[Add-on] MapleBit using Google ReCAPTCHA v2

[vZero]

Hey, this is just an add-on to the MapleBit register script that will allow it to use the Google ReCAPTCHA instead of the old (ugly) one.

Step 1 : Getting Keys
Just go to https://www.google.com/recaptcha/admin and fill out the form. Once it's finished you will receive a page that shows you 2 KEYS. You will need both the public and secret key in-order for this to work properly. Just copy both of them on a notepad file for now, until we get to the last step!


Step 2 : Adding in Google's Api.js

Spoiler:

First find this line of code in "sources/structure/header.php"

Code:

<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.4/jquery.min.js"></script>

Next paste this below.

Code:

<script src='https://www.google.com/recaptcha/api.js'></script>

Step 3 : Replacing register script

Spoiler:

Navigate to /sources/public/register.php and replace the entire file with this code.

Code:

<?php if(basename($_SERVER["PHP_SELF"]) == "register.php"){
    die("403 - Access Forbidden");
}
if(isset($_SESSION['id'])){
    echo "<meta http-equiv=refresh content="0; url=?base=ucp">";
}
else{
echo "<h2 class="text-left">Registration</h2><hr/>";
if (@$_POST["register"] != "1") {
?>
    <form action="?base=main&page=register" method="POST" role="form">
    <div class="form-group">
        <label for="inputUser">Username</label>
        <input type="text" name="musername" maxlength="12" class="form-control" id="inputUser" required autocomplete="off" placeholder="Username">
    </div>
    <div class="form-group">
        <label for="inputPass">Password</label>
        <input type="password" name="mpass" maxlength="30" class="form-control" id="inputPass" required autocomplete="off" placeholder="Password">
    </div>
    <div class="form-group">
        <label for="inputConfirm">Confirm Password</label>
        <input type="password" name="mpwcheck" maxlength="30" class="form-control" id="inputConfirm" required autocomplete="off" placeholder="Confirm Password">
    </div>
    <div class="form-group">
        <label for="inputEmail">Email</label>
        <input type="email" name="memail" maxlength="50" class="form-control" id="inputEmail" required autocomplete="off" placeholder="Email">
    </div>
    <b>reCaptcha</b>
    <div class="g-recaptcha" data-sitekey="YOUR SITE KEY HERE"></div>
    <br/>
        <input type="submit" class="btn btn-primary" name="submit" alt="Register" value="Register &raquo;"/> 
        <input type="hidden" name="register" value="1" />
    </form>
    <br/>
<?php
} else {    
    $getusername = $mysqli->real_escape_string($_POST["musername"]); # Get Username
    $username = preg_replace("/[^A-Za-z0-9 ]/", '', $getusername); # Escape and Strip
    $password = $_POST["mpass"]; # Get Password
    $confirm_password =$_POST["mpwcheck"]; # Get Confirm Password
    $email = $mysqli->real_escape_string($_POST["memail"]);
    $captcha = $mysqli->real_escape_string($_POST["g-recaptcha-response"]);
    $birth = "1990-01-01";
    $ip = getRealIpAddr();
    
    $secretkey = "YOUR PRIVATE SITE KEY HERE";
    
    if(empty($captcha)){
        echo ("<div class="content"><div class="contentbg registerbg"></div><div class="body_register"><div class="alert alert-danger"><b>Error:</b> Please fill in the correct ReCAPTCHA code!<br/><a href="?base=main&page=register" class="areg">&laquo; Go Back</a></div></div></div>");
    } else {
        $select_user_result = $mysqli->query("SELECT id FROM accounts WHERE name='".$username."' OR email='".$email."' LIMIT 1");
        $returned = $select_user_result->num_rows;    
        if ($returned > 0) {
            echo ("<div class="alert alert-danger"><b>Error:</b> This username or email is already used!<br/><a href="?base=main&page=register">&laquo; Go Back</a>");
        } else if ($password != $confirm_password) {
            echo ("<div class="alert alert-danger">Passwords didn't match!<br/><a href="?base=main&page=register">&laquo; Go Back</a></div></div></div>");
        } else if (strlen($password) < 4 || strlen($password) > 12) {
            echo ("<div class="alert alert-danger">Your password must be between 4-12 characters<br/><a href="?base=main&page=register">&laquo; Go Back</a>");
        } else if (strlen($username) < 4 || strlen($username) > 12) {
            echo ("<div class="alert alert-danger">Your username must be between 4-12 characters<br/><a href="?base=main&page=register">&laquo; Go Back</a>");
        } else if (!strstr($email, '@')) {
            echo ("<div class="alert alert-danger">You have filled in a wrong email address<br/><a href="?base=main&page=register">&laquo; Go Back</a>");
        } else {
            $response=file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=".$secretkey."&response=".$captcha."&remoteip=".$_SERVER['REMOTE_ADDR']);
            if($response.success==true) 
            {    
            //All data is ok
            $password = sha1($password);
            $insert_user_query = "INSERT INTO accounts (`name`, `password`, `ip`, `email`, `birthday`) VALUES ('".$username."', '".$password."', '".$ip."', '".$email."', '".$birth."')";
            $mysqli->query($insert_user_query);
            echo"
                <div class="alert alert-success"><b>Success!</b> Please login, and head to the downloads page to get started!</div>
            ";
            }
            }
        }
    }
}
?>

