Recaptcha error code 'connection-failed' on verification - php

When implementing recaptcha v2, I am given the error code 'connection-failed' when trying to verify the recaptcha input.
I have followed this (https://www.freakyjolly.com/how-to-add-google-recaptcha-in-php-form/) tutorial as I had no luck with others that I found
require('src/autoload.php');
$siteKey = 'my key';
$secret = 'my key';
$recaptcha = new \ReCaptcha\ReCaptcha($secret);
$gRecaptchaResponse = $_POST['g-recaptcha-response'];
$remoteIp = $_SERVER['REMOTE_ADDR'];
$recaptchaErrors = '';
$resp = $recaptcha->verify($gRecaptchaResponse, $remoteIp);
if ($resp->isSuccess()) {
$error[] = "worked";
} else {
$recaptchaErrors = $resp->getErrorCodes();
foreach($recaptchaErrors as $err)
{
$error[] = $err;
}
}
I have not had much luck finding any details on this error anywhere, and it is not documented on the official recaptcha page. I have edited the snippet above for testing purposes, but it would be sending an email.


If allow_url_fopen is off in your php.ini, the connection will fail because Recaptcha uses file_get_contents to access the API by default. I would not enable this flag as it can pose a security risk.
My suggestion, if you have the php curl module installed, is to use Recaptcha with a curl connection:
$recaptcha = new \ReCaptcha\ReCaptcha($secret, new \ReCaptcha\RequestMethod\CurlPost());


I have had the same problem while working locally in a node environment running node-php-awesome-server.
If you are trying to verify the reCaptcha response from localhost, with a localhost reCaptcha key pair, try from a live webserver (with relative key pair) instead.
For some reason sending the request from localhost returned me that error.
I suppose it has something to do with the development environment but did not investigate further.


I've had the same problem when i tried to include recaptcha in my website on localhost, i then tried this code on my live website(on the server) and it worked, hope this helps.
$secret = 'your server side key from google';
$post_data = http_build_query(
array(
'secret' => $secret,
'response' => $_POST['g-recaptcha-response'],
'remoteip' => $_SERVER['REMOTE_ADDR']));
$opts = array('http' =>
array(
'method' => 'POST',
'header' => 'Content-type: application/x-www-form-urlencoded',
'content' => $post_data));
$context = stream_context_create($opts);
$response =file_get_contents('https://www.google.com/recaptcha/api/siteverify',false, $context);
$result = json_decode($response);
if($result->success){
echo "Success";
}
if (!$result->success) {
echo "CAPTCHA verification failed.");
}

Related

Google reCaptcha json response return false

I have tried google captcha using PHP as following way
HTML
<div class="col-md-12">
<div class="form-group">
<div class="g-recaptcha" data-sitekey="6Lf2yUUUAAksikja1XQNtIOqIDmtzb46uHGY-Wq_sl">
</div>
</div>
</div>
PHP
if(isset($_POST['g-recaptcha-response']) && !empty($_POST['g-recaptcha-response'])){
$secret = '6Lf2yUAAHvAr2QoaNHYFDG945Z6Ai7EqTg6Y71';
//get verify response data
$verifyResponse = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=$secret=&response=" . rawurlencode($_POST['g-recaptcha-response']) . "&remoteip=" . rawurlencode($_SERVER['REMOTE_ADDR']));
$responseData = json_decode($verifyResponse);
if($responseData->success){
} else {
echo 'Robot verification failed, please try again.';
}
}
This same code has worked in PHP 5.4 But Is not working on PHP 7.0 , i don't know how to fix it, any suggestion or solution please post

You can try in this way.
Hope it will help you.
if(isset($_POST['g-recaptcha-response']) && !empty($_POST['g-recaptcha-response'])){
$privatekey = "XXXXXXXXXXXXXXXXXXXXXX";
$captcha = $_POST['g-recaptcha-response'];
$url = 'https://www.google.com/recaptcha/api/siteverify';
$data = array(
'secret' => $privatekey,
'response' => $captcha,
'remoteip' => $_SERVER['REMOTE_ADDR']
);
$curlConfig = array(
CURLOPT_URL => $url,
CURLOPT_POST => true,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_POSTFIELDS => $data
);
$ch = curl_init();
curl_setopt_array($ch, $curlConfig);
$response = curl_exec($ch);
curl_close($ch);
$jsonResponse = json_decode($response);
if ($jsonResponse->success === true) {
}
else {
$errMsg = 'Robot verification failed, please try again.';
}
} else{
$errMsg = 'Please click on the reCAPTCHA box.';
}

