PHP 表单 + Google reCAPTCHA

声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow 原文地址: http://stackoverflow.com/questions/27681060/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me): StackOverFlow

提示:将鼠标放在中文语句上可以显示对应的英文。显示中英文
时间:2020-08-25 23:28:24  来源:igfitidea点击:

PHP form + Google reCAPTCHA

phpformsrecaptchacontact

提问by Kevin May

It's kind of weird that Google's documentation for recaptcha is not as helpful as I thought it was going to be. I was asked to take a current existing form (which is getting spammed a few times a day) and update it with Google's new recaptcha. There are a lot of tutorials out there for the old captcha, but not so many for the new one. I basically just want a simple form to capture name, email, message, and then replace my current "anti-bot field" with the recaptcha (I used a field that basically asked you what 2+2 was and if you entered anything, but 4, it would not send). If the required fields are valid and the recaptcha is valid, then I want it to send me an email with the contents of the form fields.

Google 的 recaptcha 文档并没有我想象的那么有用,这有点奇怪。我被要求采用当前现有的表格(每天收到几次垃圾邮件)并使用 Google 的新 recaptcha 对其进行更新。旧验证码有很多教程,但新验证码的教程不多。我基本上只想要一个简单的表单来捕获姓名、电子邮件、消息,然后用 recaptcha 替换我当前的“反机器人字段”(我使用了一个字段,该字段基本上询问您 2+2 是什么以及您是否输入了任何内容,但是4、它不会发送)。如果必填字段有效并且recaptcha 有效,那么我希望它向我发送一封包含表单字段内容的电子邮件。

I went through the simple steps:

我经历了简单的步骤:

  1. registered my site to get the keys

  2. added this snippet inside of my head tag:

    <script src='https://www.google.com/recaptcha/api.js'></script>
    
  3. added this snippet at the end of my form:

    <div class="g-recaptcha" data-sitekey="#MYKEY#"></div>
    
  1. 注册我的网站以获取密钥

  2. 在我的 head 标签中添加了这个片段:

    <script src='https://www.google.com/recaptcha/api.js'></script>
    
  3. 在我的表单末尾添加了这个片段:

    <div class="g-recaptcha" data-sitekey="#MYKEY#"></div>
    

At this point, the recaptcha is showing up just fine. But the server-side part is a little confusing.

此时,recaptcha 显示正常。但是服务器端部分有点混乱。

This is my updated contact form with the recaptcha showing:

这是我更新的联系表格,其中显示了recaptcha:

<form method="post" action="contact-post.php">
  <label>Your Name (required):</label>
    <input name="name" type="text" placeholder="Enter your name here">
  <label>Email Address (required):</label>
    <input name="email" type="email" placeholder="Enter your email address here">
  <label>Your Message (required):</label>
    <textarea name="message" placeholder="Write your message here"></textarea>
  <div style="margin-top:20px;" class="g-recaptcha" data-sitekey="#MYKEY#"></div>
  <input id="submit" name="submit" type="submit" value="Submit Form">
</form>

And here is my current POST page (I'm unsure where to add in the recaptcha code):

这是我当前的 POST 页面(我不确定在哪里添加 recaptcha 代码):

<?php
        $name = $_POST['name'];
        $email = $_POST['email'];
        $message = $_POST['message'];
        $human = $_POST['human'];
        $from = 'From: My Website';
        $to = '[email protected]';
        $subject = 'Request Form';

        $body = "Name: $name \n E-Mail: $email \nMessage:\n$message";

        if ($_POST['submit']) {
            if ($email != '') {
                if ($human == '4') {                 
                    if (mail ($to, $subject, $body, $from)) { 
                        echo '<p>You have successfully submitted your information to PS4RS. Subscribers to our mailing list will begin to periodically receive updates.</p>';
                    } else { 
                        echo '<p>Something went wrong, go back and try again!</p><p><input type="button" value="Go Back" onclick="history.back(-1)" class="goback" /></p>'; 
                    } 
                } else if ($_POST['submit'] && $human != '4') {
                    echo '<p>You answered the anti-spam question incorrectly!</p><p><input type="button" value="Go Back" onclick="history.back(-1)" class="goback" /></p>';
                }
            } else {
                echo '<p>You need to fill in all required fields!!</p><p><input type="button" value="Go Back" onclick="history.back(-1)" class="goback" /></p>';
            }
        }
    ?>

Any help is welcome. I feel like this might be a pretty common people with people trying to implement it into their current working forms.

