Various captcha changes

core/captcha.php

@@ -10,7 +10,7 @@
 
 use ReCaptcha\ReCaptcha;
 
-function captcha_get_html(): string
+function captcha_get_html(bool $anon_only): string
 {
     global $config, $user;
 
@@ -19,7 +19,7 @@ function captcha_get_html(): string
     }
 
     $captcha = "";
-    if ($user->is_anonymous() && $config->get_bool("comment_captcha")) {
+    if (!$anon_only || $user->is_anonymous()) {
         $r_publickey = $config->get_string("api_recaptcha_pubkey");
         if (!empty($r_publickey)) {
             $captcha = "
@@ -33,33 +33,35 @@ function captcha_get_html(): string
     return $captcha;
 }
 
-function captcha_check(): bool
+function captcha_check(bool $anon_only): bool
 {
     global $config, $user;
 
     if (DEBUG && ip_in_range(get_real_ip(), "127.0.0.0/8")) {
         return true;
     }
 
-    if ($user->is_anonymous() && $config->get_bool("comment_captcha")) {
-        $r_privatekey = $config->get_string('api_recaptcha_privkey');
-        if (!empty($r_privatekey)) {
-            $recaptcha = new ReCaptcha($r_privatekey);
-            $resp = $recaptcha->verify($_POST['g-recaptcha-response'] ?? "", get_real_ip());
-
-            if (!$resp->isSuccess()) {
-                log_info("core", "Captcha failed (ReCaptcha): " . implode("", $resp->getErrorCodes()));
-                return false;
-            }
-        } /*else {
-            session_start();
-            $securimg = new \Securimage();
-            if ($securimg->check($_POST['captcha_code']) === false) {
-                log_info("core", "Captcha failed (Securimage)");
-                return false;
-            }
-        }*/
+    if ($anon_only && !$user->is_anonymous()) {
+        return true;
     }
 
+    $r_privatekey = $config->get_string('api_recaptcha_privkey');
+    if (!empty($r_privatekey)) {
+        $recaptcha = new ReCaptcha($r_privatekey);
+        $resp = $recaptcha->verify($_POST['g-recaptcha-response'] ?? "", get_real_ip());
+
+        if (!$resp->isSuccess()) {
+            log_info("core", "Captcha failed (ReCaptcha): " . implode("", $resp->getErrorCodes()));
+            return false;
+        }
+    } /*else {
+        session_start();
+        $securimg = new \Securimage();
+        if ($securimg->check($_POST['captcha_code']) === false) {
+            log_info("core", "Captcha failed (Securimage)");
+            return false;
+        }
+    }*/
+
     return true;
 }

ext/comment/main.php

@@ -129,7 +129,7 @@ public function onInitExt(InitExtEvent $event): void
         $config->set_default_int('comment_limit', 10);
         $config->set_default_int('comment_list_count', 10);
         $config->set_default_int('comment_count', 5);
-        $config->set_default_bool('comment_captcha', false);
+        $config->set_default_bool('comment_captcha', true);
     }
 
     public function onDatabaseUpgrade(DatabaseUpgradeEvent $event): void
@@ -358,8 +358,8 @@ public function onCommentDeletion(CommentDeletionEvent $event): void
     public function onSetupBuilding(SetupBuildingEvent $event): void
     {
         $sb = $event->panel->create_new_block("Comment Options");
-        $sb->add_bool_option("comment_captcha", "Require CAPTCHA for anonymous comments: ");
-        $sb->add_label("<br>Limit to ");
+        $sb->start_table();
+        $sb->add_label("Limit to ");
         $sb->add_int_option("comment_limit");
         $sb->add_label(" comments per ");
         $sb->add_int_option("comment_window");
@@ -370,8 +370,9 @@ public function onSetupBuilding(SetupBuildingEvent $event): void
         $sb->add_label("<br>Show ");
         $sb->add_int_option("comment_list_count");
         $sb->add_label(" comments per image on the list");
-        $sb->add_label("<br>Make samefags public ");
-        $sb->add_bool_option("comment_samefags_public");
+        $sb->add_bool_option("comment_samefags_public", "Make samefags public", true);
+        $sb->add_bool_option("comment_captcha", "Require CAPTCHA for anonymous comments", true);
+        $sb->end_table();
     }
 
     public function onSearchTermParse(SearchTermParseEvent $event): void
@@ -615,7 +616,7 @@ private function comment_checks(int $image_id, User $user, string $comment): voi
         }
 
