Login with Google reCAPTCHA - Metin2CMS v2

This tutorial was created to stop testing accounts with brute force method. Next, you have the tutorial on how to add Google reCAPTCHA on login, step by step.

Get reCAPTCHA API keys:

For adding reCAPTCHA to your site, you need to register your site and get reCAPTCHA API keys.

Register your site

Register your site at Google from here – https://www.google.com/recaptcha/admin

Get your Site Key

Site key is used to display the reCAPTCHA widget.

Get your Secret Key

Secret key helps authorizes communication between your site and the reCAPTCHA server.

HTML Code:

Paste this snippet before the closing tag on your HTML template: index.php

<script src="https://www.google.com/recaptcha/api.js" async defer></script>

Add this in the login form from sidebar: include/sidebar/user.php

Replace SITE-KEY with your Google Site Key. ↑

Replace data-theme="light" with data-theme="dark" if you want a dark theme.

<div class="form-group">
	<center><div class="g-recaptcha" data-theme="light" data-sitekey="SITE-KEY" style="transform:scale(0.77);-webkit-transform:scale(0.77);transform-origin:0 0;-webkit-transform-origin:0 0;"></div></center>

Add this in the login form from login page: pages/login.php

Replace SITE-KEY with your Google Site Key. ↑

	<td><?php print $lang['captcha-code']; ?>:</td>
	<td><div class="g-recaptcha" data-sitekey="SITE-KEY"></div></td>

PHP Code:

Into the PHP code you need to modify Google Secret Key.

Replace SECRET-KEY with your Google Secret Key. ↑

Replace all text in: include/functions/login.php with this:

	if(isset($_POST['username']) && isset($_POST['password']) && isset($_POST['g-recaptcha-response']) && !empty($_POST['g-recaptcha-response']))
		$username = strip_tags($_POST['username']);
		$password = strip_tags($_POST['password']);
        $secret = 'SECRET-KEY';
        $verifyResponse = file_get_contents('https://www.google.com/recaptcha/api/siteverify?secret='.$secret.'&response='.$_POST['g-recaptcha-response']);
        $responseData = json_decode($verifyResponse);
           $login_info = $database->doLogin($username,$password);
		else $login_info = array(6);

Add this in: pages/login.php after case 5:

case 6:
	print $lang['incorrect-security'];

Add this after: if(isset($_POST['username']) && isset($_POST['password']))

if(!(isset($_POST['g-recaptcha-response']) && !empty($_POST['g-recaptcha-response'])))
	$login_info = array(6);

That's all!

Contact me

If you want to report a bug or if you just want to tell me something you can contact me.