Honeypot

Author: carlbennett

src/Controllers/User/Register.php

@@ -55,13 +55,21 @@ protected function tryRegister(): void
       return;
     }
 
+    if (!is_null($this->model->active_user))
+    {
+      $this->model->error = RegisterModel::ERROR_ALREADY_LOGGED_IN;
+      return;
+    }
+
     $q = Router::query();
     $this->model->email = $q['email'] ?? null;
     $this->model->username = $q['username'] ?? null;
 
-    if (!is_null($this->model->active_user))
+    $this->model->honeypot = $q['confirm_email'] ?? null;
+    if (is_string($this->model->honeypot) && strlen($this->model->honeypot) > 0)
     {
-      $this->model->error = RegisterModel::ERROR_ALREADY_LOGGED_IN;
+      // This field should never be filled unless it was a bot.
+      $this->model->error = RegisterModel::ERROR_REGISTER_DISABLED;
       return;
     }
 

src/Models/User/Register.php

@@ -24,6 +24,7 @@ class Register extends \BNETDocs\Models\ActiveUser implements \JsonSerializable
 
     public ?string $denylist_reason = null;
     public ?string $email = null;
+    public ?string $honeypot = null;
     public ?\BNETDocs\Libraries\Core\Recaptcha $recaptcha = null;
     public ?string $username = null;
     public int $username_max_len = 0;
@@ -33,6 +34,7 @@ public function jsonSerialize(): mixed
         return \array_merge(parent::jsonSerialize(), [
             'denylist_reason' => $this->denylist_reason,
             'email' => $this->email,
+            'honeypot' => $this->honeypot,
             'recaptcha' => $this->recaptcha,
             'username' => $this->username,
             'username_max_len' => $this->username_max_len,

src/Templates/User/Register.phtml

@@ -34,7 +34,7 @@ $email = filter_var($this->getContext()->email, FILTER_SANITIZE_FULL_SPECIAL_CHA
 $username = filter_var($this->getContext()->username, FILTER_SANITIZE_FULL_SPECIAL_CHARS);
 require('./Includes/header.inc.phtml'); ?>
 <div class="container">
-  <script async defer="defer" src="https://www.google.com/recaptcha/api.js"><![CDATA[]]></script>
+  <script async defer="defer" src="https://www.google.com/recaptcha/api.js"></script>
   <div class="card mx-auto mb-3" style="width:22rem;">
     <h3 class="card-header text-center<?=($register_disabled ? ' text-danger' : '')?>"><?=$title?></h3>
     <div class="card-body">
@@ -49,6 +49,7 @@ require('./Includes/header.inc.phtml'); ?>
         <div class="form-group">
           <label class="font-weight-bold" for="email">Email address:</label>
           <input class="bg-dark border border-primary form-control text-light" type="email" name="email" id="email" placeholder="Enter the email address here" tabindex="1" value="<?=$email?>" required<?=($af == 'email' ? ' autofocus="autofocus"' : '')?>/>
+          <input type="text" name="confirm_email" style="display:none;"/>
         </div><div class="form-group">
           <label class="font-weight-bold" for="username">Username:</label>
           <input class="bg-dark border border-primary form-control text-light" type="text" name="username" id="username" placeholder="Enter the username here" tabindex="2" maxlength="<?=$this->getContext()->username_max_len?>" value="<?=$username?>" required<?=($af == 'email' ? ' autofocus="autofocus"' : '')?>/>