mirror of
https://github.com/hybula/whmcs-turnstile.git
synced 2025-12-19 14:59:24 +00:00
Initial
This commit is contained in:
dqos
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
@@ -0,0 +1 @@
|
||||
.idea
|
||||
30
LICENSE.md
Normal file
30
LICENSE.md
Normal file
@@ -0,0 +1,30 @@
|
||||
## Licensing
|
||||
|
||||
Copyright Hybula B.V.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License") and the Commons
|
||||
Clause Restriction; you may not use this file except in compliance with the
|
||||
License. You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software distributed
|
||||
under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
|
||||
CONDITIONS OF ANY KIND, either express or implied. See the License for the
|
||||
specific language governing permissions and limitations under the License.
|
||||
|
||||
### Commons Clause Restriction
|
||||
|
||||
The Software is provided to you by the Licensor under the License, as defined
|
||||
below, subject to the following condition. Without limiting other conditions in
|
||||
the License, the grant of rights under the License will not include, and the
|
||||
License does not grant to you, the right to Sell the Software. For purposes of
|
||||
the foregoing, “Sell” means practicing any or all of the rights granted to you
|
||||
under the License to provide to third parties, for a fee or other consideration,
|
||||
a product or service that consists, entirely or substantially, of the Software
|
||||
or the functionality of the Software. Any license notice or attribution required
|
||||
by the License must also include this Commons Cause License Condition notice.
|
||||
|
||||
For purposes of the clause above, the “Licensor” is Hybula B.V., the
|
||||
“License” is the Apache License, Version 2.0, and the Software is the Hybula
|
||||
software provided with this notice.
|
||||
46
README.md
Normal file
46
README.md
Normal file
@@ -0,0 +1,46 @@
|
||||
# WHMCS Turnstile Captcha
|
||||
Enables Cloudflare's [Turnstile](https://www.cloudflare.com/products/turnstile/) Captcha service in abandonware WHMCS. *This is currently a proof-of-concept, please report issues.*
|
||||
|
||||
|
||||
|
||||
### Introduction
|
||||
By default WHMCS offers two types of captchas, the built-in-easily-cracked GD based captcha and the easily-cracked-privacy-violating reCAPTCHA by Google.
|
||||
Because WHMCS fails to maintain their product, we developed this simple to use hook which enables Turnstile while completely bypassing WHMCS' logic.
|
||||
|
||||
Please note that this implementation required some filthy JS query code to make it work, because WHMCS is a complete mess: in some pages they used HTML buttons for forms, on other pages they used input submits, with or without IDs, inside divs, without divs, no use of IDs. Meaning that there was no streamlined way to do this clean and proper. Here are some awkward examples:
|
||||
```HTML
|
||||
<input class="btn btn-lg btn-primary" type="submit" value="Register">
|
||||
<button id="login" type="submit" class="btn btn-primary">Login</button>
|
||||
<button type="submit" name="validatepromo" class="btn btn-block btn-default" value="Validate Code">Validate Code</button>
|
||||
<button type="submit" class="btn btn-primary">Send Message</button>
|
||||
<a href="/cart.php?a=checkout&e=false" class="btn btn-success btn-lg btn-checkout disabled" id="checkout">Checkout</a>
|
||||
```
|
||||
|
||||
### Features
|
||||
- Enables Turnstile captcha on login, register, checkout, ticket, contact pages.
|
||||
- Support for themes (auto/dark/light).
|
||||
- Ability to disable credits and have it fully white labeled.
|
||||
|
||||
### Requirements
|
||||
- PHP 8.x (tested on 8.1.23)
|
||||
- WHMCS 8.x (tested on 8.7.3)
|
||||
|
||||
### Installation
|
||||
1. Download the latest release and unzip it in the root of your WHMCS installation.
|
||||
2. Get your Turnstile Site Key and Secret Key from your Cloudflare dashboard.
|
||||
3. Edit and add the following settings in either your `configuration.php` or at the top of the hook file:
|
||||
```php
|
||||
const hybulaTurnstileEnabled = true;
|
||||
const hybulaTurnstileCredits = true;
|
||||
const hybulaTurnstileSite = '';
|
||||
const hybulaTurnstileSecret = '';
|
||||
const hybulaTurnstileTheme = 'auto';
|
||||
const hybulaTurnstileError = 'Something went wrong with your captcha challenge!';
|
||||
const hybulaTurnstileLocations = ['login', 'register', 'checkout', 'ticket', 'contact'];
|
||||
```
|
||||
|
||||
### Contribute
|
||||
Contributions are welcome in a form of a pull request (PR).
