我将 Google Recaptcha 集成到我的网站。
但是,人们仍然可以在不完成验证码的情况下填写表格和发送邮件。 (所以他们不必解决任何他们可以直接解决的难题,这当然让我对机器人很脆弱)
所以,我基本上需要 PHP 代码来检查用户是否真的“勾选”或“完成”了 Recaptcha。这样他们就可以继续发送邮件了。
这是我的 PHP 表单代码:
<!-- Start Contact Form -->
<div id="contact-form" class="contatct-form">
<div class="loader"></div>
<form method="post" action="mail.php">
<div class="row">
<div class="col-md-4">
<label for="name">Name<span class="required">*</span></label>
<span class="name-missing">Please enter your name</span>
<input id="name" name="name" type="text" value="" size="60">
</div>
<div class="col-md-4">
<label for="e-mail">Email<span class="required">*</span></label>
<span class="email-missing">Please enter a valid e-mail</span>
<input id="e-mail" name="email" type="text" value="" size="60">
</div>
<div class="col-md-4">
<label for="url">Website</label>
<input id="url" name="url" type="text" value="" size="80">
</div>
</div>
<div class="row">
<div class="col-md-12">
<label for="message">Add Your Comment</label>
<span class="message-missing">Say something!</span>
<textarea id="message" name="message" cols="45" rows="10"></textarea>
</br>
<!--Google reCAPTCHA-->
<?php
require_once('recaptchalib.php');
$publickey = "My Public Key"; // you got this from the signup page
echo recaptcha_get_html($publickey);
?>
<!--End Google reCAPTCHA-->
<input type="submit" name="submit" class="button" id="submit_btn" value="Send Message" onclick="return valtest();">
</div>
</div>
</form>
这是我的 mail.php 代码:
<?php
require_once('recaptchalib.php');
$privatekey = "My private key";
$resp = recaptcha_check_answer ($privatekey,
$_SERVER["REMOTE_ADDR"],
$_POST["recaptcha_challenge_field"],
$_POST["recaptcha_response_field"]);
if (!$resp->is_valid) {
// What happens when the CAPTCHA was entered incorrectly
die ("The reCAPTCHA wasn't entered correctly. Go back and try it again." .
"(reCAPTCHA said: " . $resp->error . ")");
} else {
$sendto = "myemail@domain.com";
$name=$_REQUEST['name'];
$usermail = $_REQUEST['email'];
$url=$_REQUEST['url'];
$content = nl2br($_POST['message']);
$subject = "Web Enquiry";
$headers = "From: " . strip_tags($name) . "\r\n";
$headers .= "Reply-To: ". strip_tags($usermail) . "\r\n";
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-Type: text/html;charset=utf-8 \r\n";
$msg = "<html><body style='font-family:Arial,sans-serif;'>";
$msg .= "<h2 style='font-weight:bold;border-bottom:1px dotted #ccc;'>New Enquiry</h2>\r\n";
$msg .= "<p><strong>Sent by:</strong> ".$usermail."</p>\r\n";
$msg .= "<p><strong>Client Name:</strong> ".$name."</p>\r\n";
$msg .= "<p><strong>Message:</strong> ".$content."</p>\r\n";
$msg .= "<p><strong>Contact:</strong> ".$url."</p>\r\n";
$msg .= "</body></html>";
mail($sendto, $subject, $msg, $headers);
echo "<script>window.location =\"index.php\";</script>";
这里是recaptchalib.php代码:
<?php
/**
* This is a PHP library that handles calling reCAPTCHA.
* - Documentation and latest version
* https://developers.google.com/recaptcha/docs/php
* - Get a reCAPTCHA API Key
* https://www.google.com/recaptcha/admin/create
* - Discussion group
* http://groups.google.com/group/recaptcha
*
* @copyright Copyright (c) 2014, Google Inc.
* @link http://www.google.com/recaptcha
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
/**
* A ReCaptchaResponse is returned from checkAnswer().
*/
class ReCaptchaResponse
{
public $success;
public $errorCodes;
}
class ReCaptcha
{
private static $_signupUrl = "https://www.google.com/recaptcha/admin";
private static $_siteVerifyUrl =
"https://www.google.com/recaptcha/api/siteverify?";
private $_secret;
private static $_version = "php_1.0";
/**
* Constructor.
*
* @param string $secret shared secret between site and ReCAPTCHA server.
*/
function ReCaptcha($secret)
{
if ($secret == null || $secret == "") {
die("To use reCAPTCHA you must get an API key from <a href='"
. self::$_signupUrl . "'>" . self::$_signupUrl . "</a>");
}
$this->_secret=$secret;
}
/**
* Encodes the given data into a query string format.
*
* @param array $data array of string elements to be encoded.
*
* @return string - encoded request.
