We don't do automatic login when recaptcha is enabled, so add the login calls on successful recaptcha

2020-02-04 16:41:19 -05:00 · 2020-02-04 16:41:19 -05:00 · 1c2f2657d2
parent 42b3bb6a53
commit 1c2f2657d2
1 changed files with 11 additions and 2 deletions
--- a/web/includes/actions/login.php
+++ b/web/includes/actions/login.php
@ -49,14 +49,23 @@ if ( ('login' == $action) && isset($_REQUEST['username']) && ( ZM_AUTH_TYPE == '
      // as it produces the same error as when you don't answer a recaptcha
      if ( isset($responseData['error-codes']) && is_array($responseData['error-codes']) ) {
        if ( !in_array('invalid-input-secret', $responseData['error-codes']) ) {
-          Error('reCaptcha authentication failed');
+          ZM\Error('reCaptcha authentication failed. response was: ' . print_r($responseData['error-codes'],true));
          unset($user); // unset should be ok here because we aren't in a function
          return;
        } else {
-          Error('Invalid recaptcha secret detected');
+          ZM\Error('Invalid recaptcha secret detected');
        }
      }
    } // end if success==false
+    if ( ! (empty($_REQUEST['username']) or empty($_REQUEST['password'])) ) {
+      $ret = validateUser($_REQUEST['username'], $_REQUEST['password']);
+      if ( !$ret[0] ) {
+        ZM\Error($ret[1]);
+        unset($user); // unset should be ok here because we aren't in a function
+      } else {
+        $user = $ret[0];
+      }
+    } # end if have username and password
  } // end if using reCaptcha

  // if captcha existed, it was passed