Anti-Spam Options - reCAPTCHA v2 Human Verification

(Note: This mod was renamed. The original name was "New reCAPTCHA Human Verification")

What is it?
----------------------------
This mod adds reCAPTCHA v2 as an option in the Human Verification Manager.

Note: The original reCAPTCHA used default keys if you didn't enter your own, so you could leave the key fields blank. This version requires you to have your own keys for your domain. To create them, go to this page (click on the "Get reCAPTCHA" button). It may take a short time after creating the keys before they will work, so if you get "ERROR: Invalid domain for site key", wait a while and try again.

vb3 version is here: https://vborg.vbsupport.ru/showthread.php?t=315964

Installation:
----------------------------
1) Upload the file in the "upload" folder to your server.

2) Import the product XML file from the Product Manager.

3) If you don't already have keys, go to this page and create keys for your domain. (If you already have keys you can get them from that page as well).

4) Go to Settings > Human Verification Manager, select "New reCAPTCHA" for the Verification Library, and click Save.

5) Enter your keys on the options page, and select the light or dark widget as desired (apparently white and black are the only options at this time). You could select "Audio" to default to audio instead of image for the challenge, but the widget seems to have a bug in it at the moment so I recommend leaving it set to "image". Click Save when you're done selecting options.

6) You can check the configuration and do a test by clicking on "Click here to test connection" which appears under the description in the Human Verification Manager.

7) Do a test registration (or other action that requires hv) to test that your keys are entered correctly and everything is working.

8) If you are upgrading from version 0.9, you can remove the file includes/class_humanverify_newrecaptcha.php (the one without the third underscore) from your server.

History:
----------------------------
1.0 (Feb 22, 2015)

• Cached template (required renaming the uploaded file from
  class_humanverify_newrecaptcha.php to class_humanverify_new_recaptcha.php)
• Removed default keys (which didn't work anyway)
• Removed trademark symbols
• Changed execution order of plugins from 5 to 4, to make sure this product
  works with another HV add-on that has a bug.
• If "New reCAPTCHA" is selected when this mod is uninstalled, the hv library
  is switched to 'disabled'.
• Added a test option to print out more information about verification failures

0.9 (Dec 11, 2014)

• Initial Release

[Areku]

I have this installed but I'm still having spammers posting crap as "bots".... I wonder if recaptcha v2 is dead end?

[yeahoo]

Quote:

Originally Posted by Chrismk

Installed successfully into 4.2.5.
Had to apply fix in post 286.

Me too ......thanks all !

[Areku]

What does the fix fix?

[djbaxter]

Quote:

Originally Posted by Areku

What does the fix fix?

Compatibility with vBulletin 4.2.5 and PHP 7

[Areku]

Quote:

Originally Posted by djbaxter

Compatibility with vBulletin 4.2.5 and PHP 7

Yes but am I supposed to see any warning or error message? I'm running 425 and PHP7 but cant remember seeing anything wrong?

[djbaxter]

Anyone trying to register will see error messages. If you are running 4.2.5 and PHP7 and you want to allow new registrations, apply the fix.

This is assuming you are using reCaptcha:

First check at AdminCP >> Settings >> Human Verification Options

Are you using New reCaptcha?

Then check AdminCP >> Settings >> Options >> Human Verification Options

Which boxes are checked there?

If you are using New reCaptcha, then any of the selected options will have problems and throw errors (assuming you haven't turned all errors off - if you have, you may not get an error but you still won't be able to complete those actions.

