php-如何在表单提交中验证Google reCaptcha

最近,Google彻底修改了其reCaptcha API,并将其简化为一个复选框。

reCaptcha

问题是,我可以提交包含reCaptcha的表单而无需检查它,该表单将忽略reCaptcha。

在您必须使用私钥等将表单发送到PHP文件之前,但在他们的开发人员指南中我没有看到任何提及。 我不知道如何验证表单以确保用户填写了新的reCaptcha。

我想念什么吗? 是否还需要带有私钥的PHP文件?

到目前为止,我所拥有的全部reCaptcha是:

<div data-type="image" class="g-recaptcha" data-sitekey="My Public Key"></div>
Drew Kennedy asked 2020-02-13T04:15:53Z
11个解决方案
64 votes

如果要检查用户是否单击了I'm not a robot复选框,则可以使用reCaptcha API提供的.getResponse()函数。

如果用户未验证自己,它将返回一个空字符串,如下所示:

if (grecaptcha.getResponse() == ""){
    alert("You can't proceed!");
} else {
    alert("Thank you");
}

如果用户已验证自己,则响应将是一个很长的字符串。

可以在此页面上找到有关API的更多信息:reCaptcha Javascript API

Ali Bassam answered 2020-02-13T04:16:18Z
14 votes
var googleResponse = jQuery('#g-recaptcha-response').val();
if (!googleResponse) {
    $('<p style="color:red !important" class=error-captcha"><span class="glyphicon glyphicon-remove " ></span> Please fill up the captcha.</p>" ').insertAfter("#html_element");
    return false;
} else {            
    return true;
}

将其放在一个函数中。 提交时调用此函数... #html_element是我的空div。

Hello Universe answered 2020-02-13T04:16:38Z
13 votes

您可以按照Google reCAPTCHA文档的3种方式验证响应:

  1. doSomething:一旦用户选中了复选框(我不是机器人),则ID为g-recaptcha-response的字段就会填充到您的HTML中。
    现在,您可以使用以下提示行,使用此字段的值来了解用户是否是漫游器:

    doSomething
  2. 在您提交表单之前,您可以按以下方式致电:

    doSomething
  3. 您可以如下显示您的reCAPTCHA:-

    doSomething

    然后在JavaScript中定义函数,该函数也可用于提交表单。

    doSomething

    现在,一旦选中复选框(我不是机器人),您将获得一个已定义回调的回调,在您的情况下为doSomething

the_D answered 2020-02-13T04:17:43Z
11 votes

从UX角度来看,通过启用禁用的按钮或简单地使按钮可见,可以帮助用户明显地知道何时可以继续提交表单。

这是一个简单的例子...

<form>
    <div class="g-recaptcha" data-sitekey="YOUR_PRIVATE_KEY" data-callback="recaptchaCallback"></div>
    <button type="submit" class="btn btn-default hidden" id="btnSubmit">Submit</button>
</form>

<script>
    function recaptchaCallback() {
        var btnSubmit = document.getElementById("btnSubmit");

        if ( btnSubmit.classList.contains("hidden") ) {
            btnSubmit.classList.remove("hidden");
            btnSubmitclassList.add("show");
        }
    }
</script>
Richard Nalezynski answered 2020-02-13T04:18:08Z
3 votes

使用JavaScript时对我有用

<form method="post" onsubmit="return submitUserForm();">
    <div class="g-recaptcha" data-sitekey="YOUR_SITE_KEY" data-callback="verifyCaptcha"></div>
    <div id="g-recaptcha-error"></div>
    <input type="submit" name="submit" value="Submit" />
</form>
<form method="post" onsubmit="return submitUserForm();">
    <div class="g-recaptcha" data-sitekey="YOUR_SITE_KEY" data-callback="verifyCaptcha"></div>
    <div id="g-recaptcha-error"></div>
    <input type="submit" name="submit" value="Submit" />
</form>

