[DigiriskSignature] add: CAPTCHA on public interface siganture

admin/setup.php

@@ -114,7 +114,7 @@
 
 print '<tr class="oddeven"><td>';
 print $langs->trans('DigiriskManagement');
-print "</td><td>";
+print '</td><td>';
 print $langs->trans('DigiriskDescription');
 print '</td>';
 
@@ -126,6 +126,17 @@
 }
 print '</td>';
 print '</tr>';
+
+//Use captcha
+print '<tr class="oddeven"><td>';
+print  $langs->trans("UseCaptcha");
+print '</td><td>';
+print $langs->trans('UseCaptchaDescription');
+print '</td>';
+print '<td class="center">';
+print ajax_constantonoff('DIGIRISKDOLIBARR_USE_CAPTCHA');
+print '</td>';
+print '</tr>';
 print '</table>';
 
 // Page end

admin/ticket/ticket.php

@@ -318,19 +318,6 @@
 	print '</td>';
 	print '</tr>';
 
-	//Use captcha on create ticket paghe
-	print '<tr class="oddeven"><td>' . $langs->trans("UseCaptchaOnCreateTicketPage") . '</td>';
-	print '<td class="center">';
-	print ajax_constantonoff('DIGIRISKDOLIBARR_USE_CAPTCHA');
-	print '</td>';
-	print '<td class="center">';
-	print '';
-	print '</td>';
-	print '<td class="center">';
-	print '</td>';
-	print '</tr>';
-
-
 	//Email to send ticket submitted
 	print '<form method="POST" action="' . $_SERVER["PHP_SELF"] . '">';
 	print '<input type="hidden" name="token" value="' . newToken() . '">';

js/digiriskdolibarr.js.php

@@ -1007,8 +1007,10 @@
  */
 window.eoxiaJS.signature.createSignature = function() {
 	let elementSignatory = $(this).attr('value');
-	let elementRedirect  = $(this).find('#redirect' + elementSignatory).attr('value');
+	let elementRedirect  = '';
+	let elementCode = '';
 	let elementZone  = $(this).find('#zone' + elementSignatory).attr('value');
+	let elementConfCAPTCHA  = $('#confCAPTCHA').val();
 	let actionContainerSuccess = $('.noticeSignatureSuccess');
 	var signatoryIDPost = '';
 	if (elementSignatory !== 0) {
@@ -1028,12 +1030,28 @@
 		url = document.URL + '&action=addSignature' + signatoryIDPost;
 		type = "POST";
 	}
+
+	if (elementConfCAPTCHA == 1) {
+		elementCode = $('#securitycode').val();
+		let elementSessionCode = $('#sessionCode').val();
+		if (elementSessionCode == elementCode) {
+			elementRedirect = $('#redirectSignature').val();
+		} else {
+			elementRedirect = $('#redirectSignatureError').val();
+		}
+	} else {
+		elementRedirect = $(this).find('#redirect' + elementSignatory).attr('value');
+	}
+
 	$.ajax({
 		url: url,
 		type: type,
 		processData: false,
 		contentType: 'application/octet-stream',
-		data: signature,
+		data: JSON.stringify({
+			signature: signature,
+			code: elementCode
+		}),
 		success: function( resp ) {
 			if (elementZone == "private") {
 				actionContainerSuccess.html($(resp).find('.noticeSignatureSuccess .all-notice-content'));

langs/fr_FR/digiriskdolibarr.lang

@@ -1302,7 +1302,6 @@ TicketShowCompanyLogoHelp = Activez cette option pour masquer le logo de la soci
 YouMustNotifyYourHierarchy = Vous êtes dans l'<b>obligation</b> de prévenir votre hiérarchie
 GoBackToTicketCreation = Aller à la page de suivi des tickets
 SendEmailOnTicketSubmit = Envoyer des emails à la création
-UseCaptchaOnCreateTicketPage = Utilisation du code graphique (CAPTCHA) sur la page de création
 
 
 
