stackoom
  简体   繁体   中英

Form Submitting without captcha

 原文  2017-06-09 07:00:17       php/ forms/ recaptcha

Question

I'm trying to implement google captcha v2 on a website that gets a lot of spam mail. The captcha is showing and working, but the form can be submitted without pressing the captcha. I had a look for similar questions but couldn't find any that would help me.

It is google's captcha V2

Form: 

<form action="mailer.php" method="post" onsubmit="return FrontPage_Form1_Validator(this)" language="JavaScript" name="FrontPage_Form1" enctype="multipart/form-data">
<input type="text" class="col-md-13 col-xs-12 name" name='name' placeholder='Name *'/>
<input type="text" class="col-md-13 col-xs-12 Email" name='Email' placeholder='Email *'/>
<input type="text" class="col-md-12 col-xs-12 Subject" name='Subject' placeholder='Subject'/>
<textarea type="text" class="col-md-12 col-xs-12 Message" name='Message' placeholder='Message *'></textarea>
<br>

<div class="captcha_wrapper col-md-12" style="margin-bottom: 10px;">

    <div class="g-recaptcha" data-sitekey="6Ld-ryQUAAAAAJSKzJubdxYjigpiTfhk11e1P7o9">
    </div>

</div>

mailer.php: 

if ($_SERVER['REQUEST_METHOD'] == "POST") {
foreach ($_POST as $key => $value) {
    $msg .= ucfirst ($key) ." : ". $value . "\n";
}
} 
else {

foreach ($_GET as $key => $value) {

    $msg .= ucfirst ($key) ." : ". $value . "\n";

} 
}

//captcha section

$response = $_POST["g-recaptcha-response"];


$url = 'https://www.google.com/recaptcha/api/siteverify';

$data = array(
    'secret' => '6Ld-ryQUAAAAALpIkTPN82doQhCFmiWrC14_UbYk',
    'response' => $_POST['g-recaptcha-response'];
);
$options = array(
    'http' => array (
        'method' => 'POST',
        'content' => http_build_query($data)
    )
);
$context  = stream_context_create($options);
$verify = file_get_contents($url, false, $context);
$captcha_success=json_decode($verify);

//end of captcha section

mail($to, $subject, $msg, $headers);

if ($forward == 1) {
header ("Location:$location"); 
}
else {
include("index.html");
header( 'Location: ' ) ;
}

`

Thank you. Any help is appreciated

I feel like I need to put the captcha code inside in if(isset())

1 answers

solution1
 0  2017-06-09 07:09:47

Print the $captcha_success values in order to check what's inside $captcha_success and understand how to manage the response. Then you can redirect the navigation properly.

var_dump($captcha_success); // to dump the values to web page error_log(print_r($captcha_success, true),0); // to dump to the php apache error_log

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Is it only by submitting the form that the session captcha can be get? Form captcha without refreshing page Check a form without submitting it? Form not submitting without redirecting Submitting form without refresh Captcha check - Form is submitting to a server page I do not have access to CAPTCHA fails shows alert but form submitting automatically how to stop this How to protect a contact form without captcha? Submitting a form without reloading the page Submitting form with AJAX without button
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM