PHP ReCaptcha::verifyResponse方法代码示例

 public function logon()
 {
     require_once "../third_party/recaptchalib.php";
     // busca a biblioteca recaptcha
     $secret = "6LcgGhcTAAAAAHXSiMR1BT4pg183Ix6UEsoCBvgw";
     // sua chave secreta
     $response = null;
     // resposta vazia
     $reCaptcha = new ReCaptcha($secret);
     // verifique a chave secreta
     // se submetido, verifique a resposta
     if ($_POST["g-recaptcha-response"]) {
         $response = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], $_POST["g-recaptcha-response"]);
     }
     if ($response != null && $response->success) {
         $this->load->model('Usuarios_model');
         $user = $this->Usuarios_model->searchByUser($this->input->post("user"));
         if ($user) {
             $pass = $this->input->post("pass");
             if (md5($pass) != $user['pass']) {
                 $this->session->set_flashdata('danger', 'Senha incorreta!');
             } else {
                 $this->session->set_userdata('logged', $user);
             }
         } else {
             $this->session->set_flashdata('danger', 'Usuário não encontrado!');
         }
     }
     redirect("/");
 }

 /**
  * Validates a reCaptcha response from a user.
  *
  * @param   string   reCaptcha response
  * @return  boolean
  */
 public function valid($response)
 {
     if (empty($response)) {
         return FALSE;
     }
     require_once Kohana::find_file('vendor', 'recaptchalib');
     $reCaptcha = new ReCaptcha(Captcha::$config['privateKey']);
     $responseCaptcha = $reCaptcha->verifyResponse($this->get_real_user_ip(), $response);
     if ($responseCaptcha == null || false == $responseCaptcha->success) {
         return FALSE;
     }
     return TRUE;
 }

 /**
  * Check that the CAPTCHA was entered correctly. reCAPTCHA sets a long string in 'g-recaptcha-response'
  * when the CAPTCHA is completed; we check that with the reCAPTCHA API.
  */
 public function validate_post(&$error)
 {
     require_once $this->directory . 'recaptchalib.php';
     $recaptcha = new ReCaptcha(qa_opt('recaptcha_private_key'));
     $remoteIp = qa_remote_ip_address();
     $userResponse = qa_post_text('g-recaptcha-response');
     $recResponse = $recaptcha->verifyResponse($remoteIp, $userResponse);
     foreach ($recResponse->errorCodes as $code) {
         if (isset($this->errorCodeMessages[$code])) {
             $error .= $this->errorCodeMessages[$code] . "\n";
         }
     }
     return $recResponse->success;
 }

 public function index()
 {
     //Google reCaptcha
     //updated to Google noCaptcha 1/15
     require_once CORE_LIB_PATH . '/recaptcha/recaptchalib.php';
     $this->set('sitekey', RECAPTCHA_PUBLIC_KEY);
     $this->set('lang', 'en');
     if ($this->post->submit) {
         if (Auth::LoggedIn() == false) {
             # Make sure they entered an email address
             if (trim($this->post->name) == '' || trim($this->post->email) == '') {
                 $this->set('message', 'You must enter a name and email!');
                 $this->render('core_error.tpl');
                 return;
             }
         }
         //Google reCaptcha
         //updated to Google noCaptcha 1/15
         $resp = null;
         $reCaptcha = new ReCaptcha(RECAPTCHA_PRIVATE_KEY);
         // Was there a reCAPTCHA response?
         if ($_POST["g-recaptcha-response"]) {
             $resp = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], $_POST["g-recaptcha-response"]);
         }
         //check if reCaptcha response was valid
         if ($resp == null) {
             $this->set('captcha_error', 'reCaptcha Validation Error');
             $this->render('contact_form.tpl');
             return;
         }
         //end Google reCaptcha
         if ($this->post->subject == '' || trim($this->post->message) == '') {
             $this->set('message', 'You must enter a subject and message!');
             $this->render('core_error.tpl');
             return;
         }
         $subject = 'New message from ' . $this->post->name . ' - "' . $this->post->subject . '"';
         $message = DB::escape($this->post->message) . PHP_EOL . PHP_EOL;
         foreach ($_POST as $field => $value) {
             $message .= "-{$field} = {$value}" . PHP_EOL;
         }
         $message = nl2br($message);
         $message = utf8_encode($message);
         Util::SendEmail(ADMIN_EMAIL, $subject, $message);
         $this->render('contact_sent.tpl');
         return;
     }
     $this->render('contact_form.tpl');
 }

