如何在提交 Google Recaptcha 后自动重定向？

Question

我想用 Google Recaptcha 创建一个表单，但我不知道如何实现这个案例。

这是我的HTML代码

<form action="redirect.php" method="post">
    <div class="g-recaptcha" data-sitekey="xxxxxxxxxx"></div>
    <input type="submit" value="Submit" >
</form>

如何在提交 Google Recaptcha 后重定向到页面？

Answer 1

在javascript中， google recaptcha 有回调响应方法grecaptcha.getResponse()。你可以检查它的长度是 > 0 如果验证成功。

if(grecaptcha.getResponse().length === 0) { //redirect code here }

Answer 2

阅读文档：

https://developers.google.com/recaptcha/docs/verify

正在验证用户的响应

本页介绍了如何验证用户对来自应用程序后端的 reCAPTCHA 质询的响应。当最终用户解决 reCAPTCHA 时，将在 HTML 中填充一个新字段 (g-recaptcha-response)。您可以通过以下三种方式之一获取用户的响应：

g-recaptcha-response POST 用户在您的网站上提交表单时的参数 grecaptcha.getResponse(opt_widget_id) 在用户完成验证码挑战后 如果在 g-recaptcha 标记属性或 grecaptcha.render 方法中的回调参数中指定了数据回调，则作为回调函数的字符串参数 每个 reCAPTCHA 响应都是一个只能使用一次的令牌。如果已使用特定令牌进行验证尝试，则无法再次使用。您将需要调用 grecaptcha.reset() 要求最终用户再次使用 reCAPTCHA 进行验证。

获得响应令牌后，您需要使用以下API通过reCAPTCHA对其进行验证，以确保令牌有效。

API请求

URL: https://www.google.com/recaptcha/api/siteverify

方法：POST

POST参数说明 机密必填。您的网站和 reCAPTCHA 之间的共享密钥。 回复 必填。 reCAPTCHA 提供的用户响应令牌，用于验证您网站上的用户。 远程 IP 可选。用户的 IP 地址。 API 回应

响应是一个 JSON 对象：

{
  "success": true|false,
  "challenge_ts": timestamp,  // timestamp of the challenge load (ISO format yyyy-MM-dd'T'HH:mm:ssZZ)
  "hostname": string,         // the hostname of the site where the reCAPTCHA was solved
  "error-codes": [...]        // optional
}

---

PHP 示例：

// set post fields
$post = [
    'secret' => $secret,
    'response' => $_POST['g-recaptcha-response'],
    'remoteip'   => $_SERVER['REMOTE_ADDR']
];

$ch = curl_init('https://www.google.com/recaptcha/api/siteverify');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post);

// execute!
$response = curl_exec($ch);

// close the connection, release resources used
curl_close($ch);

// do anything you want with your response
var_dump(json_decode($response));

Answer 3

这是 php v7.x 使用 reCaptchaV2 的完整工作示例； 根据来自 "meda"、"Alive to Die" 页面 How to json decode in php and the Google reCaptcha v2 own example from https://developers.google.com/recaptcha/docs/display 本页面的回复撰写。我只是把这些碎片放在一起然后我明白了。感谢贡献者！

    <html>
      <head>
        <title>reCAPTCHA V2 demo by softlivre.com.br</title>
         <script src="https://www.google.com/recaptcha/api.js" async defer></script>
      </head>
      <body>
        <form action="./index.php" method="POST">
          <!-- here you must input the site key, not the secret key -->
          <div class="g-recaptcha" data-sitekey="xxxxxxxxxxxx"></div>
          <br/>
          <input type="submit" value="Submit">
        </form>
      </body>

    <?php
    // here you must input the secret key, not the site key
    // don´t worry, it is server side protected and won´t be
    // visible under the page source, it´s php code from now on...
    $secret = "yyyyyyyyyyyyy";

    // set post fields
    $post = [
        'secret' => $secret,
        'response' => $_POST['g-recaptcha-response'],
        'remoteip'   => $_SERVER['REMOTE_ADDR']
    ];

    $ch = curl_init('https://www.google.com/recaptcha/api/siteverify');
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $post);

    // execute!
    $response = curl_exec($ch);

    // close the connection, release resources used
    curl_close($ch);

    // do anything you want with your response
    // var_dump(json_decode($response)); // uncomment this to get the json full response
    $array = json_decode($response,true);
    //echo "<pre/>";print_r($array); // uncomment this to get the json to array full response/results

    if($array['success'] == 1){
    // here we have confirmed the chalenge, do whatever you want here, as redirecting to another
    // page. i suggest using $_SESSION in order for really protecting the other page to be
    // redirected from here to be safe, else anyone may access the other page directly 
    // without passing by the recapctha challenge, so there won´t be any point in this effort!
        echo "success!" ;
    }
    else{
        echo "Challenge not accepted so far....";
    }
    ?>

    </html>

Answer 4

<html>
  <head>
    <title>reCAPTCHA V2 demo by softlivre.com.br</title>
     <script src="https://www.google.com/recaptcha/api.js" async defer></script>
  </head>
  <body>
    <form action="./index.php" method="POST">
      <!-- here you must input the site key, not the secret key -->
      <div class="g-recaptcha" data-sitekey="xxxxxxxxxxxx"></div>
      <br/>
      <input type="submit" value="Submit">
    </form>
  </body>

<?php
// here you must input the secret key, not the site key
// don´t worry, it is server side protected and won´t be
// visible under the page source, it´s php code from now on...
$secret = "yyyyyyyyyyyyy";

// set post fields
$post = [
    'secret' => $secret,
    'response' => $_POST['g-recaptcha-response'],
    'remoteip'   => $_SERVER['REMOTE_ADDR']
];

$ch = curl_init('https://www.google.com/recaptcha/api/siteverify');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post);

// execute!
$response = curl_exec($ch);

// close the connection, release resources used
curl_close($ch);

// do anything you want with your response
// var_dump(json_decode($response)); // uncomment this to get the json full response
$array = json_decode($response,true);
//echo "<pre/>";print_r($array); // uncomment this to get the json to array full response/results

if($array['success'] == 1){
// here we have confirmed the chalenge, do whatever you want here, as redirecting to another
// page. i suggest using $_SESSION in order for really protecting the other page to be
// redirected from here to be safe, else anyone may access the other page directly 
// without passing by the recapctha challenge, so there won´t be any point in this effort!
    echo "success!" ;
}
else{
    echo "Challenge not accepted so far....";
}
?>

</html>