欢迎任何帮助。我觉得这可能是一个非常普遍的人,人们试图将其实施到他们当前的工作形式中。

采纳答案by Alagunto

Check out this link: https://developers.google.com/recaptcha/docs/verify

查看此链接:https: //developers.google.com/recaptcha/docs/verify

In a few words, you should make request to

简而言之,您应该向

https://www.google.com/recaptcha/api/siteverify?secret=YOUR_SECRET&response=RESPONSE_CAME_FROM_YOUR_FORM&remoteip=USER_IP_ADDRESS  

Where YOUR_SECRET is secret key you received on ReCAPTCHA site, USER_IP_ADDRESS can be received through $_SERVERarray and RESPONSE_CAME_FROM_YOUR_FORM is a string sent with your form. It is stored in $_POST['g-recaptcha-response'].

其中 YOUR_SECRET 是您在 ReCAPTCHA 站点上收到的密钥,USER_IP_ADDRESS 可以通过$_SERVER数组接收,RESPONSE_CAME_FROM_YOUR_FORM 是随您的表单发送的字符串。它存储在$_POST['g-recaptcha-response'].

You can do it via file_get_contents($url)like

你可以通过file_get_contents($url)

$data = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=YOUR_SECRET&response=RESPONSE_CAME_FROM_YOUR_FORM&remoteip=USER_IP_ADDRESS");

In $datayou will receive JSON object containing successfield, which you are looking for. If success is false, then it is not a human and you should exit(). I suggest you checking this in the beginning of your program.

$data您将收到JSON对象包含success字段,你正在寻找。如果成功是假的,那么它不是人,你应该这样做exit()。我建议你在程序开始时检查这个。

Update:

更新

Decoding of JSON object looks like:

JSON 对象的解码如下所示:

$data = json_decode($data); // This will decode JSON to object
if(!$data->success) 
    exit();

Update:

更新

Sometimes, file_get_contents($url)won't be able to set up secured https connection. Instead you can use open_https_url($url)Make your code look like:

有时,file_get_contents($url)将无法设置安全的 https 连接。相反,您可以使用open_https_url($url)使您的代码看起来像:

<?php
    $your_secret = "<secret_key_you_received_from_recaptcha_site>";
    $client_captcha_response = $_POST['g-recaptcha-response'];
    $user_ip = $_SERVER['REMOTE_ADDR'];

    $captcha_verify = open_https_url("https://www.google.com/recaptcha/api/siteverify?secret=$your_secret&response=$client_captcha_response&remoteip=$user_ip");
    $captcha_verify_decoded = json_decode($captcha_verify);
    if(!$captcha_verify_decoded->success)
      die('DIRTY ROBOT');

    $name = $_POST['name'];
    $email = $_POST['email'];
    $message = $_POST['message'];
    $human = $_POST['human'];
    $from = 'From: My Website';
    $to = '[email protected]';
    $subject = 'Request Form';

    $body = "Name: $name \n E-Mail: $email \nMessage:\n$message";

    if ($_POST['submit']) {
        if ($email != '') {
            if ($human == '4') {                 
                if (mail ($to, $subject, $body, $from)) { 
                    echo '<p>You have successfully submitted your information to PS4RS. Subscribers to our mailing list will begin to periodically receive updates.</p>';
                } else { 
                    echo '<p>Something went wrong, go back and try again!</p><p><input type="button" value="Go Back" onclick="history.back(-1)" class="goback" /></p>'; 
                } 
            } else if ($_POST['submit'] && $human != '4') {
                echo '<p>You answered the anti-spam question incorrectly!</p><p><input type="button" value="Go Back" onclick="history.back(-1)" class="goback" /></p>';
            }
        } else {
            echo '<p>You need to fill in all required fields!!</p><p><input type="button" value="Go Back" onclick="history.back(-1)" class="goback" /></p>';
        }
    }
?>

回答by alex351

Maybe the above answer is a bit outdated, since Google is now using reCaptcha nocaptcha. I found a simpler and more complete answer here to use with your separate php email file.

也许上面的答案有点过时了,因为谷歌现在正在使用 reCaptcha nocaptcha。我在这里找到了一个更简单、更完整的答案,可用于您单独的 php 电子邮件文件。

The solution has a simple email form with name and email and a separate php file to submit the form. You should be able to go on from there and tweak your form accordingly. The solution worked for me.

该解决方案有一个带有姓名和电子邮件的简单电子邮件表单以及一个单独的 php 文件来提交表单。您应该能够从那里继续并相应地调整您的表格。该解决方案对我有用。

https://stackoverflow.com/a/27439796/3934886

https://stackoverflow.com/a/27439796/3934886

and link to tutorial:

和教程链接:

http://codeforgeek.com/2014/12/google-recaptcha-tutorial/

http://codeforgeek.com/2014/12/google-recaptcha-tutorial/