# Fight Registration Spam with Google's ReCaptcha (ok)
"Test V2"
Site Key: 6LfjxU0gAAAAAEsTA9MARMZidFTRd7Ixh4Kzqywe\
Secret Key: 6LfjxU0gAAAAAIp\_A7aGb3NWPTg\_lNRKTQnh0SLN\
'Test Local' has been registered.\
Site Key: 6LcKr00gAAAAAKIP9h4lxBLFIDuOAEJDv3Vzm-Ky
Secret Key: 6LcKr00gAAAAAGBDO-4GktKgGsg4xphIx\_qHIFKi
Sử dụng "Test V2"
C:\xampp\htdocs\reset3\wp-content\plugins\personalize-login\personalize-login.php
```
array(
'title' => __( 'Sign In', 'personalize-login' ),
'content' => '[custom-login-form]'
),
'member-account' => array(
'title' => __( 'Your Account', 'personalize-login' ),
'content' => '[account-info]'
),
'member-register' => array(
'title' => __( 'Register', 'personalize-login' ),
'content' => '[custom-register-form]'
));
foreach ($page_definitions as $slug => $page) {
$query = new WP_Query('pagename=' . $slug);
if (!$query->have_posts()) {
wp_insert_post(
array(
'post_content' => $page['content'],
'post_name' => $slug,
'post_title' => $page['title'],
'post_status' => 'publish',
'post_type' => 'page',
'ping_status' => 'closed',
'comment_status' => 'closed',
)
);
}
}
}
/**
* Renders the contents of the given template to a string and returns it.
*
* @param string $template_name The name of the template to render (without .php)
* @param array $attributes The PHP variables for the template
*
* @return string The contents of the template.
*/
private function get_template_html($template_name, $attributes = null) {
if (!$attributes) {
$attributes = array();
}
ob_start();
do_action('personalize_login_before_' . $template_name);
require 'templates/' . $template_name . '.php';
do_action('personalize_login_after_' . $template_name);
$html = ob_get_contents();
ob_end_clean();
return $html;
}
/**
* Redirects the user to the correct page depending on whether he / she
* is an admin or not.
*
* @param string $redirect_to An optional redirect_to URL for admin users
*/
private function redirect_logged_in_user($redirect_to = null) {
$user = wp_get_current_user();
if (user_can($user, 'manage_options')) {
if ($redirect_to) {
die($redirect_to);
wp_safe_redirect($redirect_to);
} else {
wp_redirect(admin_url());
}
} else {
wp_redirect(home_url('member-account'));
}
}
/**
* Finds and returns a matching error message for the given error code.
*
* @param string $error_code The error code to look up.
*
* @return string An error message.
*/
private function get_error_message($error_code) {
switch ($error_code) {
case 'empty_username':
return __('You do have an email address, right?', 'personalize-login');
case 'empty_password':
return __('You need to enter a password to login.', 'personalize-login');
case 'invalid_username':
return __(
"We don't have any users with that email address. Maybe you used a different one when signing up?",
'personalize-login'
);
case 'incorrect_password':
$err = __(
"The password you entered wasn't quite right. Did you forget your password?",
'personalize-login'
);
// Registration errors
case 'email':
return __( 'The email address you entered is not valid.', 'personalize-login' );
case 'email_exists':
return __( 'An account exists with this email address.', 'personalize-login' );
case 'closed':
return __( 'Registering new users is currently not allowed.', 'personalize-login' );
return sprintf($err, wp_lostpassword_url());
case 'captcha':
return __( 'The Google reCAPTCHA check failed. Are you a robot?', 'personalize-login' );
default:
break;
}
return __('An unknown error occurred. Please try again later.', 'personalize-login');
}
/**
* A shortcode for rendering the new user registration form
*
* @param array $attributes Shortcode attributes.
* @param string $content The text content for shortcode. Not used.
*
* @return string The shortcode output
*/
public function render_register_form($attributes, $content = null) {
$default_attributes = array( 'show_title' => false );
$attributes = shortcode_atts( $default_attributes, $attributes );
$attributes['errors'] = [];
if(isset($_REQUEST['register-errors'])) {
$error_codes = explode(',', $_REQUEST['register-errors']);
foreach($error_codes as $code) {
$attributes['errors'][] = $this->get_error_message($error_code);
}
}
// Retrieve recaptcha key
$attributes['recaptcha_site_key'] = get_option( 'personalize-login-recaptcha-site-key', null );
if ( is_user_logged_in() ) {
return __( 'You are already signed in.', 'personalize-login' );
} elseif ( ! get_option( 'users_can_register' ) ) {
return __( 'Registering new users is currently not allowed.', 'personalize-login' );
} else {
return $this->get_template_html( 'register_form', $attributes );
}
}
/**
* Redirects the user to the custom registration page instead
* of wp-login.php?action=register.
*/
public function redirect_to_custom_register() {
if ( 'GET' == $_SERVER['REQUEST_METHOD'] ) {
if ( is_user_logged_in() ) {
$this->redirect_logged_in_user();
} else {
wp_redirect( home_url( 'member-register' ) );
}
exit;
}
}
/**
* Validates and then completes the new user signup process if all went well.
*
* @param string $email The new user's email address
* @param string $first_name The new user's first name
* @param string $last_name The new user's last name
*
* @return int|WP_Error The id of the user that was created, or error if failed.