         // rate-limited external service checks last
-        elseif ($config->get_bool('comment_captcha') && !captcha_check()) {
+        elseif ($config->get_bool('comment_captcha') && !captcha_check(true)) {
             throw new CommentPostingException("Error in captcha");
         } elseif ($user->is_anonymous() && $this->is_spam_akismet($comment)) {
             throw new CommentPostingException("Akismet thinks that your comment is spam. Try rewriting the comment, or logging in.");

ext/comment/theme.php

@@ -287,7 +287,7 @@ protected function build_postbox(int $image_id): string
         global $config;
 
         $hash = CommentList::get_hash();
-        $h_captcha = $config->get_bool("comment_captcha") ? captcha_get_html() : "";
+        $h_captcha = $config->get_bool("comment_captcha") ? captcha_get_html(true) : "";
 
         return '
 		<div class="comment comment_add">

ext/upload/config.php

@@ -13,4 +13,5 @@ class UploadConfig
     public const TRANSLOAD_ENGINE = "transload_engine";
     public const MIME_CHECK_ENABLED = "mime_check_enabled";
     public const ALLOWED_MIME_STRINGS = "allowed_mime_strings";
+    public const CAPTCHA = "upload_captcha";
 }

ext/upload/main.php

@@ -147,6 +147,11 @@ public function onSetupBuilding(SetupBuildingEvent $event): void
         $tes["fopen"] = "fopen";
         $tes["WGet"] = "wget";
 
+        $cap = [];
+        $cap["Disabled"] = 0;
+        $cap["Required for anonymous uploads"] = 1;
+        $cap["Required for all user uploads"] = 2;
+
         $sb = $event->panel->create_new_block("Upload");
         $sb->position = 10;
         // Output the limits from PHP so the user has an idea of what they can set.
@@ -160,6 +165,7 @@ public function onSetupBuilding(SetupBuildingEvent $event): void
         $sb->start_table();
         $sb->add_bool_option(UploadConfig::MIME_CHECK_ENABLED, "Enable upload MIME checks", true);
         $sb->add_multichoice_option(UploadConfig::ALLOWED_MIME_STRINGS, $this->get_mime_options(), "Allowed MIME uploads", true);
+        $sb->add_choice_option(UploadConfig::CAPTCHA, $cap, "<br/>Require CAPTCHA: ");
         $sb->end_table();
     }
 
@@ -207,7 +213,7 @@ public function onDataUpload(DataUploadEvent $event): void
 
     public function onPageRequest(PageRequestEvent $event): void
     {
-        global $cache, $page, $user;
+        global $cache, $config, $page, $user;
 
         if ($user->can(Permissions::CREATE_IMAGE)) {
             if ($this->is_full) {
@@ -229,6 +235,11 @@ public function onPageRequest(PageRequestEvent $event): void
                 $this->theme->display_error(507, "Error", "Can't upload images: disk nearly full");
                 return;
             }
+            $cap = $config->get_int(UploadConfig::CAPTCHA);
+            if ($cap > 0 && !captcha_check($cap == 1)) {
+                $this->theme->display_error(503, "Error", "Error in captcha");
+                return;
+            }
             $results = [];
 
             $files = array_filter($_FILES, function ($file) {

ext/upload/theme.php

@@ -54,12 +54,16 @@ public function display_page(Page $page): void
             $common_fields->appendChild($part);
         }
 
