"Success false" in Google Captcha implementation - php

Again I came up with new google captcha question.
I have a view file with the following code :
<p>
<div class="g-recaptcha" data-sitekey="MY_SITE_KEY"></div>
</p>
Above code obviously under form element.
And after that,
In my controller, I am writing this as follows,
if ($this->form_validation->run() == TRUE) {
$recaptchaResponse = trim($this->input->post('g-recaptcha-response'));
$url = 'https://www.google.com/recaptcha/api/siteverify';
$data = array(
'secret' => 'MY_SECRET_KEY',
'response' => $recaptchaResponse
);
$options = array(
'http' => array (
'method' => 'POST',
'content' => http_build_query($data)
)
);
$context = stream_context_create($options);
$verify = file_get_contents($url, false, $context);
$captcha_success=json_decode($verify);
#echo "<pre>"; print_r($captcha_success);die;
if ($captcha_success->success==false) {
echo "<p>You are a bot! Go away!</p>";
} else if ($captcha_success->success==true) {
echo "<p>You are not not a bot!</p>";
}
die;
}
But still it is not working form me.
Actually, I have registered my localhost url with Google account and I have different secret key and site key for the local and for the live one. But when I tried to use captcha, both live and local gives me same json output as the following one.
{
"success": false,
"error-codes": [
"missing-input-response"
]
}
Please suggest, how to overcome with this.
Thank You.


You are probably getting the error message, missing-input-response, because you are not passing the parameter "response" correctly.
Can you update your question with your code you are using for the call to the captcha API?

Related

Why does execution stop at wordpress_remote_post() function call?

I am trying to write an SSO plugin for my WordPress multisite and MemberSuite. I'm in the beginning steps, just trying to have the user sign in and get the MemberSuite sign-in token.
Here's the code I have so far:
define("MS_API_URL", "http://rest.membersuite.com/swagger/platform/v2/");
define("TENANT_ID", "00000");
define("USER_POOL", "placeholder");
define("CLIENT_ID", "placeholder");
function send_request() {
$username = $_POST[portalusername];
$password = $_POST[portalpassword];
return ms_sign_in($username, $password, USER_POOL, CLIENT_ID);
}
function ms_sign_in($un, $pw, $up, $cid) {
$url = MS_API_URL . 'storeJWTTokenForUser/' . TENANT_ID;
$data = array(
'username' => $un,
'password' => $pw,
'userPool' => $up,
'clientID' => $cid
);
$arguments = array(
'method' => 'POST',
'headers' => array(
'Content-Type' => 'application/json',
'Accept' => 'application/json'
),
'body' => json_encode($data)
);
echo "before post";
$response = wp_remote_post($url, $arguments);
echo "after post";
if ( is_wp_error( $response ) ) {
$error_message = $response->get_error_message();
echo "Something went wrong: $error_message";
}
echo $response;
echo $response['body'];
return $response['body'];
}
?>
<html>
<body>
<p>body 1</p>
<?php echo send_request();?>
<p>body 2</p>
</body>
</html>
My form calls the send_request() function. As far as I can tell, I've implemented everything the way the MemberSuite documentation indicates it should be implemented. I've included all the necessary values for verification.
However, it appears execution just stops when I reach the line that says $response = wp_remote_post($url, $arguments);. The output displays:
body 1
before post
but nothing else. I'd like to know why this happening, if there is any way to fix it, and/or if there is a different way I should go about making the POST request.