*/
private function register_user( $email, $first_name, $last_name ) {
$errors = new WP_Error();
// Email address is used as both username and email. It is also the only
// parameter we need to validate
if ( ! is_email( $email ) ) {
$errors->add( 'email', $this->get_error_message( 'email' ) );
return $errors;
}
if ( username_exists( $email ) || email_exists( $email ) ) {
$errors->add( 'email_exists', $this->get_error_message( 'email_exists') );
return $errors;
}
// Generate the password so that the subscriber will have to check email...
$password = wp_generate_password( 12, false );
$user_data = array(
'user_login' => $email,
'user_email' => $email,
'user_pass' => $password,
'first_name' => $first_name,
'last_name' => $last_name,
'nickname' => $first_name,
);
$user_id = wp_insert_user( $user_data );
wp_new_user_notification( $user_id, $password );
return $user_id;
}
/**
* Handles the registration of a new user.
*
* Used through the action hook "login_form_register" activated on wp-login.php
* when accessed through the registration action.
*/
public function do_register_user() {
if ( 'POST' == $_SERVER['REQUEST_METHOD'] ) {
$redirect_url = home_url( 'member-register' );
if ( ! get_option( 'users_can_register' ) ) {
// Registration closed, display error
$redirect_url = add_query_arg( 'register-errors', 'closed', $redirect_url );
} else {
$email = $_POST['email'];
$first_name = sanitize_text_field( $_POST['first_name'] );
$last_name = sanitize_text_field( $_POST['last_name'] );
$result = $this->register_user( $email, $first_name, $last_name );
if ( is_wp_error( $result ) ) {
// Parse errors into a string and append as parameter to redirect
$errors = join( ',', $result->get_error_codes() );
$redirect_url = add_query_arg( 'register-errors', $errors, $redirect_url );
// http://localhost/reset3/member-register/?register-errors=email
} else {
// Success, redirect to login page.
$redirect_url = home_url( 'member-login' );
$redirect_url = add_query_arg( 'registered', $email, $redirect_url );
// http://localhost/reset3/member-login/?registered=phamngoctuong5@gmail.com
}
}
wp_redirect( $redirect_url );
exit;
}
}
/**
* Registers the settings fields needed by the plugin.
*/
public function register_settings_fields() {
// Create settings fields for the two keys used by reCAPTCHA
register_setting( 'general', 'personalize-login-recaptcha-site-key' );
register_setting( 'general', 'personalize-login-recaptcha-secret-key' );
add_settings_field(
'personalize-login-recaptcha-site-key',
'',
array( $this, 'render_recaptcha_site_key_field' ),
'general'
);
add_settings_field(
'personalize-login-recaptcha-secret-key',
'',
array( $this, 'render_recaptcha_secret_key_field' ),
'general'
);
}
public function render_recaptcha_site_key_field() {
$value = get_option( 'personalize-login-recaptcha-site-key', '' );
echo '';
}
public function render_recaptcha_secret_key_field() {
$value = get_option( 'personalize-login-recaptcha-secret-key', '' );
echo '';
}
/**
* An action function used to include the reCAPTCHA JavaScript file
* at the end of the page.
*/
public function add_captcha_js_to_footer() {
echo "";
}
/**
* Checks that the reCAPTCHA parameter sent with the registration
* request is valid.
*
* @return bool True if the CAPTCHA is OK, otherwise false.
*/
function handle_register_request() {
if ( ! get_option( 'users_can_register' ) ) {
// Registration closed, display error
$redirect_url = add_query_arg( 'register-errors', 'closed', $redirect_url );
} elseif ( ! $this->verify_recaptcha() ) {
// Recaptcha check failed, display error
$redirect_url = add_query_arg( 'register-errors', 'captcha', $redirect_url );
} else {
$email = $_POST['email'];
$first_name = sanitize_text_field( $_POST['first_name'] );
$last_name = sanitize_text_field( $_POST['last_name'] );
$result = $this->register_user( $email, $first_name, $last_name );
if ( is_wp_error( $result ) ) {
// Parse errors into a string and append as parameter to redirect
$errors = join( ',', $result->get_error_codes() );
$redirect_url = add_query_arg( 'register-errors', $errors, $redirect_url );
} else {
// Success, redirect to login page.
$redirect_url = home_url( 'member-login' );
$redirect_url = add_query_arg( 'registered', $email, $redirect_url );
}
}
}
private function verify_recaptcha() {
// This field is set by the recaptcha widget if check is successful
if ( isset ( $_POST['g-recaptcha-response'] ) ) {
$captcha_response = $_POST['g-recaptcha-response'];
} else {
return false;
}
// Verify the captcha response from Google
$response = wp_remote_post(
'https://www.google.com/recaptcha/api/siteverify',
array(
'body' => array(
'secret' => get_option( 'personalize-login-recaptcha-secret-key' ),
'response' => $captcha_response
)
)
);
$success = false;
if ( $response && is_array( $response ) ) {
$decoded_response = json_decode( $response['body'] );
$success = $decoded_response->success;
}
return $success;
}
}
// Initialize the plugin
$personalize_login_pages_plugin = new Personalize_Login_Plugin();
// Create the custom pages at plugin activation
register_activation_hook(__FILE__, array('Personalize_Login_Plugin', 'plugin_activated'));
```
C:\xampp\htdocs\reset3\wp-content\plugins\personalize-login\templates\register\_form.php
```
0 ) : ?>
%s. We have emailed your password to the email address you entered.', 'personalize-login' ),get_bloginfo( 'name' ));
?>
```
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://learnphp.gitbook.io/learnphp/wordpress-advand/fight-registration-spam-with-googles-recaptcha-ok.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.