谷歌验证码不起作用
[英]Google captcha not working
问题描述
I have a php login file and I want to put the google captcha in that login form.
我有一个 php 登录文件,我想把谷歌验证码放在那个登录表单中。 I use php and html together in one file (not sending the form data to other php page).我在一个文件中同时使用 php 和 html(不将表单数据发送到其他 php 页面)。 The problem is when users don't verify the captcha, they still can log in to the website (even captcha not verify).问题是当用户不验证验证码时,他们仍然可以登录网站(即使验证码不验证)。 Here is my code:这是我的代码:
<form action="" method="post" id="form">
<div class="form-group">
<div class="input-group">
<span class="input-group-addon"><i class="fa fa-user"></i></span>
<input type="text" class="form-control" name="form-username" id="form-username" placeholder="Username" required="">
</div>
</div>
<div class="form-group">
<div class="input-group">
<span class="input-group-addon"><i class="fa fa-lock"></i></span>
<input type="password" class="form-control" name="form-password" placeholder="Password" id="form-password" required="">
</div>
</div>
<div class="form-group">
<div class="g-recaptcha" data-theme="dark" data-sitekey="my site key"></div>
<div class="form-group no-border margin-top-20">
<input type="submit" name="submit" value="Sign In !" class="submit_button4 btn btn-primary btn-block" >
</form>
<?php
if($_SERVER["REQUEST_METHOD"] === "POST")
{
//form submitted
//check if other form details are correct
//verify captcha
$recaptcha_secret = "my secret key";
$response = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=".$recaptcha_secret."&response=".$_POST['g-recaptcha-response']);
$response = json_decode($response, true);
if($response["success"] === true)
{
echo "Logged In Successfully";
}
else
{
echo "You are a robot";
}
}
?>
Note: also this code <script src='https://www.google.com/recaptcha/api.js'></script> is in my head tag (and all code is in one page).注意:此代码<script src='https://www.google.com/recaptcha/api.js'></script>也在我的 head 标签中(所有代码都在一页中)。
1 个解决方案
解决方案1
1 2016-06-18 19:42:02
You need to set something like the header if validation fails.如果验证失败,您需要设置类似标题的内容。
if ($response["success"] === true) {
echo "Captcha succeeded";
// let's process our other login stuff
} else {
echo "You are robot scum";
header('Location: /');
exit;
}
If validation fails, currently, you're not doing anything with it.如果验证失败,目前,您没有对它做任何事情。 Simply echoing, then continuing on.简单的回声,然后继续。
You're not showing any other logic that gives me any impression of how the authentication process works for you.您没有展示任何其他逻辑,让我对身份验证过程如何为您工作有任何印象。
You will have to integrate it in to your login logic as part of the post that comes in with the user details and incorporate a captcha failure as another reason for authentication failure (like supplying the wrong password).您必须将其作为包含用户详细信息的帖子的一部分集成到您的登录逻辑中,并将验证码失败作为身份验证失败的另一个原因(例如提供错误的密码)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.