- [LOGIN] reCAPTCHA v3 로 업그레이드.
This commit is contained in:
Hyojin Ahn 2026-05-01 08:01:16 -04:00
parent 4d70ee6c83
commit db6f87d013
2 changed files with 155 additions and 140 deletions

View File

@ -4,6 +4,8 @@ include getenv("DOCUMENT_ROOT")."/include/session_include.php";
$confirmID = trim($_POST['confirmID']); $confirmID = trim($_POST['confirmID']);
$confirmPW = $_POST['confirmPW']; $confirmPW = $_POST['confirmPW'];
// 추가: $action 변수가 POST로 넘어오지 않을 경우를 대비해 REQUEST로 받습니다.
$action = $_REQUEST['action'];
if($action == "login") { if($action == "login") {
@ -12,16 +14,14 @@ if($action == "login") {
function post_captcha($user_response) { function post_captcha($user_response) {
$fields_string = ''; $fields_string = '';
$fields = array( $fields = array(
'secret' => '6LcrsY0sAAAAADwNiCoXbFPEDFbf0GssVRXeJi1X', 'secret' => '6LelsdAsAAAAALBiK4XNVcAE6sLTNcGPbgvawT8v',
'response' => $user_response 'response' => $user_response
); );
foreach($fields as $key=>$value) $fields_string = http_build_query($fields); // 기존 루프 대신 더 안전한 방식
$fields_string .= $key . '=' . $value . '&';
$fields_string = rtrim($fields_string, '&');
$ch = curl_init(); $ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://www.google.com/recaptcha/api/siteverify'); curl_setopt($ch, CURLOPT_URL, 'https://www.google.com/recaptcha/api/siteverify');
curl_setopt($ch, CURLOPT_POST, count($fields)); curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $fields_string); curl_setopt($ch, CURLOPT_POSTFIELDS, $fields_string);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, True); curl_setopt($ch, CURLOPT_RETURNTRANSFER, True);
@ -35,25 +35,18 @@ if($action == "login") {
if ($_SERVER["REMOTE_ADDR"] == "127.0.0.1") { if ($_SERVER["REMOTE_ADDR"] == "127.0.0.1") {
$res['success'] = 1; $res['success'] = true;
} $res['score'] = 1.0; // 로컬은 만점 처리
else { } else {
// Call the function post_captcha
$res = post_captcha($_POST['g-recaptcha-response']); $res = post_captcha($_POST['g-recaptcha-response']);
} }
if (!$res['success']) { if (!$res['success'] || (isset($res['score']) && $res['score'] < 0.5)) {
// What happens when the CAPTCHA wasn't checked addLog ("add", "USER", "LOGIN FAILED - CAPTCHA (Score: ".$res['score'].")", $lguserid, $confirmID, $lgno);
// echo '<p>Please go back and make sure you check the security CAPTCHA box.</p><br>';
// echo "<SCRIPT LANGUAGE=\"JavaScript\">alert('Please go back and make sure you check the security CAPTCHA box.');history.back(-1);</SCRIPT>";
// exit;
addLog ("add", "USER", "LOGIN FAILED - CAPTCHA", $lguserid, $confirmID, $lgno); $msg = " Verification failed. Please try again shortly.";
$msg = "<p>Please go back and make sure you check the security CAPTCHA box.</p>";
$func -> modalMsg ($msg, ""); $func -> modalMsg ($msg, "");
exit; exit;
} }
// End of Captcha // End of Captcha

View File

@ -57,14 +57,9 @@ if ($_SESSION['ss_LOGIN'] == 1) {
</head> </head>
<script src="https://www.google.com/recaptcha/api.js?onload=CaptchaCallback&render=explicit" async defer></script> <script src="https://www.google.com/recaptcha/api.js?render=6LelsdAsAAAAABezjgy67C3dnEAtEX0oojwdZWeh"></script>
<script type="text/javascript">
var CaptchaCallback = function() {
grecaptcha.render('RecaptchaField1', {'sitekey' : '6LcrsY0sAAAAAHOpHP2HTaGYkb8szuaSiSX2KgvS'});
grecaptcha.render('RecaptchaField2', {'sitekey' : '6LcrsY0sAAAAAHOpHP2HTaGYkb8szuaSiSX2KgvS'});
};
</script>
<style> <style>
@media (max-width:575px) { @media (max-width:575px) {
@ -100,16 +95,19 @@ if ($_SESSION['ss_LOGIN'] == 1) {
<div class="container"> <div class="container">
<form method="post" role="form" class="form-login" action="/lib/login_process.php" data-aos="fade-up" data-aos-delay="100"> <form id="login-form" method="post" role="form" class="form-login" action="/lib/login_process.php" data-aos="fade-up" data-aos-delay="100">
<input type=hidden name=action value=login> <input type="hidden" name="action" value="login">
<input type=hidden name=destination value=<?=$destination?>> <input type="hidden" name="destination" value="<?=$destination?>">
<input type=hidden name=mode value=<?=$mode?>> <input type="hidden" name="mode" value="<?=$mode?>">
<input type="email" class="form-control" name="confirmID" id="email" required placeholder="Your Email" data-msg="Please enter a valid email"> <input type="hidden" id="g-recaptcha-response" name="g-recaptcha-response">
<input type="password" class="form-control" name="confirmPW" id="password" required placeholder="Password" data-msg="Please enter a password"> <input type="email" class="form-control" name="confirmID" id="email" required placeholder="Your Email">
<label><div class="g-recaptcha" id="RecaptchaField1" required="required" required ></div></label> <input type="password" class="form-control" name="confirmPW" id="password" required placeholder="Password">
<div class="text-center"><button class="btn-primary" type="submit">LOGIN</button></div>
<div class="text-center">
<button class="btn-primary" type="button" onclick="runRecaptcha()">LOGIN</button>
</div>
</form> </form>
<div class="text-center mt-3"> <div class="text-center mt-3">
<small class="text-muted"> <small class="text-muted">
@ -163,6 +161,30 @@ if ($_SESSION['ss_LOGIN'] == 1) {
<!-- Template Main JS File --> <!-- Template Main JS File -->
<script src="assets/js/main.js"></script> <script src="assets/js/main.js"></script>
<!-- reChapchat v3. script 새로 추가 -->
<script src="https://www.google.com/recaptcha/api.js?render=6LelsdAsAAAAABezjgy67C3dnEAtEX0oojwdZWeh"></script>
<script type="text/javascript">
function runRecaptcha() {
// 1. 폼 요소를 가져옵니다.
var form = document.getElementById('login-form');
// 2. [핵심] 브라우저에게 "비어있는 칸이 있으면 말풍선을 띄워줘!"라고 명령합니다.
if (!form.checkValidity()) {
form.reportValidity(); // 말풍선.
return; // 칸이 비어있으면 여기서 중단합니다.
}
// 3. 모든 칸이 채워졌을 때만 캡차 실행
grecaptcha.ready(function() {
grecaptcha.execute('6LelsdAsAAAAABezjgy67C3dnEAtEX0oojwdZWeh', {action: 'login'}).then(function(token) {
document.getElementById('g-recaptcha-response').value = token;
form.submit(); // 검증 완료 후 제출
});
});
}
</script>
</body> </body>
</html> </html>