[T.P.]

class_humanverify_new_recaptcha.php - Fixxed

PHP Code:

<?php

if (!isset($GLOBALS['vbulletin']->db))
{
    exit;
}

require_once(DIR . '/includes/class_vurl.php');

class vB_HumanVerify_New_Recaptcha extends vB_HumanVerify_Abstract
{
    public static $verify_url = 'https://www.google.com/recaptcha/api/siteverify';
    
    /**
    * Constructor
    *
    * @return    void
    */
    function __construct(&$registry)
    {
        parent::__construct($registry);
    }

    private static function get_error_phrase($result)
    {
        if (isset($result['error-codes']))
            $errormsg = current($result['error-codes']);
        else
            $errormsg = '';
        switch ($errormsg)
        {
            case 'missing-input-secret':
            case 'invalid-input-secret':
                $error = 'humanverify_new_recaptcha_secret';
                break;
            case 'missing-input-response':
                $error = 'humanverify_new_recaptcha_noanswer';
                break;
            case 'invalid-input-response':
            default:
                $error = 'humanverify_new_recaptcha_wronganswer';
        }
        return $error;
    }


    function verify_token($input)
    {
        $this->registry->input->clean_array_gpc('p', array(
            'g-recaptcha-response' => TYPE_STR,
        ));

        if ($this->delete_token($input['hash']) AND isset($this->registry->GPC['g-recaptcha-response']) AND 
                                                    $this->registry->GPC['g-recaptcha-response'] !== '')
        {    
            $secret = urlencode($this->registry->options['hv_new_recaptcha_privatekey']);
            $remoteip = urlencode(IPADDRESS);
            $response = urlencode($this->registry->GPC['g-recaptcha-response']);

            $vurl = new vB_vURL($this->registry);
            $vurl->set_option(VURL_URL, self::$verify_url."?secret=$secret&remoteip=$remoteip&response=$response");
            $vurl->set_option(VURL_USERAGENT, 'vBulletin ' . FILE_VERSION);
            $vurl->set_option(VURL_RETURNTRANSFER, 1);
            $vurl->set_option(VURL_CLOSECONNECTION, 1);

            if (($result = $vurl->exec()) === false || ($result = json_decode($result, true)) === NULL)
            {
                $this->error = 'humanverify_new_recaptcha_unreachable';
                return false;
            }
            else
            {
                if ($result['success'] === true)
                {
                    return true;
                }
                $this->error = self::get_error_phrase($result);
                return false;
            }
        }
        else
        {
            $this->error = 'humanverify_new_recaptcha_wronganswer';
            return false;
        }
    }

    function output_token($var_prefix = 'humanverify')
    {
        global $vbphrase, $show;
        $vbulletin =& $this->registry;

        $humanverify = $this->generate_token();

        $humanverify['publickey'] = ($this->registry->options['hv_new_recaptcha_publickey'] ? $this->registry->options['hv_new_recaptcha_publickey'] : '');
        $humanverify['theme'] = $this->registry->options['hv_new_recaptcha_theme'];
        $humanverify['type'] = $this->registry->options['hv_new_recaptcha_type'];

        if (preg_match('#^([a-z]{2})-?#i', vB_Template_Runtime::fetchStyleVar('languagecode'), $matches))
        {
            $humanverify['hl'] = strtolower($matches[1]);
        }
        
        $templater = vB_Template::create('humanverify_new_recaptcha');
            $templater->register('humanverify', $humanverify);
            $templater->register('var_prefix', $var_prefix);
        $output = $templater->render();

