1. 技术文章
  2. Google Recaptcha error, logs in without completing puzzle but shows tick

Google Recaptcha error, logs in without completing puzzle but shows tick

非 Y 不嫁゛ 提交于 2019-12-13 03:07:25

问题


I have built a log in system and I am adding google recaptcha for security. I am getting an error on this line: $result = json_decode($url, TRUE);

The error says;

failed to open stream: HTTP request failed! HTTP/1.0 400 Bad Request.

This is my first time using recaptcha and I am not sure if this is a common mistake. 

<?php

$secret = '*****';
$response = $_POST['g-recaptcha-response'];
$remoteip = $_SERVER['REMOTE_ADDR'];
$captcha = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=$secret&response=$response&remoteip=$remoteip");
$result = json_decode($url, TRUE);
$username;
$password;
$captcha;
if (isset($_POST['username']))
    $username = $_POST['username'];
if (isset($_POST['password']))
    $password = $_POST['password'];
if (isset($_POST['g-recaptcha-response']))
    $captcha = $_POST['g-recaptcha-response'];
if (!$captcha) {
    echo '<p class="error-message">Please Complete The Captcha!</p>';
    header("location: login.php");
    exit;
}
$response = json_decode(file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=6LfG-S8UAAAAAIqW1sBE31yMPyO4zeqOCgDzL1mA&response=" . $captcha . "&remote=" . $_SERVER['REMOTE_ADDR']), true);
if ($response['success'] == false) {
    echo '<p class="error-message">Please Fill Captcha!</p>';
} else {
    echo '<p class="error-message2">Welcome</p>';
}
if (isset($_POST['submit'])) {
    $username = $_POST['username'];
    $password = $_POST['password'];
    $q = $handler->prepare('SELECT * FROM users WHERE username = ?');
    $q->execute(array($username));
    $result = $q->fetch(PDO::FETCH_ASSOC);
    if ($result !== false) {
        $hash_pwd = $result['password'];
        $hash = password_verify($password, $hash_pwd);

        if ($hash) {
            $_SESSION['username'] = $username;
            header("location:index.php");
            return;
        } else {
            echo '<p class="error-message3"><br><br>You have ented an incorrect login!<br>Please try again</p>';
        }
    }
}
?>

回答1:


If this really is your complete code:

It seems you are using $url (in the line $result = ...) without having initialized it before.

Additionally, I would expect that a variable with name $url contains an URL, and URLs are not in JSON format, so this raises some alarm signs. You eventually do not want to JSON-parse an URL, but instead parse what this URL returns when calling it.

Secondly, sometimes the line numbers within error messages or warnings are misleading. I highly doubt that the error you have mentioned (HTTP request failed) is related to json_decode(). json_decode(), as the name implies, just parses a string in JSON format, but does not load anything via HTTP.

So the error message probably comes from the line above ($captcha = file_get_contents(...);). I suppose that the URL you give there is wrong, or that Google refuses the request for another reason.

The first thing I would do is putting that URL into a variable and print it out (e.g. by using error_log()).

If that does not lead to the source of the problem, I would copy that URL (not from the code, but from the output produced by error_log()) and paste it directly into the address bar of a new browser window. If this yields the expected result (you should see Google's answer to the request in the browser window), the error is in your code. Otherwise, the error is in the URL.




回答2:


<?php
session_start();
error_reporting(E_ALL);
try {
  $ini = parse_ini_file("/var/www/admin.ini");
  $user = $ini['user'];
  $pass = $ini['pass'];
  $name = $ini['name'];
  $host = $ini['host'];
  $handler = new PDO('mysql:host='.$host.'; dbname='.$name, $user, $pass);
  $handler->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
}   
catch(PDOException $e){
      error_log($e);
      echo $e->getMessage();
}
    curl_setopt_array($curl, [
    CURLOPT_RETURNTRANSFER => 1,
    CURLOPT_URL => 'https://www.google.com/recaptcha/api/siteverify',
    CURLOPT_POST => 1,
    CURLOPT_POSTFIELDS => [
      'secret' => '********',
      'response' => $_POST['g-recaptcha-response'],
    ],
  ]);  

$response = json_decode(curl_exec($curl));

if (!$response->success) {
   if (isset($_POST['submit'])) {
       $username = $_POST['username'];
       $password = $_POST['password'];
       $q = $handler->prepare('SELECT * FROM users WHERE username = ?');
       $q->execute(array($username));
       $result = $q -> fetch(PDO::FETCH_ASSOC);
          if ($result !== false) {
               $hash_pwd = $result['password'];
               $hash = password_verify($password, $hash_pwd);
                if ($hash) {
                   $_SESSION['username'] = $username;
                   header("location:index.php");return;
               }
               else {echo '<p class="error-message3"><br><br>You have ented an incorrect login!<br>Please try again</p>';
                } 
          }
    }
}

?>


来源:https://stackoverflow.com/questions/46346160/google-recaptcha-error-logs-in-without-completing-puzzle-but-shows-tick

标签
php
mysql
pdo
recaptcha
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!