From bf2b4608341e66f2e4f305cc773a59b4e380afa7 Mon Sep 17 00:00:00 2001
From: dqos <8611981+dqos@users.noreply.github.com>
Date: Tue, 19 Dec 2023 22:37:48 +0100
Subject: [PATCH] Initial
---
.gitignore | 1 +
LICENSE.md | 30 ++++++++++++++++
README.md | 46 ++++++++++++++++++++++++
includes/hooks/hybula_turnstile.php | 56 +++++++++++++++++++++++++++++
4 files changed, 133 insertions(+)
create mode 100644 .gitignore
create mode 100644 LICENSE.md
create mode 100644 README.md
create mode 100644 includes/hooks/hybula_turnstile.php
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..723ef36
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+.idea
\ No newline at end of file
diff --git a/LICENSE.md b/LICENSE.md
new file mode 100644
index 0000000..4fbf05a
--- /dev/null
+++ b/LICENSE.md
@@ -0,0 +1,30 @@
+## Licensing
+
+Copyright Hybula B.V.
+
+Licensed under the Apache License, Version 2.0 (the "License") and the Commons
+Clause Restriction; you may not use this file except in compliance with the
+License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software distributed
+under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+CONDITIONS OF ANY KIND, either express or implied. See the License for the
+specific language governing permissions and limitations under the License.
+
+### Commons Clause Restriction
+
+The Software is provided to you by the Licensor under the License, as defined
+below, subject to the following condition. Without limiting other conditions in
+the License, the grant of rights under the License will not include, and the
+License does not grant to you, the right to Sell the Software. For purposes of
+the foregoing, “Sell” means practicing any or all of the rights granted to you
+under the License to provide to third parties, for a fee or other consideration,
+a product or service that consists, entirely or substantially, of the Software
+or the functionality of the Software. Any license notice or attribution required
+by the License must also include this Commons Cause License Condition notice.
+
+For purposes of the clause above, the “Licensor” is Hybula B.V., the
+“License” is the Apache License, Version 2.0, and the Software is the Hybula
+software provided with this notice.
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..ad1d5e7
--- /dev/null
+++ b/README.md
@@ -0,0 +1,46 @@
+# WHMCS Turnstile Captcha
+Enables Cloudflare's [Turnstile](https://www.cloudflare.com/products/turnstile/) Captcha service in abandonware WHMCS. *This is currently a proof-of-concept, please report issues.*
+
+
+
+### Introduction
+By default WHMCS offers two types of captchas, the built-in-easily-cracked GD based captcha and the easily-cracked-privacy-violating reCAPTCHA by Google.
+Because WHMCS fails to maintain their product, we developed this simple to use hook which enables Turnstile while completely bypassing WHMCS' logic.
+
+Please note that this implementation required some filthy JS query code to make it work, because WHMCS is a complete mess: in some pages they used HTML buttons for forms, on other pages they used input submits, with or without IDs, inside divs, without divs, no use of IDs. Meaning that there was no streamlined way to do this clean and proper. Here are some awkward examples:
+```HTML
+
+
+
+
+Checkout
+```
+
+### Features
+- Enables Turnstile captcha on login, register, checkout, ticket, contact pages.
+- Support for themes (auto/dark/light).
+- Ability to disable credits and have it fully white labeled.
+
+### Requirements
+- PHP 8.x (tested on 8.1.23)
+- WHMCS 8.x (tested on 8.7.3)
+
+### Installation
+1. Download the latest release and unzip it in the root of your WHMCS installation.
+2. Get your Turnstile Site Key and Secret Key from your Cloudflare dashboard.
+3. Edit and add the following settings in either your `configuration.php` or at the top of the hook file:
+```php
+const hybulaTurnstileEnabled = true;
+const hybulaTurnstileCredits = true;
+const hybulaTurnstileSite = '';
+const hybulaTurnstileSecret = '';
+const hybulaTurnstileTheme = 'auto';
+const hybulaTurnstileError = 'Something went wrong with your captcha challenge!';
+const hybulaTurnstileLocations = ['login', 'register', 'checkout', 'ticket', 'contact'];
+```
+
+### Contribute
+Contributions are welcome in a form of a pull request (PR).
+
+### License
+```Apache License, Version 2.0 and the Commons Clause Restriction```
diff --git a/includes/hooks/hybula_turnstile.php b/includes/hooks/hybula_turnstile.php
new file mode 100644
index 0000000..55272bb
--- /dev/null
+++ b/includes/hooks/hybula_turnstile.php
@@ -0,0 +1,56 @@
+ 10,
+ CURLOPT_CUSTOMREQUEST => 'POST',
+ CURLOPT_FOLLOWLOCATION => 1,
+ CURLOPT_HTTPHEADER => [
+ 'Content-Type: application/json',
+ ],
+ CURLOPT_POSTFIELDS => json_encode([
+ 'secret' => hybulaTurnstileSecret,
+ 'response' => $_POST['cf-turnstile-response'],
+ 'remoteip' => $_SERVER['REMOTE_ADDR']
+ ]),
+ CURLOPT_RETURNTRANSFER => true,
+ CURLOPT_TIMEOUT => 30,
+ CURLOPT_URL => 'https://challenges.cloudflare.com/turnstile/v0/siteverify',
+ ]);
+ $result = curl_exec($curl);
+ $err = curl_error($curl);
+ curl_close($curl);
+ if ($json = json_decode($result)) {
+ if (!$json->success) {
+ die(hybulaTurnstileError);
+ }
+ }
+ }
+
+ add_hook('ClientAreaFooterOutput', 1, function ($vars) {
+ return '
+ ';
+ });
+}