如何在服务器端验证 Google reCAPTCHA v3?
P粉904191507
2023-08-27 16:48:47
[PHP讨论组]
<p>我刚刚设置了带有复选框的新谷歌验证码,它在前端工作正常,但我不知道如何使用 PHP 在服务器端处理它。我尝试使用下面的旧代码,但即使验证码无效,表单也会发送。</p>
<pre class="brush:php;toolbar:false;">require_once('recaptchalib.php');
$privatekey = "my key";
$resp = recaptcha_check_answer ($privatekey,
$_SERVER["REMOTE_ADDR"],
$_POST["recaptcha_challenge_field"],
$_POST["recaptcha_response_field"]);
if (!$resp->is_valid) {
$errCapt='<p style="color:#D6012C ">The CAPTCHA Code wasnot entered correctly.</p>';}</pre>
<p><br /></p>
2
1124
收藏
私钥安全
虽然这里的答案肯定有效,但它们使用
GET请求,这会暴露您的私钥(即使使用https)。在 Google Developers 上,指定的方法是POST。有关更多详细信息:https://stackoverflow.com/a/323286/1680919
通过 POST 验证
function isValid() { try { $url = 'https://www.google.com/recaptcha/api/siteverify'; $data = ['secret' => '[YOUR SECRET KEY]', 'response' => $_POST['g-recaptcha-response'], 'remoteip' => $_SERVER['REMOTE_ADDR']]; $options = [ 'http' => [ 'header' => "Content-type: application/x-www-form-urlencoded\r\n", 'method' => 'POST', 'content' => http_build_query($data) ] ]; $context = stream_context_create($options); $result = file_get_contents($url, false, $context); return json_decode($result)->success; } catch (Exception $e) { return null; } }数组语法:我使用“新”数组语法(
[和]而不是array(..))。如果您的 php 版本尚不支持此功能,您将必须相应地编辑这 3 个数组定义(请参阅评论)。返回值:如果用户有效,则此函数返回
来使用它true;如果无效,则返回false;如果用户有效,则返回null如果发生错误。例如,您可以简单地通过编写if (isValid()) { ... }这是解决方案
index.html
<html> <head> <title>Google recapcha demo - Codeforgeek</title> <script src='https://www.google.com/recaptcha/api.js'></script> </head> <body> <h1>Google reCAPTHA Demo</h1> <form id="comment_form" action="form.php" method="post"> <input type="email" placeholder="Type your email" size="40"><br><br> <textarea name="comment" rows="8" cols="39"></textarea><br><br> <input type="submit" name="submit" value="Post comment"><br><br> <div class="g-recaptcha" data-sitekey="=== Your site key ==="></div> </form> </body> </html>验证.php
<?php $email; $comment; $captcha; if(isset($_POST['email'])) $email=$_POST['email']; if(isset($_POST['comment'])) $comment=$_POST['comment']; if(isset($_POST['g-recaptcha-response'])) $captcha=$_POST['g-recaptcha-response']; if(!$captcha){ echo '<h2>Please check the the captcha form.</h2>'; exit; } $response = json_decode(file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=YOUR SECRET KEY&response=".$captcha."&remoteip=".$_SERVER['REMOTE_ADDR']), true); if($response['success'] == false) { echo '<h2>You are spammer ! Get the @$%K out</h2>'; } else { echo '<h2>Thanks for posting comment.</h2>'; } ?>http://codeforgeek.com/2014/12/google-recaptcha-tutorial /