions in php.ini.');
           else
                $output[] = array(0, 'curl_exec function is not disabled');
        }
    
        return $output;
    }

    public static function test_display_widget()
    {
        global $vbulletin;
        return '<script src="https://www.google.com/recaptcha/api.js" async defer></script>
            <div class="g-recaptcha" data-sitekey="'.$vbulletin->options['hv_new_recaptcha_publickey'].'"></div>';
    }

    public static function test_verify()
    {
        global $vbulletin, $vbphrase;
        $output = array();
        
        $vbulletin->input->clean_array_gpc('p', array(
            'g-recaptcha-response' => TYPE_STR,
        ));
        
        if (!isset($vbulletin->GPC['g-recaptcha-response']) || $vbulletin->GPC['g-recaptcha-response'] == '')
            $output[] = array(1, 'g-recaptcha-response is not set. Complete the human verification challenge before pressing Submit.');
        else
        {
            $output[] = array(0, 'g-recaptcha-response: ' . fetch_trimmed_title($vbulletin->GPC['g-recaptcha-response'], 50));
            $secret = urlencode($vbulletin->options['hv_new_recaptcha_privatekey']);
            $remoteip = urlencode(IPADDRESS);
            $response = urlencode($vbulletin->GPC['g-recaptcha-response']);
            $url = self::$verify_url."?secret=$secret&remoteip=$remoteip&response=$response";
            $output[] = array(0, "verify url: '".fetch_trimmed_title($url,160)."'");
            if (($ch = curl_init()) !== false)
            {
                curl_setopt($ch, CURLOPT_URL, $url);
                curl_setopt($ch, CURLOPT_TIMEOUT, 15);
                curl_setopt($ch, CURLOPT_POST, 0);
                curl_setopt($ch, CURLOPT_HEADER, 0);
                curl_setopt($ch, CURLOPT_HTTPHEADER, array());
                curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
                curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
                curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
                curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);

                $result = curl_exec($ch);
                if ($result === false AND curl_errno($ch) == '60')
                {
                    $output[] = array(0, "Error 60, retrying with CAINFO");
                    curl_setopt($ch, CURLOPT_CAINFO, DIR . '/includes/paymentapi/ca-bundle.crt');
                    $result = curl_exec($ch);
                }
                $info = curl_getinfo($ch);
                if ($result === false)
                   $output[] = array(1, "curl_exec returned false: ".curl_error($ch));
                else
                {
                    if ($info['http_code'] != 200)
                        $output[] = array(1, "Http response code " . $info['http_code']);
                    $o = array("cURL transfer info:");
                    foreach ($info AS $key=>$value)
                    {
                        $o[] = $key.': '.$value;
                    }
                    $output[] = array($info['http_code'] != 200, $o);
                    if ($info['http_code'] == 200)
                    {
                        $output[] = array(0, "Raw response: ".htmlspecialchars($result));
                        if (($result = json_decode($result, true)) === NULL)
                           $output[] = array(1, "json_decode of response failed");
                        else
                        {
                            $o = array("Decoded response:");
                            foreach ($result AS $key=>$value)
                            {
                                if ($key == 'success')
                                    $value = ($value ? 'true' : 'false');
                                if ($key == 'error-codes')
                                    $value = implode(',', $value);
                                $o[] = $key.': '.$value;
                            }
                            $output[] = array($result['success'] ? 0 : 1, $o);
                            if ($result['success'] !== true)
                            {
                                $error = self::get_error_phrase($result);
                                require_once(DIR.'/includes/functions_misc.php');
                                $output[] = array(1, "Error Phrase: ".fetch_phrase($error, 'error'));
                            }
                        }
                    }
                    else
                        $output[] = array(1, "Http Response: ".htmlspecialchars($result));
                }
                curl_close($ch);
            }
            else
                $output[] = array(1, "curl_init() failed.");
        } 
        return $output;
    }
}
?>

vBulletin updated the __constructor

Years ago I wanted to add it to my forum but I missed the registry error. Looking again I find your comment, I make the modification and ready. Problem solved, thank you very much. Plugin running in 4.2.5

translated by Google

[SuperTaz]

When trying to add a new member they get this message using the fix a few posts above:

Code:

vBulletin Message
Unable to add cookies, header already sent.
File: /home2/public_html/forums/includes/class_humanverify_new_recaptcha.php
Line: 1
Global Gamers Forums

Any help on this?

[TheBang]

So, I already did this for the vB3 version of this plugin several months ago. I had need to do a vB4 install too now, so I've done it for this one too:

I've repackaged this add-on into a 1.0.1 version, which you can download below. The main change is incorporating the required PHP fix (from above). So, this will work properly with vBulletin 4.2.5 and PHP 5.6/7.0/7.1. It should also work with earlier versions, though the minimum PHP version required is probably something like PHP 5.3.

I also updated all the UI elements to refer to the feature as "reCAPTCHA v2" instead of "New reCAPTCHA". I also updated the readme docs, correcting errors and typos.

[doopz]

Quote:

Originally Posted by TheBang

So, I already did this for the vB3 version of this plugin several months ago. I had need to do a vB4 install too now, so I've done it for this one too:

I've repackaged this add-on into a 1.0.1 version, which you can download below. The main change is incorporating the required PHP fix (from above). So, this will work properly with vBulletin 4.2.5 and PHP 5.6/7.0/7.1. It should also work with earlier versions, though the minimum PHP version required is probably something like PHP 5.3.

I also updated all the UI elements to refer to the feature as "reCAPTCHA v2" instead of "New reCAPTCHA". I also updated the readme docs, correcting errors and typos.

Thank you! installed in 5 min and works flawlessly.

[Sean James]

When I try and upload the product XML file I am getting this error:

Access Denied - Sucuri Website Firewall
Block reason: An attempted XSS (Cross site scripting) was detected and blocked.

[NeoDio]

vBulletin Message
Unable to add cookies, header already sent.
File: /home2/public_html/forums/includes/class_humanverify_new_recaptcha.php

I also get this message when new users register. Anyone know the fix for that?

[Sean James]

Quote:

Originally Posted by Sean James

When I try and upload the product XML file I am getting this error:

Access Denied - Sucuri Website Firewall
Block reason: An attempted XSS (Cross site scripting) was detected and blocked.

All good problem fixed, was a server problem

[wawro]

It works fine on vb 4.2.3

No modification templates required.

Thanks a lot.

All The Best !

[rekha]

i m not able to set this on my forum pls help

[TheLastSuperman]

Quote:

Originally Posted by rekha

i m not able to set this on my forum pls help

Make sure you've uploaded the file in the .zip which is class_humanverify_new_recaptcha.php

From there it's > AdminCP > Settings > Human Verification Manager > Set to ReCaptcha v2.

*Note the site key and secret site key i.e. copy them to notepad before changing to v2 and saving, if you do not copy them then when you save the recaptcha type as v2 it will redo the fields and they'll be empty and you'll lose the values (so if you copy now you won't need to login to google to get the keys again you can just copy/paste from notepad).

So that means it's three steps:
1) Upload the one required file.
2) Change the ReCaptcha to v2 in Human Verification Manager
3) Re-enter site key and secret site key in settings and save again.

Modification will be enabled after that.