 public function check_captcha_validation($errors)
 {
     $options = WPPlugin::retrieve_options('recaptcha_options');
     if (empty($_POST['g-recaptcha-response']) || $_POST['g-recaptcha-response'] == '') {
         $errors->add('blank_captcha', $options['no_response_error']);
         return $errors;
     }
     $reCaptchaLib = new ReCaptcha($options['secret']);
     $response = $reCaptchaLib->verifyResponse($_SERVER['REMOTE_ADDR'], $_POST['g-recaptcha-response']);
     // response is bad, add incorrect response error
     if (!$response->success) {
         $errors->add('captcha_wrong', $response->error);
     }
     return $errors;
 }

 public static function verify()
 {
     $siteKey = "6LfLpgETAAAAALJh3IVzXccKgCXG-yTlNYaLTL26";
     $secret = "6LfLpgETAAAAAG7XXCVIbvqR1QClWiJ86D0bsnTs";
     // reCAPTCHA supported 40+ languages listed here: https://developers.google.com/recaptcha/docs/language
     $lang = "en";
     // The response from reCAPTCHA
     $resp = null;
     // The error code from reCAPTCHA, if any
     $error = null;
     $reCaptcha = new ReCaptcha($secret);
     // Was there a reCAPTCHA response?
     if ($_POST["g-recaptcha-response"]) {
         $resp = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], $_POST["g-recaptcha-response"]);
     }
 }

 /**
  * reCaptcha Validation
  *
  * @return void
  */
 function validate_re_captcha($no_captcha = '')
 {
     $private_key = wpuf_get_option('recaptcha_private', 'wpuf_general');
     if ($no_captcha == 1) {
         $response = null;
         $reCaptcha = new ReCaptcha($private_key);
         $resp = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], $_POST["g-recaptcha-response"]);
         if (!$resp->success) {
             $this->send_error(__('reCAPTCHA validation failed', 'wpuf'));
         }
     } elseif ($no_captcha == 0) {
         $recap_challenge = isset($_POST['recaptcha_challenge_field']) ? $_POST['recaptcha_challenge_field'] : '';
         $recap_response = isset($_POST['recaptcha_response_field']) ? $_POST['recaptcha_response_field'] : '';
         $resp = recaptcha_check_answer($private_key, $_SERVER["REMOTE_ADDR"], $recap_challenge, $recap_response);
         if (!$resp->is_valid) {
             $this->send_error(__('reCAPTCHA validation failed', 'wpuf'));
         }
     }
 }

 function captcha()
 {
     $par = JComponentHelper::getParams('com_djclassifieds');
     $app = JFactory::getApplication();
     $token = JRequest::getCMD('token', '');
     $token_link = $token ? '&token=' . $token : '';
     if ($par->get('captcha_type', 'recaptcha') == 'nocaptcha') {
         require_once JPATH_COMPONENT . DS . 'assets' . DS . 'nocaptchalib.php';
     } else {
         require_once JPATH_COMPONENT . DS . 'assets' . DS . 'recaptchalib.php';
     }
     $privatekey = $par->get('captcha_privatekey', "6LfzhgkAAAAAAOJNzAjPz3vXlX-Bw0l-sqDgipgs");
     $is_valid = false;
     if ($par->get('captcha_type', 'recaptcha') == 'nocaptcha') {
         $response = null;
         $reCaptcha = new ReCaptcha($privatekey);
         if ($_POST["g-recaptcha-response"]) {
             $response = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], $_POST["g-recaptcha-response"]);
             if ($response != null && $response->success) {
                 $is_valid = true;
             }
         }
     } else {
         $resp = recaptcha_check_answer($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]);
         $is_valid = $resp->is_valid;
     }
     if ($is_valid) {
         $session =& JFactory::getSession();
         $session->set('captcha_sta', '1');
         $message = '';
     } else {
         $message = JText::_("COM_DJCLASSIFIEDS_INVALID_CODE");
     }
     $menus = JSite::getMenu();
     $menu_newad_itemid = $menus->getItems('link', 'index.php?option=com_djclassifieds&view=additem', 1);
     $new_ad_link = 'index.php?option=com_djclassifieds&view=additem';
     if ($menu_newad_itemid) {
         $new_ad_link .= '&Itemid=' . $menu_newad_itemid->id;
     }
     $new_ad_link = JRoute::_($new_ad_link . $token_link);
     $app->redirect($new_ad_link, $message, 'error');
 }

