Initial commit

LICENSE

@@ -0,0 +1,24 @@
+This is free and unencumbered software released into the public domain.
+
+Anyone is free to copy, modify, publish, use, compile, sell, or
+distribute this software, either in source code form or as a compiled
+binary, for any purpose, commercial or non-commercial, and by any
+means.
+
+In jurisdictions that recognize copyright laws, the author or authors
+of this software dedicate any and all copyright interest in the
+software to the public domain. We make this dedication for the benefit
+of the public at large and to the detriment of our heirs and
+successors. We intend this dedication to be an overt act of
+relinquishment in perpetuity of all present and future rights to this
+software under copyright law.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
+OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
+ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+OTHER DEALINGS IN THE SOFTWARE.
+
+For more information, please refer to <https://unlicense.org>

README.md

@@ -0,0 +1,22 @@
+Cloudflare Turnstile for YOURLS Admin
+====================
+
+Plugin for [YOURLS](https://yourls.org) `v1.19.2`. 
+
+*I haven't tested it with older versions so tread with caution :)*
+
+**This plugin is roughly based off [this plugin](https://github.com/axilaris/admin-yourls-recaptcha-v3/)**
+
+Description
+-----------
+Adds Cloudflare Turnstile to the YOURLS Admin login.
+
+Installation
+------------
+1. In `/user/plugins`, create a new folder named `yourls-cf-turnstile`.
+2. Drop these files in that directory.
+3. Change `YOUR_CF_TURNSTILE_SITE_KEY` and `YOUR_CF_TURNSTILE_SECRET_KEY` to the keys found on the [Turnstile Page](https://dash.cloudflare.com/?to=/:account/turnstile)
+4. Go to the Plugins administration page ( *eg* `http://sho.rt/admin/plugins.php` ) and activate the plugin.
+
+Thats all folks 
+------------

cf_turnstile_verify.php

@@ -0,0 +1,26 @@
+<?php
+// Verify the token
+if (isset($_POST['token'])) {
+    $token = $_POST['token'];
+
+    // Make a POST request to Cloudflare's API to verify the token
+    $verification_endpoint = 'https://challenges.cloudflare.com/turnstile/v0/siteverify';
+    $verification_data = array(
+        'token' => $token,
+        'secret' => CF_TURNSTILE_SECRET_KEY,
+    );
+
+    // Send the POST request
+    $ch = curl_init();
+    curl_setopt($ch, CURLOPT_URL, $verification_endpoint);
+    curl_setopt($ch, CURLOPT_POST, true);
+    curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($verification_data));
+    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+    $response = curl_exec($ch);
+    curl_close($ch);
+
+    // Return the verification response
+    echo $response;
+} else {
+    echo json_encode(array('success' => false, 'error' => 'Token not found'));
+}

plugin.php

@@ -0,0 +1,64 @@
+<?php
+/*
+Plugin Name: Cloudflare Turnstile for YOURLS Admin
+Plugin URI: https://github.com/yourls/yourls-cloudflare-turnstile
+Description: Adds Cloudflare Turnstile to the YOURLS Admin login.
+Version: 1.0
+Author: Sophia Atkinson
+Author URI: https://sophia.wtf
+*/
+
+// Define Cloudflare Turnstile Site Key | Can be found here :) https://dash.cloudflare.com/?to=/:account/turnstile
+if (!defined('CF_TURNSTILE_SITE_KEY')) {
+    define('CF_TURNSTILE_SITE_KEY', 'YOUR_CF_TURNSTILE_SITE_KEY');
+}
+
+// Define Cloudflare Turnstile Secret Key | Can be found here :) https://dash.cloudflare.com/?to=/:account/turnstile
+if (!defined('CF_TURNSTILE_SECRET_KEY')) {
+    define('CF_TURNSTILE_SECRET_KEY', 'YOUR_CF_TURNSTILE_SECRET_KEY');
+}
+
+// Cloudflare Turnstile script to the head section of the HTML file
+yourls_add_action('html_head', 'cf_turnstile_html_head');
+function cf_turnstile_html_head() {
+    echo '<script src="https://challenges.cloudflare.com/turnstile/v0/api.js?render=explicit"></script>';
+}
+
+// Cloudflare Turnstile widget to the YOURLS admin login form
+yourls_add_action('login_form_bottom', 'cf_turnstile_login_form');
+function cf_turnstile_login_form() {
+    echo '<div id="cf-turnstile-container"></div>';
+    echo '<input type="hidden" name="cf_token" id="cfTokenInput">';
+}
+
+// Initialize Cloudflare Turnstile widget
+yourls_add_action('login_form_end', 'cf_turnstile_inject_script');
+function cf_turnstile_inject_script() {
+    echo '<script>
+        turnstile.ready(function() {
+            turnstile.render(\'#cf-turnstile-container\', {
+                sitekey: \'' . CF_TURNSTILE_SITE_KEY . '\',
+                callback: function(token) {
+                    document.getElementById(\'cfTokenInput\').value = token;
+                    // Send the token to the verification script
+                    var xhr = new XMLHttpRequest();
+                    xhr.open("POST", "' . yourls_plugin_url('cf_turnstile_verify.php') . '", true);
+                    xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
+                    xhr.onreadystatechange = function() {
+                        if (xhr.readyState === XMLHttpRequest.DONE) {
+                            var response = JSON.parse(xhr.responseText);
+                            if (response && response.success) {
+                                // Verification succeeded, proceed with form submission
+                                document.getElementById("login").submit();
+                            } else {
+                                // Verification failed, display error message
+                                alert("Cloudflare Turnstile verification failed. Please try again.");
+                            }
+                        }
+                    };
+                    xhr.send("token=" + token);
+                }
+            });
+        });
+    </script>';
+}