Google ReCaptcha V2 problem

[WeBBy421]

I have been running Google ReCaptcha v2 on 4 different sites for a very long time without any problem. They were all working fine. Not sure when as I was just recently made aware it, but none of them work anymore ???

Did google change something or is it because I updated php??

The problem is in the response - no matter what I try, I cannot verify that I am human.

This is the response code:

	   if(isset($_POST['g-recaptcha-response'])){

	         $captcha=$_POST['g-recaptcha-response'];

	         }

	         if(!$captcha){

	     include ('./forms/sectionhead.tpl'); 

	           echo '<h4 style="color:#c30000;text-align:center;">You must check the reCaptcha form to send this email.</h4>';

	           include ('./forms/contactform.php');

	     include ('./forms/contactend.php');

	     exit;

	             }

	         $ip = $_SERVER['REMOTE_ADDR'];

	         $response=file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=".$secretKey."&response=".$captcha."&remoteip=".$ip);

	         $responseKeys = json_decode($response,true);

	         if(intval($responseKeys["success"]) !== 1) {

	           echo '<h4 style="color:#c30000;text-align:center;">Sorry, we cannot verify that you are human</h4><br><br>';

	         } else {

	  

	         //send email

[\code]

For some reason I am no longer getting a successful response.

Any help would be greatly appreciated

Thanx

 

 

[requinix]

Look for Javascript errors, and for God's sake log that $response somewhere you can inspect it!

[WeBBy421]

I do not find any errors. Based on the Google dashboard it states "We detected that your site is not verifying reCAPTCHA solutions.". Also shows that they appear to have been working on 2/25 with several passed but "no Captchas" on 2/28.

How do I log the $response?

[WeBBy421]

I am beginning to think it is related to a php 7.3 upgrade? Can anyone verify this or not?

[requinix]

2 hours ago, WeBBy421 said:

I am beginning to think it is related to a php 7.3 upgrade? Can anyone verify this or not?

With just that code? No.

If it was working 2/25 and then not working 2/28 the obvious question is: what changed?

[Strider64]

Google gives a good example on how to setup ReCaptcha V2 and even you gives an option where you can test it on a local server. Here is the link -> https://developers.google.com/recaptcha/docs/display

There are even tutorials on how to setup up that might help you the ReCaptcha backup and running -> Here's just one link of many https://www.kaplankomputing.com/blog/tutorials/recaptcha-php-demo-tutorial/

Here's my code that I think is broken done pretty good (I think?) -> 

            /* The Following to get response back from Google recaptcha */
            $url = "https://www.google.com/recaptcha/api/siteverify";

            $remoteServer = filter_input(INPUT_SERVER, 'REMOTE_ADDR', FILTER_SANITIZE_URL);
            $response = file_get_contents($url . "?secret=" . PRIVATE_KEY . "&response=" . \htmlspecialchars($_POST['g-recaptcha-response']) . "&remoteip=" . $remoteServer);
            $recaptcha_data = json_decode($response);
            /* The actual check of the recaptcha */
            if (isset($recaptcha_data->success) && $recaptcha_data->success === TRUE) {
                $success = "Mail was sent!";
                $data['name'] = filter_input(INPUT_POST, 'name', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
                $data['email'] = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL);
                $data['phone'] = filter_input(INPUT_POST, 'phone', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
                $data['website'] = filter_input(INPUT_POST, 'website', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
                $data['reason'] = filter_input(INPUT_POST, 'reason', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
                $data['comments'] = filter_input(INPUT_POST, 'comments', FILTER_SANITIZE_FULL_SPECIAL_CHARS);

                $send = new Email($data);
            } else {
                $success = "You're not a human!"; // Not on a production server:
            }

 

Edited March 1, 2020 by Strider64
Grammar

[WeBBy421]

I do not get it. The only thing that has changed is an upgrade to php 7.3 from 5.6. I cannot believe this is the problem. But only thing that has changed

Your code gives the same result "You're not a human!":

 

 

<html>
  <head>
    <title>Captcha Test</title>
    <script src="https://www.google.com/recaptcha/api.js" async defer></script>
  </head>
  <body>
  <?
 	$siteKey = 'xxxx';
	$secretKey = 'xxxx';
?>
    <form action="" method="POST">
      <div class="g-recaptcha" data-sitekey="<? echo $siteKey; ?>"></div>
      <br/>
      <input type="submit" name="submit" value="Submit">
    </form>
<?
if(isset($_POST['submit']))
{
	        /* The Following to get response back from Google recaptcha */
            $url = "https://www.google.com/recaptcha/api/siteverify";

            $remoteServer = filter_input(INPUT_SERVER, 'REMOTE_ADDR', FILTER_SANITIZE_URL);
            $response = file_get_contents($url . "?secret=" . $secretKey . "&response=" . \htmlspecialchars($_POST['g-recaptcha-response']) . "&remoteip=" . $remoteServer);
            $recaptcha_data = json_decode($response);
            /* The actual check of the recaptcha */
            if (isset($recaptcha_data->success) && $recaptcha_data->success === TRUE) {
                $success = "Mail was sent!";
                $data['name'] = filter_input(INPUT_POST, 'name', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
                $data['email'] = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL);
                $data['phone'] = filter_input(INPUT_POST, 'phone', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
                $data['website'] = filter_input(INPUT_POST, 'website', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
                $data['reason'] = filter_input(INPUT_POST, 'reason', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
                $data['comments'] = filter_input(INPUT_POST, 'comments', FILTER_SANITIZE_FULL_SPECIAL_CHARS);

                $send = new Email($data);
				echo "Send Email";
            } else {
                $success = "You're not a human!"; // Not on a production server:
				echo $success;
            }
}
?>

</body>
</html>

 

Nothing makes sense (to me anyway)....

 

 

 

[mac_gyver]

10 minutes ago, WeBBy421 said:

Your code gives the same result "You're not a human!":

that's because it is using the same method and is lacking in any logging of information when the success value isn't true.

do you have php's error_reporting set to E_ALL and either log_errors set to ON or temporarily (turn off when finished) set display_errors to ON, so that php would help you?

while there's nothing php version specific in the code, there is something php configuration specific that could affect the code. allow_url_fopen is probably off (there would be php errors when the code runs.) what does a phpinfo() statement show for allow_url_fopen?

[WeBBy421]

THIS IS RIDICULOUS !!!

I had found the issue with allow_url_fopen in another post. And checked that it was on and it was.

/$ grep allow_url_fopen /usr/local/lib/php.ini
allow_url_fopen = On

Rather than ssh, decided to turn on php error reporting through cpanel WHM and in the Multiphp ini editor it said allow_url_fopen DISABLED !!!

WTF !!

Enabled and all working - dont want to even think of the hours wasted on this.

Why ssh says ON and cpanel says OFF ???

[mac_gyver]

finding a line in a php.ini file that has a value, doesn't mean that that php.ini or that line is being used (syntax errors in a php.ini stop the parsing of the following lines in the file/probably treat all the rest of the file as part of the line where the syntax error is at, w/o any error being reported), which is why i asked what a phpinfo() statement showed for the value. this is also why you need to ALWAYS have the error related settings set to report all errors and to log them on a live/public server.