Merge branch 'MDL-53368-master-3' of https://github.com/HuongNV13/moodle

lib/moodlelib.php

@@ -4242,10 +4242,18 @@ function guest_user() {
  * @param string $password  User's password
  * @param bool $ignorelockout useful when guessing is prevented by other mechanism such as captcha or SSO
  * @param int $failurereason login failure reason, can be used in renderers (it may disclose if account exists)
- * @param mixed logintoken If this is set to a string it is validated against the login token for the session.
+ * @param string|bool $logintoken If this is set to a string it is validated against the login token for the session.
+ * @param string|bool $loginrecaptcha If this is set to a string it is validated against Google reCaptcha.
  * @return stdClass|false A {@link $USER} object or false if error
  */
-function authenticate_user_login($username, $password, $ignorelockout=false, &$failurereason=null, $logintoken=false) {
+function authenticate_user_login(
+    $username,
+    $password,
+    $ignorelockout = false,
+    &$failurereason = null,
+    $logintoken = false,
+    string|bool $loginrecaptcha = false,
+) {
     global $CFG, $DB, $PAGE, $SESSION;
     require_once("$CFG->libdir/authlib.php");
 
@@ -4284,6 +4292,20 @@ function authenticate_user_login($username, $password, $ignorelockout=false, &$f
         return false;
     }
 
+    // Login reCaptcha.
+    if (login_captcha_enabled() && !validate_login_captcha($loginrecaptcha)) {
+        $failurereason = AUTH_LOGIN_FAILED_RECAPTCHA;
+        // Trigger login failed event (specifying the ID of the found user, if available).
+        \core\event\user_login_failed::create([
+            'userid' => ($user->id ?? 0),
+            'other' => [
+                'username' => $username,
+                'reason' => $failurereason,
+            ],
+        ])->trigger();
+        return false;
+    }
+
     $authsenabled = get_enabled_auth_plugins();
 
     if ($user) {