Jav*_*bra 5 php forms captcha recaptcha
最近我的网站通过我的付款表单收到了大量垃圾邮件,我决定添加一个captcha以防止这种情况发生.
我正在寻找几个选项,我决定选择Googles reCaptcha.设置和使用似乎很容易,但我遇到了一些问题.
首先,我将其包含script在表单的标题中:
<script src='https://www.google.com/recaptcha/api.js'></script>
然后我把它实际上包含captcha在表格的底部:
<div class="g-recaptcha" data-sitekey="6LdOVv4SAAAAAJ4muJvo_vD7vsd9T9QIfkEwcO7y"></div>
当我提交表格时,我会做以下事情:
$captcha = $_POST["g-recaptcha-response"]; //Get Captcha token
$secret_key = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"; //Get Secret key
$google_response = http_get("https://www.google.com/recaptcha/api/siteverify", array("secret"=>$secret, "response"=>$captcha), $info); //perform Get request
print_r($info);
但事情并没有发生,实际上以前工作的页面只是挂起,甚至没有显示错误信息.我有什么想法可能做错了吗?根据我对文档的理解,响应将会JSON成功并且成功将为真或假,我想继续付款,如果为真或停止并返回表单,如果错误.
任何帮助深表感谢.或者如果有人有替代解决方案来添加验证码,我愿意考虑一下.
JcV*_*JcV 12
试试这个运行google new recaptcha 2015:
==PHP Verification==
if(isset($_POST['submit'])){
$userIP = $_SERVER["REMOTE_ADDR"];
$recaptchaResponse = $_POST['g-recaptcha-response'];
$secretKey = "SECRET_KEY";
$request = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret={$secretKey}&response={$recaptchaResponse}&remoteip={$userIP}");
if(!strstr($request, "true")){
echo "NOPE (Failed Verification)";
}
else{
echo "YUP (Successful Verification)";
}
}
不要使用file_get_contents.Google 建议使用POST-Requests来调用他们的api.如上所述的GET请求可能会导致多个问题:
因此,使用这样的东西:
// Get resource
$curl = curl_init();
// Configure options, incl. post-variables to send.
curl_setopt_array($curl, array(
CURLOPT_RETURNTRANSFER => 1,
CURLOPT_URL => 'https://www.google.com/recaptcha/api/siteverify',
CURLOPT_POST => 1,
CURLOPT_POSTFIELDS => array(
'secret' => 'your_secret_code_here',
'response' => $_POST['g-recaptcha-response']
)
));
// Send request. Due to CURLOPT_RETURNTRANSFER, this will return reply as string.
$resp = curl_exec($curl);
// Free resources.
curl_close($curl);
// Validate response
if(strpos($resp, '"success": true') !== FALSE) {
echo "Verified.";
} else {
echo "Not verified.";
}
此外,验证部分在接受"验证"的内容时更为保守.