Recaptcha error code 'connection-failed' on verification

When implementing recaptcha v2, I am given the error code 'connection-failed' when trying to verify the recaptcha input.
I have followed this (https://www.freakyjolly.com/how-to-add-google-recaptcha-in-php-form/) tutorial as I had no luck with others that I found
require('src/autoload.php');
$siteKey = 'my key';
$secret = 'my key';
$recaptcha = new \ReCaptcha\ReCaptcha($secret);
$gRecaptchaResponse = $_POST['g-recaptcha-response'];
$remoteIp = $_SERVER['REMOTE_ADDR'];
$recaptchaErrors = '';
$resp = $recaptcha->verify($gRecaptchaResponse, $remoteIp);
if ($resp->isSuccess()) {
$error[] = "worked";
} else {
$recaptchaErrors = $resp->getErrorCodes();
foreach($recaptchaErrors as $err)
{
$error[] = $err;
}
}
I have not had much luck finding any details on this error anywhere, and it is not documented on the official recaptcha page. I have edited the snippet above for testing purposes, but it would be sending an email.

If allow_url_fopen is off in your php.ini, the connection will fail because Recaptcha uses file_get_contents to access the API by default. I would not enable this flag as it can pose a security risk.
My suggestion, if you have the php curl module installed, is to use Recaptcha with a curl connection:
$recaptcha = new \ReCaptcha\ReCaptcha($secret, new \ReCaptcha\RequestMethod\CurlPost());

I have had the same problem while working locally in a node environment running node-php-awesome-server.
If you are trying to verify the reCaptcha response from localhost, with a localhost reCaptcha key pair, try from a live webserver (with relative key pair) instead.
For some reason sending the request from localhost returned me that error.
I suppose it has something to do with the development environment but did not investigate further.

I've had the same problem when i tried to include recaptcha in my website on localhost, i then tried this code on my live website(on the server) and it worked, hope this helps.
$secret = 'your server side key from google';
$post_data = http_build_query(
array(
'secret' => $secret,
'response' => $_POST['g-recaptcha-response'],
'remoteip' => $_SERVER['REMOTE_ADDR']));
$opts = array('http' =>
array(
'method' => 'POST',
'header' => 'Content-type: application/x-www-form-urlencoded',
'content' => $post_data));
$context = stream_context_create($opts);
$response =file_get_contents('https://www.google.com/recaptcha/api/siteverify',false, $context);
$result = json_decode($response);
if($result->success){
echo "Success";
}
if (!$result->success) {
echo "CAPTCHA verification failed.");
}

Simple recaptcha doesn't work on VPS server, but works on another hosting server

I have the following codes in 2 websites. Recaptcha works fine on normal hosting but doesn't work on VPS server.
Its really strange.
I crossed checked like 1000 times.
FYI, I got SSL Installed as well. Recaptcha v2.
The response['success'] on VPS is always false
index.php
<script src="https://www.google.com/recaptcha/api.js" async defer></script>
<form action="test.php" method="post">
<div class="g-recaptcha" data-sitekey="***"></div>
<input type="submit" name="Submit" id="Submit" value="Submit">
</form>
test.php
<?php
$response = $_POST["g-recaptcha-response"];
$url = 'https://www.google.com/recaptcha/api/siteverify';
$data = array(
'secret' => '***',
'response' => $_POST["g-recaptcha-response"]
);
$options = array(
'http' => array (
'method' => 'POST',
'content' => http_build_query($data)
)
);
$context = stream_context_create($options);
$verify = file_get_contents($url, false, $context);
$captcha_success=json_decode($verify);
if ($captcha_success->success==false) {
echo "<p>You are a bot! Go away!</p>";
} else if ($captcha_success->success==true) {
echo "<p>You are not not a bot!</p>";
}
?>
I have used the different secret code for each websites. Is there a problem with Godaddy VPS? Or my code?