Tharindu Malshan answered 2020-02-13T04:19:33Z
2 votes

试试这个链接:[https://github.com/google/ReCAPTCHA/tree/master/php]

该页面的链接发布在此页面的最底部:[https://developers.google.com/recaptcha/intro]

我想到的一个导致这两个文件无法正常工作的问题是网站的php.ini文件。 确保正确设置此属性,如下所示:allow_url_fopen =开

Matt Zachary answered 2020-02-13T04:20:02Z
2 votes

您可以首先在前端验证该复选框已标记:

    var recaptchaRes = grecaptcha.getResponse();
    var message = "";

    if(recaptchaRes.length == 0) {
        // You can return the message to user
        message = "Please complete the reCAPTCHA challenge!";
        return false;
    } else {
       // Add reCAPTCHA response to the POST
       form.recaptchaRes = recaptchaRes;
    }

然后在服务器端使用Google reCAPTCHA API验证收到的响应:

    $receivedRecaptcha = $_POST['recaptchaRes'];
    $verifiedRecaptcha = file_get_contents('https://www.google.com/recaptcha/api/siteverify?secret='.$google_secret.'&response='.$receivedRecaptcha);

    $verResponseData = json_decode($verifiedRecaptcha);

    if(!$verResponseData->success)
    {
        return "reCAPTCHA is not valid; Please try again!";
    }

有关更多信息,您可以访问Google文档。

Hatef answered 2020-02-13T04:20:31Z
1 votes
var googleResponse = $('#g-recaptcha-response').val();

if(googleResponse=='')
{   
    $("#texterr").html("<span>Please check reCaptcha to continue.</span>");

    return false;
}
Gorakh Nath Mehta answered 2020-02-13T04:20:46Z
1 votes

提交表单后,验证Google reCaptcha是否有效

if ($post['g-recaptcha-response']) {
      $captcha = $post['g-recaptcha-response'];
      $secretKey = 'type here private key';
      $response = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=" . $secretKey . "&response=" . $captcha);
        $responseKeys = json_decode($response, true);
        if (intval($responseKeys["success"]) !== 1) {
            return "failed";
        } else {
            return "success";
        }
    }
    else {
        return "failed";
    }
Shorabh answered 2020-02-13T04:21:06Z
0 votes
//validate
$receivedRecaptcha = $_POST['recaptchaRes'];
$google_secret =  "Yoursecretgooglepapikey";
$verifiedRecaptchaUrl = 'https://www.google.com/recaptcha/api/siteverify?secret='.$google_secret.'&response='.$receivedRecaptcha;
$handle = curl_init($verifiedRecaptchaUrl);
curl_setopt($handle,  CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($handle, CURLOPT_SSL_VERIFYPEER, false); // not safe but works
//curl_setopt($handle, CURLOPT_CAINFO, "./my_cert.pem"); // safe
$response = curl_exec($handle);
$httpCode = curl_getinfo($handle, CURLINFO_HTTP_CODE);
curl_close($handle);
if ($httpCode >= 200 && $httpCode < 300) {
  if (strlen($response) > 0) {
        $responseobj = json_decode($response);
        if(!$responseobj->success) {
            echo "reCAPTCHA is not valid. Please try again!";
            }
        else {
            echo "reCAPTCHA is valid.";
        }
    }
} else {
  echo "curl failed. http code is ".$httpCode;
}
Robot70 answered 2020-02-13T04:21:22Z
-1 votes

将Google reCaptchareCaptcha DLL文件一起使用时,我们可以在C#中进行验证。

RecaptchaControl1.Validate();
bool Varify = RecaptchaControl1.IsValid;
if (Varify)
{
    // Pice of code after validation.
}

它为我工作。

Gautam Kumar Sahu answered 2020-02-13T04:21:46Z
translate from https://stackoverflow.com:/questions/27450562/how-to-validate-google-recaptcha-on-form-submit