You will probably get timeout-or-duplicate issue if your captcha is validated twice. Save logs in a file in append mode and check if you are validating a Captcha twice.
For instance, check below:
$verifyResponse = file_get_contents('https://www.google.com/recaptcha/api/siteverify?secret='.$secret.'&response='.$_POST['g-recaptcha-response'])
file_put_contents( "logfile", $verifyResponse, FILE_APPEND );
Now, check the logfile created above and try to check if captcha is verified twice.

My re-CAPTCHA doesn´t work

I use re-CAPTCHA on my website but it doesn't work when I click LOGIN it says Robot verification failed, please try again I don´t know how to fix it... every time :/
Thanks for help.
If you have better script send me please.
if(isset($_POST['g-recaptcha-response']) && !empty($_POST['g-recaptcha-response']))
{
$secret = '**************';
$verifyResponse = file_get_contents('https://www.google.com/recaptcha/api/siteverify?secret='.$secret.'&response='.$_POST['g-recaptcha-response']);
$responseData = json_decode($verifyResponse);
if($responseData->success)
{
}else{
echo "<div class='container'><div class='alert alert-danger'><p>Robot verification failed, please try again.</p></div>";
}
}else{
echo "<div class='container'><div class='alert alert-danger'><p>Please click on the reCAPTCHA box.</p></div>";
}

I use ReCaptcha package for Composer when handling captchas.
If you don't know what Composer is, I suggest you head to http://composer.org/
Composer is a PHP dependency manager and it can be really useful when building modern PHP apps.
ReCaptcha Package: https://packagist.org/packages/google/recaptcha
Code samples are also included in the link.

Here is how I handle Google Re-Captcha on the Server:
//process captia response with a custom method.
$captcha = checkCaptia($_POST['g-recaptcha-response']);
if ($captcha){
mailLead();
}
else{
header('location: https://...');
die();
}
Method to handle captcha check...
function checkCaptia($captcha){
$url = 'https://www.google.com/recaptcha/api/siteverify';
$data = array(
'secret'=>';jaskdf;asdkjf',
'response'=>$captcha,
'remoteip'=>$_SERVER['REMOTE_ADDR']
);
$options = array(
'http' => array(
'header' => "Content-type: application/x-www-form-urlencoded\r\n",
'method' => 'POST',
'content' => http_build_query($data)
)
);
$context = stream_context_create($options);
$result = json_decode(file_get_contents($url, false, $context),TRUE);
return $result;
}

"Success false" in Google Captcha implementation

Again I came up with new google captcha question.
I have a view file with the following code :
<p>
<div class="g-recaptcha" data-sitekey="MY_SITE_KEY"></div>
</p>
Above code obviously under form element.
And after that,
In my controller, I am writing this as follows,
if ($this->form_validation->run() == TRUE) {
$recaptchaResponse = trim($this->input->post('g-recaptcha-response'));
$url = 'https://www.google.com/recaptcha/api/siteverify';
$data = array(
'secret' => 'MY_SECRET_KEY',
'response' => $recaptchaResponse
);
$options = array(
'http' => array (
'method' => 'POST',
'content' => http_build_query($data)
)
);
$context = stream_context_create($options);
$verify = file_get_contents($url, false, $context);
$captcha_success=json_decode($verify);
#echo "<pre>"; print_r($captcha_success);die;
if ($captcha_success->success==false) {
echo "<p>You are a bot! Go away!</p>";
} else if ($captcha_success->success==true) {
echo "<p>You are not not a bot!</p>";
}
die;
}
But still it is not working form me.
Actually, I have registered my localhost url with Google account and I have different secret key and site key for the local and for the live one. But when I tried to use captcha, both live and local gives me same json output as the following one.
{
"success": false,
"error-codes": [
"missing-input-response"
]
}
Please suggest, how to overcome with this.
Thank You.