        return $output;
    }

    function fetch_answer()
    {
        return '';
    }
    
    public static function test_check_config()
    {
        global $vbulletin;
        $output = array();
        if (!is_string($vbulletin->options['hv_new_recaptcha_publickey']) || $vbulletin->options['hv_new_recaptcha_publickey']=='')
            $output[] = array(1, 'Site key is not set.');
        else
            $output[] = array(0, 'Site key is set: '.$vbulletin->options['hv_new_recaptcha_publickey']);
        if (!is_string($vbulletin->options['hv_new_recaptcha_privatekey']) || $vbulletin->options['hv_new_recaptcha_privatekey']=='')
            $output[] = array(1, 'Secret key is not set.');
        else
            $output[] = array(0, 'Secret key is set: '.$vbulletin->options['hv_new_recaptcha_privatekey']);
        if (!function_exists('curl_init'))
            $output[] = array(1, 'cURL must be enabled, and any curl_ functions must be removed from disable_functions in php.ini');
        else 
        {
            $output[] = array(0, 'cURL is enabled');
                $curlinfo = curl_version();
           if (empty($curlinfo['ssl_version']))
                $output[] = array(1, 'cURL does not have ssl enabled');
           else
           {
              $o = array("cURL version info:");
              foreach ($curlinfo AS $key=>$value)
              {
                 if ($key == 'features')
                    $value = '0x'.dechex($value);
                 if ($key == 'protocols')
                    $value = implode(', ',$value);
                 $o[] = $key.': '.$value;
              }
              $output[] = array(0, $o);
           }
           if (($ch = curl_init()) === false)
               $output[] = array(1, 'curl_init failed');
           else
                curl_close($ch);
             if (!function_exists('curl_exec'))
              $output[] = array(1, 'Function curl_exec is disabled. curl_exec must be removed from disable_functions in php.ini.');
           else
                $output[] = array(0, 'curl_exec function is not disabled');
        }
    
        return $output;
    }

    public static function test_display_widget()
    {
        global $vbulletin;
        return '<script src="https://www.google.com/recaptcha/api.js" async defer></script>
            <div class="g-recaptcha" data-sitekey="'.$vbulletin->options['hv_new_recaptcha_publickey'].'"></div>';
    }

    public static function test_verify()
    {
        global $vbulletin, $vbphrase;
        $output = array();
        
        $vbulletin->input->clean_array_gpc('p', array(
            'g-recaptcha-response' => TYPE_STR,
        ));
        
        if (!isset($vbulletin->GPC['g-recaptcha-response']) || $vbulletin->GPC['g-recaptcha-response'] == '')
            $output[] = array(1, 'g-recaptcha-response is not set. Complete the human verification challenge before pressing Submit.');
        else
        {
            $output[] = array(0, 'g-recaptcha-response: ' . fetch_trimmed_title($vbulletin->GPC['g-recaptcha-response'], 50));
            $secret = urlencode($vbulletin->options['hv_new_recaptcha_privatekey']);
            $remoteip = urlencode(IPADDRESS);
            $response = urlencode($vbulletin->GPC['g-recaptcha-response']);
            $url = self::$verify_url."?secret=$secret&remoteip=$remoteip&response=$response";
            $output[] = array(0, "verify url: '".fetch_trimmed_title($url,160)."'");
            if (($ch = curl_init()) !== false)
            {
                curl_setopt($ch, CURLOPT_URL, $url);
                curl_setopt($ch, CURLOPT_TIMEOUT, 15);
                curl_setopt($ch, CURLOPT_POST, 0);
                curl_setopt($ch, CURLOPT_HEADER, 0);
                curl_setopt($ch, CURLOPT_HTTPHEADER, array());
                curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
                curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
                curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
                curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);

                $result = curl_exec($ch);
                if ($result === false AND curl_errno($ch) == '60')
                {
                    $output[] = array(0, "Error 60, retrying with CAINFO");
                    curl_setopt($ch, CURLOPT_CAINFO, DIR . '/includes/paymentapi/ca-bundle.crt');
                    $result = curl_exec($ch);
                }
                $info = curl_getinfo($ch);
                if ($result === false)
                   $output[] = array(1, "curl_exec returned false: ".curl_error($ch));
                else
                {
                    if ($info['http_code'] != 200)
                        $output[] = array(1, "Http response code " . $info['http_code']);
                    $o = array("cURL transfer info:");
                    foreach ($info AS $key=>$value)
                    {
                        $o[] = $key.': '.$value;
                    }
                    $output[] = array($info['http_code'] != 200, $o);
                    if ($info['http_code'] == 200)
                    {
                        $output[] = array(0, "Raw response: ".htmlspecialchars($result));
                        if (($result = json_decode($result, true)) === NULL)
                           $output[] = array(1, "json_decode of response failed");
                        else
                        {
                            $o = array("Decoded response:");
                            foreach ($result AS $key=>$value)
                            {
                                if ($key == 'success')
                                    $value = ($value ? 'true' : 'false');
                                if ($key == 'error-codes')
                                    $value = implode(',', $value);
                                $o[] = $key.': '.$value;
                            }
                            $output[] = array($result['success'] ? 0 : 1, $o);
                            if ($result['success'] !== true)
                            {
                                $error = self::get_error_phrase($result);
                                require_once(DIR.'/includes/functions_misc.php');
                                $output[] = array(1, "Error Phrase: ".fetch_phrase($error, 'error'));
                            }
                        }
                    }
                    else
                        $output[] = array(1, "Http Response: ".htmlspecialchars($result));
                }
                curl_close($ch);
            }
            else
                $output[] = array(1, "curl_init() failed.");
        } 
        return $output;
    }
}
?>

