Google captcha not working
Question
I have a php login file and I want to put the google captcha in that login form. I use php and html together in one file (not sending the form data to other php page). The problem is when users don't verify the captcha, they still can log in to the website (even captcha not verify). Here is my code:
<form action="" method="post" id="form">
<div class="form-group">
<div class="input-group">
<span class="input-group-addon"><i class="fa fa-user"></i></span>
<input type="text" class="form-control" name="form-username" id="form-username" placeholder="Username" required="">
</div>
</div>
<div class="form-group">
<div class="input-group">
<span class="input-group-addon"><i class="fa fa-lock"></i></span>
<input type="password" class="form-control" name="form-password" placeholder="Password" id="form-password" required="">
</div>
</div>
<div class="form-group">
<div class="g-recaptcha" data-theme="dark" data-sitekey="my site key"></div>
<div class="form-group no-border margin-top-20">
<input type="submit" name="submit" value="Sign In !" class="submit_button4 btn btn-primary btn-block" >
</form>
<?php
if($_SERVER["REQUEST_METHOD"] === "POST")
{
//form submitted
//check if other form details are correct
//verify captcha
$recaptcha_secret = "my secret key";
$response = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=".$recaptcha_secret."&response=".$_POST['g-recaptcha-response']);
$response = json_decode($response, true);
if($response["success"] === true)
{
echo "Logged In Successfully";
}
else
{
echo "You are a robot";
}
}
?>
Note: also this code <script src='https://www.google.com/recaptcha/api.js'></script> is in my head tag (and all code is in one page).
1 answers
solution1
1 2016-06-18 19:42:02
You need to set something like the header if validation fails.
if ($response["success"] === true) {
echo "Captcha succeeded";
// let's process our other login stuff
} else {
echo "You are robot scum";
header('Location: /');
exit;
}
If validation fails, currently, you're not doing anything with it. Simply echoing, then continuing on.
You're not showing any other logic that gives me any impression of how the authentication process works for you.
You will have to integrate it in to your login logic as part of the post that comes in with the user details and incorporate a captcha failure as another reason for authentication failure (like supplying the wrong password).
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.