Add reCaptcha plugin

Author: nirix

composer.json

@@ -26,7 +26,8 @@
         "symfony/mailer": "^7.3",
         "ramsey/uuid": "^4.7",
         "avalon/framework": "dev-master",
-        "league/commonmark": "^2.7"
+        "league/commonmark": "^2.7",
+        "google/recaptcha": "^1.3"
     },
     "autoload": {
         "psr-4": {

composer.lock

@@ -610,6 +610,13 @@ public static function locale()
             'errors.label_blank' => "Label cannot be blank",
             'errors.url_empty'   => "URL cannot be empty",
 
+            // ----------------------------------------------------------------------------------------------------
+            // ReCaptcha
+            'recaptcha' => "reCaptcha",
+            'site_key' => "Site Key",
+            'secret_key' => "Secret Key",
+            'errors.recaptcha.failed' => "The reCaptcha verification failed, please try again.",
+
             // ----------------------------------------------------------------------------------------------------
             // Notifications
 

src/Traq/Locale/enus.php

@@ -0,0 +1,64 @@
+<?php
+/*!
+ * Traq
+ * Copyright (C) 2009-2025 Jack Polgar
+ * Copyright (C) 2012-2025 Traq.io
+ * https://github.com/nirix
+ * http://traq.io
+ *
+ * This file is part of Traq.
+ *
+ * Traq is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; version 3 only.
+ *
+ * Traq is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with Traq. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+namespace ReCaptcha\Controllers;
+
+use Avalon\Database;
+use Avalon\Http\Request;
+
+/**
+ * reCaptcha controller.
+ *
+ * @author Jack P.
+ * @since 3.9
+ * @package SecurityQuestions
+ * @subpackage Controllers
+ */
+class ReCaptchaController extends \Traq\Controllers\Admin\AppController
+{
+    /**
+     * Question management page.
+     */
+    public function index()
+    {
+        if (Request::method() == 'POST') {
+            $site_key = Request::$post['site_key'];
+            $secret_key = Request::$post['secret_key'];
+
+            Database::connection()->update('settings')->set(['value' => $site_key])->where('setting', 'recaptcha_site_key')->exec();
+            Database::connection()->update('settings')->set(['value' => $secret_key])->where('setting', 'recaptcha_secret_key')->exec();
+
+            return $this->redirectTo('/admin/settings/recaptcha');
+        }
+
+        // Set page title
+        $this->title(l('recaptcha'));
+
+        $data = [
+            'site_key' => settings('recaptcha_site_key'),
+            'secret_key' => settings('recaptcha_secret_key'),
+        ];
+
+        return $this->render('recaptcha/index.phtml', $data);
+    }
+}

src/Traq/Plugins/ReCaptcha/Controllers/ReCaptchaController.php

@@ -0,0 +1,123 @@
+<?php
+/*!
+ * Traq
+ * Copyright (C) 2009-2025 Jack Polgar
+ * Copyright (C) 2012-2025 Traq.io
+ * https://github.com/nirix
+ * http://traq.io
+ *
+ * This file is part of Traq.
+ *
+ * Traq is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; version 3 only.
+ *
+ * Traq is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with Traq. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+namespace Traq\Plugins;
+
+use Avalon\Database;
+use \FishHook;
+use ReCaptcha\Controllers\ReCaptchaController;
+use Request;
+use Router;
+use Traq\Libraries\Plugin;
+use View;
+
+/**
+ * Security Questions Plugin.
+ *
+ * @package Traq
+ * @subpackage Plugins
+ * @author Jack P.
+ * @copyright (c) Jack P.
+ */
+class ReCaptcha extends Plugin
+{
+    protected static $info = [
+        'name'    => 'reCaptcha',
+        'version' => '1.0',
+        'author'  => 'Jack P.'
+    ];
+
+    public static function init()
+    {
+        // Add routes
+        Router::register('security_questions.index', '/admin/settings/recaptcha', [ReCaptchaController::class, 'index']);
+
+        // Register the view path
+        View::$searchPaths[] = dirname(__FILE__) . '/views';
+
+        // Hook into the settings navbar
+        FishHook::add('template:admin/settings/_nav', array(get_called_class(), 'adminNav'));
+
+        if (settings('recaptcha_site_key') && settings('recaptcha_secret_key')) {
+            // Hook into register form
+            FishHook::add('template:users/register', array(get_called_class(), 'recaptchaField'));
+
+            // Hook into the register action
+            FishHook::add('controller:users.register', array(get_called_class(), 'verifyRecaptcha'));
+        }
+    }
+
+    /**
+     * Adds the link to the settings navbar.
+     */
+    public static function adminNav()
+    {
+        echo sprintf('<li%s><a href="%s">%s</a></li>', iif(active_nav('/admin/settings/recaptcha'), ' class="active"', ''), Request::base('/admin/settings/recaptcha'), l('recaptcha'));
+    }
+
+    /**
+     * Adds the question field to the register form.
+     */
+    public static function recaptchaField()
+    {
+        echo View::render('users/recaptcha_field', ['siteKey' => settings('recaptcha_site_key')]);
+    }
+
+    /**
+     * Checks the submitted answer.
+     *
+     * @param object $model
+     */
+    public static function verifyRecaptcha(&$model)
+    {
+        $recaptcha = new \ReCaptcha\ReCaptcha(settings('recaptcha_secret_key'));
+        $resp = $recaptcha->setExpectedHostname($_SERVER['SERVER_NAME'])
+            ->verify($_POST['g-recaptcha-response'], $_SERVER['REMOTE_ADDR']);
+
+        if (!$resp->isSuccess()) {
+            $model->_add_error('recaptcha', l('errors.recaptcha.failed'));
+        }
+    }
+
+    /**
+     * Creates the setting row.
+     */
+    public static function __install()
+    {
+        Database::connection()->insert(array('setting' => 'recaptcha_site_key', 'value' => ''))->into('settings')->exec();
+        Database::connection()->insert(array('setting' => 'recaptcha_secret_key', 'value' => ''))->into('settings')->exec();
+
+        return true;
+    }
+
+    /**
+     * Deletes the setting row.
+     */
+    public static function __uninstall()
+    {
+        Database::connection()->delete()->from('settings')->where('setting', 'recaptcha_site_key')->exec();
+        Database::connection()->delete()->from('settings')->where('setting', 'recaptcha_secret_key')->exec();
+
+        return true;
+    }
+}

src/Traq/Plugins/ReCaptcha/ReCaptcha.php

@@ -0,0 +1,26 @@
+<?php extendView('layouts/admin.phtml'); ?>
+
+<div class="traq_settings title content">
+	<h2 class="page-title"><?= l('recaptcha'); ?></h2>
+</div>
+<?= View::render('admin/settings/_nav'); ?>
+<div class="traq_settings content">
+	<form action="<?= Request::requestUri(); ?>" method="post">
+		<div class="panel">
+			<div class="panel-content">
+				<div class="form-group-row">
+					<label><?= l('site_key'); ?></label>
+					<input type="text" name="site_key" value="<?= $siteKey; ?>" autocomplete="off" />
+				</div>
+
+				<div class="form-group-row">
+					<label><?= l('secret_key'); ?></label>
+					<input type="text" name="secret_key" value="<?= $secretKey; ?>" autocomplete="off" />
+				</div>
+			</div>
+		</div>
+		<div class="actions">
+			<input type="submit" value="<?= l('save'); ?>" class="btn-primary" />
+		</div>
+	</form>
+</div>

src/Traq/Plugins/ReCaptcha/views/recaptcha/index.phtml

@@ -0,0 +1,4 @@
+<div class="p-4 flex justify-center">
+	<div class="g-recaptcha" data-sitekey="<?= $siteKey ?>" data-action="LOGIN"></div>
+	<script src="https://www.google.com/recaptcha/enterprise.js" async defer></script>
+</div>