This tutorial was created to stop testing accounts with brute force method. Next, you have the tutorial on how to add Google reCAPTCHA on login, step by step.
For adding reCAPTCHA to your site, you need to register your site and get reCAPTCHA API keys.
Register your site at Google from here – https://www.google.com/recaptcha/admin
Site key is used to display the reCAPTCHA widget.
Secret key helps authorizes communication between your site and the reCAPTCHA server.
Paste this snippet before the closing tag on your HTML template: index.php
<script src="https://www.google.com/recaptcha/api.js" async defer></script>
Add this in the login form from sidebar: include/sidebar/user.php
Replace SITE-KEY with your Google Site Key. ↑
Replace data-theme="light" with data-theme="dark" if you want a dark theme.
<div class="form-group">
<center><div class="g-recaptcha" data-theme="light" data-sitekey="SITE-KEY" style="transform:scale(0.77);-webkit-transform:scale(0.77);transform-origin:0 0;-webkit-transform-origin:0 0;"></div></center>
</div>
Add this in the login form from login page: pages/login.php
Replace SITE-KEY with your Google Site Key. ↑
<tr>
<td><?php print $lang['captcha-code']; ?>:</td>
<td><div class="g-recaptcha" data-sitekey="SITE-KEY"></div></td>
</tr>
Into the PHP code you need to modify Google Secret Key.
Replace SECRET-KEY with your Google Secret Key. ↑
Replace all text in: include/functions/pages/login.php with this:
<?php
if(isset($_POST['username']) && isset($_POST['password']) && isset($_POST['g-recaptcha-response']) && !empty($_POST['g-recaptcha-response']))
{
$username = strip_tags($_POST['username']);
$password = strip_tags($_POST['password']);
$secret = 'SECRET-KEY';
$verifyResponse = file_get_contents('https://www.google.com/recaptcha/api/siteverify?secret='.$secret.'&response='.$_POST['g-recaptcha-response']);
$responseData = json_decode($verifyResponse);
if($responseData->success)
$login_info = $database->doLogin($username,$password);
else $login_info = array(6);
}
?>
Add this in: pages/login.php after case 5:
case 6:
print $lang['incorrect-security'];
break;
Add this after: if(isset($_POST['username']) && isset($_POST['password']))
if(!(isset($_POST['g-recaptcha-response']) && !empty($_POST['g-recaptcha-response'])))
$login_info = array(6);