civicrm · mattwire · Oct 29, 2020 · Oct 29, 2020
diff --git a/recaptcha/recaptchalib.php b/recaptcha/recaptchalib.php
@@ -37,7 +37,9 @@
  */
 define("RECAPTCHA_API_SERVER", "http://www.google.com/recaptcha/api.js");
 define("RECAPTCHA_API_SECURE_SERVER", "https://www.google.com/recaptcha/api.js");
-define("RECAPTCHA_VERIFY_SERVER", "www.google.com");
+define("RECAPTCHA_VERIFY_SERVER", "https://www.google.com");
+
+use GuzzleHttp\Client;
 
 /**
  * Encodes the given data into a query string format
@@ -61,34 +63,17 @@ function _recaptcha_qsencode ($data) {
  * @param string $host
  * @param string $path
  * @param array $data
- * @param int port
- * @return array response
+ * @return string response
  */
-function _recaptcha_http_post($host, $path, $data, $port = 80) {
-
-        $req = _recaptcha_qsencode ($data);
-
-        $http_request  = "POST $path HTTP/1.0\r\n";
-        $http_request .= "Host: $host\r\n";
-        $http_request .= "Content-Type: application/x-www-form-urlencoded;\r\n";
-        $http_request .= "Content-Length: " . strlen($req) . "\r\n";
-        $http_request .= "User-Agent: reCAPTCHA/PHP\r\n";
-        $http_request .= "\r\n";
-        $http_request .= $req;
-
-        $response = '';
-        if( false == ( $fs = @fsockopen($host, $port, $errno, $errstr, 10) ) ) {
-                die ('Could not open socket');
-        }
-
-        fwrite($fs, $http_request);
-
-        while ( !feof($fs) )
-                $response .= fgets($fs, 1160); // One TCP-IP packet
-        fclose($fs);
-        $response = explode("\r\n\r\n", $response, 2);
-
-        return $response;
+function _recaptcha_http_post($host, $path, $data) {
+  $client = new Client();
+  try {
+    $response = $client->request('POST', $host . '/' . $path, ['query' => $data]);
+  }
+  catch (Exception $e) {
+    return '';
+  }
+  return (string) $response->getBody();
 }
 
 
@@ -144,12 +129,11 @@ class ReCaptchaResponse {
   * Calls an HTTP POST function to verify if the user's guess was correct
   * @param string $privkey
   * @param string $remoteip
-  * @param string $challenge
   * @param string $response
   * @param array $extra_params an array of extra variables to post to the server
   * @return ReCaptchaResponse
   */
-function recaptcha_check_answer ($privkey, $remoteip, $challenge, $response, $extra_params = array())
+function recaptcha_check_answer ($privkey, $remoteip, $response, $extra_params = array())
 {
 	if ($privkey == null || $privkey == '') {
 		die ("To use reCAPTCHA you must get an API key from <a href='https://www.google.com/recaptcha/admin/create'>https://www.google.com/recaptcha/admin/create</a>");
@@ -162,32 +146,26 @@ function recaptcha_check_answer ($privkey, $remoteip, $challenge, $response, $ex
 
 
         //discard spam submissions
-        if ($challenge == null || strlen($challenge) == 0 || $response == null || strlen($response) == 0) {
+        if ($response == null || strlen($response) == 0) {
                 $recaptcha_response = new ReCaptchaResponse();
                 $recaptcha_response->is_valid = false;
                 $recaptcha_response->error = 'incorrect-captcha-sol';
                 return $recaptcha_response;
         }
 
-        $response = _recaptcha_http_post (RECAPTCHA_VERIFY_SERVER, "/recaptcha/api/verify",
-                                          array (
-                                                 'privatekey' => $privkey,
-                                                 'remoteip' => $remoteip,
-                                                 'challenge' => $challenge,
-                                                 'response' => $response
-                                                 ) + $extra_params
-                                          );
+        $validationResponse = _recaptcha_http_post (RECAPTCHA_VERIFY_SERVER, "/recaptcha/api/siteverify",
+          [
+            'secret' => $privkey,
+            'remoteip' => $remoteip,
+            'response' => $response
+          ] + $extra_params
+        );
 
-        $answers = explode ("\n", $response [1]);
+        $answers = json_decode($validationResponse, TRUE);
         $recaptcha_response = new ReCaptchaResponse();
 
-        if (trim ($answers [0]) == 'true') {
-                $recaptcha_response->is_valid = true;
-        }
-        else {
-                $recaptcha_response->is_valid = false;
-                $recaptcha_response->error = $answers [1];
-        }
+        $recaptcha_response->is_valid = $answers['success'];
+        $recaptcha_response->error = $answers['error-codes'];
         return $recaptcha_response;
 
 }