Google reCaptcha json response return false

I have tried google captcha using PHP as following way
HTML
<div class="col-md-12">
<div class="form-group">
<div class="g-recaptcha" data-sitekey="6Lf2yUUUAAksikja1XQNtIOqIDmtzb46uHGY-Wq_sl">
</div>
</div>
</div>
PHP
if(isset($_POST['g-recaptcha-response']) && !empty($_POST['g-recaptcha-response'])){
$secret = '6Lf2yUAAHvAr2QoaNHYFDG945Z6Ai7EqTg6Y71';
//get verify response data
$verifyResponse = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=$secret=&response=" . rawurlencode($_POST['g-recaptcha-response']) . "&remoteip=" . rawurlencode($_SERVER['REMOTE_ADDR']));
$responseData = json_decode($verifyResponse);
if($responseData->success){
} else {
echo 'Robot verification failed, please try again.';
}
}
This same code has worked in PHP 5.4 But Is not working on PHP 7.0 , i don't know how to fix it, any suggestion or solution please post

You can try in this way.
Hope it will help you.
if(isset($_POST['g-recaptcha-response']) && !empty($_POST['g-recaptcha-response'])){
$privatekey = "XXXXXXXXXXXXXXXXXXXXXX";
$captcha = $_POST['g-recaptcha-response'];
$url = 'https://www.google.com/recaptcha/api/siteverify';
$data = array(
'secret' => $privatekey,
'response' => $captcha,
'remoteip' => $_SERVER['REMOTE_ADDR']
);
$curlConfig = array(
CURLOPT_URL => $url,
CURLOPT_POST => true,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_POSTFIELDS => $data
);
$ch = curl_init();
curl_setopt_array($ch, $curlConfig);
$response = curl_exec($ch);
curl_close($ch);
$jsonResponse = json_decode($response);
if ($jsonResponse->success === true) {
}
else {
$errMsg = 'Robot verification failed, please try again.';
}
} else{
$errMsg = 'Please click on the reCAPTCHA box.';
}

You will probably get timeout-or-duplicate issue if your captcha is validated twice. Save logs in a file in append mode and check if you are validating a Captcha twice.
For instance, check below:
$verifyResponse = file_get_contents('https://www.google.com/recaptcha/api/siteverify?secret='.$secret.'&response='.$_POST['g-recaptcha-response'])
file_put_contents( "logfile", $verifyResponse, FILE_APPEND );
Now, check the logfile created above and try to check if captcha is verified twice.

My re-CAPTCHA doesn´t work

I use re-CAPTCHA on my website but it doesn't work when I click LOGIN it says Robot verification failed, please try again I don´t know how to fix it... every time :/
Thanks for help.
If you have better script send me please.
if(isset($_POST['g-recaptcha-response']) && !empty($_POST['g-recaptcha-response']))
{
$secret = '**************';
$verifyResponse = file_get_contents('https://www.google.com/recaptcha/api/siteverify?secret='.$secret.'&response='.$_POST['g-recaptcha-response']);
$responseData = json_decode($verifyResponse);
if($responseData->success)
{
}else{
echo "<div class='container'><div class='alert alert-danger'><p>Robot verification failed, please try again.</p></div>";
}
}else{
echo "<div class='container'><div class='alert alert-danger'><p>Please click on the reCAPTCHA box.</p></div>";
}

I use ReCaptcha package for Composer when handling captchas.
If you don't know what Composer is, I suggest you head to http://composer.org/
Composer is a PHP dependency manager and it can be really useful when building modern PHP apps.
ReCaptcha Package: https://packagist.org/packages/google/recaptcha
Code samples are also included in the link.

Here is how I handle Google Re-Captcha on the Server:
//process captia response with a custom method.
$captcha = checkCaptia($_POST['g-recaptcha-response']);
if ($captcha){
mailLead();
}
else{
header('location: https://...');
die();
}
Method to handle captcha check...
function checkCaptia($captcha){
$url = 'https://www.google.com/recaptcha/api/siteverify';
$data = array(
'secret'=>';jaskdf;asdkjf',
'response'=>$captcha,
'remoteip'=>$_SERVER['REMOTE_ADDR']
);
$options = array(
'http' => array(
'header' => "Content-type: application/x-www-form-urlencoded\r\n",
'method' => 'POST',
'content' => http_build_query($data)
)
);
$context = stream_context_create($options);
$result = json_decode(file_get_contents($url, false, $context),TRUE);
return $result;
}

Categories