wip

app/classes/forms.php

@@ -350,6 +350,10 @@ class Forms extends Check {
             self::addUserError( 'Invalid username.' );
             return false;
         }
+        if ( $user->usernameExists( Input::post( 'username' ) ) ) {
+            self::addUserError( 'A user with that username is already registered.' );
+            return false;
+        }
         if ( !self::password( Input::post( 'password' ) ) ) {
             self::addUserError( 'Invalid password.' );
             return false;

app/controllers/register.php

@@ -47,7 +47,8 @@ class Register extends Controller {
     public function index() {
         self::$title = '{SITENAME} Sign Up';
         self::$pageDescription = 'Many features of {SITENAME} are disabled or hidden from unregistered users. On this page you can sign up for an account to access all the app has to offer.';
-
+        Components::append( 'TEMPLATE_JS_INCLUDES', '<script src="https://challenges.cloudflare.com/turnstile/v0/api.js" async defer></script>' );
+        Components::set( 'TURNSTILE_API_KEY', '0x4AAAAAAA1yKVCfYqpnMbvA' );
         if ( ! Config::getValue( 'main/registrationEnabled' ) ) {
             return Issues::add( 'notice', 'The site administrator has disable the ability to register a new account.' );
         }
@@ -59,10 +60,41 @@ class Register extends Controller {
         if ( !Input::exists() ) {
             return Views::view( 'auth.register' );
         }
+        if ( Input::exists( 'userEmail' ) ) {
+            // for the really bad AI / headless bots
+            Session::flash( 'success', 'Thank you for registering! Please check your email to confirm your account.' );
+            Redirect::to( 'home/index' );
+        }
         if ( !Forms::check( 'register' ) ) {
             Issues::add( 'error', [ 'There was an error with your registration.' => Check::userErrors() ] );
             return Views::view( 'auth.register' );
         }
+        if ( ! Input::exists('cf-turnstile-response') ) {
+            Issues::add( 'notice', 'Turnstile verification failed. Please try again.' );
+            return Views::view( 'auth.register' );
+        }
+        // Verify Turnstile response with Cloudflare API
+        $secret_key = "0x4AAAAAAA1yKZdXiv9_JrXXhF9Iw2tvQTE";
+        $verify_url = "https://challenges.cloudflare.com/turnstile/v0/siteverify";
+        $data = [
+            "secret" => $secret_key,
+            "response" => Input::post('cf-turnstile-response'),
+            "remoteip" => $_SERVER["REMOTE_ADDR"] // Optional, helps detect abuse
+        ];
+        $options = [
+            "http" => [
+                "header" => "Content-Type: application/x-www-form-urlencoded",
+                "method" => "POST",
+                "content" => http_build_query($data)
+            ]
+        ];
+        $context = stream_context_create($options);
+        $response = file_get_contents($verify_url, false, $context);
+        $result = json_decode($response, true);
+        if ( ! $result["success"]) {
+            Issues::add( 'notice', 'Turnstile verification failed. Please try again. If the issue persists, please contact the site administrator.' );
+            return Views::view( 'auth.register' );
+        }
         self::$user->create( [
             'username' => Input::post( 'username' ),
             'password' => Hash::make( Input::post( 'password' ) ),

app/js/main.js

@@ -272,8 +272,6 @@ document.querySelectorAll('[data-bs-toggle="collapse"]').forEach(button => {
 document.addEventListener("DOMContentLoaded", function () {
     var popoverTriggerList = [].slice.call(document.querySelectorAll('[data-bs-toggle="popover"]'));
     var popoverList = popoverTriggerList.map(function (popoverTriggerEl) {
-        return new bootstrap.Popover(popoverTriggerEl, {
-            customClass: 'context-popover',
-          });
+        return new bootstrap.Popover(popoverTriggerEl);
     });
 });

app/views/auth/register.html

@@ -15,6 +15,7 @@
                 <label for="email" class="col-lg-6 col-form-label text-lg-end">Email:</label>
                 <div class="col-lg-2">
                     <input type="email" class="form-control" name="email" id="email" required>
+                    <input type="email" class="d-none" name="userEmail" id="userEmail">
                 </div>
             </div>
 
@@ -42,6 +43,11 @@
                 </div>
             </div>
 
+            <!-- Cloudflare Turnstile Widget -->
+            <div class="mb-3 row">
+                <div class="cf-turnstile col-2 offset-5" data-sitekey="{TURNSTILE_API_KEY}"></div>
+            </div>
+
             <!-- Terms of Service -->
             <div class="mb-3 text-center">
                 <div class="">

app/views/footer/right.html

@@ -1,6 +1,6 @@
 <div class="col-12 col-sm-6 col-md-3 col-lg-2 mb-3 text-center">
     {SHARE_IMAGE}
-    <h5>Dark Mode</h5>
+    <h5 class="atb-green">Dark Mode</h5>
     <div class="material-switch px-4 mt-2">
         <input name="dark-mode-toggle" type="checkbox" id="dark-mode-toggle" class="form-check-input">
         <label for="dark-mode-toggle" class="label-default"></label>

app/views/footer/share.html

@@ -1,9 +1,9 @@
 <div class="text-center mb-3">
-    <h5 class="mb-3">Share</h5>
+    <h5 class="mb-3 atb-green">Share</h5>
     <div class="px-4 mt-2">
         <!-- Share Button (visible only on medium+ screens) -->
-        <button type="button" class="btn btn-outline-primary" 
-                data-bs-toggle="popover" data-bs-html="true" title="Share" data-bs-placement="top" data-bs-trigger="focus"
+        <button type="button" class="btn atb-green-outline" 
+                data-bs-toggle="popover" data-bs-html="true" title="Share" 
                 data-bs-content='
                     {QR_CODE}
                     <div class="d-flex justify-content-between">