|
||||
|
||||
### License
|
||||
```Apache License, Version 2.0 and the Commons Clause Restriction```
|
||||
56
includes/hooks/hybula_turnstile.php
Normal file
56
includes/hooks/hybula_turnstile.php
Normal file
@@ -0,0 +1,56 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
if (!defined('WHMCS')) {
|
||||
die('This file cannot be accessed directly!');
|
||||
}
|
||||
|
||||
if ((($_SERVER['SCRIPT_NAME'] == '/index.php' && $_GET['rp'] == '/login' && in_array('login', hybulaTurnstileLocations)) ||
|
||||
($_SERVER['SCRIPT_NAME'] == '/register.php' && in_array('register', hybulaTurnstileLocations)) ||
|
||||
($_SERVER['SCRIPT_NAME'] == '/contact.php' && in_array('contact', hybulaTurnstileLocations)) ||
|
||||
($_SERVER['SCRIPT_NAME'] == '/submitticket.php' && in_array('ticket', hybulaTurnstileLocations)) ||
|
||||
($_SERVER['SCRIPT_NAME'] == '/cart.php' && $_GET['a'] == 'checkout' && in_array('checkout', hybulaTurnstileLocations))) && hybulaTurnstileEnabled) {
|
||||
|
||||
if (!empty($_POST)) {
|
||||
if (!isset($_POST['cf-turnstile-response'])) {
|
||||
die('Missing captcha response in POST data!');
|
||||
}
|
||||
|
||||
$curl = curl_init();
|
||||
curl_setopt_array($curl, [
|
||||
CURLOPT_CONNECTTIMEOUT => 10,
|
||||
CURLOPT_CUSTOMREQUEST => 'POST',
|
||||
CURLOPT_FOLLOWLOCATION => 1,
|
||||
CURLOPT_HTTPHEADER => [
|
||||
'Content-Type: application/json',
|
||||
],
|
||||
CURLOPT_POSTFIELDS => json_encode([
|
||||
'secret' => hybulaTurnstileSecret,
|
||||
'response' => $_POST['cf-turnstile-response'],
|
||||
'remoteip' => $_SERVER['REMOTE_ADDR']
|
||||
]),
|
||||
CURLOPT_RETURNTRANSFER => true,
|
||||
CURLOPT_TIMEOUT => 30,
|
||||
CURLOPT_URL => 'https://challenges.cloudflare.com/turnstile/v0/siteverify',
|
||||
]);
|
||||
$result = curl_exec($curl);
|
||||
$err = curl_error($curl);
|
||||
curl_close($curl);
|
||||
if ($json = json_decode($result)) {
|
||||
if (!$json->success) {
|
||||
die(hybulaTurnstileError);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
add_hook('ClientAreaFooterOutput', 1, function ($vars) {
|
||||
return '<script>
|
||||
var turnstileDiv = document.createElement("div");
|
||||
turnstileDiv.innerHTML = \'<div class="cf-turnstile" data-sitekey="'.hybulaTurnstileSite.'" data-callback="javascriptCallback" data-theme="'.hybulaTurnstileTheme.'"></div>'.(hybulaTurnstileCredits ? '<a href="https://github.com/hybula/whmcs-turnstile" target="_blank"><small class="text-muted text-uppercase">Captcha integration by Hybula</small></a>' : '<!-- Captcha integration by Hybula (https://github.com/hybula/whmcs-turnstile) -->').'<br><br>\';
|
||||
var form = document.querySelector(\'input[type=submit],#login,div.text-center > button[type=submit],#openTicketSubmit\').parentNode;
|
||||
form.insertBefore(turnstileDiv, document.querySelector(\'input[type=submit],#login,div.text-center > button[type=submit],#openTicketSubmit\'));
|
||||
</script>
|
||||
<script src="https://challenges.cloudflare.com/turnstile/v0/api.js" async defer></script>';
|
||||
});
|
||||
}
|
||||
Reference in New Issue
Block a user