From 5a113461ab2db9afff423558628b2f04e51f8426 Mon Sep 17 00:00:00 2001
From: galenskap <jean.deborah@gmail.com>
Date: Thu, 6 Feb 2025 11:12:47 +0100
Subject: [PATCH] Fully working captcha for contact form

---
 .gitignore                                    |  1 +
 README.md                                     |  2 +
 .../partials/components/contact-form.njk      |  3 ++
 src/form/contact-form-handler.php             | 40 ++++++++++++++++---
 4 files changed, 41 insertions(+), 5 deletions(-)

diff --git a/.gitignore b/.gitignore
index 948f460..4d64d41 100644
--- a/.gitignore
+++ b/.gitignore
@@ -7,6 +7,7 @@ npm-debug.*
 *.swp
 .DS_Store
 .vscode
+nohup.out
 *.code-workspace
 .sass-cache
 node_modules
diff --git a/README.md b/README.md
index 5a6c2be..b2fcad0 100644
--- a/README.md
+++ b/README.md
@@ -137,6 +137,7 @@ Edit `_data/faq.json` file to add a new Q/A couple object. Plain html e.g. `<br>
 Edit `partials/components/contact-form.html` file to modify the contact form and `src/form/contact-form-handler.php` to modify the form handler.
 
 To test it in a local environment, because there is PHP to execute, you will need to setup a apache vhost with the `dist` folder as the root and the phpmailer library installed.
+The captcha service is hCaptcha, you will need to create an account and get your own site key (change it in the contact form partial) and secret key.
 Add these lines to the vhost configuration file (here with mailtrap as smtp provider for testing purposes):
 
 ```
@@ -144,4 +145,5 @@ SetEnv ASTRO_SMTP_FROM test@astrolabe.test
 SetEnv ASTRO_SMTP_HOSTNAME sandbox.smtp.mailtrap.io
 SetEnv ASTRO_SMTP_USERNAME xxxxx
 SetEnv ASTRO_SMTP_PASSWORD xxxxx
+SetEnv HCAPTCHA_SECRET_KEY xxxxx
 ```
diff --git a/src/_includes/partials/components/contact-form.njk b/src/_includes/partials/components/contact-form.njk
index 10c55c6..1a6fc1b 100644
--- a/src/_includes/partials/components/contact-form.njk
+++ b/src/_includes/partials/components/contact-form.njk
@@ -56,6 +56,9 @@
           <label class="ohnohoney" for="email"></label>
           <input tabindex="-1" class="ohnohoney" autocomplete="off" type="email" id="email" name="email" placeholder="Your e-mail here">
         </li>
+
+        <div class="h-captcha" data-sitekey="b07c49fe-50ee-4432-af0a-96d675c6326a"></div>
+        <script src="https://js.hcaptcha.com/1/api.js" async defer></script>
       </ol>
       {% if contactMember %}
         {{ hidden_field('contactTo', contactMember) }}
diff --git a/src/form/contact-form-handler.php b/src/form/contact-form-handler.php
index e609cfc..0a93287 100644
--- a/src/form/contact-form-handler.php
+++ b/src/form/contact-form-handler.php
@@ -22,12 +22,41 @@ $wantedContact = (
     || empty($domainFromMyEmail)
 ) ? $myEmail : "$wantedContact@$domainFromMyEmail" ;
 
+/* hCaptcha */
+$hcaptchaSecret = getenv('HCAPTCHA_SECRET_KEY');
+$hcaptchaVerifyUrl = "https://api.hcaptcha.com/siteverify";
+
 if(empty($_POST['namezzz']) || empty($_POST['emailzzz']) || empty($_POST['message'])) {
-    $errors .= "\n Error: all fields are required";
+    $errors .= "\n Erreur : champs obligatoires manquants.";
 }
 
 if(!empty($_POST['name']) && !empty($_POST['email'])) {
-    $errors .= "\n Error: spam";
+    $errors .= "\n Erreur : spam détecté.";
+}
+
+/* Captcha verification */
+if(!empty($_POST['h-captcha-response'])) {
+    $responseKey = $_POST['h-captcha-response'];
+    $data = array(
+        'secret' => $hcaptchaSecret,
+        'response' => $responseKey
+    );
+
+    $checkRequest = curl_init();
+    curl_setopt($checkRequest, CURLOPT_URL, $hcaptchaVerifyUrl);
+    curl_setopt($checkRequest, CURLOPT_POST, 1);
+    curl_setopt($checkRequest, CURLOPT_POSTFIELDS, http_build_query($data));
+    curl_setopt($checkRequest, CURLOPT_RETURNTRANSFER, true);
+    $response = curl_exec($checkRequest);
+    curl_close($checkRequest);
+
+    $responseData = json_decode($response, true);
+
+    if(!$responseData['success']) {
+        $errors .= "\n Erreur lors de la validation du captcha.";
+    }
+} else {
+    $errors .= "\n Erreur lors de la validation du captcha.";
 }
 
 $name = $_POST['namezzz'];
@@ -37,7 +66,7 @@ $message = $_POST['message'];
 $subscribe = $_POST['subscribe'];
 
 if (!filter_var($emailAddress, FILTER_VALIDATE_EMAIL)) {
-    $errors .= "\n Error: Invalid email address $emailAddress";
+    $errors .= "\n Erreur d'adresse e-mail invalide : $emailAddress";
 }
 
 if(empty($errors)) {
@@ -110,7 +139,8 @@ if(empty($errors)) {
 	<body>
 		<!-- This page is displayed only if there is some error -->
 		<?php
-        echo nl2br($errors);
-?>
+            echo nl2br($errors);
+        ?>
+        <a href="javascript:history.back()">Retour</a>
 	</body>
 </html>