From d27b2035bba05417eb564e0497e5132a6cd30e88 Mon Sep 17 00:00:00 2001
From: galenskap <jean.deborah@gmail.com>
Date: Mon, 3 Feb 2025 11:23:56 +0100
Subject: [PATCH 1/2] Update readme about the PHP file in the project

---
 README.md | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/README.md b/README.md
index 1d67c71..5a6c2be 100644
--- a/README.md
+++ b/README.md
@@ -131,3 +131,17 @@ Fill in the meta information :
 ### FAQ section
 
 Edit `_data/faq.json` file to add a new Q/A couple object. Plain html e.g. `<br>` or `<a href="">link</a>` is supported
+
+### Contact form
+
+Edit `partials/components/contact-form.html` file to modify the contact form and `src/form/contact-form-handler.php` to modify the form handler.
+
+To test it in a local environment, because there is PHP to execute, you will need to setup a apache vhost with the `dist` folder as the root and the phpmailer library installed.
+Add these lines to the vhost configuration file (here with mailtrap as smtp provider for testing purposes):
+
+```
+SetEnv ASTRO_SMTP_FROM test@astrolabe.test
+SetEnv ASTRO_SMTP_HOSTNAME sandbox.smtp.mailtrap.io
+SetEnv ASTRO_SMTP_USERNAME xxxxx
+SetEnv ASTRO_SMTP_PASSWORD xxxxx
+```
-- 
2.30.2


From 5a113461ab2db9afff423558628b2f04e51f8426 Mon Sep 17 00:00:00 2001
From: galenskap <jean.deborah@gmail.com>
Date: Thu, 6 Feb 2025 11:12:47 +0100
Subject: [PATCH 2/2] Fully working captcha for contact form

---
 .gitignore                                    |  1 +
 README.md                                     |  2 +
 .../partials/components/contact-form.njk      |  3 ++
 src/form/contact-form-handler.php             | 40 ++++++++++++++++---
 4 files changed, 41 insertions(+), 5 deletions(-)

diff --git a/.gitignore b/.gitignore
index 948f460..4d64d41 100644
--- a/.gitignore
+++ b/.gitignore
@@ -7,6 +7,7 @@ npm-debug.*
 *.swp
 .DS_Store
 .vscode
+nohup.out
 *.code-workspace
 .sass-cache
 node_modules
diff --git a/README.md b/README.md
index 5a6c2be..b2fcad0 100644
--- a/README.md
+++ b/README.md
@@ -137,6 +137,7 @@ Edit `_data/faq.json` file to add a new Q/A couple object. Plain html e.g. `<br>
 Edit `partials/components/contact-form.html` file to modify the contact form and `src/form/contact-form-handler.php` to modify the form handler.
 
 To test it in a local environment, because there is PHP to execute, you will need to setup a apache vhost with the `dist` folder as the root and the phpmailer library installed.
+The captcha service is hCaptcha, you will need to create an account and get your own site key (change it in the contact form partial) and secret key.
 Add these lines to the vhost configuration file (here with mailtrap as smtp provider for testing purposes):
 
 ```
@@ -144,4 +145,5 @@ SetEnv ASTRO_SMTP_FROM test@astrolabe.test
 SetEnv ASTRO_SMTP_HOSTNAME sandbox.smtp.mailtrap.io
 SetEnv ASTRO_SMTP_USERNAME xxxxx
 SetEnv ASTRO_SMTP_PASSWORD xxxxx
+SetEnv HCAPTCHA_SECRET_KEY xxxxx
 ```
diff --git a/src/_includes/partials/components/contact-form.njk b/src/_includes/partials/components/contact-form.njk
index 10c55c6..1a6fc1b 100644
--- a/src/_includes/partials/components/contact-form.njk
+++ b/src/_includes/partials/components/contact-form.njk
@@ -56,6 +56,9 @@
           <label class="ohnohoney" for="email"></label>
           <input tabindex="-1" class="ohnohoney" autocomplete="off" type="email" id="email" name="email" placeholder="Your e-mail here">
         </li>
+
+        <div class="h-captcha" data-sitekey="b07c49fe-50ee-4432-af0a-96d675c6326a"></div>
+        <script src="https://js.hcaptcha.com/1/api.js" async defer></script>
       </ol>
       {% if contactMember %}
         {{ hidden_field('contactTo', contactMember) }}
diff --git a/src/form/contact-form-handler.php b/src/form/contact-form-handler.php
index e609cfc..0a93287 100644
--- a/src/form/contact-form-handler.php
+++ b/src/form/contact-form-handler.php
@@ -22,12 +22,41 @@ $wantedContact = (
     || empty($domainFromMyEmail)
 ) ? $myEmail : "$wantedContact@$domainFromMyEmail" ;
 
+/* hCaptcha */
+$hcaptchaSecret = getenv('HCAPTCHA_SECRET_KEY');
+$hcaptchaVerifyUrl = "https://api.hcaptcha.com/siteverify";
+
 if(empty($_POST['namezzz']) || empty($_POST['emailzzz']) || empty($_POST['message'])) {
-    $errors .= "\n Error: all fields are required";
+    $errors .= "\n Erreur : champs obligatoires manquants.";
 }
 
 if(!empty($_POST['name']) && !empty($_POST['email'])) {
-    $errors .= "\n Error: spam";
+    $errors .= "\n Erreur : spam détecté.";
+}
+
+/* Captcha verification */
+if(!empty($_POST['h-captcha-response'])) {
+    $responseKey = $_POST['h-captcha-response'];
+    $data = array(
+        'secret' => $hcaptchaSecret,
+        'response' => $responseKey
+    );
+
+    $checkRequest = curl_init();
+    curl_setopt($checkRequest, CURLOPT_URL, $hcaptchaVerifyUrl);
+    curl_setopt($checkRequest, CURLOPT_POST, 1);
+    curl_setopt($checkRequest, CURLOPT_POSTFIELDS, http_build_query($data));
+    curl_setopt($checkRequest, CURLOPT_RETURNTRANSFER, true);
+    $response = curl_exec($checkRequest);
+    curl_close($checkRequest);
+
+    $responseData = json_decode($response, true);
+
+    if(!$responseData['success']) {
+        $errors .= "\n Erreur lors de la validation du captcha.";
+    }
+} else {
+    $errors .= "\n Erreur lors de la validation du captcha.";
 }
 
 $name = $_POST['namezzz'];
@@ -37,7 +66,7 @@ $message = $_POST['message'];
 $subscribe = $_POST['subscribe'];
 
 if (!filter_var($emailAddress, FILTER_VALIDATE_EMAIL)) {
-    $errors .= "\n Error: Invalid email address $emailAddress";
+    $errors .= "\n Erreur d'adresse e-mail invalide : $emailAddress";
 }
 
 if(empty($errors)) {
@@ -110,7 +139,8 @@ if(empty($errors)) {
 	<body>
 		<!-- This page is displayed only if there is some error -->
 		<?php
-        echo nl2br($errors);
-?>
+            echo nl2br($errors);
+        ?>
+        <a href="javascript:history.back()">Retour</a>
 	</body>
 </html>
-- 
2.30.2