From d6f0eccae7ece8026618a19f2a1554b3a9b6b345 Mon Sep 17 00:00:00 2001
From: j <repobase@j7b.net>
Date: Wed, 18 Jun 2025 13:53:40 +1000
Subject: [PATCH] Add GPT generated code. Reasonably untested.

---
 src/funcs/recaptcha.php | 96 +++++++++++++++++++++++++++++++++++++++++
 src/funcs/settings.php  |  3 ++
 src/fwp-recaptcha.php   |  5 +--
 3 files changed, 100 insertions(+), 4 deletions(-)
 create mode 100644 src/funcs/recaptcha.php

diff --git a/src/funcs/recaptcha.php b/src/funcs/recaptcha.php
new file mode 100644
index 0000000..df19a60
--- /dev/null
+++ b/src/funcs/recaptcha.php
@@ -0,0 +1,96 @@
+<?php
+defined('ABSPATH') or exit;
+
+add_action('wp_enqueue_scripts', 'fwp_recaptcha_enqueue');
+function fwp_recaptcha_enqueue() {
+    $enabled_forms = get_option('fwp_recaptcha_enabled_forms', []);
+    $site_key = get_option('fwp_recaptcha_site_key', '');
+
+    // Determine which form is in use
+    if (
+        (is_user_login() && in_array('login', $enabled_forms)) ||
+        (is_page('register') && in_array('register', $enabled_forms)) ||
+        (is_singular() && comments_open() && in_array('comment', $enabled_forms))
+    ) {
+        if (!empty($site_key)) {
+            wp_enqueue_script('fwp-recaptcha', 'https://www.google.com/recaptcha/api.js?render=' . $site_key, [], null, true);
+            wp_add_inline_script('fwp-recaptcha', fwp_recaptcha_js($site_key));
+        }
+    }
+}
+
+// Helper: Returns inline JS
+function fwp_recaptcha_js($site_key) {
+    return <<<EOT
+document.addEventListener('DOMContentLoaded', function() {
+    grecaptcha.ready(function() {
+        grecaptcha.execute('{$site_key}', {action: 'submit'}).then(function(token) {
+            document.querySelectorAll('form').forEach(function(form) {
+                if (!form.querySelector('input[name="g-recaptcha-response"]')) {
+                    let input = document.createElement('input');
+                    input.type = 'hidden';
+                    input.name = 'g-recaptcha-response';
+                    input.value = token;
+                    form.appendChild(input);
+                }
+            });
+        });
+    });
+});
+EOT;
+}
+
+function fwp_verify_recaptcha_token($token) {
+    $secret_key = get_option('fwp_recaptcha_secret_key', '');
+    if (empty($secret_key) || empty($token)) return false;
+
+    $response = wp_remote_post('https://www.google.com/recaptcha/api/siteverify', [
+        'body' => [
+            'secret'   => $secret_key,
+            'response' => $token,
+            'remoteip' => $_SERVER['REMOTE_ADDR'] ?? '',
+        ],
+    ]);
+
+    if (is_wp_error($response)) return false;
+
+    $data = json_decode(wp_remote_retrieve_body($response), true);
+    return !empty($data['success']) && $data['score'] >= 0.5;
+}
+
+add_filter('authenticate', 'fwp_verify_recaptcha_on_login', 30, 3);
+function fwp_verify_recaptcha_on_login($user, $username, $password) {
+    $enabled_forms = get_option('fwp_recaptcha_enabled_forms', []);
+    if (!in_array('login', $enabled_forms)) return $user;
+
+    if (!isset($_POST['g-recaptcha-response']) || !fwp_verify_recaptcha_token($_POST['g-recaptcha-response'])) {
+        return new WP_Error('recaptcha_failed', __('reCAPTCHA verification failed.'));
+    }
+
+    return $user;
+}
+
+add_filter('registration_errors', 'fwp_verify_recaptcha_on_register', 10, 3);
+function fwp_verify_recaptcha_on_register($errors, $sanitized_user_login, $user_email) {
+    $enabled_forms = get_option('fwp_recaptcha_enabled_forms', []);
+    if (!in_array('register', $enabled_forms)) return $errors;
+
+    if (!isset($_POST['g-recaptcha-response']) || !fwp_verify_recaptcha_token($_POST['g-recaptcha-response'])) {
+        $errors->add('recaptcha_failed', __('reCAPTCHA verification failed.'));
+    }
+
+    return $errors;
+}
+
+add_action('pre_comment_on_post', 'fwp_verify_recaptcha_on_comment');
+function fwp_verify_recaptcha_on_comment($comment_post_ID) {
+    $enabled_forms = get_option('fwp_recaptcha_enabled_forms', []);
+    if (!in_array('comment', $enabled_forms)) return;
+
+    if (!isset($_POST['g-recaptcha-response']) || !fwp_verify_recaptcha_token($_POST['g-recaptcha-response'])) {
+        wp_die(__('reCAPTCHA verification failed.'), __('Comment Blocked'), [
+            'back_link' => true
+        ]);
+    }
+}
+
diff --git a/src/funcs/settings.php b/src/funcs/settings.php
index 6cd4aa6..d14ff68 100644
--- a/src/funcs/settings.php
+++ b/src/funcs/settings.php
@@ -46,6 +46,9 @@ function fwp_render_recaptcha_settings_page() {
     ?>
     <div class="wrap">
         <h1>FWP reCAPTCHA Settings</h1>
+        <p>
+            You can find more information about Google Recaptcha v3 in <a target='_blank' href='https://developers.google.com/recaptcha/docs/v3'>Googles Documentation</a>. You can easily register new keys using the <a target='_blank' href='https://www.google.com/recaptcha/admin/create'>Recaptcha Admin Panels creation page</a> or manage your keys on <a target="_blank" href='https://www.google.com/recaptcha/admin'>Googles Recaptcha management portal</a>.
+        </p>
         <form method="post" action="options.php">
             <?php settings_fields('fwp_recaptcha_settings_group'); ?>
             <table class="form-table" role="presentation">
diff --git a/src/fwp-recaptcha.php b/src/fwp-recaptcha.php
index 455afa0..4fb4300 100644
--- a/src/fwp-recaptcha.php
+++ b/src/fwp-recaptcha.php
@@ -11,8 +11,5 @@
 
 defined('ABSPATH') or exit;
 
-// Load settings and admin menu
 require_once plugin_dir_path(__FILE__) . 'funcs/settings.php';
-
-// Your future frontend logic (hook into forms) would go here
-
+require_once plugin_dir_path(__FILE__) . 'funcs/recaptcha.php';