[ZendTo] Adding Support for Cloudflare's Turnstyle for Captcha/Human Verification

Gregg Douglas douglagm at gmail.com
Wed Aug 14 07:25:28 BST 2024 

Hi,

Would be great if this was included in the ZendTO packages.

regards
Gregg


On Tue, Aug 13, 2024 at 8:03 PM Ricky Boone via ZendTo <zendto at zend.to>
wrote:

> (Just realized I misspelled "Turnstile" as "Turnstyle"... oof)
>
> Nice, thanks! I'll have to give that a shot.
>
> On Tue, Aug 13, 2024 at 12:27 PM Kris Lou via ZendTo <zendto at zend.to>
> wrote:
> >
> > I did this last year:
> >
> > -----------------------
> >
> > With the CloudFlare Turnstile Site Key (as recaptchaPublicKey), Secret
> Key (as recaptchaPrivateKey) and using "?compat=recaptcha", the following
> seems to work.
> >
> > /opt/zendto/templates/header.tpl
> > 43,44c43,44
> > <             grecaptcha.render('google-recaptcha', {
> > <               'sitekey' : '{$recaptchaSiteKey}'
> > ---
> > >             grecaptcha.render('cf-turnstile', {
> > >             'sitekey' : '{$recaptchaSiteKey}'
> > 51c51,52
> > <         <script src="
> https://www.recaptcha.net/recaptcha/api.js?hl={$recaptchaLang}" async
> defer></script>
> > ---
> > > <!--        <script src="
> https://www.recaptcha.net/recaptcha/api.js?hl={$recaptchaLang}" async
> defer></script> -->
> > >       <script src="
> https://challenges.cloudflare.com/turnstile/v0/api.js?compat=recaptcha"
> async defer></script>
> > 53c54,55
> > <         <script src="
> https://www.recaptcha.net/recaptcha/api.js?hl={$recaptchaLang}&onload=onloadCallback&render=explicit"
> async defer></script>
> > ---
> > > <!--        <script src="
> https://www.recaptcha.net/recaptcha/api.js?hl={$recaptchaLang}&onload=onloadCallback&render=explicit"
> async defer></script> -->
> > >       <script src="
> https://challenges.cloudflare.com/turnstile/v0/api.js?compat=recaptcha"
> async defer></script>
> >
> > /opt/zendto/templates/pickupcheck.tpl
> > 29c29,30
> > <                 <div id="google-recaptcha"
> name="google-recaptcha"></div>
> > ---
> > > <!--                <div id="google-recaptcha"
> name="google-recaptcha"></div> -->
> > >               <div class="cf-turnstile"
> data-sitekey="{$recaptchaSiteKey}" data-callback="javascriptCallback"></div>
> >
> > /opt/zendto/templates/verify.tpl
> > 155c155,156
> > <                 <div id="google-recaptcha"
> name="google-recaptcha"></div>
> > ---
> > > <!--                <div id="google-recaptcha"
> name="google-recaptcha"></div> -->
> > >               <div class="cf-turnstile"
> data-sitekey="{$recaptchaSiteKey}" data-callback="javascriptCallback"></div>
> >
> > /opt/zendto/www/ReCaptcha/RequestMethod/CurlPost.php
> > 43,44c43,44
> > <     const SITE_VERIFY_URL = '
> https://www.recaptcha.net/recaptcha/api/siteverify';
> > <
> > ---
> > > //    const SITE_VERIFY_URL = '
> https://www.recaptcha.net/recaptcha/api/siteverify';
> > >     const SITE_VERIFY_URL = '
> https://challenges.cloudflare.com/turnstile/v0/siteverify';
> >
> >
> > Kris Lou
> > klou at themusiclink.net
> >
> >
> > On Tue, Aug 13, 2024 at 9:19 AM Ricky Boone via ZendTo <zendto at zend.to>
> wrote:
> >>
> >> My apologies if this has already been covered, however I couldn't find
> >> anything other than a single email in the list archive that didn't
> >> appear to be addressed.
> >>
> >> The users of the instance of ZendTo that I maintain sometimes have
> >> issues with reCAPTCHA.  In almost all cases, it's either user-oriented
> >> or an issue with their browser causing them to never get past it, with
> >> the very rare case of an issue on Google's end.  I'd still like some
> >> reasonable mechanism to perform human verification to reduce the risk
> >> posed without it, however it looks like the only options available are
> >> either Google's standard or invisible reCAPTCHA v2 services, with the
> >> "invisible" option having noted issues since 2018 (at least in the
> >> config comments).
> >>
> >> So I don't start going down a path that is already underway, are there
> >> any plans to implement support for other CAPTCHA services/libraries,
> >> such as Cloudflare's Turnstyle or hCaptcha?  If not, are there any
> >> concerns with me taking a stab at it and providing what I come up
> >> with?  I realize that ZendTo is not being tracked on a public source
> >> code repo like Github or GitLab (at least officially, as far as I can
> >> tell), but I didn't want to do something that couldn't be contributed
> >> back in some way.
> >>
> >> _______________________________________________
> >> ZendTo mailing list
> >> ZendTo at zend.to
> >> http://jul.es/mailman/listinfo/zendto
> >
> > _______________________________________________
> > ZendTo mailing list
> > ZendTo at zend.to
> > http://jul.es/mailman/listinfo/zendto
>
> _______________________________________________
> ZendTo mailing list
> ZendTo at zend.to
> http://jul.es/mailman/listinfo/zendto
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://jul.es/pipermail/zendto/attachments/20240814/b35b99f6/attachment-0001.html>

More information about the ZendTo mailing list