Step 4 : Changing Public/Secret Keys Now that we have replaced the script, we are ready to change the ReCAPTCHA keys (both public and secret) that we created in Step 1.


First navigate to line 30 within the script and place your PUBLIC key where it says "YOUR SITE KEY HERE"


Now go to line 40 and edit where it says "YOUR SECRET SITE KEY" with your SECRET key.



Just save and refresh the register page, and it should work flawlessly!


Credits : greenelfx (for MapleBit)

[MentaL_BOT]

[Snopboy]

Nice, thanks for posting!
Though I can't understand why replace the entire registration script instead of just modify the script and add the api request, it will mess things up for people who have modifications in their registration script (i.e. adding other data fields, etc).

[vZero]

Nice, thanks for posting!
Though I can't understand why replace the entire registration script instead of just modify the script and add the api request, it will mess things up for people who have modifications in their registration script (i.e. adding other data fields, etc).

Edit : I'm going to leave it like that just so people don't get confused and start posted stupid help questions. If it's really needed, I will add it but it shouldn't be hard to understand.

[iAkira]

PHP Code:

}
            else{
                // ReCAPTCHA Failed
            } 


You should add something in here or else remove this snippet of the coding.

[vZero]

PHP Code:

}
            else{
                // ReCAPTCHA Failed
            } 


You should add something in here or else remove this snippet of the coding.

Fixed

[iwtLive]

For anyone who has an error with line 70

PHP Code:

if($response.success==true) 


use this instead:

PHP Code:

$response = json_decode($response, true);
if($response['success']) 


And there's another minor error with line 5

PHP Code:

echo "<meta http-equiv=refresh content="0; url=?base=ucp">"; 


Just replace it with this:

PHP Code:

echo "<meta http-equiv=refresh content=\"0; url=?base=ucp\">"; 


[greenelfx]

I wasn't aware that this was possible without using Composer. Great work!

Every time I look at MapleBit's code I cringe :(. Once all the minor issues are fixed feel free to submit a PR

[iAkira]

And there's another minor error with line 5

PHP Code:

echo "<meta http-equiv=refresh content="0; url=?base=ucp">"; 


Just replace it with this:

PHP Code:

echo "<meta http-equiv=refresh content=\"0; url=?base=ucp\">"; 


Just use single quote for this:

PHP Code:

echo "<meta http-equiv=refresh content='0; url=?base=ucp'>"; 


[vZero]

Just use single quote for this:

PHP Code:

echo "<meta http-equiv=refresh content='0; url=?base=ucp'>"; 


Any reason to that? Sorry I'm learning php so not familiar with stuff. Plus that's the original MapleBkt code I believe.

[Snopboy]

Any reason to that? Sorry I'm learning php so not familiar with stuff. Plus that's the original MapleBkt code I believe.

You can't use double quotes within double quotes without escaping it, however you can use single quotes within double quotes without the need to escape it.
It will just shorten the code a bit (by 2, lol), though it's just the "proper" way to write it but it doesn't really matter.

[Joey1202]

I'm getting this error:

Anyone know how to fix it?

[oleg10033]

I'm getting this error:

Anyone know how to fix it?

replace register.php with -
https://pastebin.com/2caDrWYU

[greenelfx]

I'm getting this error:

Anyone know how to fix it?

MapleBit now comes with the latest Google Recaptcha v2, so this thread is deprecated. To update, head to the MapleBit thread and follow the instructions for setup there.

replace register.php with -
https://pastebin.com/2caDrWYU

NO! This registration script is old and should not be used.

[Mapleleaf1]

its give erors , line 8 , u have fix?

[SomeoneMs]

its give erors , line 8 , u have fix?

yes i get to..