Add invisible ReCAPTCHA to login and password reset

2017-03-31 12:19:44 +02:00 · 2017-03-31 12:19:44 +02:00 · 142cbb0641
commit 142cbb0641
parent f2f834af49
8 changed files with 184 additions and 4 deletions
--- a/resources/lang/en/strings.php
+++ b/resources/lang/en/strings.php
@ -69,4 +69,5 @@ return [
    'owner' => 'Owner',
    'admin' => 'Admin',
    'subuser' => 'Subuser',
+    'captcha_invalid' => 'The provided captcha is invalid.',
 ];
--- a/resources/themes/pterodactyl/auth/login.blade.php
+++ b/resources/themes/pterodactyl/auth/login.blade.php
@ -45,7 +45,7 @@
        @endforeach
    @endforeach
    <p class="login-box-msg">@lang('auth.authentication_required')</p>
-    <form action="{{ route('auth.login') }}" method="POST">
+    <form id="loginForm" action="{{ route('auth.login') }}" method="POST">
        <div class="form-group has-feedback">
            <input name="user" class="form-control" value="{{ old('user') }}" placeholder="@lang('strings.user_identifier')">
            <span class="fa fa-envelope form-control-feedback"></span>
@ -62,10 +62,20 @@
            </div>
            <div class="col-xs-4">
                {!! csrf_field() !!}
-                <button type="submit" class="btn btn-primary btn-block btn-flat">@lang('auth.sign_in')</button>
+                <button type="submit" class="btn btn-primary btn-block btn-flat g-recaptcha" data-sitekey="{{ config('recaptcha.website_key') }}" data-callback='onSubmit'>@lang('auth.sign_in')</button>
            </div>
        </div>
    </form>
    <a href="{{ route('auth.password') }}">@lang('auth.forgot_password')</a><br>
 </div>
@endsection
+
+@section('scripts')
+    @parent
+    <script src="https://www.google.com/recaptcha/api.js" async defer></script>
+    <script>
+       function onSubmit(token) {
+         document.getElementById("loginForm").submit();
+       }
+     </script>
+@endsection
--- a/resources/themes/pterodactyl/auth/passwords/email.blade.php
+++ b/resources/themes/pterodactyl/auth/passwords/email.blade.php
@ -25,13 +25,24 @@

@section('content')
 <div class="login-box-body">
+    @if (count($errors) > 0)
+        <div class="callout callout-danger">
+            <button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">&times;</span></button>
+            @lang('auth.auth_error')<br><br>
+            <ul>
+                @foreach ($errors->all() as $error)
+                    <li>{{ $error }}</li>
+                @endforeach
+            </ul>
+        </div>
+    @endif
    @if (session('status'))
        <div class="callout callout-success">
            @lang('auth.email_sent')
        </div>
    @endif
    <p class="login-box-msg">@lang('auth.request_reset_text')</p>
-    <form action="{{ route('auth.password') }}" method="POST">
+    <form id="resetForm" action="{{ route('auth.password') }}" method="POST">
        <div class="form-group has-feedback">
            <input type="email" name="email" class="form-control" value="{{ old('email') }}" autofocus placeholder="@lang('strings.email')">
            <span class="fa fa-envelope form-control-feedback"></span>
@ -47,9 +58,19 @@
            </div>
            <div class="col-xs-8">
                {!! csrf_field() !!}
-                <button type="submit" class="btn btn-primary btn-block btn-flat">@lang('auth.request_reset')</button>
+                <button type="submit" class="btn btn-primary btn-block btn-flat g-recaptcha" data-sitekey="{{ config('recaptcha.website_key') }}" data-callback='onSubmit'>@lang('auth.request_reset')</button>
            </div>
        </div>
    </form>
 </div>
@endsection
+
+@section('scripts')
+    @parent
+    <script src="https://www.google.com/recaptcha/api.js" async defer></script>
+    <script>
+       function onSubmit(token) {
+         document.getElementById("resetForm").submit();
+       }
+     </script>
+@endsection