     $catalog_url = $db->safesql(dle_substr(htmlspecialchars(strip_tags(stripslashes(trim($title))), ENT_QUOTES, $config['charset']), 0, 1, $config['charset']));
 } else {
     $catalog_url = "";
 }
 if ($user_group[$member_id['user_group']]['disable_news_captcha'] and $member_id['news_num'] >= $user_group[$member_id['user_group']]['disable_news_captcha']) {
     $user_group[$member_id['user_group']]['news_question'] = false;
     $user_group[$member_id['user_group']]['news_sec_code'] = false;
 }
 if ($user_group[$member_id['user_group']]['news_sec_code']) {
     if ($config['allow_recaptcha']) {
         require_once ENGINE_DIR . '/classes/recaptcha.php';
         $sec_code = 1;
         $sec_code_session = false;
         if ($_POST['g-recaptcha-response']) {
             $reCaptcha = new ReCaptcha($config['recaptcha_private_key']);
             $resp = $reCaptcha->verifyResponse(get_ip(), $_POST['g-recaptcha-response']);
             if ($resp === null or !$resp->success) {
                 $stop .= "<li>" . $lang['news_err_30'] . "</li>";
             }
         } else {
             $stop .= "<li>" . $lang['news_err_30'] . "</li>";
         }
     } elseif ($_REQUEST['sec_code'] != $_SESSION['sec_code_session'] or !$_SESSION['sec_code_session']) {
         $stop .= "<li>" . $lang['news_err_30'] . "</li>";
     }
 }
 if ($user_group[$member_id['user_group']]['news_question']) {
     if (intval($_SESSION['question'])) {
         $answer = $db->super_query("SELECT id, answer FROM " . PREFIX . "_question WHERE id='" . intval($_SESSION['question']) . "'");
         $answers = explode("\n", $answer['answer']);
         $pass_answer = false;

