问题
I need a captcha for my form, and I am having some troubles with the server-side integration.
The form takes in four types of data:
- name
- comment.
After making sure that none of them are empty, I want to verify the captcha. However, for some reason, it always returns success == false.
Can somebody help me spotting what's wrong with my code?
function validate($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
$nameMsgErr = $emailErr = $msgSuccess = $error = "";
if(!empty($_POST['name_msg']) && !empty($_POST['email']) && !empty($_POST['subject']) && !empty($_POST['message'])) {
$url = 'https://www.google.com/recaptcha/api/siteverify';
$private_key = '------Private Key--------';
$response = file_get_contents($url . "?secret=" . $private_key . "&response=" . $_HOST['g-recaptcha-response'] . "&remoteip=" . $_SERVER['REMOTE_ADDR']);
$data = json_decode($response);
if(isset($data->success) AND $data->success == true) {
$name = validate($_POST['name_msg']);
$email = validate($_POST['email']);
if(!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$emailErr = "Wrong email format";
} else {
$subject = validate($_POST['subject']);
$msg = validate($_POST['message']);
$msg .= "\r\n" . $name;
$msg = wordwrap($msg, 70, "\r\n");
$header = "From: " . $email;
mail("myemail9@gmail.com", $subject, $msg, $header);
$msgSuccess = "Message successfully sent";
}
} else {
$error = "Error";
}
}
回答1:
You are using the wrong HTTP method to verify the user response. In your code, you use file_get_contents and it is sending a GET request, which returns false everytime.
As stated in the documentation, you need to send a POST request to the google recaptcha api.
See this answer on sending a POST request using file_get_contents
Note: cURL is the more common method of sending POST requests, and may be much simpler to grasp and implement. I would suggest using cURL to start.
Edit (Added specific example, not tested):
$postdata = http_build_query(
array(
'secret' => $private_key,
'response' => $_HOST["g-recaptcha-response"],
'remoteip' => $_SERVER["REMOTE_ADDR"]
)
);
$opts = array('http' =>
array(
'method' => 'POST',
'header' => 'Content-type: application/x-www-form-urlencoded',
'content' => $postdata
)
);
$context = stream_context_create($opts);
$response = file_get_contents('https://www.google.com/recaptcha/api/siteverify', FALSE, $context);
回答2:
This is what I added:
opts = array('http' =>
array(
'method' => 'POST',
'header' => 'Content-type: application/x-www-form-urlencoded',
'content' => 'https://www.google.com/recaptcha/api/siteverify/secret='.$private_key.'&response='.$_HOST["g-recaptcha-response"].'&remoteip='.$_SERVER["REMOTE_ADDR"]
)
);
$context = stream_context_create($opts);
$response = file_get_contents($context);
来源:https://stackoverflow.com/questions/48082780/recaptcha-isnt-working-it-doesnt-return-success