*/
private function _encodeQS($data)
{
$req = "";
foreach ($data as $key => $value) {
$req .= $key . '=' . urlencode(stripslashes($value)) . '&';
}
// Cut the last '&'
$req=substr($req, 0, strlen($req)-1);
return $req;
}
/**
* Submits an HTTP GET to a reCAPTCHA server.
*
* @param string $path url path to recaptcha server.
* @param array $data array of parameters to be sent.
*
* @return array response
*/
private function _submitHTTPGet($path, $data)
{
$req = $this->_encodeQS($data);
$response = file_get_contents($path . $req);
return $response;
}
/**
* Calls the reCAPTCHA siteverify API to verify whether the user passes
* CAPTCHA test.
*
* @param string $remoteIp IP address of end user.
* @param string $response response string from recaptcha verification.
*
* @return ReCaptchaResponse
*/
public function verifyResponse($remoteIp, $response)
{
// Discard empty solution submissions
if ($response == null || strlen($response) == 0) {
$recaptchaResponse = new ReCaptchaResponse();
$recaptchaResponse->success = false;
$recaptchaResponse->errorCodes = 'missing-input';
return $recaptchaResponse;
}
$getResponse = $this->_submitHttpGet(
self::$_siteVerifyUrl,
array (
'secret' => $this->_secret,
'remoteip' => $remoteIp,
'v' => self::$_version,
'response' => $response
)
);
$answers = json_decode($getResponse, true);
$recaptchaResponse = new ReCaptchaResponse();
if (trim($answers ['success']) == true) {
$recaptchaResponse->success = true;
} else {
$recaptchaResponse->success = false;
$recaptchaResponse->errorCodes = $answers [error-codes];
}
return $recaptchaResponse;
}
}
?>
当我更换
<!--Google reCAPTCHA-->
<?php
require_once('recaptchalib.php');
$publickey = "My Site Key"; // you got this from the signup page
echo recaptcha_get_html($publickey);
?>
<!--End Google reCAPTCHA-->
与
<!--Google reCAPTCHA-->
<div class="g-recaptcha" data-sitekey="My Site key"></div>
<!--End Google reCAPTCHA-->
它会显示小部件,但人们仍然可以填写表格并发送邮件而无需完成验证码。
最佳答案
首先你必须检查recaptcha是否设置:
<?php
$errMsg = "";
$succMsg = "";
/**************************/
/* GOOGLE reCAPTCHA START */
/**************************/
require_once '../../reCAPTCHA/autoload.php';
$siteKey = 'sitekey';
$secret = 'secretkey';
/************************/
/* GOOGLE reCAPTCHA END */
/************************/
if ((isset($_POST['submit']) | !empty($_POST["submit"]))) {
if ((isset($_POST['g-recaptcha-response'])) && !empty($_POST["g-recaptcha-response"])) {
$recaptcha = new \ReCaptcha\ReCaptcha($secret);
$resp = $recaptcha->verify($_POST['g-recaptcha-response'], $_SERVER['REMOTE_ADDR']);
if ($resp->isSuccess()) {
$succMsg = "Success Message";
/**
* DO THE DB ENTRIES HERE
*/
}
} else {
$errMsg = "Error With Captcha";
}
}
?>
你需要these来自谷歌的文件。
它们在此处加载:require_once '../../reCAPTCHA/autoload.php';
您的表单页面应如下所示:
<head>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.1.1/jquery.min.js"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
<script src="https://www.google.com/recaptcha/api.js" async defer></script>
</head>
<div id="contact-form" class="contatct-form">
<div class="loader"></div>
<form method="post">
<div class="row">
<?php
if (isset($succMsg)) {
echo $succMsg;
} else {
echo "";
}
if (isset($errMsg)) {
echo $errMsg;
} else {
echo "";
}
?>
<div class="col-md-4">
<label for="name">Name<span class="required">*</span></label>
<span class="name-missing">Please enter your name</span>
<input id="name" name="name" type="text" value="" size="60">
</div>
<div class="col-md-4">
<label for="e-mail">Email<span class="required">*</span></label>
<span class="email-missing">Please enter a valid e-mail</span>