 /**
  * Gets advanced authentication settings
  *
  * this function DOES NOT check authentication - it just checks/provides
  * authentication credentials required to connect to the MySQL server
  * usually with $GLOBALS['dbi']->connect()
  *
  * it returns false if something is missing - which usually leads to
  * auth() which displays login form
  *
  * it returns true if all seems ok which usually leads to auth_set_user()
  *
  * it directly switches to authFails() if user inactivity timeout is reached
  *
  * @return boolean   whether we get authentication settings or not
  */
 public function authCheck()
 {
     global $conn_error;
     // Initialization
     /**
      * @global $GLOBALS['pma_auth_server'] the user provided server to
      * connect to
      */
     $GLOBALS['pma_auth_server'] = '';
     $GLOBALS['PHP_AUTH_USER'] = $GLOBALS['PHP_AUTH_PW'] = '';
     $GLOBALS['from_cookie'] = false;
     // BEGIN Swekey Integration
     if (!Swekey_Auth_check()) {
         return false;
     }
     // END Swekey Integration
     if (defined('PMA_CLEAR_COOKIES')) {
         foreach ($GLOBALS['cfg']['Servers'] as $key => $val) {
             $GLOBALS['PMA_Config']->removeCookie('pmaPass-' . $key);
             $GLOBALS['PMA_Config']->removeCookie('pmaServer-' . $key);
             $GLOBALS['PMA_Config']->removeCookie('pmaUser-' . $key);
         }
         return false;
     }
     if (!empty($_REQUEST['old_usr'])) {
         // The user wants to be logged out
         // -> delete his choices that were stored in session
         // according to the PHP manual we should do this before the destroy:
         //$_SESSION = array();
         if (!defined('TESTSUITE')) {
             session_destroy();
             // $_SESSION array is not immediately emptied
             $_SESSION['last_valid_captcha'] = false;
         }
         // -> delete password cookie(s)
         if ($GLOBALS['cfg']['LoginCookieDeleteAll']) {
             foreach ($GLOBALS['cfg']['Servers'] as $key => $val) {
                 $GLOBALS['PMA_Config']->removeCookie('pmaPass-' . $key);
                 if (isset($_COOKIE['pmaPass-' . $key])) {
                     unset($_COOKIE['pmaPass-' . $key]);
                 }
             }
         } else {
             $GLOBALS['PMA_Config']->removeCookie('pmaPass-' . $GLOBALS['server']);
             if (isset($_COOKIE['pmaPass-' . $GLOBALS['server']])) {
                 unset($_COOKIE['pmaPass-' . $GLOBALS['server']]);
             }
         }
     }
     if (!empty($_REQUEST['pma_username'])) {
         // We already have one correct captcha.
         $skip = false;
         if (isset($_SESSION['last_valid_captcha']) && $_SESSION['last_valid_captcha']) {
             $skip = true;
         }
         // Verify Captcha if it is required.
         if (!empty($GLOBALS['cfg']['CaptchaLoginPrivateKey']) && !empty($GLOBALS['cfg']['CaptchaLoginPublicKey']) && !$skip) {
             if (!empty($_POST["g-recaptcha-response"])) {
                 include_once 'libraries/plugins/auth/recaptcha/recaptchalib.php';
                 $reCaptcha = new ReCaptcha($GLOBALS['cfg']['CaptchaLoginPrivateKey']);
                 // verify captcha status.
                 $resp = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], $_POST["g-recaptcha-response"]);
                 // Check if the captcha entered is valid, if not stop the login.
                 if ($resp == null || !$resp->success) {
                     $conn_error = __('Entered captcha is wrong, try again!');
                     $_SESSION['last_valid_captcha'] = false;
                     return false;
                 } else {
                     $_SESSION['last_valid_captcha'] = true;
                 }
             } else {
                 if (!isset($_SESSION['last_valid_captcha']) || !$_SESSION['last_valid_captcha']) {
                     $conn_error = __('Please enter correct captcha!');
                     return false;
                 }
             }
         }
         // The user just logged in
         $GLOBALS['PHP_AUTH_USER'] = $_REQUEST['pma_username'];
         $GLOBALS['PHP_AUTH_PW'] = empty($_REQUEST['pma_password']) ? '' : $_REQUEST['pma_password'];
         if ($GLOBALS['cfg']['AllowArbitraryServer'] && isset($_REQUEST['pma_servername'])) {
             if ($GLOBALS['cfg']['ArbitraryServerRegexp']) {
                 $parts = explode(' ', $_REQUEST['pma_servername']);
                 if (count($parts) == 2) {
//.........这里部分代码省略.........

 // Using ReCaptcha?
 if ($hesk_settings['recaptcha_use'] == 1) {
     require_once HESK_PATH . 'inc/recaptcha/recaptchalib.php';
     $resp = recaptcha_check_answer($hesk_settings['recaptcha_private_key'], $_SERVER['REMOTE_ADDR'], hesk_POST('recaptcha_challenge_field', ''), hesk_POST('recaptcha_response_field', ''));
     if ($resp->is_valid) {
         //$_SESSION['img_a_verified']=true;
     } else {
         $hesk_error_buffer['mysecnum'] = $hesklang['recaptcha_error'];
     }
 } elseif ($hesk_settings['recaptcha_use'] == 2) {
     require HESK_PATH . 'inc/recaptcha/recaptchalib_v2.php';
     $resp = null;
     $reCaptcha = new ReCaptcha($hesk_settings['recaptcha_private_key']);
     // Was there a reCAPTCHA response?
     if (isset($_POST["g-recaptcha-response"])) {
         $resp = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], hesk_POST("g-recaptcha-response"));
     }
     if ($resp != null && $resp->success) {
         //$_SESSION['img_a_verified']=true;
     } else {
         $hesk_error_buffer['mysecnum'] = $hesklang['recaptcha_error'];
     }
 } else {
     $mysecnum = intval(hesk_POST('mysecnum', 0));
     if (empty($mysecnum)) {
         $hesk_error_buffer['mysecnum'] = $hesklang['sec_miss'];
     } else {
         require HESK_PATH . 'inc/secimg.inc.php';
         $sc = new PJ_SecurityImage($hesk_settings['secimg_sum']);
         if (isset($_SESSION['checksum']) && $sc->checkCode($mysecnum, $_SESSION['checksum'])) {
             //$_SESSION['img_a_verified'] = true;

