Integration in Vtiger
The following explains how POWER CAPTCHA can be integrated into the PHP application Vtiger as an example.
Integration of the widget in the frontend
In the CRM software Vtiger, the frontend is rendered using Smarty templates. To protect the login interface for this example, you should first split the login template into a default and a custom variant so that you can simply reuse the original login form. The files will then look like this:
layouts/v7/modules/Users/Login.tpl
layouts/v7/modules/Users/Login.Default.tpl
layouts/v7/modules/Users/Login.Custom.tpl
Duplicate the content from Login.tpl accordingly into the file Login.Default.tpl and Login.Custom.tpl and replace the content from Login.tpl with the following code:
{assign var="_DefaultLoginTemplate" value=vtemplate_path('Login.Default.tpl', 'Users')}
{assign var="_CustomLoginTemplate" value=vtemplate_path('Login.Custom.tpl', 'Users')}
{assign var="_CustomLoginTemplateFullPath" value="layouts/v7/$_CustomLoginTemplate"}
{if file_exists($_CustomLoginTemplateFullPath)}
{include file=$_CustomLoginTemplate}
{else}
{include file=$_DefaultLoginTemplate}
{/if}
As a result, the Login.Custom.tpl file is used to display the login, if available. To integrate POWER CAPTCHA into the login, add the following code to the login form in Login.Custom.tpl:
<script src="https://cdn.power-captcha.com/v1/power-captcha-1.2.4.min.js" type="text/javascript"></script>
<div id="loginFormDiv">
<form class="form-horizontal" method="POST" action="index.php">
//...
{assign var="clientUid" value=hash('sha256', $_SERVER['REMOTE_ADDR'])}
<div class="group" style="margin-bottom: 10px;"
data-pc-sitekey="<API-KEY>"
data-pc-client-uid="{$clientUid}">
</div>
//...
</form>
</div>
Finally, replace <API-KEY> with a valid API key.
You can find the API key and secret key in the “My account” section on power-captcha.com under the menu item API Keys (see illustration).
Please also make sure that the domain of your website is entered in the “Domain / hostname” field.
Further information can be found in our FAQ.
Token verification in the backend
To verify the POWER CAPTCHA token, the verification now needs to be integrated into the backend. Modify the following file:
modules/Users/actions/Login.php
There, the verification can simply be done in a preProcess function that is executed before the actual login. Add the following code for this:
function preProcess(Vtiger_Request $request){
if(isset($request->get('pc-token')) && !empty($request->get('pc-token')) {
$curl = curl_init('https://api.power-captcha.com/pcu/v1/verify');
curl_setopt($curl, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($curl, CURLOPT_POST, TRUE);
curl_setopt($curl, CURLOPT_HTTPHEADER, array(
'X-API-Key: <API-KEY>',
'Content-Type: application/json'
));
curl_setopt($curl, CURLOPT_POSTFIELDS, json_encode(array(
'secret' => '<SECRET>',
'token' => $request->get('pc-token'),
'clientUid' => hash('sha256', $_SERVER['REMOTE_ADDR'])
)));
$response = json_decode(curl_exec($curl));
curl_close($curl);
if($response->success) {
error_log("Token was successfully verified.");
return true;
} else {
error_log("Error: Token verification failed.");
return false;
}
} else {
error_log("Error: Token was missing in POST request");
return false;
}
}
Finally, replace <API-KEY> and <SECRET> with your individual API key and secret key .
Your Vtiger login is now protected with POWER CAPTCHA.