Recaptcha on an IIS server
433 views
Skip to first unread message
SACrob
Aug 25, 2008, 4:17:22 PM8/25/08
to reCAPTCHA
We have a htm form that calls a php script to send the form via email.
here is an example of the html form.
<td class="maintext"><form id="contactsales" name="Contact Sales"
method="post" action="contact_hq_a.php">
<?php
require_once('recaptchalib.php');
$publickey = "i typed my captach key here";
$resp = null;
$error = null;
?>
What type of comment would you like to send?
<p>
<label>
<input type="radio" name="praise" value="praise" />
Praise </label>
<br />
<label>
<input type="radio" name="suggestion" value="suggestion" />
Suggestion</label>
<br />
<label>
<input type="radio" name="problem" value="problem" />
Issue</label>
<br />
<?php
echo recaptcha_get_html($publickey);
?></p>
<p>
<input type="submit" name="Submit" value="Submit" id="Submit" /
>
</p> <label for="Submit"><br />
</label>
</p>
</form>
and here is the php file that is called to send the email. it has the
recaptcha validation script in it.
the script sends an email no problem but it includes the recaptcha
variable in the submission and it sends it whether it passes or fails
the captcha.
<?php
require_once('recaptchalib.php');
$privatekey = "i typed my captcha key here";
$resp = recaptcha_check_answer ($privatekey,
$_SERVER["REMOTE_ADDR"],
$_POST["recaptcha_challenge_field"],
$_POST["recaptcha_response_field"]);
if (!$resp->is_valid) {
//--------------------------Set these
paramaters--------------------------
// Subject of email sent to you.
$subject = 'Results from Contact form';
// Your email address. This is where the form information will be
sent.
$emailadd = 'm...@me.com';
// Where to redirect after form is processed.
$url = 'a_content_frame.htm';
// Makes all fields required. If set to '1' no field can not be empty.
If set to '0' any or all fields can be empty.
$req = '0';
// --------------------------Do not edit below this
line--------------------------
$text = "Results from form:\n\n";
$space = ' ';
$line = '
';
foreach ($_POST as $key => $value)
{
if ($req == '1')
{
if ($value == '')
{echo "$key is empty";die;}
}
$j = strlen($key);
if ($j >= 50)
{echo "Name of form element $key cannot be longer than 50
characters";die;}
$j = 50 - $j;
for ($i = 1; $i <= $j; $i++)
{$space .= ' ';}
$value = str_replace('\n', "$line", $value);
$conc = "{$key}:$space{$value}$line";
$text .= $conc;
$space = ' ';
}
mail($emailadd, $subject, $text, 'From: '.$emailadd.'');
echo '<META HTTP-EQUIV=Refresh CONTENT="0; URL='.$url.'">';
}
else {
die ("The reCAPTCHA wasn't entered correctly. Go back and try it
again." .
"(reCAPTCHA said: " . $resp->error . ")");
}
?>
here is an example of the html form.
<td class="maintext"><form id="contactsales" name="Contact Sales"
method="post" action="contact_hq_a.php">
<?php
require_once('recaptchalib.php');
$publickey = "i typed my captach key here";
$resp = null;
$error = null;
?>
What type of comment would you like to send?
<p>
<label>
<input type="radio" name="praise" value="praise" />
Praise </label>
<br />
<label>
<input type="radio" name="suggestion" value="suggestion" />
Suggestion</label>
<br />
<label>
<input type="radio" name="problem" value="problem" />
Issue</label>
<br />
<?php
echo recaptcha_get_html($publickey);
?></p>
<p>
<input type="submit" name="Submit" value="Submit" id="Submit" /
>
</p> <label for="Submit"><br />
</label>
</p>
</form>
and here is the php file that is called to send the email. it has the
recaptcha validation script in it.
the script sends an email no problem but it includes the recaptcha
variable in the submission and it sends it whether it passes or fails
the captcha.