+        $cap = $config->get_int(UploadConfig::CAPTCHA);
+        $h_captcha = $cap > 0 ? captcha_get_html($cap == 1) : "";
+
         $form = SHM_FORM("upload", multipart: true, form_id: "file_upload");
         $form->appendChild(
             TABLE(
                 ["id" => "large_upload_form", "class" => "form"],
                 $common_fields,
                 $upload_list,
+                $h_captcha,
                 TR(
                     TD(["colspan" => "7"], INPUT(["id" => "uploadbutton", "type" => "submit", "value" => "Post"]))
                 ),

ext/user/main.php

@@ -145,6 +145,7 @@ public function onInitExt(InitExtEvent $event): void
         $config->set_default_string("avatar_gravatar_rating", "g");
         $config->set_default_bool("login_tac_bbcode", true);
         $config->set_default_bool("user_email_required", false);
+        $config->set_default_bool('signup_captcha', true);
     }
 
     public function onUserLogin(UserLoginEvent $event): void
@@ -419,6 +420,7 @@ public function onSetupBuilding(SetupBuildingEvent $event): void
         $sb->add_bool_option(UserConfig::ENABLE_API_KEYS, "Enable user API keys", true);
         $sb->add_bool_option("login_signup_enabled", "Allow new signups", true);
         $sb->add_bool_option("user_email_required", "Require email address", true);
+        $sb->add_bool_option("signup_captcha", "Require CAPTCHA for signup", true);
         $sb->add_longtext_option("login_tac", "Terms & Conditions", true);
         $sb->add_choice_option(
             "user_loginshowprofile",
@@ -520,7 +522,7 @@ public function onUserCreation(UserCreationEvent $event): void
         if (User::by_name($name)) {
             throw new UserCreationException("That username is already taken");
         }
-        if (!captcha_check()) {
+        if ($config->get_bool("signup_captcha") && !captcha_check(true)) {
             throw new UserCreationException("Error in captcha");
         }
         if ($event->password != $event->password2) {

ext/user/theme.php

@@ -73,6 +73,8 @@ public function display_signup_page(Page $page): void
             !$user->can(Permissions::CREATE_OTHER_USER)
         );
 
+        $h_captcha = $config->get_bool("signup_captcha") ? captcha_get_html(false) : "";
+
         $form = SHM_SIMPLE_FORM(
             "user_admin/create",
             TABLE(
@@ -95,7 +97,7 @@ public function display_signup_page(Page $page): void
                         TD(INPUT(["type" => 'email', "name" => 'email', "required" => $email_required]))
                     ),
                     TR(
-                        TD(["colspan" => "2"], rawHTML(captcha_get_html()))
+                        TD(["colspan" => "2"], rawHTML($h_captcha))
                     ),
                 ),
                 TFOOT(

themes/danbooru/user.theme.php

@@ -70,7 +70,7 @@ public function display_signup_page(Page $page): void
 
         $tac = send_event(new TextFormattingEvent($tac))->formatted;
 
-        $reca = "<tr><td colspan='2'>".captcha_get_html()."</td></tr>";
+        $h_captcha = $config->get_bool("signup_captcha") ? "<tr><td colspan='2'>".captcha_get_html(false)."</td></tr>" : "";
 
         if (empty($tac)) {
             $html = "";
@@ -85,7 +85,7 @@ public function display_signup_page(Page $page): void
 				<tr><td>Password</td><td><input type='password' name='pass1'></td></tr>
 				<tr><td>Repeat Password</td><td><input type='password' name='pass2'></td></tr>
 				<tr><td>Email (Optional)</td><td><input type='text' name='email'></td></tr>
-				$reca;
+				$h_captcha
 				<tr><td colspan='2'><input type='Submit' value='Create Account'></td></tr>
 			</table>
 		</form>

themes/danbooru2/user.theme.php

@@ -70,7 +70,7 @@ public function display_signup_page(Page $page): void
 
         $tac = send_event(new TextFormattingEvent($tac))->formatted;
 
-        $reca = "<tr><td colspan='2'>".captcha_get_html()."</td></tr>";
+        $h_captcha = $config->get_bool("signup_captcha") ? "<tr><td colspan='2'>".captcha_get_html(false)."</td></tr>" : "";
 
         if (empty($tac)) {
             $html = "";
@@ -85,7 +85,7 @@ public function display_signup_page(Page $page): void
 				<tr><td>Password</td><td><input type='password' name='pass1'></td></tr>
 				<tr><td>Repeat Password</td><td><input type='password' name='pass2'></td></tr>
 				<tr><td>Email (Optional)</td><td><input type='text' name='email'></td></tr>
-				$reca;
+				$h_captcha
 				<tr><td colspan='2'><input type='Submit' value='Create Account'></td></tr>
 			</table>
 		</form>