 /**
  * Validate the post submit data
  *
  * @global type $userdata
  * @param type $post_type
  */
 function submit_post()
 {
     //I moved the initialization of the errors array here so it can catch any captcha problems
     $errors = array();
     $enabled_captcha = auiu_get_option('enable_recaptcha', 'auiu_others', 'no');
     if ($enabled_captcha == 'yes') {
         require_once 'lib/recaptchalib.php';
         $response = null;
         $privatekey = auiu_get_option('captcha_private_key', 'auiu_others');
         // check secret key
         $reCaptcha = new ReCaptcha($privatekey);
         if ($_POST["g-recaptcha-response"]) {
             $response = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], $_POST["g-recaptcha-response"]);
         }
         if ($response == null || !$response->success) {
             $errors[] = __('You did not check the CAPTCHA. Please try again.', 'auiu');
         }
     }
     global $userdata;
     //if there is some attachement, validate them
     if (!empty($_FILES['auiu_post_attachments'])) {
         $errors = auiu_check_upload();
     }
     $title = trim($_POST['auiu_post_title']);
     $content = trim($_POST['auiu_post_content']);
     $tags = '';
     if (isset($_POST['auiu_post_tags'])) {
         $tags = auiu_clean_tags($_POST['auiu_post_tags']);
     }
     //validate title
     if (empty($title)) {
         $errors[] = __('Empty post title', 'auiu');
     } else {
         $title = trim(strip_tags($title));
     }
     //validate cat
     if (auiu_get_option('allow_cats', 'auiu_frontend_posting', 'on') == 'on') {
         $cat_type = auiu_get_option('cat_type', 'auiu_frontend_posting', 'normal');
         if (!isset($_POST['category'])) {
             $errors[] = __('Please choose a category', 'auiu');
         } else {
             if ($cat_type == 'normal' && $_POST['category'][0] == '-1') {
                 $errors[] = __('Please choose a category', 'auiu');
             } else {
                 if (count($_POST['category']) < 1) {
                     $errors[] = __('Please choose a category', 'auiu');
                 }
             }
         }
     }
     //validate post content
     if (empty($content)) {
         $errors[] = __('Empty post content', 'auiu');
     } else {
         $content = trim($content);
     }
     //process tags
     if (!empty($tags)) {
         $tags = explode(',', $tags);
     }
     //post attachment
     $attach_id = isset($_POST['auiu_featured_img']) ? intval($_POST['auiu_featured_img']) : 0;
     //post type
     $post_type = trim(strip_tags($_POST['auiu_post_type']));
     //process the custom fields
     $custom_fields = array();
     $fields = auiu_get_custom_fields();
     if (is_array($fields)) {
         foreach ($fields as $cf) {
             if (array_key_exists($cf['field'], $_POST)) {
                 if (is_array($_POST[$cf['field']])) {
                     $temp = implode(',', $_POST[$cf['field']]);
                 } else {
                     $temp = trim(strip_tags($_POST[$cf['field']]));
                 }
                 //var_dump($temp, $cf);
                 if ($cf['type'] == 'yes' && !$temp) {
                     $errors[] = sprintf(__('"%s" is missing', 'auiu'), $cf['label']);
                 } else {
                     $custom_fields[$cf['field']] = $temp;
                 }
             }
             //array_key_exists
         }
         //foreach
     }
     //is_array
     $errors = apply_filters('auiu_add_post_validation', $errors);
     //if not any errors, proceed
     if ($errors) {
         echo auiu_error_msg($errors);
         return;
     }
     $post_stat = auiu_get_option('post_status', 'auiu_frontend_posting');
//.........这里部分代码省略.........

