PHP 验证 reCAPTCHA 是否已检查

Question

我知道以前有人问过这个问题，但我正在尝试将 reCAPTCHA 实施到我正在构建的网站上的简单联系表单中，但仍然无法正常工作。表单按预期正常工作，但是当我按照 Google 的说明实施 reCAPTCHA 时，无论是否检查 reCAPTCHA，都会提交表单。

我的php表单代码如下。

<?php
$action=$_REQUEST['action'];
    {
    $to="adam@cygnusdesign.com.au";
    $name=$_REQUEST['name'];
    $phone=$_REQUEST['phone'];
    $email=$_REQUEST['email'];
    $enquire=$_REQUEST['enquire'];
    $message=$_REQUEST['message'];
    $MESSAGE_BODY = "Name: ".$name."\n";
    $MESSAGE_BODY .= "Phone No: ".$phone."\n";
    $MESSAGE_BODY .= "Email: ".$email."\n";
    $MESSAGE_BODY .= "Enquiring About: ".$enquire."\n";
    $MESSAGE_BODY .= $message;
    $secretKey = "keygoeshere";
    $responseKey = $_POST['g-recaptcha-response'];
    $userIP = $_SERVER['REMOTE_ADDR'];
    $url = "https://www.google.com/recaptcha/api/siteverify?secret=$secretKey&response=$responseKey&remoteip=$userIP";
    $response = file_get_contents($url);
    $response = json_decode($responses);
    if ($response->success)
        {
        $from="From: $name <$email>\r\nReturn-path: $email";
        $subject="Message from $name about $enquire";
        mail($to, $subject, $MESSAGE_BODY, $from);
        header('Location: /sent.php');
        }
    else{
        echo "All * fields are required, please fill out <a href=\"../contact.php\">the form</a> again.";
        }
    }  
?>

Answer 1

这是我的 reCaptcha 代码，可在我的网站上运行。

Kohana 2.3 Framework 代码如下，可以编辑填写plan php formatt

<?php

if($_POST){

    $this->userPost = $this->input->post();
    $post = new Validation($_POST);
    $post = Validation::factory(array_merge($_POST))
                ->pre_filter('trim')
                ->add_rules('name', 'required')
                ->add_rules('email','required','valid::email')
                ->add_rules('message', 'required')
                ->add_rules('g-recaptcha-response', 'required');

    $captcha = $this->input->post('g-recaptcha-response');
    $response=file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=SECRET-KEY&response=".$captcha."&remoteip=".$_SERVER['REMOTE_ADDR']);

    $obj = json_decode($response);

    if($obj->{'success'}==false)
    {
        $this->form_error['name'] = '*Please Fill the Name';
        $this->form_error['email'] = '*Please Fill the Email';
        $this->form_error['message'] = '*Please Fill the Message';
        $this->form_error['captcha_code'] = '*Are you a bot!';

    }elseif($post->validate()){


        $status = $this->home->mob_app(arr::to_object($this->userPost));

            if($status != 0){

                if(isset($_POST['message'])) { $feedback= $_POST['message']; } else { $feedback='-'; } 
                $name=$_POST['name'];
                $leadid= 'LE-'.$status;
                $subject = "Reg : ".$leadid." - Inquiry";
                $txts = '<h4>Lead Details :</h4></br>
                    <p><b>Name : </b> '.$name.'</p></br>
                    <p><b>From : </b> '.$_POST['email'].'</p></br>
                    <p><b>Description :</b> '.$feedback.'</p>';
                $from = $_POST['email'];
                $to="xxxx@xxxxx.com";                                                   
                email::sendgridnew($from, $to, $subject, $txts);
                url::redirect(PATH.'thankyou.html');
            }
        }else{

            $this->form_error = error::_error($post->errors());
        }

    }
    $this->captchastring = '';
    for ($i = 0; $i < 5; $i++) {
    $this->captchastring .= chr(rand(97, 122));
}

?>

Answer 2

也许这只是在帖子中，但你有“$responses”，这似乎是一个错字。

此外，您可以尝试转储 $response 值，并查看这些值是什么以及成功是否无效。

或者您可以将 curl 与 POST 结合使用（验证您的 POST 值）：

        $ch = curl_init();

        curl_setopt($ch, CURLOPT_URL,"https://www.google.com/recaptcha/api/siteverify");
        curl_setopt($ch, CURLOPT_POST, 1);
        curl_setopt($ch, CURLOPT_POSTFIELDS, 
                http_build_query(
                    array(
                        'secret' => 'your-secret',
                        'response' => $_POST['g-recaptcha-response'],
                        'remoteip' => $_SERVER['REMOTE_ADDR']
                    )
                )
        );

        // receive server response ...
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

        $server_output = curl_exec ($ch);

        curl_close ($ch);

        $recaptcha_result = json_decode($server_output, true);

        if(!empty($recaptcha_result['success'])) {
            // etc
        }

Answer 3

<?php

$action=$_REQUEST['action'];
    {

    $to="adam@cygnusdesign.com.au";
    $name=$_REQUEST['name'];
    $phone=$_REQUEST['phone'];
    $email=$_REQUEST['email'];
    $enquire=$_REQUEST['enquire'];
    $message=$_REQUEST['message'];

    $MESSAGE_BODY = "Name: ".$name."\n";
    $MESSAGE_BODY .= "Phone No: ".$phone."\n";
    $MESSAGE_BODY .= "Email: ".$email."\n";
    $MESSAGE_BODY .= "Enquiring About: ".$enquire."\n";
    $MESSAGE_BODY .= $message;

    $secretKey = "keygoeshere";
    $responseKey = $_POST['g-recaptcha-response'];
    $userIP = $_SERVER['REMOTE_ADDR'];

 $url = "https://www.google.com/recaptcha/api/siteverify?secret=$secretKey&response=$responseKey&remoteip=$userIP";

    $response = file_get_contents($url);
    $response = json_decode($responses);
    if ($response->success)
        {

       $from="From: $name <$email>\r\nReturn-path: $email";
        $subject="Message from $name about $enquire";
        mail($to, $subject, $MESSAGE_BODY, $from);
        header('Location: /sent.php');
        }
    else
        {
        echo "All * fields are required, please fill out <a href=\"../contact.php\">the form</a> again.";
        }
    }  
?>