@@ -1352,3 +1351,5 @@ PhotoWellSent = La photo a été ajoutée à la bibliothèque de médias
 PhotoNotSent = La photo ne s'est pas correctement envoyée
 PhotoWellSaved = Le(s) média(s) a (ont) bien été ajouté(s)
 PhotoNotSaved = Le(s) média(s) n'a (ont) pas été ajouté(s)
+UseCaptcha = Code graphique (CAPTCHA)
+UseCaptchaDescription = Utilisation du code graphique (CAPTCHA) sur les pages d'interface public

public/signature/add_signature.php

@@ -60,9 +60,9 @@
 // Get parameters
 $track_id = GETPOST('track_id', 'alpha');
 $action   = GETPOST('action', 'aZ09');
-$url      = dirname($_SERVER['PHP_SELF']) . '/signature_success.php';
 $source   = GETPOST('source', 'aZ09');
 $type     = GETPOST('type', 'aZ09');
+$url      = dirname($_SERVER['PHP_SELF']) . '/signature_success.php';
 
 // Initialize technical objects
 $user = new User($db);
@@ -101,12 +101,24 @@
 // Action to add record
 if ($action == 'addSignature') {
 	$signatoryID  = GETPOST('signatoryID');
-	$request_body = file_get_contents('php://input');
+	$data = json_decode(file_get_contents('php://input'), true);
 
 	$signatory->fetch($signatoryID);
-	$signatory->signature      = $request_body;
+	$signatory->signature      = $data['signature'];
 	$signatory->signature_date = dol_now();
 
+	// Check Captcha code if is enabled
+	if ( ! empty($conf->global->DIGIRISKDOLIBARR_USE_CAPTCHA)) {
+		$sessionkey = 'dol_antispam_value';
+		$ok         = (array_key_exists($sessionkey, $_SESSION) === true && (strtolower($_SESSION[$sessionkey]) === strtolower($data['code'])));
+
+		if ( ! $ok) {
+			$error++;
+			setEventMessage($langs->trans('ErrorBadValueForCode'), 'errors');
+			$action = '';
+		}
+	}
+
 	if ( ! $error) {
 		$result = $signatory->update($user, false);
 		if ($result > 0) {
@@ -118,6 +130,8 @@
 			if ( ! empty($signatory->errors)) setEventMessages(null, $signatory->errors, 'errors');
 			else setEventMessages($signatory->error, null, 'errors');
 		}
+	} else {
+		exit;
 	}
 }
 
@@ -198,6 +212,7 @@
 <div class="digirisk-signature-container">
 	<div class="wpeo-gridlayout grid-2">
 		<div class="informations">
+			<input type="hidden" id="confCAPTCHA" value="<?php echo $conf->global->DIGIRISKDOLIBARR_USE_CAPTCHA ?>"/>
 			<div class="wpeo-gridlayout grid-2 file-generation">
 				<strong class="grid-align-middle"><?php echo $langs->trans("ThisIsInformationOnDocumentToSign"); ?></strong>
 				<?php if ($type == 'preventionplan') : ?>
@@ -233,6 +248,23 @@
 			</div>
 		</div>
 	</div>
+	<?php
+	if ( ! empty($conf->global->DIGIRISKDOLIBARR_USE_CAPTCHA)) {
+		require_once DOL_DOCUMENT_ROOT . '/core/lib/security2.lib.php';
+		print '<div class="center"><label for="email"><span class="fieldrequired">' . $langs->trans("SecurityCode") . '</span></label>';
+		print '<span class="span-icon-security inline-block">';
+		print '<input id="securitycode" placeholder="' . $langs->trans("SecurityCode") . '" class="flat input-icon-security width125" type="text" maxlength="5" name="code" tabindex="3" />';
+		print '<input type="hidden" id="sessionCode" value="' . $_SESSION['dol_antispam_value'] . '"/>';
+		print '<input type="hidden" id="redirectSignature" value="' . dirname($_SERVER['PHP_SELF']) . '/signature_success.php' . '"/>';
+		print '<input type="hidden" id="redirectSignatureError" value="' . $_SERVER['REQUEST_URI'] . '"/>';
+		print '</span>';
+		print '<span class="nowrap inline-block">';
+		print '<img class="inline-block valignmiddle" src="' . DOL_URL_ROOT . '/core/antispamimage.php" border="0" width="80" height="32" id="img_securitycode" />';
+		print '<a class="inline-block valignmiddle" href="' . $php_self . '" tabindex="4" data-role="button">' . img_picto($langs->trans("Refresh"), 'refresh', 'id="captcha_refresh_img"') . '</a>';
+		print '</span>';
+		print '</div>';
+	}?>
+</div>
 <?php
 
 llxFooter('', 'public');