 function save()
 {
     $configs = $this->_model->getConfigs();
     $configs->show = explode(";", $configs->show);
     if (isset($configs->show) && in_array('captcha', $configs->show)) {
         $g_recaptcha_response = JRequest::getVar("g-recaptcha-response", "");
         $plugin = JPluginHelper::getPlugin('captcha', 'recaptcha');
         $params = new JRegistry($plugin->params);
         $secret_key = $params->get('private_key', '');
         $ip = $this->iJoomlaGetRealIpAddr();
         include_once JPATH_SITE . DS . "components" . DS . "com_adagency" . DS . "helpers" . DS . "recaptchalib.php";
         $reCaptcha = new ReCaptcha($secret_key);
         $response = $reCaptcha->verifyResponse($ip, $g_recaptcha_response);
         if ($response != null && $response->success) {
             // is not a spam
         } else {
             $data = JRequest::get('post');
             $_SESSION['ad_company'] = $data['company'];
             $_SESSION['ad_description'] = $data['description'];
             $_SESSION['ad_approved'] = $data['approved'];
             $_SESSION['ad_enabled'] = $data['enabled'];
             $_SESSION['ad_username'] = $data['username'];
             $_SESSION['ad_email'] = $data['email'];
             $_SESSION['ad_name'] = $data['name'];
             $_SESSION['ad_website'] = $data['website'];
             $_SESSION['ad_address'] = $data['address'];
             $_SESSION['ad_country'] = $data['country'];
             $_SESSION['ad_state'] = $data['state'];
             $_SESSION['ad_city'] = $data['city'];
             $_SESSION['ad_zip'] = $data['zip'];
             $_SESSION['ad_telephone'] = $data['telephone'];
             $Itemid = JRequest::getVar("Itemid", "0");
             $app = JFactory::getApplication();
             $link = JRoute::_('index.php?option=com_adagency&controller=adagencyAdvertisers&task=edit&cid[]=0&Itemid=' . intval($Itemid));
             $msg = JText::_("ADAG_DSC_CAPTCHA");
             $app->redirect($link, $msg);
             return false;
         }
     }
     $db = JFactory::getDBO();
     $data = JRequest::get('post');
     $item_id = JRequest::getInt('Itemid', '0');
     $Itemid = "";
     if ($item_id != 0) {
         $Itemid = "&Itemid=" . intval($item_id);
     }
     $error = "";
     $the_aid = JRequest::getVar("aid");
     if ($this->_model->store($error)) {
         $msg = JText::_('ADVSAVED');
     } else {
         $msg = JText::_('ADVSAVEFAILED');
         $msg .= $error;
     }
     // if user updated his profile -> ... , else if he just registered
     if ($the_aid != 0) {
         $msg = JText::_('ADAG_PROFILE_SUCC_UPDATE');
     }
     //$link = "index.php?option=com_adagency&controller=adagencyCPanel".$Itemid;
     $link = JRoute::_("index.php?option=com_adagency" . $Itemid, false);
     $msg2 = JRequest::getVar("msgafterreg");
     if (isset($msg2) && $msg2 != '') {
         $msg = $msg2;
     }
     if ($the_aid == 0) {
         $sql = "SELECT `show` FROM `#__ad_agency_settings` WHERE `show` LIKE '%wizzard%' LIMIT 1";
         $db->setQuery($sql);
         $isWizzard = $db->loadResult();
         $usr = $this->_model->getLastAdvertiser();
         if (isset($usr->approved) && $usr->approved == 'Y') {
             $msg = JText::_('ADVSAVED2');
         } else {
             if ($isWizzard) {
                 $sql = 'SELECT u.block,a.approved FROM `#__users` AS u, `#__ad_agency_advertis` AS a WHERE u.username = "' . addslashes(trim($data['username'])) . '" AND u.id = a.user_id';
                 $db->setQuery($sql);
                 $result = $db->loadObject();
                 if ($result->block == '0' && $result->approved == 'Y') {
                     $this->login($data['username'], $data['password'], NULL, 1);
                     $link = JRoute::_("index.php?option=com_adagency&controller=adagencyAds&task=addbanners" . $Itemid, false);
                     $msg = NULL;
                 }
             } elseif (!$isWizzard) {
                 $_SESSION["register_but_not_wizzard"] = "ok";
             }
         }
     }
     $this->setRedirect($link, $msg);
 }

