From 15030ffd87114e554fb4b0020f2abc2d34d04ac8 Mon Sep 17 00:00:00 2001 From: xuanmou Date: Sun, 12 Oct 2025 14:03:55 +0800 Subject: [PATCH 1/4] =?UTF-8?q?=E5=A2=9E=E5=8A=A0vaptcha=E5=AF=B9=E5=BF=98?= =?UTF-8?q?=E8=AE=B0=E5=AF=86=E7=A0=81=E9=A1=B5=E9=9D=A2=E5=92=8C=E6=B3=A8?= =?UTF-8?q?=E5=86=8C=E7=95=8C=E9=9D=A2=E7=9A=84=E6=94=AF=E6=8C=81=EF=BC=8C?= =?UTF-8?q?=E4=BF=AE=E5=A4=8Dip=E5=9B=A0=E4=B8=BA=E8=8E=B7=E5=8F=96?= =?UTF-8?q?=E5=88=B0x=5Fforwarded=5Ffor=E5=A4=9A=E4=B8=AA=E4=BB=A3?= =?UTF-8?q?=E7=90=86ip=E8=80=8C=E5=AF=BC=E8=87=B4vaptcha=E4=B8=8D=E5=8F=AF?= =?UTF-8?q?=E7=94=A8?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- functions.php | 80 ++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 79 insertions(+), 1 deletion(-) diff --git a/functions.php b/functions.php index 62674e4d..3a72601f 100644 --- a/functions.php +++ b/functions.php @@ -3362,6 +3362,8 @@ function vaptchaInit() echo $vaptcha->script(); } add_action('login_form', 'vaptchaInit'); + add_action('register_form', 'vaptchaInit'); + add_action('lostpassword_form', 'vaptchaInit'); function checkVaptchaAction($user) { @@ -3399,6 +3401,81 @@ function checkVaptchaAction($user) } add_filter('authenticate', 'checkVaptchaAction', 20, 3); + + function Vaptcha_lostpassword_CHECK($errors) + { + if (empty($_POST)) + { + return false; + } + if (!(isset($_POST['vaptcha_server']) && isset($_POST['vaptcha_token']))) + { + return $errors->add('invalid_vaptcha ', '错误:请先进行人机验证'); + } + if (!preg_match('/^https:\/\/([\w-]+\.)+[\w-]*([^<>=?\"\'])*$/', $_POST['vaptcha_server']) || !preg_match('/^[\w\-\$]+$/', $_POST['vaptcha_token'])) + { + return $errors->add('invalid_vaptcha ', '错误:非法数据'); + } + include_once('inc/classes/Vaptcha.php'); + $url = $_POST['vaptcha_server']; + $token = $_POST['vaptcha_token']; + $ip = get_the_user_ip(); + $vaptcha = new Sakura\API\Vaptcha; + $response = $vaptcha->checkVaptcha($url, $token, $ip); + if ($response->msg && $response->success && $response->score) { + if ($response->success === 1 && $response->score >= 70) { + return $errors; + } + if ($response->success === 0) { + $errorcode = $response->msg; + return $errors->add('invalid_vaptcha ', '错误:非法数据' . $errorcode); + } + return $errors->add('invalid_vaptcha ', '错误:人机验证失败'); + + } else if (is_string($response)) { + return $errors->add('invalid_vaptcha ', '错误:' . $response); + } + return $errors->add('invalid_vaptcha ', '错误:未知错误'); + } + add_action('lostpassword_post', 'Vaptcha_lostpassword_CHECK'); + + function Vaptcha_registration_CHECK($errors, $sanitized_user_login, $user_email) + { + if (empty($_POST)) + { + return false; + } + if (!(isset($_POST['vaptcha_server']) && isset($_POST['vaptcha_token']))) + { + return $errors->add('invalid_vaptcha ', '错误:请先进行人机验证'); + } + if (!preg_match('/^https:\/\/([\w-]+\.)+[\w-]*([^<>=?\"\'])*$/', $_POST['vaptcha_server']) || !preg_match('/^[\w\-\$]+$/', $_POST['vaptcha_token'])) + { + return $errors->add('invalid_vaptcha ', '错误:非法数据'); + } + include_once('inc/classes/Vaptcha.php'); + $url = $_POST['vaptcha_server']; + $token = $_POST['vaptcha_token']; + $ip = get_the_user_ip(); + $vaptcha = new Sakura\API\Vaptcha; + $response = $vaptcha->checkVaptcha($url, $token, $ip); + if ($response->msg && $response->success && $response->score) { + if ($response->success === 1 && $response->score >= 70) { + return $errors; + } + if ($response->success === 0) { + $errorcode = $response->msg; + return $errors->add('invalid_vaptcha ', '错误:非法数据' . $errorcode); + } + return $errors->add('invalid_vaptcha ', '错误:人机验证失败'); + + } else if (is_string($response)) { + return $errors->add('invalid_vaptcha ', '错误:' . $response); + } + return $errors->add('invalid_vaptcha ', '错误:未知错误'); + } + add_filter('registration_errors', 'Vaptcha_registration_CHECK', 2, 3); + } else if ((iro_opt('captcha_select') === 'turnstile') && (!empty(iro_opt("turnstile_site_key")) && !empty(iro_opt("turnstile_secret_key")))) { function