CFML reCAPTCHA v3 问题答案

【问题标题】：CFML reCAPTCHA v3 IssueCFML reCAPTCHA v3 问题
【发布时间】：2021-02-18 19:55:17
【问题描述】：

我正在尝试使用我找到的代码并且它无法正常工作它总是说我是一个机器人你知道为什么这不起作用吗？ Application.cfc 中包含站点和密钥。

<script src="https://www.google.com/recaptcha/api.js?render=<cfoutput>#application.SiteKey#</cfoutput>"></script>


<cfif ISDEFINED('FORM.FirstName')> <!--- check if form was submitted and if so run code below --->

    <cfhttp url="https://www.google.com/recaptcha/api/siteverify?secret=#application.SecretKey#&response=#FORM['g-recaptcha-response']#" result="Response" />
    <cfset Return = deserializeJSON(Response.FileContent) />

    <cfif Return.success IS 'true' AND Return.score GT 0.0> <!--- check if true and if score is greater than 0.5. Run code below if all good. --->

        <cfoutput>Human: #FORM.FirstName# #FORM.LastName#</cfoutput>
        <!--- you can do database entry and/or email results here --->

    <cfelse>  <!--- if not a human, do this. I usually remove the else part completely, but if you need to do something with the robot, do it here.  --->

        Most likely a robot.

    </cfif>

<cfelse> <!--- show form --->

    <form method="post" action="/contact.cfm">  <!--- submit form back to itself --->
      First Name: <input name="FirstName" type="text"><br>
      Last Name: <input name="LastName" type="text"><br>
      <input name="submit" type="submit">
      <input name="g-recaptcha-response" id="g-recaptcha-response" type="hidden" /> <!--- javascript below gives this a value from google. --->
    </form>

    <script>
    grecaptcha.ready(function() {
        grecaptcha.execute('<cfoutput>#application.SiteKey#</cfoutput>', {action: 'homepage'})
            .then(function(token) {
                document.getElementById('g-recaptcha-response').value=token;
            });
        });
    </script>

</cfif>

【问题讨论】：

您查看过 HTTP 响应吗？是否有错误消息返回或只是验证失败？此外，当我实现 ReCaptcha 时，我将密钥和响应作为 CFHTTPPARAM 表单字段发送到 API。我不知道是否必须这样做，但它对我有用，所以，可能值得尝试。
您介意与我分享您的代码，看看我是否可以使用它。有一段时间我一直在思考这个问题。我对减少垃圾邮件的新想法持开放态度。
我认为我们需要看看Response.FileContent 在不成功时是什么。目前，cfelseMost likely a robot. 块将隐藏有助于排除故障的信息。
{ "success": false, "error-codes": [ "missing-input-response" ] }
api 文档说 cfhttp 方法应该是 POST。您正在使用 GET developers.google.com/recaptcha/docs/verify

标签： coldfusion

【解决方案1】：

这就是我能够让表单正常工作的方式。

<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css">
<script src="https://www.google.com/recaptcha/api.js?render=YOUR SITE KEY"></script>
<!-- contact form demo container -->
<cfif ISDEFINED('FORM.name')> <!--- check if form was submitted and if so run code below --->

    <cfhttp url="https://www.google.com/recaptcha/api/siteverify?secret=#application.SecretKey#&response=#FORM['token']#" result="Response" />
    <cfset Return = deserializeJSON(Response.FileContent) />

    <cfif Return.success IS 'true' AND Return.score GT 0.5> <!--- check if true and if score is greater than 0.5. Run code below if all good. --->

       

    <cfelse>  <!--- if not a human, do this. I usually remove the else part completely, but if you need to do something with the robot, do it here.  --->

        

    </cfif>

<cfelse>
<section style="margin: 50px 20px;">
  <div style="max-width: 768px; margin: auto;">
    
    <!-- contact form -->
    <div class="card">
      <h2 class="card-header">Contact Form</h2>
      <div class="card-body">
        <form class="contact_form" method="post" action="contact.cfm">

          <!-- form fields -->
          <div class="row">
            <div class="col-md-6 form-group">
              <input name="name" type="text" class="form-control" placeholder="Name" required>
            </div>
            <div class="col-md-6 form-group">
              <input name="email" type="email" class="form-control" placeholder="Email" required>
            </div>
            <div class="col-md-6 form-group">
              <input name="phone" type="text" class="form-control" placeholder="Phone" required>
            </div>
            <div class="col-md-6 form-group">
              <input name="subject" type="text" class="form-control" placeholder="Subject" required>
            </div>
            <div class="col-12 form-group">
              <textarea name="message" class="form-control" rows="5" placeholder="Message" required></textarea>
            </div>

            <!-- form message prompt -->
            <div class="row">
              <div class="col-12">
                <div class="contact_msg" style="display: none">
                  <p>Your message was sent.</p>
                </div>
              </div>
            </div>

            <div class="col-12">
              <input type="submit" value="Submit Form" class="btn btn-success" name="post">
            </div>

            <!-- hidden reCaptcha token input -->
            <input type="hidden" id="token" name="token">
          </div>

        </form>
      </div>
    </div>

  </div>
</section>
<script>
  grecaptcha.ready(function() {
    grecaptcha.execute('YOUR SITE KEY', {action: 'homepage'}).then(function(token) {
       // console.log(token);
       document.getElementById("token").value = token;
    });
    // refresh token every minute to prevent expiration
    setInterval(function(){
      grecaptcha.execute('YOUR SITE KEY', {action: 'homepage'}).then(function(token) {
        console.log( 'refreshed token:', token );
        document.getElementById("token").value = token;
      });
    }, 60000);

  });
</script>
</cfif>

<!-- References for the optional jQuery function to enhance end-user prompts -->
<script src="https://code.jquery.com/jquery-3.3.1.min.js"></script>

【讨论】：

【解决方案2】：

这就是我将值传递给 API 的方式。同样，只是传递有效的代码，而不是说这是唯一的方法

<cfhttp method="post" url="https://www.google.com/recaptcha/api/siteverify" result="Response">
<cfhttpparam name="secret" type="formField" value="#application.SecretKey#">
<cfhttpparam name="response" type="formField" value="#form["g-recaptcha-response"]#">
</cfhttp>

【讨论】：

是的，它可能是 POST，而不是 GET，这会有所不同
我仍然缺少输入响应和失败
您是否在表单上执行过 CFDUMP 并查看所有通过的内容？
是的，我总是遇到输入缺失问题