You are probably getting the error message, missing-input-response, because you are not passing the parameter "response" correctly.
Can you update your question with your code you are using for the call to the captcha API?

Twitter API returns error 215, Bad Authentication Data

I am trying to call following Twitter's API to get a list of followers for a user.
http://api.twitter.com/1.1/followers/ids.json?cursor=-1&screen_name=username
And I am getting this error message in response.
{
code = 215;
message = "Bad Authentication data";
}
I can't seem to find the documentation related to this error code. Anyone has any idea about this error?

A very concise code without any other php file include of oauth etc.
Please note to obtain following keys you need to sign up with https://dev.twitter.com and create application.
<?php
$token = 'YOUR_TOKEN';
$token_secret = 'YOUR_TOKEN_SECRET';
$consumer_key = 'CONSUMER_KEY';
$consumer_secret = 'CONSUMER_SECRET';
$host = 'api.twitter.com';
$method = 'GET';
$path = '/1.1/statuses/user_timeline.json'; // api call path
$query = array( // query parameters
'screen_name' => 'twitterapi',
'count' => '5'
);
$oauth = array(
'oauth_consumer_key' => $consumer_key,
'oauth_token' => $token,
'oauth_nonce' => (string)mt_rand(), // a stronger nonce is recommended
'oauth_timestamp' => time(),
'oauth_signature_method' => 'HMAC-SHA1',
'oauth_version' => '1.0'
);
$oauth = array_map("rawurlencode", $oauth); // must be encoded before sorting
$query = array_map("rawurlencode", $query);
$arr = array_merge($oauth, $query); // combine the values THEN sort
asort($arr); // secondary sort (value)
ksort($arr); // primary sort (key)
// http_build_query automatically encodes, but our parameters
// are already encoded, and must be by this point, so we undo
// the encoding step
$querystring = urldecode(http_build_query($arr, '', '&'));
$url = "https://$host$path";
// mash everything together for the text to hash
$base_string = $method."&".rawurlencode($url)."&".rawurlencode($querystring);
// same with the key
$key = rawurlencode($consumer_secret)."&".rawurlencode($token_secret);
// generate the hash
$signature = rawurlencode(base64_encode(hash_hmac('sha1', $base_string, $key, true)));
// this time we're using a normal GET query, and we're only encoding the query params
// (without the oauth params)
$url .= "?".http_build_query($query);
$url=str_replace("&","&",$url); //Patch by #Frewuill
$oauth['oauth_signature'] = $signature; // don't want to abandon all that work!
ksort($oauth); // probably not necessary, but twitter's demo does it
// also not necessary, but twitter's demo does this too
function add_quotes($str) { return '"'.$str.'"'; }
$oauth = array_map("add_quotes", $oauth);
// this is the full value of the Authorization line
$auth = "OAuth " . urldecode(http_build_query($oauth, '', ', '));
// if you're doing post, you need to skip the GET building above
// and instead supply query parameters to CURLOPT_POSTFIELDS
$options = array( CURLOPT_HTTPHEADER => array("Authorization: $auth"),
//CURLOPT_POSTFIELDS => $postfields,
CURLOPT_HEADER => false,
CURLOPT_URL => $url,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_SSL_VERIFYPEER => false);
// do our business
$feed = curl_init();
curl_setopt_array($feed, $options);
$json = curl_exec($feed);
curl_close($feed);
$twitter_data = json_decode($json);
foreach ($twitter_data as &$value) {
$tweetout .= preg_replace("/(http:\/\/|(www\.))(([^\s<]{4,68})[^\s<]*)/", '$1$2$4', $value->text);
$tweetout = preg_replace("/#(\w+)/", "#\\1", $tweetout);
$tweetout = preg_replace("/#(\w+)/", "#\\1", $tweetout);
}
echo $tweetout;
?>
Regards

