0

I am in the process of creating a website with Grav. I use Zammad as a ticket system and would like to include the feedback form on the page. For this I use the API of Zammad "https://admin-docs.zammad.org/en/latest/channels/form.html". This works as far as it goes. New tickets can be created via the form. Now I would like to add a bot protection. For this I have chosen hCaptcha. https://docs.hcaptcha.com/ (Google reCaptcha can be used without effort with the ready plugin "Form", but I don't want to use the Google reCaptcha). I have also already started to write a plugin for the hCaptcha, but I can not find the right entry to the API of Grav.

my current code:

function onFormProcessed(Event $event){

    if(is_entered_data_valid()) {
        if(isset($_POST['h-captcha-response']) && !empty($_POST['h-captcha-response'])){
            $secret = "0x0000000000000000000000000000000000000000";
            $remote_address = $_SERVER['REMOTE_ADDR'];
            $verify_url = "https://hcaptcha.com/siteverify?secret=".$secret."&response=".$_POST['h-captcha-response']."&remoteip=".$remote_address;
                // This is hcaptcha url
                $response = file_get_contents($verify_url); # Get token from post data with key 'h-captcha-response' and Make a POST request with data payload to hCaptcha API endpoint
                $responseData = json_decode($response);
                $success_msg="";
                $err_msg="";
                if($responseData->success){
                    $success_msg = "You can process your login functionality";
                }else{
                    $err_msg =  "Something went wrong while hCaptcha Validation. Please try again after sometime.";
                }
            }else{
                $err_msg =  "Please fill all the required fields";
            }
        } else {
            // Server side validation failed
            $error_output = "Please fill all the required fields";
        }
        // Get the response and pass it into your ajax as a response.
        $return_msg = array(
            'error'     =>  $err_msg,
            'success'   =>  $success_msg
        );
        echo json_encode($return_msg);

    }

this function has to be executed when the form is submitted

Flora Faßbender
  • 1
  • "but I can not find the right entry to the API of Grav"... What kind of "entry" are you looking for? – passerby Apr 29 '21 at 13:28
  • I am looking for the function that is executed by the Grav API when a form is submitted – Flora Faßbender Apr 29 '21 at 15:07
  • Event 'onFormProcessed' is fired when form is submitted. Have a look at https://learn.getgrav.org/17/forms/forms/reference-form-actions and especially the section 'Custom Actions'. See if that gives you a clue. – passerby Apr 29 '21 at 16:22

1 Answers1

0

You go in the right direction, onFormProcessed is the event you need to use. You can learn from Grav's Form plugin. However, you need to define a specific form action for your plugin, otherwise your code runs for all the forms on the site no matter the forms use your captcha or not.

Let say your form action is hcaptcha:

    public function onFormProcessed(Event $event): void
    {
        $form = $event['form'];
        $action = $event['action'];

        switch ($action) {
            case 'hcaptcha':
                // If captcha validation fails, stop the form processing.
                if ($validation_fails) {
                    $message = "Please solve the captcha!";

                    $this->grav->fireEvent('onFormValidationError', new Event([
                        'form' => $form,
                        'message' => $message
                    ]));

                    $event->stopPropagation();

                    return;
                 }
Hung Tran
  • 790
  • 2
  • 8
  • 24