vBulletin updated the __constructor

[aminp30]

Quote:

Originally Posted by T.P.

class_humanverify_new_recaptcha.php - Fixxed

PHP Code:

<?php

if (!isset($GLOBALS['vbulletin']->db))
{
    exit;
}

require_once(DIR . '/includes/class_vurl.php');

class vB_HumanVerify_New_Recaptcha extends vB_HumanVerify_Abstract
{
    public static $verify_url = 'https://www.google.com/recaptcha/api/siteverify';
    
    /**
    * Constructor
    *
    * @return    void
    */
    function __construct(&$registry)
    {
        parent::__construct($registry);
    }

    private static function get_error_phrase($result)
    {
        if (isset($result['error-codes']))
            $errormsg = current($result['error-codes']);
        else
            $errormsg = '';
        switch ($errormsg)
        {
            case 'missing-input-secret':
            case 'invalid-input-secret':
                $error = 'humanverify_new_recaptcha_secret';
                break;
            case 'missing-input-response':
                $error = 'humanverify_new_recaptcha_noanswer';
                break;
            case 'invalid-input-response':
            default:
                $error = 'humanverify_new_recaptcha_wronganswer';
        }
        return $error;
    }


    function verify_token($input)
    {
        $this->registry->input->clean_array_gpc('p', array(
            'g-recaptcha-response' => TYPE_STR,
        ));

        if ($this->delete_token($input['hash']) AND isset($this->registry->GPC['g-recaptcha-response']) AND 
                                                    $this->registry->GPC['g-recaptcha-response'] !== '')
        {    
            $secret = urlencode($this->registry->options['hv_new_recaptcha_privatekey']);
            $remoteip = urlencode(IPADDRESS);
            $response = urlencode($this->registry->GPC['g-recaptcha-response']);

            $vurl = new vB_vURL($this->registry);
            $vurl->set_option(VURL_URL, self::$verify_url."?secret=$secret&remoteip=$remoteip&response=$response");
            $vurl->set_option(VURL_USERAGENT, 'vBulletin ' . FILE_VERSION);
            $vurl->set_option(VURL_RETURNTRANSFER, 1);
            $vurl->set_option(VURL_CLOSECONNECTION, 1);

            if (($result = $vurl->exec()) === false || ($result = json_decode($result, true)) === NULL)
            {
                $this->error = 'humanverify_new_recaptcha_unreachable';
                return false;
            }
            else
            {
                if ($result['success'] === true)
                {
                    return true;
                }
                $this->error = self::get_error_phrase($result);
                return false;
            }
        }
        else
        {
            $this->error = 'humanverify_new_recaptcha_wronganswer';
            return false;
        }
    }

    function output_token($var_prefix = 'humanverify')
    {
        global $vbphrase, $show;
        $vbulletin =& $this->registry;

        $humanverify = $this->generate_token();