The only solution I've found so far is:
Create application in twitter developer panel
Authorize user with your application (or your application in user account) and save "oauth_token" and "oauth_token_secret" which Twitter gives you. Use TwitterOAuth library for this, it's pretty easy, see examples coming with library.
Using this tokens you can make authenticated requests on behalf of user. You can do it with the same library.
// Arguments 1 and 2 - your application static tokens, 2 and 3 - user tokens, received from Twitter during authentification
$connection = new TwitterOAuth(TWITTER_CONSUMER_KEY, TWITTER_CONSUMER_SECRET, $tokens['oauth_token'], $tokens['oauth_token_secret']);
$connection->host = 'https://api.twitter.com/1.1/'; // By default library uses API version 1.
$friendsJson = $connection->get('/friends/ids.json?cursor=-1&user_id=34342323');
This will return you list of user's friends.

FOUND A SOLUTION - using the Abraham TwitterOAuth library. If you are using an older implementation, the following lines should be added after the new TwitterOAuth object is instantiated:
$connection->host = "https://api.twitter.com/1.1/";
$connection->ssl_verifypeer = TRUE;
$connection->content_type = 'application/x-www-form-urlencoded';
The first 2 lines are now documented in Abraham library Readme file, but the 3rd one is not. Also make sure that your oauth_version is still 1.0.
Here is my code for getting all user data from 'users/show' with a newly authenticated user and returning the user full name and user icon with 1.1 - the following code is implemented in the authentication callback file:
session_start();
require ('twitteroauth/twitteroauth.php');
require ('twitteroauth/config.php');
$consumer_key = '****************';
$consumer_secret = '**********************************';
$to = new TwitterOAuth($consumer_key, $consumer_secret);
$tok = $to->getRequestToken('http://exampleredirect.com?twitoa=1');
$token = $tok['oauth_token'];
$secret = $tok['oauth_token_secret'];
//save tokens to session
$_SESSION['ttok'] = $token;
$_SESSION['tsec'] = $secret;
$request_link = $to->getAuthorizeURL($token,TRUE);
header('Location: ' . $request_link);
The following code then is in the redirect after authentication and token request
if($_REQUEST['twitoa']==1){
require ('twitteroauth/twitteroauth.php');
require_once('twitteroauth/config.php');
//Twitter Creds
$consumer_key = '*****************';
$consumer_secret = '************************************';
$oauth_token = $_GET['oauth_token']; //ex Request vals->http://domain.com/twitter_callback.php?oauth_token=MQZFhVRAP6jjsJdTunRYPXoPFzsXXKK0mQS3SxhNXZI&oauth_verifier=A5tYHnAsbxf3DBinZ1dZEj0hPgVdQ6vvjBJYg5UdJI
$ttok = $_SESSION['ttok'];
$tsec = $_SESSION['tsec'];
$to = new TwitterOAuth($consumer_key, $consumer_secret, $ttok, $tsec);
$tok = $to->getAccessToken();
$btok = $tok['oauth_token'];
$bsec = $tok['oauth_token_secret'];
$twit_u_id = $tok['user_id'];
$twit_screen_name = $tok['screen_name'];
//Twitter 1.1 DEBUG
//print_r($tok);
//echo '<br/><br/>';
//print_r($to);
//echo '<br/><br/>';
//echo $btok . '<br/><br/>';
//echo $bsec . '<br/><br/>';
//echo $twit_u_id . '<br/><br/>';
//echo $twit_screen_name . '<br/><br/>';
$twit_screen_name=urlencode($twit_screen_name);
$connection = new TwitterOAuth($consumer_key, $consumer_secret, $btok, $bsec);
$connection->host = "https://api.twitter.com/1.1/";
$connection->ssl_verifypeer = TRUE;
$connection->content_type = 'application/x-www-form-urlencoded';
$ucontent = $connection->get('users/show', array('screen_name' => $twit_screen_name));
//echo 'connection:<br/><br/>';
//print_r($connection);
//echo '<br/><br/>';
//print_r($ucontent);
$t_user_name = $ucontent->name;
$t_user_icon = $ucontent->profile_image_url;
//echo $t_user_name.'<br/><br/>';
//echo $t_user_icon.'<br/><br/>';
}
It took me way too long to figure this one out. Hope this helps someone!!

