wip

app/controllers/register.php

@@ -47,7 +47,8 @@ class Register extends Controller {
     public function index() {
         self::$title = '{SITENAME} Sign Up';
         self::$pageDescription = 'Many features of {SITENAME} are disabled or hidden from unregistered users. On this page you can sign up for an account to access all the app has to offer.';
-
+        Components::append( 'TEMPLATE_JS_INCLUDES', '<script src="https://challenges.cloudflare.com/turnstile/v0/api.js" async defer></script>' );
+        Components::set( 'TURNSTILE_API_KEY', '0x4AAAAAAA1yKVCfYqpnMbvA' );
         if ( ! Config::getValue( 'main/registrationEnabled' ) ) {
             return Issues::add( 'notice', 'The site administrator has disable the ability to register a new account.' );
         }
@@ -59,10 +60,41 @@ class Register extends Controller {
         if ( !Input::exists() ) {
             return Views::view( 'auth.register' );
         }
+        if ( Input::exists( 'userEmail' ) ) {
+            // for the really bad AI / headless bots
+            Session::flash( 'success', 'Thank you for registering! Please check your email to confirm your account.' );
+            Redirect::to( 'home/index' );
+        }
         if ( !Forms::check( 'register' ) ) {
             Issues::add( 'error', [ 'There was an error with your registration.' => Check::userErrors() ] );
             return Views::view( 'auth.register' );
         }
+        if ( ! Input::exists('cf-turnstile-response') ) {
+            Issues::add( 'notice', 'Turnstile verification failed. Please try again.' );
+            return Views::view( 'auth.register' );
+        }
+        // Verify Turnstile response with Cloudflare API
+        $secret_key = "0x4AAAAAAA1yKZdXiv9_JrXXhF9Iw2tvQTE";
+        $verify_url = "https://challenges.cloudflare.com/turnstile/v0/siteverify";
+        $data = [
+            "secret" => $secret_key,
+            "response" => Input::post('cf-turnstile-response'),
+            "remoteip" => $_SERVER["REMOTE_ADDR"] // Optional, helps detect abuse
+        ];
+        $options = [
+            "http" => [
+                "header" => "Content-Type: application/x-www-form-urlencoded",
+                "method" => "POST",
+                "content" => http_build_query($data)
+            ]
+        ];
+        $context = stream_context_create($options);
+        $response = file_get_contents($verify_url, false, $context);
+        $result = json_decode($response, true);
+        if ( ! $result["success"]) {
+            Issues::add( 'notice', 'Turnstile verification failed. Please try again. If the issue persists, please contact the site administrator.' );
+            return Views::view( 'auth.register' );
+        }
         self::$user->create( [
             'username' => Input::post( 'username' ),
             'password' => Hash::make( Input::post( 'password' ) ),