" data-callback="" data-sitekey="" data-theme="" data-language="" data-size="" data-retry="auto" data-retry-interval="1000" data-refresh-expired="auto" data-refresh-timeout="" data-action="" data-callback="" data-error-callback="cfturnstileErrorCallback" data-appearance="">

true); } } // Get Turnstile Keys from Settings $key = sanitize_text_field(get_option('cfturnstile_key')); $secret = sanitize_text_field(get_option('cfturnstile_secret')); if ($key && $secret) { $headers = array( 'body' => [ 'secret' => $secret, 'response' => $postdata, 'remoteip' => cfturnstile_get_ip(), ] ); $verify = wp_remote_post('https://challenges.cloudflare.com/turnstile/v0/siteverify', $headers); // Failover if Cloudflare is down (centralized handler) $handled = cfturnstile_handle_failover_backend($verify); if ( $handled !== null ) { return $handled; } $verify = wp_remote_retrieve_body($verify); $response = json_decode($verify); if ( ! is_object( $response ) ) { $results['success'] = false; return $results; } if($response->success) { $results['success'] = $response->success; } else { $results['success'] = false; } foreach ( $response as $key => $val ) { if ( 'error-codes' === $key ) { foreach ( $val as $key => $error_val ) { $results['error_code'] = $error_val; if ( 'invalid-input-secret' === $error_val ) { // Rate-limit: only process once per 5 minutes to avoid repeated DB writes on high-traffic sites. if ( false === get_transient( 'cfturnstile_invalid_secret_throttle' ) ) { set_transient( 'cfturnstile_invalid_secret_throttle', 1, 5 * MINUTE_IN_SECONDS ); $already_flagged = ( 'no' === get_option( 'cfturnstile_soft_tested' ) ); update_option( 'cfturnstile_invalid_secret_notice', '1' ); update_option( 'cfturnstile_soft_tested', 'no' ); if ( ! $already_flagged ) { $admin_email = get_option( 'admin_email' ); $site_name = get_bloginfo( 'name' ); $settings_url = admin_url( 'options-general.php?page=cfturnstile' ); $subject = sprintf( /* translators: %s: Site name. */ __( '[%s] Cloudflare Turnstile: Invalid Secret Key Detected', 'simple-cloudflare-turnstile' ), $site_name ); $message = sprintf( /* translators: 1: Site name, 2: Settings page URL. */ __( "Cloudflare has reported that the Turnstile secret key on %1\$s is invalid (error: invalid-input-secret).\n\nTurnstile is still active on your forms, but verifications may be failing until the key is corrected.\n\nPlease check your API keys on the settings page:\n%2\$s", 'simple-cloudflare-turnstile' ), $site_name, $settings_url ); wp_mail( $admin_email, $subject, $message ); } } } } } } do_action('cfturnstile_after_check', $response, $results); return $results; } else { return array( 'success' => false ); } } /* * Add Turnstile check to a "cfturnstile_log" option */ add_action('cfturnstile_after_check', 'cfturnstile_log', 10, 2); function cfturnstile_log($response, $results) { if(get_option('cfturnstile_log_enable')) { // Get log $cfturnstile_log = get_option('cfturnstile_log'); if(!$cfturnstile_log) { $cfturnstile_log = array(); } // If $results['error_code'] is not set, set it to empty if(!isset($results['error_code'])) { $results['error_code'] = ''; } // Get Values $error_code = $results['error_code']; // Success Yes or No if($response->success) { $success = true; } else { $success = false; } // Add to log $cfturnstile_log[] = array( 'date' => date('Y-m-d H:i:s'), 'success' => $success, 'error' => $error_code, 'ip' => cfturnstile_get_ip(), 'page' => isset( $_SERVER['REQUEST_URI'] ) ? sanitize_text_field( wp_unslash( $_SERVER['REQUEST_URI'] ) ) : '', ); // Max 50 if(count($cfturnstile_log) > 50) { array_shift($cfturnstile_log); } // Update log update_option('cfturnstile_log', $cfturnstile_log); } } /** * Check if form should show Turnstile */ function cfturnstile_form_disable($id, $option) { if(!empty(get_option($option)) && get_option($option)) { $disabled = preg_replace('/\s+/', '', get_option($option)); $disabled = explode (",",$disabled); if(in_array($id, $disabled)) return true; } return false; } /** * Create shortcode to display Turnstile widget */ add_shortcode('simple-turnstile', 'cfturnstile_shortcode'); add_action('cfturnstile_display_widget', 'cfturnstile_shortcode', 10, 0); function cfturnstile_shortcode() { ob_start(); echo cfturnstile_field_show('', ''); $thecontent = ob_get_contents(); ob_end_clean(); wp_reset_postdata(); $thecontent = trim(preg_replace('/\s+/', ' ', $thecontent)); return $thecontent; }