fixed reCAPTCHA-validation (moved after DDoS check)

emreakay · Jun 7, 2016 · a1bf4fb · a1bf4fb
1 parent 7ba4631
commit a1bf4fb
Showing 1 changed file with 10 additions and 16 deletions.
diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php
@@ -146,6 +146,15 @@ public function login($identifier, $pass, $remember = FALSE, $totp_code = NULL)
 			$this->error($this->CI->lang->line('aauth_error_login_attempts_exceeded'));
 			return FALSE;
 		}
+		if($this->config_vars['ddos_protection'] && $this->config_vars['recaptcha_active'] && $this->get_login_attempts() > $this->config_vars['recaptcha_login_attempts']){
+			$reCaptcha = new ReCaptcha( $this->config_vars['recaptcha_secret']);
+			$resp = $reCaptcha->verifyResponse( $this->CI->input->server("REMOTE_ADDR"), $this->CI->input->post("g-recaptcha-response") );
+
+			if( ! $resp->success){
+				$this->error($this->CI->lang->line('aauth_error_recaptcha_not_correct'));
+				return FALSE;
+			}
+		}
  		if( $this->config_vars['login_with_name'] == TRUE){
 
 			if( !$identifier OR strlen($pass) < $this->config_vars['min'] OR strlen($pass) > $this->config_vars['max'] )
@@ -183,22 +192,7 @@ public function login($identifier, $pass, $remember = FALSE, $totp_code = NULL)
 			$this->error($this->CI->lang->line('aauth_error_no_user'));
 			return FALSE;
 		}
-
-		$user_id = $query->row()->id;
-		if($this->config_vars['recaptcha_active']){
-			if($this->config_vars['ddos_protection'] && $this->config_vars['recaptcha_active'] && $this->get_login_attempts() > $this->config_vars['recaptcha_login_attempts']){
-				$reCaptcha = new ReCaptcha( $this->config_vars['recaptcha_secret']);
-				$resp = $reCaptcha->verifyResponse( $this->CI->input->server("REMOTE_ADDR"), $this->CI->input->post("g-recaptcha-response") );
-
-				if(!$resp->success){
-					$this->error($this->CI->lang->line('aauth_error_recaptcha_not_correct'));
-					return FALSE;
-				}
-			}
-		}
-
-
-	 	if($this->config_vars['totp_active'] == TRUE AND $this->config_vars['totp_only_on_ip_change'] == FALSE AND $this->config_vars['totp_two_step_login_active'] == FALSE){
+		if($this->config_vars['totp_active'] == TRUE AND $this->config_vars['totp_only_on_ip_change'] == FALSE AND $this->config_vars['totp_two_step_login_active'] == FALSE){
 			if($this->config_vars['totp_two_step_login_active'] == TRUE){
 				$this->CI->session->set_userdata('totp_required', true);
 			}