Instructions

Add-on Details

The reCAPTCHA v3 add-on can help prevent bots and unwanted guests from registering. Refer to the reCAPTCHA v3 documentation on how to register keys, which will be required to use this add-on.

Note: The PHP cURL extension is required for this add-on to work.

How To Add

Edit the "config.php" file and add the following constants:

/* reCAPTCHA v3 */
// Your reCAPTCHA v3 site key.
define('recaptcha_site_key','YOUR_SITE_KEY');
// Your reCAPTCHA v3 secret key.
define('recaptcha_secret_key','YOUR_SECRET_KEY');

Edit the "register.php" file and find this line:

</head>

Add above:

<script src="https://www.google.com/recaptcha/api.js?render=<?=recaptcha_site_key?>"></script>

Find:

const registrationForm = document.querySelector('.register-form');
registrationForm.onsubmit = event => {
	event.preventDefault();
	fetch(registrationForm.action, { method: 'POST', body: new FormData(registrationForm), cache: 'no-store' }).then(response => response.text()).then(result => {
		if (result.toLowerCase().includes('success:')) {
			registrationForm.querySelector('.msg').classList.remove('error','success');
			registrationForm.querySelector('.msg').classList.add('success');
			registrationForm.querySelector('.msg').innerHTML = result.replace('Success: ', '');
		} else if (result.toLowerCase().includes('redirect')) {
			window.location.href = 'home.php';
		} else {
			registrationForm.querySelector('.msg').classList.remove('error','success');
			registrationForm.querySelector('.msg').classList.add('error');
			registrationForm.querySelector('.msg').innerHTML = result.replace('Error: ', '');
		}
	});
};

Replace with:

const registrationForm = document.querySelector('.register-form');
registrationForm.onsubmit = event => {
	event.preventDefault();
	grecaptcha.ready(() => {
		grecaptcha.execute('<?=recaptcha_site_key?>', {action: 'submit'}).then(token => {
			let formData = new FormData(registrationForm);
			formData.append('gtoken', token);
			fetch(registrationForm.action, { method: 'POST', body: formData, cache: 'no-store' }).then(response => response.text()).then(result => {
				if (result.toLowerCase().includes('success:')) {
					registrationForm.querySelector('.msg').classList.remove('error','success');
					registrationForm.querySelector('.msg').classList.add('success');
					registrationForm.querySelector('.msg').innerHTML = result.replace('Success: ', '');
				} else if (result.toLowerCase().includes('redirect')) {
					window.location.href = 'home.php';
				} else {
					registrationForm.querySelector('.msg').classList.remove('error','success');
					registrationForm.querySelector('.msg').classList.add('error');
					registrationForm.querySelector('.msg').innerHTML = result.replace('Error: ', '');
				}
			});  
		});
	});
};

Edit the "register-process.php" file and find the following:

if ($_POST['cpassword'] != $_POST['password']) {
	exit('Error: Passwords do not match!');
}

Add below:

// Validate captcha
if (!isset($_POST['gtoken'])) {
	exit('Error: Captcha verification failed! Please try again!');
}
if (empty($_POST['gtoken'])) {
	exit('Error: Captcha verification failed! Please try again!');
}
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://www.google.com/recaptcha/api/siteverify');
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, [
	'secret' => recaptcha_secret_key,
	'response' => $_POST['gtoken']
]);
$response = curl_exec($ch);
curl_close($ch);
$result = json_decode($response, true);
if (!$result['success'] || $result['score'] < 0.5) {
	exit('Error: Captcha verification failed! Please try again!');
}

That's all you need to do. Make sure to update the keys in the config file. If it doesn't work, make sure you have the PHP cURL extension enabled.