function do_login()
{
    global $hesk_settings, $hesklang;
    $hesk_error_buffer = array();
    $user = hesk_input(hesk_POST('user'));
    if (empty($user)) {
        $myerror = $hesk_settings['list_users'] ? $hesklang['select_username'] : $hesklang['enter_username'];
        $hesk_error_buffer['user'] = $myerror;
    }
    define('HESK_USER', $user);
    $pass = hesk_input(hesk_POST('pass'));
    if (empty($pass)) {
        $hesk_error_buffer['pass'] = $hesklang['enter_pass'];
    }
    if ($hesk_settings['secimg_use'] == 2 && !isset($_SESSION['img_a_verified'])) {
        // Using ReCaptcha?
        if ($hesk_settings['recaptcha_use'] == 1) {
            require_once HESK_PATH . 'inc/recaptcha/recaptchalib.php';
            $resp = recaptcha_check_answer($hesk_settings['recaptcha_private_key'], $_SERVER['REMOTE_ADDR'], hesk_POST('recaptcha_challenge_field', ''), hesk_POST('recaptcha_response_field', ''));
            if ($resp->is_valid) {
                $_SESSION['img_a_verified'] = true;
            } else {
                $hesk_error_buffer['mysecnum'] = $hesklang['recaptcha_error'];
            }
        } elseif ($hesk_settings['recaptcha_use'] == 2) {
            require HESK_PATH . 'inc/recaptcha/recaptchalib_v2.php';
            $resp = null;
            $reCaptcha = new ReCaptcha($hesk_settings['recaptcha_private_key']);
            // Was there a reCAPTCHA response?
            if (isset($_POST["g-recaptcha-response"])) {
                $resp = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], hesk_POST("g-recaptcha-response"));
            }
            if ($resp != null && $resp->success) {
                $_SESSION['img_a_verified'] = true;
            } else {
                $hesk_error_buffer['mysecnum'] = $hesklang['recaptcha_error'];
            }
        } else {
            $mysecnum = intval(hesk_POST('mysecnum', 0));
            if (empty($mysecnum)) {
                $hesk_error_buffer['mysecnum'] = $hesklang['sec_miss'];
            } else {
                require HESK_PATH . 'inc/secimg.inc.php';
                $sc = new PJ_SecurityImage($hesk_settings['secimg_sum']);
                if (isset($_SESSION['checksum']) && $sc->checkCode($mysecnum, $_SESSION['checksum'])) {
                    $_SESSION['img_a_verified'] = true;
                } else {
                    $hesk_error_buffer['mysecnum'] = $hesklang['sec_wrng'];
                }
            }
        }
    }
    /* Any missing fields? */
    if (count($hesk_error_buffer) != 0) {
        $_SESSION['a_iserror'] = array_keys($hesk_error_buffer);
        $tmp = '';
        foreach ($hesk_error_buffer as $error) {
            $tmp .= "<li>{$error}</li>\n";
        }
        $hesk_error_buffer = $tmp;
        $hesk_error_buffer = $hesklang['pcer'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
        hesk_process_messages($hesk_error_buffer, 'NOREDIRECT');
        print_login();
        exit;
    } elseif (isset($_SESSION['img_a_verified'])) {
        unset($_SESSION['img_a_verified']);
    }
    /* User entered all required info, now lets limit brute force attempts */
    hesk_limitBfAttempts();
    $result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `user` = '" . hesk_dbEscape($user) . "' LIMIT 1");
    if (hesk_dbNumRows($result) != 1) {
        hesk_session_stop();
        $_SESSION['a_iserror'] = array('user', 'pass');
        hesk_process_messages($hesklang['wrong_user'], 'NOREDIRECT');
        print_login();
        exit;
    }
    $res = hesk_dbFetchAssoc($result);
    foreach ($res as $k => $v) {
        $_SESSION[$k] = $v;
    }
    /* Check password */
    if (hesk_Pass2Hash($pass) != $_SESSION['pass']) {
        hesk_session_stop();
        $_SESSION['a_iserror'] = array('pass');
        hesk_process_messages($hesklang['wrong_pass'], 'NOREDIRECT');
        print_login();
        exit;
    }
    $pass_enc = hesk_Pass2Hash($_SESSION['pass'] . strtolower($user) . $_SESSION['pass']);
    /* Check if default password */
    if ($_SESSION['pass'] == '499d74967b28a841c98bb4baaabaad699ff3c079') {
        hesk_process_messages($hesklang['chdp'], 'NOREDIRECT', 'NOTICE');
    }
    // Set a tag that will be used to expire sessions after username or password change
    $_SESSION['session_verify'] = hesk_activeSessionCreateTag($user, $_SESSION['pass']);
    // We don't need the password hash anymore
    unset($_SESSION['pass']);
    /* Login successful, clean brute force attempts */
    hesk_cleanBfAttempts();
//.........这里部分代码省略.........

