added hcaptcha for comments

This commit is contained in:
Jonas Leder 2020-12-30 23:02:45 +01:00
parent eb301819ae
commit 4d20ecd43c
2 changed files with 33 additions and 11 deletions

View file

@ -23,7 +23,7 @@ function getComments($article){
}
}
echo(<<<EOF
<script src='https://www.hCaptcha.com/1/api.js' async defer></script>
<div id="newComment">
<form action="/newComment.php" method="post">
<label for="name">Name:</label><br>
@ -35,6 +35,8 @@ function getComments($article){
<label for="comment">Kommentar:</label><br>
<textarea name="comment" id="comment"></textarea><br><br>
<div class="h-captcha" data-sitekey="$sitekey"></div>
<input type="submit" value="Kommentar ver&ouml;ffentlichen"><br>
<p>Mit dem klick auf den obigen Button erkl&auml;ren sie sich mit der <a href="/datenschutzerklaerung.html">Datenschutzerkl&auml;rung</a> einverstanden.</p>
</form>

View file

@ -1,16 +1,36 @@
<?php
include("./internal/mysql.php");
$ref = $_SERVER["HTTP_REFERER"];
$article = $conn->escape_string(explode(".php", explode("Projekte/", $ref)[1])[0]);
$name = $conn->escape_string($_POST["name"]);
$email = $conn->escape_string($_POST["email"]);
$comment = $conn->escape_string($_POST["comment"]);
$data = array(
'secret' => $secretkey,
'response' => $_POST['h-captcha-response']
);
$sql = "INSERT INTO comments (name, email, comment, article) VALUES ('$name', '$email', '$comment', '$article')";
$verify = curl_init();
curl_setopt($verify, CURLOPT_URL, "https://hcaptcha.com/siteverify");
curl_setopt($verify, CURLOPT_POST, true);
curl_setopt($verify, CURLOPT_POSTFIELDS, http_build_query($data));
curl_setopt($verify, CURLOPT_RETURNTRANSFER, true);
$response_ = curl_exec($verify);
$responseData = json_decode($response_);
if ($conn->query($sql) === TRUE) {
if($responseData->success) {
$ref = $_SERVER["HTTP_REFERER"];
$article = $conn->escape_string(explode(".php", explode("Projekte/", $ref)[1])[0]);
$name = $conn->escape_string($_POST["name"]);
$email = $conn->escape_string($_POST["email"]);
$comment = $conn->escape_string($_POST["comment"]);
$sql = "INSERT INTO comments (name, email, comment, article) VALUES ('$name', '$email', '$comment', '$article')";
if ($conn->query($sql) === TRUE) {
header("Location: $ref");
} else {
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
} else {
echo "Failed to verify captcha.";
}