Instructions
Add-on Details
The reCAPTCHA v3 add-on can help prevent bots and unwanted guests from registering. Refer to the reCAPTCHA v3 documentation on how to register keys, which will be required to use this add-on.
Note: The PHP cURL extension is required for this add-on to work.
How To Add
Edit the "config.php" file and add the following constants:
/* reCAPTCHA v3 */
// Your reCAPTCHA v3 site key.
define('recaptcha_site_key','YOUR_SITE_KEY');
// Your reCAPTCHA v3 secret key.
define('recaptcha_secret_key','YOUR_SECRET_KEY');
Edit the "register.php" file and find this line:
</head>
Add above:
<script src="https://www.google.com/recaptcha/api.js?render=<?=recaptcha_site_key?>"></script>
Find:
const registrationForm = document.querySelector('.register-form');
registrationForm.onsubmit = event => {
event.preventDefault();
fetch(registrationForm.action, { method: 'POST', body: new FormData(registrationForm), cache: 'no-store' }).then(response => response.text()).then(result => {
if (result.toLowerCase().includes('success:')) {
registrationForm.querySelector('.msg').classList.remove('error','success');
registrationForm.querySelector('.msg').classList.add('success');
registrationForm.querySelector('.msg').innerHTML = result.replace('Success: ', '');
} else if (result.toLowerCase().includes('redirect')) {
window.location.href = 'home.php';
} else {
registrationForm.querySelector('.msg').classList.remove('error','success');
registrationForm.querySelector('.msg').classList.add('error');
registrationForm.querySelector('.msg').innerHTML = result.replace('Error: ', '');
}
});
};
Replace with:
const registrationForm = document.querySelector('.register-form');
registrationForm.onsubmit = event => {
event.preventDefault();
grecaptcha.ready(() => {
grecaptcha.execute('<?=recaptcha_site_key?>', {action: 'submit'}).then(token => {
let formData = new FormData(registrationForm);
formData.append('gtoken', token);
fetch(registrationForm.action, { method: 'POST', body: formData, cache: 'no-store' }).then(response => response.text()).then(result => {
if (result.toLowerCase().includes('success:')) {
registrationForm.querySelector('.msg').classList.remove('error','success');
registrationForm.querySelector('.msg').classList.add('success');
registrationForm.querySelector('.msg').innerHTML = result.replace('Success: ', '');
} else if (result.toLowerCase().includes('redirect')) {
window.location.href = 'home.php';
} else {
registrationForm.querySelector('.msg').classList.remove('error','success');
registrationForm.querySelector('.msg').classList.add('error');
registrationForm.querySelector('.msg').innerHTML = result.replace('Error: ', '');
}
});
});
});
};
Edit the "register-process.php" file and find the following:
if ($_POST['cpassword'] != $_POST['password']) {
exit('Error: Passwords do not match!');
}
Add below:
// Validate captcha
if (!isset($_POST['gtoken'])) {
exit('Error: Captcha verification failed! Please try again!');
}
if (empty($_POST['gtoken'])) {
exit('Error: Captcha verification failed! Please try again!');
}
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://www.google.com/recaptcha/api/siteverify');
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, [
'secret' => recaptcha_secret_key,
'response' => $_POST['gtoken']
]);
$response = curl_exec($ch);
curl_close($ch);
$result = json_decode($response, true);
if (!$result['success'] || $result['score'] < 0.5) {
exit('Error: Captcha verification failed! Please try again!');
}
That's all you need to do. Make sure to update the keys in the config file. If it doesn't work, make sure you have the PHP cURL extension enabled.