<?php
require_once('recaptchalib.php');
$privatekey = "i typed my captcha key here";
$resp = recaptcha_check_answer ($privatekey,
$_SERVER["REMOTE_ADDR"],
$_POST["recaptcha_challenge_field"],
$_POST["recaptcha_response_field"]);
if (!$resp->is_valid) {
//--------------------------Set these
paramaters--------------------------
// Subject of email sent to you.
$subject = 'Results from Contact form';
// Your email address. This is where the form information will be
sent.
$emailadd = 'm...@me.com';
// Where to redirect after form is processed.
$url = 'a_content_frame.htm';
// Makes all fields required. If set to '1' no field can not be empty.
If set to '0' any or all fields can be empty.
$req = '0';
// --------------------------Do not edit below this
line--------------------------
$text = "Results from form:\n\n";
$space = ' ';
$line = '
';
foreach ($_POST as $key => $value)
{
if ($req == '1')
{
if ($value == '')
{echo "$key is empty";die;}
}
$j = strlen($key);
if ($j >= 50)
{echo "Name of form element $key cannot be longer than 50
characters";die;}
$j = 50 - $j;
for ($i = 1; $i <= $j; $i++)
{$space .= ' ';}
$value = str_replace('\n', "$line", $value);
$conc = "{$key}:$space{$value}$line";
$text .= $conc;
$space = ' ';
}
mail($emailadd, $subject, $text, 'From: '.$emailadd.'');
echo '<META HTTP-EQUIV=Refresh CONTENT="0; URL='.$url.'">';
}
else {
die ("The reCAPTCHA wasn't entered correctly. Go back and try it
again." .
"(reCAPTCHA said: " . $resp->error . ")");
}
?>
Mori
Aug 26, 2008, 5:06:36 AM8/26/08
to reCAPTCHA
On Aug 25, 10:17 pm, SACrob <rlei...@gmail.com> wrote:
> the script sends an email no problem but it includes the recaptcha
> variable in the submission and it sends it whether it passes or fails
> the captcha.
> if (!$resp->is_valid) {
> the script sends an email no problem but it includes the recaptcha
> variable in the submission and it sends it whether it passes or fails
> the captcha.
IMHO it shoud be:
if ( $resp->is_valid )
{
since you want it to execute only when it returns TRUE - meaning
RECAPTCHA was entered correctly.
> foreach ($_POST as $key => $value)
> {
> if ($req == '1')
> {
> if ($value == '')
> {echo "$key is empty";die;}}
got $_POST["recaptcha_challenge_field"] and
$_POST["recaptcha_response_field"]) set before, don't be suprised they
got included too!
Try that before foreach:
unset( $_POST["recaptcha_challenge_field"],
$_POST["recaptcha_response_field"] );
This should destroy those varibles (they are useless after checking
the RECAPTCHA validity anyway) and not include them in the e-mail sent.
Charles Sweeney
Aug 26, 2008, 9:17:34 AM8/26/08
to reCAPTCHA
SACrob wrote:
> foreach ($_POST as $key => $value)
One sees this commonly. For those who don't know, the above code will
> foreach ($_POST as $key => $value)
only check the top level of the $_POST array. It will not check
arrays within $_POST. In other words, it's not recursive.
So...if you are using this to check for nasty injections or the like,
it will miss anything submitted in an array. You can write a
recursive function to deal with it, potentially tricky or you can use
array_walk_recursive() from PHP5.
You can then be certain that EVERY submitted value gets validated, be
it from your own form or a spammer hitting your script.
To submit an array from a form, you use square brackets for the name,
like so:
<input type="text" name="blah[]">
Most commonly this would be used for checkboxes with the same name or
a multiple select input.
--
Charles Sweeney
http://formtoemail.com/formtoemail_pro_version.php
PHP mail script with reCAPTCHA
Robert Leiker
Aug 26, 2008, 10:05:10 AM8/26/08
to reca...@googlegroups.com
Thank you for your help mori that worked like a charm!!
Reply all
Reply to author
Forward
0 new messages