         $form_field .= ' placeholder="' . html_specialchars($cnt_form["fields"][$key]['placeholder']) . '"';
     }
     if ($cnt_form["fields"][$key]['required']) {
         $form_field .= ' required="required"';
     }
     $form_field .= ' />';
     break;
 case 'recaptcha':
     /*
      * reCAPTCHA
      */
     require_once PHPWCMS_ROOT . '/include/inc_ext/recaptchalib.php';
     $cnt_form['recaptcha'] = array('site_key' => empty($cnt_form["fields"][$key]['value']['site_key']) ? get_user_rc('pu') : $cnt_form["fields"][$key]['value']['site_key'], 'secret_key' => empty($cnt_form["fields"][$key]['value']['secret_key']) ? get_user_rc('pr') : $cnt_form["fields"][$key]['value']['secret_key'], 'lang' => empty($cnt_form["fields"][$key]['value']['lang']) ? $phpwcms['default_lang'] : $cnt_form["fields"][$key]['value']['lang'], 'theme' => empty($cnt_form["fields"][$key]['value']['theme']) ? 'light' : $cnt_form["fields"][$key]['value']['theme'], 'type' => empty($cnt_form["fields"][$key]['value']['type']) ? 'image' : $cnt_form["fields"][$key]['value']['type'], 'error' => NULL);
     $reCaptcha = new ReCaptcha($cnt_form['recaptcha']['secret_key']);
     if ($POST_DO && isset($_POST['g-recaptcha-response'])) {
         $cnt_form['recaptcha']['response'] = $reCaptcha->verifyResponse(getRemoteIP(), $_POST['g-recaptcha-response']);
         if (empty($cnt_form['recaptcha']['response']->success)) {
             if (is_array($cnt_form['recaptcha']['response']->errorCodes) && count($cnt_form['recaptcha']['response']->errorCodes)) {
                 $cnt_form['recaptcha']['error'] = '@@recaptcha-error:' . current($cnt_form['recaptcha']['response']->errorCodes) . '@@';
             } else {
                 $cnt_form['recaptcha']['error'] = 'reCaptcha @@failed@@';
             }
             $POST_ERR[$key] = empty($cnt_form["fields"][$key]['error']) ? $cnt_form['recaptcha']['error'] : $cnt_form["fields"][$key]['error'];
             $cnt_form["fields"][$key]['class'] = getFieldErrorClass($value['class'], $cnt_form["error_class"]);
         }
     }
     //
     $form_field = '<div class="g-recaptcha"';
     $form_field .= ' data-sitekey="' . $cnt_form['recaptcha']['site_key'] . '"';
     $form_field .= ' data-theme="' . $cnt_form['recaptcha']['theme'] . '"';
     $form_field .= ' data-type="' . $cnt_form['recaptcha']['type'] . '"';