Tweet, Share & Like [ EnAcCiOn ]

 

FeedBurner FeedCount Y Facebook | EnAcCiOn

Send Voicemail | EnAcCiOn

Contact me using vCita | EnAcCiOn

Contact me using vCita | EnAcCiOn

Meeting Scheduler Powered by vCita

jueves, 16 de julio de 2015

Re: Recaptcha V2 hopefully made simple. Both HTML and PHP code included here

Thanks, kh99, for pointing out an issue I was staring at for weeks without seeing it. I was looking at that dot and thinking it was an object property pointer. It is in some languages, but not in PHP. The result of $response.'success' is a non-empty string, which will always evaluate to true.A correct PHP object property pointer won't work anyway. According to Google's documentation, $response is a JSON object. A JSON object in PHP is just a string, and in order to do anything sensible with it (other than parsing it as a string) you have to convert it to something else. A commenter on the codeforgeek.com page recommended converting it to an associative array, and that's what I did. I found another site that show how to convert it to a PHP object. But treating the JSON string as an object in PHP, without converting it, won't play.I must confess I don't know PHP. I'm trying to get along by using and adapting other people's code and rummaging around for explanations. I think what I just wrote makes sense.On Wednesday, July 15, 2015 at 1:16:00 AM UTC-4, kh99 wrote: Martin is right, I think. This line is a problem: if($response.'success'==true)   {  echo '

Thanks for posting comment.

';   } A '.' is string concatenation, so you're checking whatever string is in $response, with 'success' tacked on the end. The resulting string is always evaluating to true. If you want to verify this, try temporarily changing your html. Comment out the div like this: and insert this instead:
which will send "anything" as g-recaptcha-response, and you'll see that it succeeds, even though you have not even displayed a recaptcha widget.On Monday, July 13, 2015 at 3:19:16 PM UTC-4, Donna S wrote: I had been using ReCaptcha V1 for a number of years with no real problem. Figuring out how the heck to get V2 running became a nightmare. As much as anyone would like to think it's well documented, IT'S NOT unless you happen to be a master coder. These days I scrape by on coding, so having a very clear, simple and straight forward example would be wonderful. I found a lot of examples of people using Curl and other fun ways to implement this. All of those examples ended up with the stupid recaptcha always being SUCCESS : FALSE and I still don't understand why. Anyway, I do now having it working and hopefully someone can benefit from these short example files I'm attaching. I certainly don't claim to be a great coder, but this actually does work consistently.I happen to use sessions in my forms but code still works the same with or without session enabled.Here's the HTML (again, if you don't want sessions, eliminate the PHP line at the top and call your file cap_test.html). I got this code from codeforgeek so I definitely thank them so much!!CAP_TEST.PHP                 

Google reCAPTHA V2 Demo

   
     

     

      
          
 CAP_PROCESS.PHPPlease check the the captcha form.';              exit;           }// This gets the response and checks it for being true. If it is it prints thanks for posting the comment and exits.       $response = file_get_contents("http://bit.ly/1eXekEZ".$captcha."&remoteip=".$_SERVER['REMOTE_ADDR']);if($response.'success'==true)   {  echo '

Thanks for posting comment.

';   }?>So this is fun for testing. In my real form, I don't really care whether they tried to bypass the captcha or if it failed for some reason, I'm still going to make them try again, so this is a small bit of the actual code I use in my PHP processing script:// Set errorflag variable to false so we'll assume this will run with no errors$_SESSION["errorflag"] = "false";// Now go check if the recaptcha was entered correctly// If $_POST['g-recaptcha-response'] is not set, that means the user hit submit without completing the recapcha and we'll send it backif(isset($_POST['g-recaptcha-response'])){ $captcha=$_POST['g-recaptcha-response']; }// So if $captcha was set, lets go see if it was successfull by getting the response and putting the answer into $responseif($captcha){$response=file_get_contents("http://bit.ly/1eXekEZ".$captcha."&remoteip=".$_SERVER['REMOTE_ADDR']);}// So now if either the $captcha was not set OR we did not get a success from recaptcha// we'll set the error flag to indicate that recaptcha was bad// and load the sanitized form data into session variables and go on back to the formif ((!$captcha) or ($response."success"==false)) {    $_SESSION["applocation"] = $applocation;    $_SESSION["firstname"] = $firstname; -- You received this message because you are subscribed to the Google Groups "reCAPTCHA" group. To unsubscribe from this group and stop receiving emails from it, send an email to recaptcha+unsubscribe@googlegroups.com. To post to this group, send email to recaptcha@googlegroups.com. Visit this group at http://bit.ly/1dkFnYd. For more options, visit http://bit.ly/P65DvS.

No hay comentarios:

EnAcCiOn

Contador Web | EnAcCiOn

EnAcCiOn

EnAcCiOn

EnAcCiOn

Blog Archive | EnAcCiOn