PHP form + Google reCAPTCHA

2019-02-02 16:52发布

站内问答 / PHP
565 2 5

It's kind of weird that Google's documentation for recaptcha is not as helpful as I thought it was going to be. I was asked to take a current existing form (which is getting spammed a few times a day) and update it with Google's new recaptcha. There are a lot of tutorials out there for the old captcha, but not so many for the new one. I basically just want a simple form to capture name, email, message, and then replace my current "anti-bot field" with the recaptcha (I used a field that basically asked you what 2+2 was and if you entered anything, but 4, it would not send). If the required fields are valid and the recaptcha is valid, then I want it to send me an email with the contents of the form fields.

I went through the simple steps:

  1. registered my site to get the keys

  2. added this snippet inside of my head tag:

    <script src='https://www.google.com/recaptcha/api.js'></script>

  3. added this snippet at the end of my form:

    <div class="g-recaptcha" data-sitekey="#MYKEY#"></div>

At this point, the recaptcha is showing up just fine. But the server-side part is a little confusing.

This is my updated contact form with the recaptcha showing:

<form method="post" action="contact-post.php">
  <label>Your Name (required):</label>
    <input name="name" type="text" placeholder="Enter your name here">
  <label>Email Address (required):</label>
    <input name="email" type="email" placeholder="Enter your email address here">
  <label>Your Message (required):</label>
    <textarea name="message" placeholder="Write your message here"></textarea>
  <div style="margin-top:20px;" class="g-recaptcha" data-sitekey="#MYKEY#"></div>
  <input id="submit" name="submit" type="submit" value="Submit Form">
</form>

And here is my current POST page (I'm unsure where to add in the recaptcha code):

<?php
        $name = $_POST['name'];
        $email = $_POST['email'];
        $message = $_POST['message'];
        $human = $_POST['human'];
        $from = 'From: My Website';
        $to = 'myemail@gmail.com';
        $subject = 'Request Form';

        $body = "Name: $name \n E-Mail: $email \nMessage:\n$message";

        if ($_POST['submit']) {
            if ($email != '') {
                if ($human == '4') {                 
                    if (mail ($to, $subject, $body, $from)) { 
                        echo '<p>You have successfully submitted your information to PS4RS. Subscribers to our mailing list will begin to periodically receive updates.</p>';
                    } else { 
                        echo '<p>Something went wrong, go back and try again!</p><p><input type="button" value="Go Back" onclick="history.back(-1)" class="goback" /></p>'; 
                    } 
                } else if ($_POST['submit'] && $human != '4') {
                    echo '<p>You answered the anti-spam question incorrectly!</p><p><input type="button" value="Go Back" onclick="history.back(-1)" class="goback" /></p>';
                }
            } else {
                echo '<p>You need to fill in all required fields!!</p><p><input type="button" value="Go Back" onclick="history.back(-1)" class="goback" /></p>';
            }
        }
    ?>

Any help is welcome. I feel like this might be a pretty common people with people trying to implement it into their current working forms.

2条回答
可以哭但决不认输i
2楼-- · 2019-02-02 17:05

Check out this link: https://developers.google.com/recaptcha/docs/verify

In a few words, you should make request to 

https://www.google.com/recaptcha/api/siteverify?secret=YOUR_SECRET&response=RESPONSE_CAME_FROM_YOUR_FORM&remoteip=USER_IP_ADDRESS

Where YOUR_SECRET is secret key you received on ReCAPTCHA site, USER_IP_ADDRESS can be received through $_SERVER array and RESPONSE_CAME_FROM_YOUR_FORM is a string sent with your form. It is stored in $_POST['g-recaptcha-response'].

You can do it via file_get_contents($url) like

$data = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=YOUR_SECRET&response=RESPONSE_CAME_FROM_YOUR_FORM&remoteip=USER_IP_ADDRESS");

In $data you will receive JSON object containing success field, which you are looking for. If success is false, then it is not a human and you should exit(). I suggest you checking this in the beginning of your program.

Update:

Decoding of JSON object looks like:

$data = json_decode($data); // This will decode JSON to object
if(!$data->success) 
    exit();

Update:

Sometimes, file_get_contents($url) won't be able to set up secured https connection. Instead you can use open_https_url($url) Make your code look like:

<?php
    $your_secret = "<secret_key_you_received_from_recaptcha_site>";
    $client_captcha_response = $_POST['g-recaptcha-response'];
    $user_ip = $_SERVER['REMOTE_ADDR'];

    $captcha_verify = open_https_url("https://www.google.com/recaptcha/api/siteverify?secret=$your_secret&response=$client_captcha_response&remoteip=$user_ip");
    $captcha_verify_decoded = json_decode($captcha_verify);
    if(!$captcha_verify_decoded->success)
      die('DIRTY ROBOT');

    $name = $_POST['name'];
    $email = $_POST['email'];
    $message = $_POST['message'];
    $human = $_POST['human'];
    $from = 'From: My Website';
    $to = 'myemail@gmail.com';
    $subject = 'Request Form';

    $body = "Name: $name \n E-Mail: $email \nMessage:\n$message";

    if ($_POST['submit']) {
        if ($email != '') {
            if ($human == '4') {                 
                if (mail ($to, $subject, $body, $from)) { 
                    echo '<p>You have successfully submitted your information to PS4RS. Subscribers to our mailing list will begin to periodically receive updates.</p>';
                } else { 
                    echo '<p>Something went wrong, go back and try again!</p><p><input type="button" value="Go Back" onclick="history.back(-1)" class="goback" /></p>'; 
                } 
            } else if ($_POST['submit'] && $human != '4') {
                echo '<p>You answered the anti-spam question incorrectly!</p><p><input type="button" value="Go Back" onclick="history.back(-1)" class="goback" /></p>';
            }
        } else {
            echo '<p>You need to fill in all required fields!!</p><p><input type="button" value="Go Back" onclick="history.back(-1)" class="goback" /></p>';
        }
    }
?>
查看更多
0人赞 添加讨论(0) 举报
Ridiculous、
3楼-- · 2019-02-02 17:14

Maybe the above answer is a bit outdated, since Google is now using reCaptcha nocaptcha. I found a simpler and more complete answer here to use with your separate php email file.

The solution has a simple email form with name and email and a separate php file to submit the form. You should be able to go on from there and tweak your form accordingly. The solution worked for me.

https://stackoverflow.com/a/27439796/3934886

and link to tutorial:

http://codeforgeek.com/2014/12/google-recaptcha-tutorial/

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(5)