        $humanverify['publickey'] = ($this->registry->options['hv_new_recaptcha_publickey'] ? $this->registry->options['hv_new_recaptcha_publickey'] : '');
        $humanverify['theme'] = $this->registry->options['hv_new_recaptcha_theme'];
        $humanverify['type'] = $this->registry->options['hv_new_recaptcha_type'];

        if (preg_match('#^([a-z]{2})-?#i', vB_Template_Runtime::fetchStyleVar('languagecode'), $matches))
        {
            $humanverify['hl'] = strtolower($matches[1]);
        }
        
        $templater = vB_Template::create('humanverify_new_recaptcha');
            $templater->register('humanverify', $humanverify);
            $templater->register('var_prefix', $var_prefix);
        $output = $templater->render();

        return $output;
    }

    function fetch_answer()
    {
        return '';
    }
    
    public static function test_check_config()
    {
        global $vbulletin;
        $output = array();
        if (!is_string($vbulletin->options['hv_new_recaptcha_publickey']) || $vbulletin->options['hv_new_recaptcha_publickey']=='')
            $output[] = array(1, 'Site key is not set.');
        else
            $output[] = array(0, 'Site key is set: '.$vbulletin->options['hv_new_recaptcha_publickey']);
        if (!is_string($vbulletin->options['hv_new_recaptcha_privatekey']) || $vbulletin->options['hv_new_recaptcha_privatekey']=='')
            $output[] = array(1, 'Secret key is not set.');
        else
            $output[] = array(0, 'Secret key is set: '.$vbulletin->options['hv_new_recaptcha_privatekey']);
        if (!function_exists('curl_init'))
            $output[] = array(1, 'cURL must be enabled, and any curl_ functions must be removed from disable_functions in php.ini');
        else 
        {
            $output[] = array(0, 'cURL is enabled');
                $curlinfo = curl_version();
           if (empty($curlinfo['ssl_version']))
                $output[] = array(1, 'cURL does not have ssl enabled');
           else
           {
              $o = array("cURL version info:");
              foreach ($curlinfo AS $key=>$value)
              {
                 if ($key == 'features')
                    $value = '0x'.dechex($value);
                 if ($key == 'protocols')
                    $value = implode(', ',$value);
                 $o[] = $key.': '.$value;
              }
              $output[] = array(0, $o);
           }
           if (($ch = curl_init()) === false)
               $output[] = array(1, 'curl_init failed');
           else
                curl_close($ch);
             if (!function_exists('curl_exec'))
              $output[] = array(1, 'Function curl_exec is disabled. curl_exec must be removed from disable_functions in php.ini.');
           else
                $output[] = array(0, 'curl_exec function is not disabled');
        }
    
        return $output;
    }

    public static function test_display_widget()
    {
        global $vbulletin;
        return '<script src="https://www.google.com/recaptcha/api.js" async defer></script>
            <div class="g-recaptcha" data-sitekey="'.$vbulletin->options['hv_new_recaptcha_publickey'].'"></div>';
    }

    public static function test_verify()
    {
        global $vbulletin, $vbphrase;
        $output = array();
        
        $vbulletin->input->clean_array_gpc('p', array(
            'g-recaptcha-response' => TYPE_STR,
        ));
        
        if (!isset($vbulletin->GPC['g-recaptcha-response']) || $vbulletin->GPC['g-recaptcha-response'] == '')
            $output[] = array(1, 'g-recaptcha-response is not set. Complete the human verification challenge before pressing Submit.');
        else
        {
            $output[] = array(0, 'g-recaptcha-response: ' . fetch_trimmed_title($vbulletin->GPC['g-recaptcha-response'], 50));
            $secret = urlencode($vbulletin->options['hv_new_recaptcha_privatekey']);
            $remoteip = urlencode(IPADDRESS);
            $response = urlencode($vbulletin->GPC['g-recaptcha-response']);
            $url = self::$verify_url."?secret=$secret&remoteip=$remoteip&response=$response";
            $output[] = array(0, "verify url: '".fetch_trimmed_title($url,160)."'");
            if (($ch = curl_init()) !== false)
            {
                curl_setopt($ch, CURLOPT_URL, $url);
                curl_setopt($ch, CURLOPT_TIMEOUT, 15);
                curl_setopt($ch, CURLOPT_POST, 0);
                curl_setopt($ch, CURLOPT_HEADER, 0);
                curl_setopt($ch, CURLOPT_HTTPHEADER, array());
                curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
                curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
                curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
                curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);

