Missing reCAPTCHA validation

[andreiciulinaru]

Dhanybhad for your template. It's looking really good.

I noticed there is no validation on reCAPTCHA user's input when the form is submitted.

So, you can submit the form without validating the quizz.

I tweaked it to include a check when receiving the POST request, enough to avoid spammers.

if(!isset($_POST['g-recaptcha-response']) || empty($_POST['g-recaptcha-response'])) {
echo 'reCAPTHCA verification failed, please try again.'; } else {

[webdeveloper778]

Hello,
Could someone please tell me where the above snippet of code should go in the recaptcha.php file? I tried it in a few places in the php file but doesn't seem to work.

[jaydadarkar]

@webdeveloper778
You have 2 files, index.html and contact.php
Add this script to the bottom in script tag after validation code

function onSubmit(token) { document.getElementById("main-offer-form").submit(); }

Remove the div that has id="re-captcha" and add the following to the submit button

class="g-recaptcha" data-sitekey="reCAPTCHA_site_key" data-callback='onSubmit' data-action='submit'

In you contact.php, check if you are getting g-recaptcha-response by dumping $_POST.

Once, everything is in place, in the head after opening php tags, add the following
require_once('recaptchalib.php');

Before you perform any operation and after validation of inputs, initialize the captcha.

$recaptcha = new ReCaptcha('YOUR_SECRET_KEY'); $recaptcha = $recaptcha->verifyResponse($_SERVER['REMOTE_ADDR'], $_POST['g-recaptcha-response']); if($recaptcha->success){ // Success } else{ // Failed }

[webdeveloper778]

Hey, Thanks for the reply. But as it was many years ago I moved over to Wordpress & found a contact form plugin that supports recaptcha. But I do appreciate the time you have taken and will keep this code for future use. Regards Neil

…

On Mon, 24 Jul 2023 at 08:55, Jay Dadarkar ***@***.***> wrote: @webdeveloper778 <https://github.com/webdeveloper778> You have 2 files, index.html and contact.php Add this script to the bottom in script tag after validation code function onSubmit(token) { document.getElementById("main-offer-form").submit(); } Remove the div that has id="re-captcha" and add the following to the submit button class="g-recaptcha" data-sitekey="reCAPTCHA_site_key" data-callback='onSubmit' data-action='submit' In you contact.php, check if you are getting g-recaptcha-response by dumping $_POST. Once, everything is in place, in the head after opening php tags, add the following require_once('recaptchalib.php'); Before you perform any operation and after validation of inputs, initialize the captcha. $recaptcha = new ReCaptcha('YOUR_SECRET_KEY'); $recaptcha = $recaptcha->verifyResponse($_SERVER['REMOTE_ADDR'], $_POST['g-recaptcha-response']); if($recaptcha->success){ // Success } else{ // Failed } — Reply to this email directly, view it on GitHub <#2 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AWD67TKJXQA2LL4ZZTTR373XRYTANANCNFSM4YA7QLTA> . You are receiving this because you were mentioned.Message ID: ***@***.***>

[dwh2427]

@jaydadarkar or anyone else here, are you able to update the code to reflect these changes? I'm not so savvy and got everything working only to find the recaptcha isn't working so the form is broken.
Thanks,
David

[jaydadarkar]

Hi Dave,
Not sure if this repo is maintained, so even if I submit a pull request, less likely it will get accepted. Would request you to refer my comment above and lmk.
Thanks.