turnstile_init() { include_once('inc/classes/Turnstile.php'); @@ -3599,7 +3676,8 @@ function get_the_user_ip() // 简略版 // $ip = $_SERVER['HTTP_CLIENT_IP'] ?: ($_SERVER['HTTP_X_FORWARDED_FOR'] ?: $_SERVER['REMOTE_ADDR']); $ip = $_SERVER['HTTP_CLIENT_IP'] ?? $_SERVER['HTTP_X_FORWARDED_FOR'] ?? $_SERVER['REMOTE_ADDR']; - return apply_filters('wpb_get_ip', $ip); + $ip2 = explode('|', str_replace(',', '|', $ip)); + return apply_filters('wpb_get_ip', $ip2); //解决HTTP_X_FORWARDED_FOR获取到代理地址而导致人机验证不通过 } //归档页信息缓存 From 0d4a9c8eab2641d2675df3750aa58a9615ecab2b Mon Sep 17 00:00:00 2001 From: xuanmou Date: Sun, 12 Oct 2025 14:20:48 +0800 Subject: [PATCH 2/4] =?UTF-8?q?=E4=BF=AE=E5=A4=8Dip=E8=8E=B7=E5=8F=96bug?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- functions.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/functions.php b/functions.php index 3a72601f..4ee6045d 100644 --- a/functions.php +++ b/functions.php @@ -3677,7 +3677,7 @@ function get_the_user_ip() // $ip = $_SERVER['HTTP_CLIENT_IP'] ?: ($_SERVER['HTTP_X_FORWARDED_FOR'] ?: $_SERVER['REMOTE_ADDR']); $ip = $_SERVER['HTTP_CLIENT_IP'] ?? $_SERVER['HTTP_X_FORWARDED_FOR'] ?? $_SERVER['REMOTE_ADDR']; $ip2 = explode('|', str_replace(',', '|', $ip)); - return apply_filters('wpb_get_ip', $ip2); //解决HTTP_X_FORWARDED_FOR获取到代理地址而导致人机验证不通过 + return apply_filters('wpb_get_ip', trim($ip2[0])); //解决HTTP_X_FORWARDED_FOR获取到代理地址而导致人机验证不通过 } //归档页信息缓存 From ff2b033c8634d38590168b949771e08e6f33a6cd Mon Sep 17 00:00:00 2001 From: xuanmou Date: Sun, 12 Oct 2025 16:07:03 +0800 Subject: [PATCH 3/4] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E6=B3=A8=E5=86=8C?= =?UTF-8?q?=E6=97=B6=E6=8A=A5=E9=94=99=E7=9A=84bug?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- functions.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/functions.php b/functions.php index 4ee6045d..fab7abc3 100644 --- a/functions.php +++ b/functions.php @@ -3447,11 +3447,11 @@ function Vaptcha_registration_CHECK($errors, $sanitized_user_login, $user_email) } if (!(isset($_POST['vaptcha_server']) && isset($_POST['vaptcha_token']))) { - return $errors->add('invalid_vaptcha ', '错误:请先进行人机验证'); + return new WP_Error('prooffail', '错误:请先进行人机验证'); } if (!preg_match('/^https:\/\/([\w-]+\.)+[\w-]*([^<>=?\"\'])*$/', $_POST['vaptcha_server']) || !preg_match('/^[\w\-\$]+$/', $_POST['vaptcha_token'])) { - return $errors->add('invalid_vaptcha ', '错误:非法数据'); + return new WP_Error('prooffail', '错误:非法数据'); } include_once('inc/classes/Vaptcha.php'); $url = $_POST['vaptcha_server']; @@ -3465,14 +3465,14 @@ function Vaptcha_registration_CHECK($errors, $sanitized_user_login, $user_email) } if ($response->success === 0) { $errorcode = $response->msg; - return $errors->add('invalid_vaptcha ', '错误:非法数据' . $errorcode); + return new WP_Error('prooffail', '错误:非法数据' . $errorcode); } - return $errors->add('invalid_vaptcha ', '错误:人机验证失败'); + return new WP_Error('prooffail', '错误:人机验证失败'); } else if (is_string($response)) { - return $errors->add('invalid_vaptcha ', '错误:' . $response); + return new WP_Error('prooffail', '错误:' . $response); } - return $errors->add('invalid_vaptcha ', '错误:未知错误'); + return new WP_Error('prooffail', '错误:未知错误'); } add_filter('registration_errors', 'Vaptcha_registration_CHECK', 2, 3); From d704a5e6b14371003f3caf1d6d1634e7a350302b Mon Sep 17 00:00:00 2001 From: xuanmou Date: Sun, 12 Oct 2025 16:09:22 +0800 Subject: [PATCH 4/4] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E4=B8=80=E5=A4=84?= =?UTF-8?q?=E4=BB=A3=E7=A0=81=E9=94=99=E8=AF=AF?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- functions.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/functions.php b/functions.php index fab7abc3..1b265726 100644 --- a/functions.php +++ b/functions.php @@ -3443,7 +3443,7 @@ function Vaptcha_registration_CHECK($errors, $sanitized_user_login, $user_email) { if (empty($_POST)) { - return false; + return new WP_Error(); } if (!(isset($_POST['vaptcha_server']) && isset($_POST['vaptcha_token']))) {