Popravek za robote, da preverja reCaptcha in varnostno polje

2021-12-01 13:22:24 +01:00 · 2021-12-01 13:22:24 +01:00 · ae5516931b
commit ae5516931b
parent 50ace9942d
4 changed files with 35 additions and 2 deletions
--- a/frontend/drupal/sites/all/modules/nakupovanje_1ka/nakupovanje_1ka.module
+++ b/frontend/drupal/sites/all/modules/nakupovanje_1ka/nakupovanje_1ka.module
@ -357,7 +357,9 @@ function cenik_paketov_1ka_poslovni_uporabniki()

 function nakupovanje_1ka_instalacija_na_1ka()
 {
-  return theme('nakupovanje_1ka_virtualna_domena');
+  require(drupal_get_path('module', 'nakupovanje_1ka') . '/../../../../../../settings_optional.php');
+
+  return theme('nakupovanje_1ka_virtualna_domena', compact('recaptcha_sitekey'));
 }

 function nakupovanje_1ka_lastna_instalacija()
--- a/frontend/drupal/sites/all/themes/pro1ka/js/script.js
+++ b/frontend/drupal/sites/all/themes/pro1ka/js/script.js
@ -1122,7 +1122,9 @@
            }
          );

-          if (jQuery('.error-field, .error-color').length > 0) {
+          jQuery('g-recaptcha-response')
+
+          if (jQuery('.error-field, .error-color').length > 0 || jQuery('#varnostno-polje').val().length > 0 ) {
            return '';
          }

--- a/frontend/drupal/sites/all/themes/pro1ka/templates/nakupovanje-1ka-narocilo-poslovni-uporabniki-virtualna-domena.tpl.php
+++ b/frontend/drupal/sites/all/themes/pro1ka/templates/nakupovanje-1ka-narocilo-poslovni-uporabniki-virtualna-domena.tpl.php
@ -111,6 +111,19 @@
        </div>
      </div>

+      <?php if(!empty($recaptcha_sitekey)): ?>
+        <div class="w-clearfix" style="padding-top: 1rem;">
+          <div class="col _6-6-6-12">
+            <div class="g-recaptcha" data-sitekey="<?php echo($recaptcha_sitekey); ?>"></div>
+          </div>
+        </div>
+      <?php endif; ?>
+
+<!--      // SPAM protection, če nimamo reCaptcha-->
+      <div class="form_row" style="display: none">
+        <input type="text" class="varnostno-polje" name="varnostno-polje" id="varnostno-polje" value="" style="display: none;"/>
+      </div>
+
      <div class="col w-clearfix gumbi">
        <input type="button" value="<?php echo($language->language == 'sl' ? 'Oddaj' : 'Submit'); ?>" data-wait="Prosim počakajte..." class="submit-btn naprej w-button">
        <p class="paragraph">
--- a/frontend/payments/classes/class.UserNarocila.php
+++ b/frontend/payments/classes/class.UserNarocila.php
@ -1342,6 +1342,22 @@ class UserNarocila{
        // Lastna instalacija - paket
        $strinjanje_s_pogoji = isset($narocilo_data['strinjanje_s_pogoji']) ? $narocilo_data['strinjanje_s_pogoji'] : '';

+        // Varnostno preverimo, če robot izpolni polje
+        $varnostno_polje = isset($narocilo_data['varnostno-polje']) ? isset($narocilo_data['varnostno-polje']) : '';
+        if(!empty($varnostno_polje)){
+            return ['false' => true];
+        }
+
+          // Preverimo ReCaptcha
+        if (in_array($paket, [1,2]) && AppSettings::getInstance()->getSetting('google-secret_captcha') !== false) {
+            $recaptchaResponse = isset($narocilo_data['g-recaptcha-response']) ? $narocilo_data['g-recaptcha-response'] : '';
+            $requestReCaptcha = file_get_contents('https://www.google.com/recaptcha/api/siteverify?secret=' . AppSettings::getInstance()->getSetting('google-secret_captcha') . '&response=' . $recaptchaResponse);
+
+            if (!strstr($requestReCaptcha, 'true')) {
+                return ['false' => true];
+            }
+        }
+

        // Posljemo mail s podatki povprasevanja
        $subject = $lang['srv_narocilo_poslovni_email_1ka_subject'];