The answer by Gruik worked for me in the below thread.
{Excerpt | Zend_Service_Twitter - Make API v1.1 ready}
with ZF 1.12.3 the workaround is to pass consumerKey and consumerSecret in oauthOptions option, not directrly in the options.
$options = array(
'username' => /*...*/,
'accessToken' => /*...*/,
'oauthOptions' => array(
'consumerKey' => /*...*/,
'consumerSecret' => /*...*/,
)
);

UPDATE:
Twitter API 1 is now deprecated. Refer to above answer.
Twitter 1.1 does not work with that syntax (when I wrote this answer). Needs to be 1, not 1.1. This will work:
http://api.twitter.com/1/followers/ids.json?cursor=-1&screen_name=username

The url with /1.1/ in it is correct, it is the new Twitter API Version 1.1.
But you need an application and authorize your application (and the user) using oAuth.
Read more about this on the Twitter Developers documentation site
:)

You need to send customerKey and customerSecret to Zend_Service_Twitter
$twitter = new Zend_Service_Twitter(array(
'consumerKey' => $this->consumer_key,
'consumerSecret' => $this->consumer_secret,
'username' => $user->screenName,
'accessToken' => unserialize($user->token)
));

After two days of research I finally found that to access s.o. public tweets you just need any application credentials, and not that particular user ones. So if you are developing for a client, you don't have to ask them to do anything.
To use the new Twitter API 1.1 you need two things:
the Abraham's TwitterOAuth library that Dante Cullari already mentioned
a brand new or already working application created via the Twitter Developer site
First, you can (actually have to) create an application with your own credentials and then get the Access token (OAUTH_TOKEN) and Access token secret (OAUTH_TOKEN_SECRET) from the "Your access token" section.
Then you supply them in the constructor for the new TwitterOAuth object. Now you can access anyone public tweets.
$connection = new TwitterOAuth( CONSUMER_KEY, CONSUMER_SECRET, OAUTH_TOKEN, OAUTH_TOKEN_SECRET );
$connection->host = "https://api.twitter.com/1.1/"; // change the default
$connection->ssl_verifypeer = TRUE;
$connection->content_type = 'application/x-www-form-urlencoded';
$tweets = $connection->get('http://api.twitter.com/1.1/statuses/user_timeline.json?screen_name='.$username.'&count='.$count);
Actually I think this is what Pavel has suggested also, but it is not so obvious from his answer.
Hope this saves someone else those two days :)

This might help someone who use Zend_Oauth_Client to work with twitter api. This working config:
$accessToken = new Zend_Oauth_Token_Access();
$accessToken->setToken('accessToken');
$accessToken->setTokenSecret('accessTokenSecret');
$client = $accessToken->getHttpClient(array(
'requestScheme' => Zend_Oauth::REQUEST_SCHEME_HEADER,
'version' => '1.0', // it was 1.1 and I got 215 error.
'signatureMethod' => 'HMAC-SHA1',
'consumerKey' => 'foo',
'consumerSecret' => 'bar',
'requestTokenUrl' => 'https://api.twitter.com/oauth/request_token',
'authorizeUrl' => 'https://api.twitter.com/oauth/authorize',
'accessTokenUrl' => 'https://api.twitter.com/oauth/access_token',
'timeout' => 30
));
It look like twitter api 1.0 allows oauth version to be 1.1 and 1.0, where twitter api 1.1 require only oauth version to be 1.0.
P.S We do not use Zend_Service_Twitter as it does not allow send custom params on status update.

