验证 reCaptcha V2:始终为 false
Verify reCaptcha V2 : Always false
我正在尝试在我的网站(使用 PHP 和 Wordpress 开发)中植入 Google 的 reCaptcha V2。
我正在尝试验证用户是否在提交之前检查了此验证码。
这是我的验证:
<?php
if(isset($_POST['g-recaptcha-response']) && !empty($_POST['g-recaptcha-response'])){
$privatekey = $secret;
$captcha = $_POST['g-recaptcha-response'];
$url = 'https://www.google.com/recaptcha/api/siteverify';
$data = array(
'secret' => $privatekey,
'response' => $captcha,
'remoteip' => $_SERVER['REMOTE_ADDR']
);
$curlConfig = array(
CURLOPT_URL => $url,
CURLOPT_POST => true,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_POSTFIELDS => $data
);
$ch = curl_init();
curl_setopt_array($ch, $curlConfig);
$response = curl_exec($ch);
curl_close($ch);
$jsonResponse = json_decode($response);
if ($jsonResponse->success == true) {
$succMsg = 'Your contact request have submitted successfully.';
echo "<script>alert(\"OK\")</script>";
}
else {
$errMsg = 'Robot verification failed, please try again.';
echo "<script>alert(\"KO ROBOT\")</script>";
}
}
else{
$errMsg = 'Please click on the reCAPTCHA box.';
echo "<script>alert(\"KO CLICK ON BOX\")</script>";
}
?>
当我重新加载页面,或者当我提交时没有检查验证码,或者当我检查验证码时,它总是显示:"KO ROBOT"
我也尝试过使用 "file_get_contents" 而不是 curl,但是我有一个 SSL 错误警告。
谢谢。
更新:
当我这样做时:
var_dump($jsonResponse);
我的页面上有这个:
object(stdClass)#4028 (2) { ["success"]=> bool(false)
["error-codes"]=> array(1) { [0]=> string(20) "invalid-input-secret" }
}
更新 2:
现在我有了这个,在验证我的密钥之后:
object(stdClass)#4028 (2) { ["success"]=> bool(false)
["error-codes"]=> array(1) { [0]=> string(20) "timeout-or-duplicate" }
}
用这个试试,只是替换秘钥。
<?php
$response = isset($_POST["g-recaptcha-response"]) ? $_POST['g-recaptcha-response'] : null;
$privatekey = "YOUR PRIVATE KEY";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://www.google.com/recaptcha/api/siteverify");
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, array(
'secret' => $privatekey,
'response' => $response,
'remoteip' => $_SERVER['REMOTE_ADDR']
));
$resp = json_decode(curl_exec($ch));
curl_close($ch);
if ($resp->success) {
} else {
//failed return mess
}
?>
我正在尝试在我的网站(使用 PHP 和 Wordpress 开发)中植入 Google 的 reCaptcha V2。
我正在尝试验证用户是否在提交之前检查了此验证码。
这是我的验证:
<?php
if(isset($_POST['g-recaptcha-response']) && !empty($_POST['g-recaptcha-response'])){
$privatekey = $secret;
$captcha = $_POST['g-recaptcha-response'];
$url = 'https://www.google.com/recaptcha/api/siteverify';
$data = array(
'secret' => $privatekey,
'response' => $captcha,
'remoteip' => $_SERVER['REMOTE_ADDR']
);
$curlConfig = array(
CURLOPT_URL => $url,
CURLOPT_POST => true,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_POSTFIELDS => $data
);
$ch = curl_init();
curl_setopt_array($ch, $curlConfig);
$response = curl_exec($ch);
curl_close($ch);
$jsonResponse = json_decode($response);
if ($jsonResponse->success == true) {
$succMsg = 'Your contact request have submitted successfully.';
echo "<script>alert(\"OK\")</script>";
}
else {
$errMsg = 'Robot verification failed, please try again.';
echo "<script>alert(\"KO ROBOT\")</script>";
}
}
else{
$errMsg = 'Please click on the reCAPTCHA box.';
echo "<script>alert(\"KO CLICK ON BOX\")</script>";
}
?>
当我重新加载页面,或者当我提交时没有检查验证码,或者当我检查验证码时,它总是显示:"KO ROBOT"
我也尝试过使用 "file_get_contents" 而不是 curl,但是我有一个 SSL 错误警告。
谢谢。
更新:
当我这样做时:
var_dump($jsonResponse);
我的页面上有这个:
object(stdClass)#4028 (2) { ["success"]=> bool(false) ["error-codes"]=> array(1) { [0]=> string(20) "invalid-input-secret" } }
更新 2:
现在我有了这个,在验证我的密钥之后:
object(stdClass)#4028 (2) { ["success"]=> bool(false) ["error-codes"]=> array(1) { [0]=> string(20) "timeout-or-duplicate" } }
用这个试试,只是替换秘钥。
<?php
$response = isset($_POST["g-recaptcha-response"]) ? $_POST['g-recaptcha-response'] : null;
$privatekey = "YOUR PRIVATE KEY";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://www.google.com/recaptcha/api/siteverify");
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, array(
'secret' => $privatekey,
'response' => $response,
'remoteip' => $_SERVER['REMOTE_ADDR']
));
$resp = json_decode(curl_exec($ch));
curl_close($ch);
if ($resp->success) {
} else {
//failed return mess
}
?>