I am writing a user signup form that will use reCaptcha on a jQuery html web page with a PHP backend. When a successful challenge is entered I am not sure how to submit the information to the PHP backend in such a way that it can't be bypassed. The website is running over HTTPS.
I currently check to see if the captcha is correct via using $.ajax()
. This submits the recaptcha_challenge_field
and recaptcha_response_field
to a small PHP script that calls recaptcha_check_answer()
and returns success or failure.
Upon success, I can either submit the name, address, phone, etc. fields to another backend PHP script or use another jQuery $.ajax()
call.
Either way, a spammer could examine the HTTP requests and submit the form data without using the jQuery front end & reCaptcha.
How can I use reCaptcha and (upon a successful match) submit form data in such a way that a spammer can not easily abuse the system?
I was making this too complicated. I ended up having the ajax call submit the captcha and all of the form data at the same time. If and only if the captcha is correct, then I proceed with the rest of the PHP script. Otherwise, I return an error through the same ajax call.
I added a hidden field via $(#my_input").hide()
and check to see if a spammer filled it in. I check the http referrer and sanitize all user input.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.