                $result = curl_exec($ch);
                if ($result === false AND curl_errno($ch) == '60')
                {
                    $output[] = array(0, "Error 60, retrying with CAINFO");
                    curl_setopt($ch, CURLOPT_CAINFO, DIR . '/includes/paymentapi/ca-bundle.crt');
                    $result = curl_exec($ch);
                }
                $info = curl_getinfo($ch);
                if ($result === false)
                   $output[] = array(1, "curl_exec returned false: ".curl_error($ch));
                else
                {
                    if ($info['http_code'] != 200)
                        $output[] = array(1, "Http response code " . $info['http_code']);
                    $o = array("cURL transfer info:");
                    foreach ($info AS $key=>$value)
                    {
                        $o[] = $key.': '.$value;
                    }
                    $output[] = array($info['http_code'] != 200, $o);
                    if ($info['http_code'] == 200)
                    {
                        $output[] = array(0, "Raw response: ".htmlspecialchars($result));
                        if (($result = json_decode($result, true)) === NULL)
                           $output[] = array(1, "json_decode of response failed");
                        else
                        {
                            $o = array("Decoded response:");
                            foreach ($result AS $key=>$value)
                            {
                                if ($key == 'success')
                                    $value = ($value ? 'true' : 'false');
                                if ($key == 'error-codes')
                                    $value = implode(',', $value);
                                $o[] = $key.': '.$value;
                            }
                            $output[] = array($result['success'] ? 0 : 1, $o);
                            if ($result['success'] !== true)
                            {
                                $error = self::get_error_phrase($result);
                                require_once(DIR.'/includes/functions_misc.php');
                                $output[] = array(1, "Error Phrase: ".fetch_phrase($error, 'error'));
                            }
                        }
                    }
                    else
                        $output[] = array(1, "Http Response: ".htmlspecialchars($result));
                }
                curl_close($ch);
            }
            else
                $output[] = array(1, "curl_init() failed.");
        } 
        return $output;
    }
}
?>

vBulletin updated the __constructor

thank you.I had issue on line 8. your code fixed it :up:

[JakeyBoyo]

When pressing register getting the follow error

Code:

Call to undefined method vB_HumanVerify_Abstract::vB_HumanVerify_Abstract() on line 14 in /home/uniquega/public_html/forum/includes/class_humanverify_new_recaptcha.php
#0 /home/uniquega/public_html/forum/includes/class_humanverify.php(61): vB_HumanVerify_New_Recaptcha->vB_HumanVerify_New_Recaptcha(Object(vB_Registry))
#1 /home/uniquega/public_html/forum/register.php(1244): vB_HumanVerify::fetch_library(Object(vB_Registry))
#2 {main}

Any help appreciated

[Master Of Unive]

Quote:

Originally Posted by JakeyBoyo

When pressing register getting the follow error

Code:

Call to undefined method vB_HumanVerify_Abstract::vB_HumanVerify_Abstract() on line 14 in /home/uniquega/public_html/forum/includes/class_humanverify_new_recaptcha.php
#0 /home/uniquega/public_html/forum/includes/class_humanverify.php(61): vB_HumanVerify_New_Recaptcha->vB_HumanVerify_New_Recaptcha(Object(vB_Registry))
#1 /home/uniquega/public_html/forum/register.php(1244): vB_HumanVerify::fetch_library(Object(vB_Registry))
#2 {main}

Any help appreciated

Fixes are in posts above.