[ZendTo] Adding Support for Cloudflare's Turnstyle for Captcha/Human Verification
Kris Lou
klou at themusiclink.net
Tue Aug 13 17:26:24 BST 2024
I did this last year:
-----------------------
With the CloudFlare Turnstile Site Key (as recaptchaPublicKey), Secret Key
(as recaptchaPrivateKey) and using "?compat=recaptcha", the following seems
to work.
/opt/zendto/templates/header.tpl
43,44c43,44
< grecaptcha.render('google-recaptcha', {
< 'sitekey' : '{$recaptchaSiteKey}'
---
> grecaptcha.render('cf-turnstile', {
> 'sitekey' : '{$recaptchaSiteKey}'
51c51,52
< <script src="
https://www.recaptcha.net/recaptcha/api.js?hl={$recaptchaLang}" async
defer></script>
---
> <!-- <script src="
https://www.recaptcha.net/recaptcha/api.js?hl={$recaptchaLang}" async
defer></script> -->
> <script src="https://challenges.cloudflare.com/turnstile
/v0/api.js?compat=recaptcha" async defer></script>
53c54,55
< <script src="
https://www.recaptcha.net/recaptcha/api.js?hl={$recaptchaLang}&onload=onloadCallback&render=explicit"
async defer></script>
---
> <!-- <script src="
https://www.recaptcha.net/recaptcha/api.js?hl={$recaptchaLang}&onload=onloadCallback&render=explicit"
async defer></script> -->
> <script src="https://challenges.cloudflare.com/turnstile
/v0/api.js?compat=recaptcha" async defer></script>
/opt/zendto/templates/pickupcheck.tpl
29c29,30
< <div id="google-recaptcha" name="google-recaptcha"></div>
---
> <!-- <div id="google-recaptcha"
name="google-recaptcha"></div> -->
> <div class="cf-turnstile"
data-sitekey="{$recaptchaSiteKey}" data-callback="javascriptCallback"></div>
/opt/zendto/templates/verify.tpl
155c155,156
< <div id="google-recaptcha" name="google-recaptcha"></div>
---
> <!-- <div id="google-recaptcha"
name="google-recaptcha"></div> -->
> <div class="cf-turnstile"
data-sitekey="{$recaptchaSiteKey}" data-callback="javascriptCallback"></div>
/opt/zendto/www/ReCaptcha/RequestMethod/CurlPost.php
43,44c43,44
< const SITE_VERIFY_URL = '
https://www.recaptcha.net/recaptcha/api/siteverify';
<
---
> // const SITE_VERIFY_URL = '
https://www.recaptcha.net/recaptcha/api/siteverify';
> const SITE_VERIFY_URL = 'https://challenges.cloudflare.com/turnstile
/v0/siteverify';
Kris Lou
klou at themusiclink.net
On Tue, Aug 13, 2024 at 9:19 AM Ricky Boone via ZendTo <zendto at zend.to>
wrote:
> My apologies if this has already been covered, however I couldn't find
> anything other than a single email in the list archive that didn't
> appear to be addressed.
>
> The users of the instance of ZendTo that I maintain sometimes have
> issues with reCAPTCHA. In almost all cases, it's either user-oriented
> or an issue with their browser causing them to never get past it, with
> the very rare case of an issue on Google's end. I'd still like some
> reasonable mechanism to perform human verification to reduce the risk
> posed without it, however it looks like the only options available are
> either Google's standard or invisible reCAPTCHA v2 services, with the
> "invisible" option having noted issues since 2018 (at least in the
> config comments).
>
> So I don't start going down a path that is already underway, are there
> any plans to implement support for other CAPTCHA services/libraries,
> such as Cloudflare's Turnstyle or hCaptcha? If not, are there any
> concerns with me taking a stab at it and providing what I come up
> with? I realize that ZendTo is not being tracked on a public source
> code repo like Github or GitLab (at least officially, as far as I can
> tell), but I didn't want to do something that couldn't be contributed
> back in some way.
>
> _______________________________________________
> ZendTo mailing list
> ZendTo at zend.to
> http://jul.es/mailman/listinfo/zendto
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://jul.es/pipermail/zendto/attachments/20240813/4028a7b2/attachment.html>
More information about the ZendTo
mailing list