Implement CAPTCHA for the form to send chat to email (fixes #255)

src/mibew/js/source/features.js

@@ -17,6 +17,14 @@
  */
 
 (function($) {
+    function updateSendEmail() {
+        if ($("#user-can-send-email").is(":checked")) {
+            $(".under-user-can-send-email").show();
+        } else {
+            $(".under-user-can-send-email").hide();
+        }
+    }
+
     function updateSurvey() {
         if ($("#enable-presurvey").is(":checked")) {
             $(".under-survey").show();
@@ -58,6 +66,9 @@
     }
 
     $(function() {
+        $("#user-can-send-email").change(function() {
+            updateSendEmail();
+        });
         $("#enable-presurvey").change(function() {
             updateSurvey();
         });
@@ -73,6 +84,7 @@
         $("#enable-privacy-policy").change(function() {
             updatePrivacyPolicy();
         });
+        updateSendEmail();
         updateSurvey();
         updateSSL();
         updateGroups();

src/mibew/libs/classes/Mibew/Controller/Chat/MailController.php

@@ -52,6 +52,8 @@ class MailController extends AbstractController
             // Use errors list stored in the request. We need to do so to have
             // an ability to pass the request from the "submitForm" action.
             'errors' => $request->attributes->get('errors', array()),
+            // Setup CAPTCHA if needed
+            'showCaptcha' => Settings::get('enableemailcaptcha'),
         );
 
         $thread_id = $request->attributes->get('thread_id');
@@ -113,14 +115,26 @@ class MailController extends AbstractController
             throw new NotFoundException('The thread is not found.');
         }
 
+        // Check email
         $email = $request->request->get('email');
-        $group = $thread->groupId ? group_by_id($thread->groupId) : null;
         if (!$email) {
             $errors[] = no_field('Your email');
         } elseif (!MailUtils::isValidAddress($email)) {
             $errors[] = wrong_field('Your email');
         }
 
+        // Check captcha
+        if (Settings::get('enableemailcaptcha') == '1' && can_show_captcha()) {
+            $captcha = $request->request->get('captcha');
+            $original = isset($_SESSION[SESSION_PREFIX . 'mibew_captcha'])
+                ? $_SESSION[SESSION_PREFIX . 'mibew_captcha']
+                : '';
+            unset($_SESSION[SESSION_PREFIX . 'mibew_captcha']);
+            if (empty($original) || empty($captcha) || $captcha != $original) {
+                $errors[] = 'The letters you typed don\'t match the letters that were shown in the picture.';
+            }
+        }
+
         if (count($errors) > 0) {
             $request->attributes->set('errors', $errors);
 
@@ -156,6 +170,7 @@ class MailController extends AbstractController
             );
         }
 
+        $group = $thread->groupId ? group_by_id($thread->groupId) : null;
         $page = setup_logo($group);
         $page['email'] = $email;
 

src/mibew/libs/classes/Mibew/Controller/Settings/FeaturesController.php

@@ -117,6 +117,7 @@ class FeaturesController extends AbstractController
             'enableban',
             'usercanchangename',
             'usercansendemail',
+            'enableemailcaptcha',
             'enablegroups',
             'enablegroupsisolation',
             'enablestatistics',

src/mibew/libs/classes/Mibew/Settings.php

@@ -87,6 +87,7 @@ class Settings
             'forcessl' => '0',
             'usercanchangename' => '1',
             'usercansendemail' => '1',
+            'enableemailcaptcha' => '0',
             'enablegroups' => '0',
             'enablegroupsisolation' => '0',
             'enablestatistics' => '1',

src/mibew/styles/chats/dark/templates_src/server_side/mail.handlebars

@@ -14,6 +14,14 @@
 
             <strong>{{l10n "Enter your email:"}}</strong>
             <input type="text" name="email" size="20" value="{{formemail}}" class="username" />&nbsp;
+
+            {{#if showCaptcha}}
+            <div>
+                <img id="captcha-img" src="{{route "captcha"}}"/>
+                <input type="text" name="captcha" size="21" maxlength="15" value="" class="username"/>
+            </div>
+            {{/if}}
+
             <a href="javascript:document.mailThreadForm.submit();">{{l10n "Send"}}</a>
         </form>
     {{/override}}

src/mibew/styles/chats/default/templates_src/server_side/mail.handlebars

@@ -14,6 +14,14 @@
 
             <strong>{{l10n "Enter your email:"}}</strong>
             <input type="text" name="email" size="20" value="{{formemail}}" class="username" />&nbsp;
+
+            {{#if showCaptcha}}
+            <div>
+                <img id="captcha-img" src="{{route "captcha"}}"/>
+                <input type="text" name="captcha" size="21" maxlength="15" value="" class="username"/>
+            </div>
+            {{/if}}
+
             <a href="javascript:document.mailThreadForm.submit();">{{l10n "Send"}}</a>
         </form>
     {{/override}}

src/mibew/styles/pages/dark/templates_src/server_side/settings_features.handlebars

@@ -49,6 +49,15 @@
                                 </div>
                                 <label for="user-can-send-email" class="field-description"> &mdash; {{l10n "Turn off to disable user's ability to send chat history by email"}}</label>
                                 <br clear="all"/>
+
+                                <div class="subfield under-user-can-send-email">
+                                    <label for="enable-email-captcha" class="field-label">{{l10n "Force visitor to enter a verification code when sending chat history by email"}}</label>
+                                    <div class="field-value">
+                                        <input id="enable-email-captcha" type="checkbox" name="enableemailcaptcha" value="on"{{#if formenableemailcaptcha}} checked="checked"{{/if}}{{#unless canmodify}} disabled="disabled"{{/unless}}/>
+                                    </div>
+                                    <label for="enable-email-captcha" class="field-description"> &mdash; {{l10n "Protection against spam (captcha) in the pop-up form to send chat history by email"}}</label>
+                                    <br clear="all"/>
+                                </div>
                             </div>
 
                             <div class="field">

src/mibew/styles/pages/default/templates_src/server_side/settings_features.handlebars

@@ -49,6 +49,15 @@
                                 </div>
                                 <label for="user-can-send-email" class="field-description"> &mdash; {{l10n "Turn off to disable user's ability to send chat history by email"}}</label>
                                 <br clear="all"/>
+
+                                <div class="subfield under-user-can-send-email">
+                                    <label for="enable-email-captcha" class="field-label">{{l10n "Force visitor to enter a verification code when sending chat history by email"}}</label>
+                                    <div class="field-value">
+                                        <input id="enable-email-captcha" type="checkbox" name="enableemailcaptcha" value="on"{{#if formenableemailcaptcha}} checked="checked"{{/if}}{{#unless canmodify}} disabled="disabled"{{/unless}}/>
+                                    </div>
+                                    <label for="enable-email-captcha" class="field-description"> &mdash; {{l10n "Protection against spam (captcha) in the pop-up form to send chat history by email"}}</label>
+                                    <br clear="all"/>
+                                </div>
                             </div>
 
                             <div class="field">