* @copyright 2023 Hybula B.V. * @license https://github.com/hybula/whmcs-turnstile/blob/main/LICENSE.md * @link https://github.com/hybula/whmcs-turnstile */ declare(strict_types=1); if (! defined('WHMCS')) { die('This file cannot be accessed directly!'); } if (! isset($_SESSION['adminid'])) { if (! empty($_POST) && (! isset($_SESSION['uid']) && hybulaTurnstileExcludeLogin)) { $pageFile = basename($_SERVER['SCRIPT_NAME'], '.php'); if (hybulaTurnstileEnabled && ( ($pageFile == 'index' && isset($_POST['username']) && isset($_POST['password']) && in_array('login', hybulaTurnstileLocations)) || ($pageFile == 'register' && in_array('register', hybulaTurnstileLocations)) || ($pageFile == 'contact' && in_array('contact', hybulaTurnstileLocations)) || ($pageFile == 'submitticket' && isset($_POST['subject']) && in_array('ticket', hybulaTurnstileLocations)) || ($pageFile == 'cart' && $_GET['a'] == 'checkout' && in_array('checkout', hybulaTurnstileLocations)) || ($pageFile == 'index' && isset($_POST['email']) && in_array('reset', hybulaCapLocations)) ) ) { if (! isset($_POST['cf-turnstile-response'])) { unset($_SESSION['uid']); die('Missing captcha response in POST data!'); } $curl = curl_init(); curl_setopt_array($curl, [ CURLOPT_CONNECTTIMEOUT => 10, CURLOPT_CUSTOMREQUEST => 'POST', CURLOPT_FOLLOWLOCATION => 1, CURLOPT_HTTPHEADER => [ 'Content-Type: application/json', ], CURLOPT_POSTFIELDS => json_encode([ 'secret' => hybulaTurnstileSecret, 'response' => $_POST['cf-turnstile-response'], 'remoteip' => $_SERVER['REMOTE_ADDR'] ]), CURLOPT_RETURNTRANSFER => true, CURLOPT_TIMEOUT => 30, CURLOPT_URL => 'https://challenges.cloudflare.com/turnstile/v0/siteverify', ]); $result = curl_exec($curl); $err = curl_error($curl); curl_close($curl); if ($json = json_decode($result)) { if (! $json->success) { unset($_SESSION['uid']); die(hybulaTurnstileError); } } } } add_hook('ClientAreaFooterOutput', 1, function ($vars) { if (! hybulaTurnstileEnabled || (isset($_SESSION['uid']) && hybulaTurnstileExcludeLogin)) { return ''; } $pageFile = basename($_SERVER['SCRIPT_NAME'], '.php'); if ( (in_array('login', hybulaTurnstileLocations) && $vars['pagetitle'] == $vars['LANG']['login']) || (in_array('register', hybulaTurnstileLocations) && $pageFile == 'register') || (in_array('contact', hybulaTurnstileLocations) && $pageFile == 'contact') || (in_array('ticket', hybulaTurnstileLocations) && $pageFile == 'submitticket') || (in_array('checkout', hybulaTurnstileLocations) && $pageFile == 'cart' && $_GET['a'] == 'checkout') || (in_array('reset', hybulaCapLocations) && $vars['pagetitle'] == $vars['LANG']['pwreset']) ) { return ' '; } }); }