Be sure that you have read AND write access for application in twitter

I'm using HybridAuth and was running into this error connecting to Twitter. I tracked it down to (me) sending Twitter an incorrectly cased request type (get/post instead of GET/POST).
This would cause a 215:
$call = '/search/tweets.json';
$call_type = 'get';
$call_args = array(
'q' => 'pancakes',
'count' => 5,
);
$response = $provider_api->api( $call, $call_type, $call_args );
This would not:
$call = '/search/tweets.json';
$call_type = 'GET';
$call_args = array(
'q' => 'pancakes',
'count' => 5,
);
$response = $provider_api->api( $call, $call_type, $call_args );
Side note: In the case of HybridAuth the following also would not (because HA internally provides the correctly-cased value for the request type):
$call = '/search/tweets.json';
$call_args = array(
'q' => 'pancakes',
'count' => 5,
);
$response = $providers['Twitter']->get( $call, $call_args );

I was facing the same problem all the time the only solution I figurae out is typing CONSUMER_KEY and CONSUMER_SECRET directly to new TwitterOAuth class defination .
$connection = new TwitterOAuth( "MY_CK" , "MY_CS" );
Don't use variable or statics on this and see if the issue sloved .

Here first every one need to use oauth2/token api then use followers/list api.
Other wise you will get this error. Because followers/list api requires Authentication.
In swift (for mobile app) me also got the same problem.
If you want to know the api's and it's parameters follow this link , Get twitter friends list in swift?

I know that this is old but yesterday I faced the same issue when calling this URL using C# and the HttpClient class with the Bearer authentication token:
http://api.twitter.com/1.1/followers/ids.json?cursor=-1&screen_name=username
It turns out that the solution for me was to use HTTPS instead of HTTP. So my URL would look like this:
https://api.twitter.com/1.1/followers/ids.json?cursor=-1&screen_name=username
So here is a snippet of my code:
using (var client = new HttpClient())
{
client.BaseAddress = new Uri("https://api.twitter.com/1.1/");
client.DefaultRequestHeaders.Accept.Clear();
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
client.DefaultRequestHeaders.Add("Authorization", "Bearer **** YOUR BEARER TOKEN GOES HERE ****");
var response = client.GetAsync("statuses/user_timeline.json?count=10&screen_name=username").Result;
if (!response.IsSuccessStatusCode)
{
return result;
}
var items = response.Content.ReadAsAsync<IEnumerable<dynamic>>().Result;
foreach (dynamic item in items)
{
//Do the needful
}
}

Try this twitter API explorer, you can sign in as a developer and query whatever you want.

API request from Specific IP

I'm using Ultimate Hosting package of GoDaddy. The account has a static IP and SSL installed. Now when I'm trying to use an API which needs static IP. But scripts are sending requests from random IPs. Please suggest me an way.
My Script
$soap_exception_occured = false;
$wsdl_path = 'http://vrapi.sslwireless.com/?wsdl';
$response = '';
ini_set('soap.wsdl_cache_enabled', '0'); // disabling WSDL cache
try {
$client = new SoapClient($wsdl_path);
}
catch(SoapFault $exception) {
$soap_exception_occured = true;
$response .= '\nError occoured when connecting to the SMS SOAP Server!';
$response .= '\nSoap Exception: '.$exception;
}
I'm using SOAP. Can IP binding help me ?

Assuming you are using curl of php to connect to that API, you should bind each request to your IP:
curl_setopt($ch, CURLOPT_INTERFACE, $myIP);
To bind CURL to a different outgoing network interface or a different IP address, all that is needed is to set the CURLOPT_INTERFACE to the appropriate value before executing the CURL request:

Try this and let me know what happend
$soap_exception_occured = false;
$ipandport = array(
'socket' => array(
'bindto' => 'xx.xx.xx.xx:port',
),
);
$setip = stream_context_create(ipandport);
$wsdl_path = 'http://vrapi.sslwireless.com/?wsdl';
$response = '';
ini_set('soap.wsdl_cache_enabled', '0'); // disabling WSDL cache
try {
$client = new SoapClient($wsdl_path, array('stream_context' => $setip));
}
catch(SoapFault $exception) {
$soap_exception_occured = true;
$response .= '\nError occoured when connecting to the SMS SOAP Server!';
$response .= '\nSoap Exception: '.$exception;
}

This thread will be a not complete without file_get_contents:
$opts = array(
'socket' => array(
'bindto' => 'xx.xx.xx.xx:0',
)
);
$context = stream_context_create($opts);
echo file_get_contents('http://www.example.com', false, $context);

Categories