<input id="e-mail" name="email" type="text" value="" size="60">
</div>
<div class="col-md-4">
<label for="url">Website</label>
<input id="url" name="url" type="text" value="" size="80">
</div>
</div>
<div class="row">
<div class="col-md-12">
<label for="message">Add Your Comment</label>
<span class="message-missing">Say something!</span>
<textarea id="message" name="message" cols="45" rows="10"></textarea>
<br>
<div class="g-recaptcha" data-sitekey="<?php echo $siteKey; ?>"></div>
<input type="submit" name="submit" class="button" id="submit_btn" value="Send Message" onclick="return valtest();">
</div>
</div>
</form>
</div>
关于php - 谷歌 reCAPTCHA 不工作,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/41017987/
我在从html页面生成PDF时遇到问题。我正在使用PDFkit。在安装它的过程中,我注意到我需要wkhtmltopdf。所以我也安装了它。我做了PDFkit的文档所说的一切......现在我在尝试加载PDF时遇到了这个错误。这里是错误:commandfailed:"/usr/local/bin/wkhtmltopdf""--margin-right""0.75in""--page-size""Letter""--margin-top""0.75in""--margin-bottom""0.75in""--encoding""UTF-8""--margin-left""0.75in""-
我在我的项目目录中完成了compasscreate.和compassinitrails。几个问题:我已将我的.sass文件放在public/stylesheets中。这是放置它们的正确位置吗?当我运行compasswatch时,它不会自动编译这些.sass文件。我必须手动指定文件:compasswatchpublic/stylesheets/myfile.sass等。如何让它自动运行?文件ie.css、print.css和screen.css已放在stylesheets/compiled。如何在编译后不让它们重新出现的情况下删除它们?我自己编译的.sass文件编译成compiled/t
我花了三天的时间用头撞墙,试图弄清楚为什么简单的“rake”不能通过我的规范文件。如果您遇到这种情况:任何文件夹路径中都不要有空格!。严重地。事实上,从现在开始,您命名的任何内容都没有空格。这是我的控制台输出:(在/Users/*****/Desktop/LearningRuby/learn_ruby)$rake/Users/*******/Desktop/LearningRuby/learn_ruby/00_hello/hello_spec.rb:116:in`require':cannotloadsuchfile--hello(LoadError) 最佳
关闭。这个问题需要detailsorclarity.它目前不接受答案。想改进这个问题吗?通过editingthispost添加细节并澄清问题.关闭8年前。Improvethisquestion在首页我有:汽车:VolvoSaabMercedesAudistatic_pages_spec.rb中的测试代码:it"shouldhavetherightselect"dovisithome_pathit{shouldhave_select('cars',:options=>['volvo','saab','mercedes','audi'])}end响应是rspec./spec/request
在Rails4.0.2中,我使用s3_direct_upload和aws-sdkgems直接为s3存储桶上传文件。在开发环境中它工作正常,但在生产环境中它会抛出如下错误,ActionView::Template::Error(noimplicitconversionofnilintoString)在View中,create_cv_url,:id=>"s3_uploader",:key=>"cv_uploads/{unique_id}/${filename}",:key_starts_with=>"cv_uploads/",:callback_param=>"cv[direct_uplo
使用Ruby1.9.2运行IDE提示说需要gemruby-debug-base19x并提供安装它。但是,在尝试安装它时会显示消息Failedtoinstallgems.Followinggemswerenotinstalled:C:/ProgramFiles(x86)/JetBrains/RubyMine3.2.4/rb/gems/ruby-debug-base19x-0.11.30.pre2.gem:Errorinstallingruby-debug-base19x-0.11.30.pre2.gem:The'linecache19'nativegemrequiresinstall
我知道全局变量$!包含最新的异常对象,但我对下面的语法感到困惑。谁能帮助我理解以下语法?rescue$! 最佳答案 此构造可防止异常停止您的程序并使堆栈跟踪冒泡。它还会将该异常作为值返回,这很有用。a=get_me_datarescue$!在此行之后,a将保存请求的数据或异常。然后您可以分析该异常并采取相应措施。defget_me_dataraise'Nodataforyou'enda=get_me_datarescue$!puts"Executioncarrieson"pa#>>Executioncarrieson#>>#更现实的
我在我正在处理的一些代码中发现了这一点。它旨在解决从磁盘读取key文件的要求。在生产环境中,key文件的内容位于环境变量中。旧代码:key=File.read('path/to/key.pem')新代码:key=File.read('|echo$KEY_VARIABLE')这是如何工作的? 最佳答案 来自IOdocs:Astringstartingwith“|”indicatesasubprocess.Theremainderofthestringfollowingthe“|”isinvokedasaprocesswithappro
我今天看到了一个ruby代码片段。[1,2,3,4,5,6,7].inject(:+)=>28[1,2,3,4,5,6,7].inject(:*)=>5040这里的注入(inject)和之前看到的完全不一样,比如[1,2,3,4,5,6,7].inject{|sum,x|sum+x}请解释一下它是如何工作的? 最佳答案 没有魔法,符号(方法)只是可能的参数之一。这是来自文档:#enum.inject(initial,sym)=>obj#enum.inject(sym)=>obj#enum.inject(initial){|mem
我刚刚有一个关于RubyonRails和模型(Rails3)中的attr_accessible属性的一般性问题。有人可以解释应该在那里定义哪些模型属性吗?我记得一些关于批量分配风险的事情,虽然我在这方面不太了解......谢谢:) 最佳答案 想象一个带有一些字段的订单类:Order.new({:type=>'Corn',:quantity=>6})现在假设订单也有折扣代码,比如:price_off。您不想将:price_off标记为attr_accessible。这会阻止恶意代码制作最终会执行如下操作的帖子:Order.new({: