Changeset 3434060

Timestamp:

01/07/2026 05:41:49 AM (6 weeks ago)

Author:

awcode

Message:

captcha

Location:

dive-admin/trunk

Files:

• admin/class-dive-admin-admin.php (modified) (1 diff)
• admin/css/dive-admin-admin.css (modified) (3 diffs)
• admin/partials/dive-admin-admin-display.php (modified) (1 diff)
• dive-admin.php (modified) (1 diff)
• public/class-dive-admin-public.php (modified) (1 diff)
• public/css/dive-admin-public.css (modified) (4 diffs)
• public/js/dive-admin-public.js (modified) (2 diffs)
• public/partials/lead_form.php (modified) (1 diff)
• readme.txt (modified) (2 diffs)

dive-admin/trunk/admin/class-dive-admin-admin.php

@@ -124 +124 @@
 
         update_option( 'diveadmin_sync_woo',  sanitize_text_field(wp_unslash( isset($_POST['diveadmin_sync_woo']) ? 1 : 0 )) );
+        
+        if(isset($_POST['diveadmin_turnstile_site_key'])){
+            update_option( 'diveadmin_turnstile_site_key',  sanitize_text_field(wp_unslash($_POST['diveadmin_turnstile_site_key'])) );
+        }
+        if(isset($_POST['diveadmin_turnstile_secret_key'])){
+            update_option( 'diveadmin_turnstile_secret_key',  sanitize_text_field(wp_unslash($_POST['diveadmin_turnstile_secret_key'])) );
+        }
 
         wp_safe_redirect(esc_url(get_admin_url(null, 'admin.php?page=diveadmin_settings')));

dive-admin/trunk/admin/css/dive-admin-admin.css

@@ -1 +1 @@
 .grid {
-  display: grid;
-  column-gap: 50px;
-  grid-auto-flow: column;
-  column-count: 3;
-  margin-top: 1em;
+    display: grid;
+    grid-template-columns: repeat(auto-fit, minmax(450px, 1fr));
+    gap: 20px;
+    grid-auto-flow: row;
+    margin-top: 1em;
 }
 
-.box{
-    border: 1px solid #ccc;
-    border-radius: 7px;
+.box {
+    border: 1px solid #ccc;
+    border-radius: 7px;
 
-    background: #fff;
-}
-.box-header{
-    background: #dcdcde;
-    padding: 1em;
-    font-weight: bold;
+    background: #fff;
 }
 
-.box-body{
-    padding: 1em;
+.box-header {
+    background: #dcdcde;
+    padding: 1em;
+    font-weight: bold;
 }
+
+.box-body {
+    padding: 1em;
+}
+
 .alert {
     position: relative;
@@ -29 +31 @@
     border-radius: .25rem;
 }
+
 .alert-success {
     color: #155724;
@@ -34 +37 @@
     border-color: #c3e6cb;
 }
+
 .alert-warning {
     color: #856404;

dive-admin/trunk/admin/partials/dive-admin-admin-display.php

@@ -100 +100 @@
     </div>
 
+    <div class="box">
+        <div class="box-header">
+            Spam Protection (Cloudflare Turnstile)
+        </div>
+        <div class="box-body">
+            <label for="diveadmin_turnstile_site_key">Site Key</label><br>
+            <input type="text" name="diveadmin_turnstile_site_key" value="<?php echo esc_attr(get_option('diveadmin_turnstile_site_key')); ?>" style="width:100%"><br><br>
+            
+            <label for="diveadmin_turnstile_secret_key">Secret Key</label><br>
+            <input type="text" name="diveadmin_turnstile_secret_key" value="<?php echo esc_attr(get_option('diveadmin_turnstile_secret_key')); ?>" style="width:100%">
+        </div>
+    </div>
+
 </div>
 <br>

dive-admin/trunk/dive-admin.php

@@ -6 +6 @@
  * Plugin URI:        https://diveadmin.com/resources/wordpress
  * Description:       DiveAdmin.com is a software solution for diveschools. This plugin connects your website with your account.
- * Version:           1.0.7
+ * Version:           1.0.8
  * Author:            Dive Admin
  * Author URI:        https://diveadmin.com

dive-admin/trunk/public/class-dive-admin-public.php

@@ -137 +137 @@
         wp_verify_nonce('diveadmin_leadform');
 
-        //TODO Validate
-        //TODO Captcha and Honeypot
-
         $data = json_decode(file_get_contents('php://input'), true);
+
+        // Validation
+        $message = isset($data['message']) ? sanitize_text_field(wp_unslash($data['message'])) : '';
+        if ( empty($message) ) {
+            wp_die('{"message":"Message is required"}', 400);
+        }
+
+        $first_name = isset($data['first_name']) ? sanitize_text_field(wp_unslash($data['first_name'])) : '';
+        $surname = isset($data['surname']) ? sanitize_text_field(wp_unslash($data['surname'])) : '';
+
+        if ( empty($first_name) || trim($first_name) === '?' ) {
+            wp_die('{"message":"Valid First Name is required"}', 400);
+        }
+        if ( empty($surname) || trim($surname) === '?' ) {
+            wp_die('{"message":"Valid Surname is required"}', 400);
+        }
+
+        // Turnstile Verification
+        if ( get_option('diveadmin_turnstile_secret_key') ) {
+            $turnstile_response = isset($data['cf-turnstile-response']) ? $data['cf-turnstile-response'] : '';
+            if ( empty($turnstile_response) ) {
+                wp_die('{"message":"Security verification failed (Turnstile)"}', 400);
+            }
+
+            $verify = wp_remote_post('https://challenges.cloudflare.com/turnstile/v0/siteverify', [
+                'body' => [
+                    'secret' => get_option('diveadmin_turnstile_secret_key'),
+                    'response' => $turnstile_response,
+                    'remoteip' => $_SERVER['REMOTE_ADDR']
+                ]
+            ]);
+
+            $verify_body = json_decode(wp_remote_retrieve_body($verify));
+            if ( ! $verify_body->success ) {
+                wp_die('{"message":"Security verification failed (Turnstile)"}', 400);
+            }
+        }
+
+
         $post = [
             'api_key' => get_option('diveadmin_api_key'),
             'status' => 'enquiry',
-            'first_name' => isset($data['first_name']) ? sanitize_text_field(wp_unslash($data['first_name'])): '',
-            'surname' => isset($data['surname']) ? sanitize_text_field(wp_unslash($data['surname'])): '',
+            'first_name' => $first_name,
+            'surname' => $surname,
             'email' => isset($data['email']) ? sanitize_text_field(wp_unslash($data['email'])): '',
             'mobile' => isset($data['mobile']) ? sanitize_text_field(wp_unslash($data['mobile'])): '',
             'arrival_date' => isset($data['arrival_date']) ? sanitize_text_field(wp_unslash($data['arrival_date'])): '',
-            'message' => isset($data['message']) ? sanitize_text_field(wp_unslash($data['message'])): '',
+            'message' => $message,
         ];
 

dive-admin/trunk/public/css/dive-admin-public.css

@@ -6 +6 @@
     border-radius: .25rem;
 }
+
 .alert-success {
     color: #155724;
@@ -11 +12 @@
     border-color: #c3e6cb;
 }
+
 .alert-warning {
     color: #856404;
@@ -23 +25 @@
 }
 
-.diveadmin_leadform{
+.diveadmin_leadform {}
 
+.diveadmin_leadform input[type=text],
+.diveadmin_leadform input[type=tel],
+.diveadmin_leadform input[type=email],
+.diveadmin_leadform input[type=date],
+.diveadmin_leadform textarea {
+    display: block;
+    width: 100%;
+    height: calc(2.25rem + 2px);
+    padding: 0rem .75rem;
+    font-size: 1rem;
+    line-height: 1.2;
+    color: #495057;
+    background-color: #fff;
+    background-clip: padding-box;
+    border: 1px solid #ced4da;
+    border-radius: .25rem;
+    transition: border-color .15s ease-in-out, box-shadow .15s ease-in-out;
 }
 
-.diveadmin_leadform input[type=text], .diveadmin_leadform input[type=tel], .diveadmin_leadform input[type=email], .diveadmin_leadform textarea{
-    display: block;
-    width: 100%;
-    height: calc(2.25rem + 2px);
-    padding: 0rem .75rem;
-    font-size: 1rem;
-    line-height: 1.2;
-    color: #495057;
-    background-color: #fff;
-    background-clip: padding-box;
-    border: 1px solid #ced4da;
-    border-radius: .25rem;
-    transition: border-color .15s ease-in-out, box-shadow .15s ease-in-out;
+.diveadmin_leadform textarea {
+    min-height: 4em;
 }
 
-.diveadmin_leadform textarea{
-    min-height: 4em;
-}
-
-.diveadmin_leadform input[type=submit]{
-    display: inline-block;
+.diveadmin_leadform input[type=submit] {
+    display: inline-block;
     font-weight: 400;
     text-align: center;
@@ -62 +66 @@
     border-radius: .25rem;
     transition: color .15s ease-in-out, background-color .15s ease-in-out, border-color .15s ease-in-out, box-shadow .15s ease-in-out;
-    color: #fff;
+    color: #fff;
     background-color: #007bff;
     border-color: #007bff;

dive-admin/trunk/public/js/dive-admin-public.js

@@ -1 +1 @@
 document.addEventListener("DOMContentLoaded", () => {
     if (document.querySelector(".diveadmin-ajax-form")) {
-        document.querySelector('.diveadmin-ajax-form').addEventListener('submit', function(e) {
-            e.preventDefault();
-            let formData = new FormData(this);
-            let parsedData = {};
-            for(let name of formData) {
-              if (typeof(parsedData[name[0]]) == "undefined") {
-                let tempdata = formData.getAll(name[0]);
-                if (tempdata.length > 1) {
-                  parsedData[name[0]] = tempdata;
-                } else {
-                  parsedData[name[0]] = tempdata[0];
-                }
-              }
-            }
+        document.querySelector('.diveadmin-ajax-form').addEventListener('submit', function (e) {
+            e.preventDefault();
 
-            let options = {};
-            switch (this.method.toLowerCase()) {
-              case 'post':
-                options.body = JSON.stringify(parsedData);
-              case 'get':
-                options.method = this.method;
-                options.headers = {'Content-Type': 'application/json'};
-              break;
-            }
+            // Remove existing alerts
+            const existingAlert = this.querySelector('.diveadmin-alert');
+            if (existingAlert) existingAlert.remove();
 
-            fetch(this.action, options).then(r => r.json()).then(data => {
+            let formData = new FormData(this);
+
+            // Client-side Turnstile Check
+            if (document.querySelector('.cf-turnstile')) {
+                if (!formData.get('cf-turnstile-response')) {
+                    let messageObj = document.createElement("div");
+                    messageObj.innerHTML = "Please verify you are human (Turnstile)";
+                    messageObj.classList.add('diveadmin-alert');
+                    messageObj.classList.add('alert-warning');
+                    this.prepend(messageObj);
+                    return;
+                }
+            }
+
+            let parsedData = {};
+            for (let name of formData) {
+                if (typeof (parsedData[name[0]]) == "undefined") {
+                    let tempdata = formData.getAll(name[0]);
+                    if (tempdata.length > 1) {
+                        parsedData[name[0]] = tempdata;
+                    } else {
+                        parsedData[name[0]] = tempdata[0];
+                    }
+                }
+            }
+
+            let options = {};
+            switch (this.method.toLowerCase()) {
+                case 'post':
+                    options.body = JSON.stringify(parsedData);
+                case 'get':
+                    options.method = this.method;
+                    options.headers = { 'Content-Type': 'application/json' };
+                    break;
+            }
+
+            fetch(this.action, options).then(r => {
+                const isSuccess = r.ok;
+                return r.json().then(data => ({ isSuccess, data }));
+            }).then(({ isSuccess, data }) => {
                 console.log(data);
-                if(data == 0){
-                    window.alert('Message not sent, unknown error')
-                }else{
-                    messageObj = document.createElement("p");
+                if (!isSuccess || data == 0) {
+                    let message = data && data.message ? data.message : 'Unknown error occurred';
+                    if (data == 0) message = 'Message not sent, unknown error';
+
+                    let messageObj = document.createElement("div");
+                    messageObj.innerHTML = message;
+                    messageObj.classList.add('diveadmin-alert');
+                    messageObj.classList.add('alert-warning');
+                    this.prepend(messageObj);
+                } else {
+                    let messageObj = document.createElement("div");
                     messageObj.innerHTML = data.message;
                     messageObj.classList.add('diveadmin-alert');
@@ -37 +65 @@
                     this.replaceWith(messageObj);
                 }
-            });
+            }).catch(err => {
+                console.error(err);
+                let messageObj = document.createElement("div");
+                messageObj.innerHTML = "An error occurred. Please try again.";
+                messageObj.classList.add('diveadmin-alert');
+                messageObj.classList.add('alert-warning');
+                this.prepend(messageObj);
+            });
         });
     }

dive-admin/trunk/public/partials/lead_form.php

@@ -30 +30 @@
     <label for="message">Message</label><br>
     <textarea id="message" name="message" required></textarea><br>
-    <?php /* TODO Captcha support and Honeypot */ ?>
+    
+    <?php if(get_option('diveadmin_turnstile_site_key')): 
+        $site_key = get_option('diveadmin_turnstile_site_key');
+    ?>
+        <script src="https://challenges.cloudflare.com/turnstile/v0/api.js" async defer></script>
+        <div class="cf-turnstile" data-sitekey="<?php echo esc_attr($site_key); ?>"></div>
+        <br>
+    <?php endif; ?>
     <input type="submit" value="Send Enquiry">
 </form>

dive-admin/trunk/readme.txt

@@ -4 +4 @@
 Requires at least: 6.0
 Tested up to: 6.9
-Stable tag: 1.0.7
+Stable tag: 1.0.8
 License: GPLv2
 
@@ -40 +40 @@
 == Upgrade Notice ==
 
-= 1.0.7 =
-Added dive trip schedule shortcodes for calendar and list views with filtering options.
-
-
-
+    = 1.0.8 =
+    Added Turnstile support for lead form.
 
 == Changelog ==
+
+= 1.0.8 =
+* Added Turnstile support for lead form.
 
 = 1.0.7 =