Jump to content

Google ReCaptcha V2 problem


WeBBy421

Recommended Posts

I have been running Google ReCaptcha v2 on 4 different sites for a very long time without any problem. They were all working fine. Not sure when as I was just recently made aware it, but none of them work anymore ???

Did google change something or is it because I updated php??

The problem is in the response - no matter what I try, I cannot verify that I am human.

This is the response code:


   if(isset($_POST['g-recaptcha-response'])){
         $captcha=$_POST['g-recaptcha-response'];
         }
         if(!$captcha){
     include ('./forms/sectionhead.tpl'); 
           echo '<h4 style="color:#c30000;text-align:center;">You must check the reCaptcha form to send this email.</h4>';
           include ('./forms/contactform.php');
     include ('./forms/contactend.php');
     exit;
             }
         $ip = $_SERVER['REMOTE_ADDR'];
         $response=file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=".$secretKey."&response=".$captcha."&remoteip=".$ip);
         $responseKeys = json_decode($response,true);
         if(intval($responseKeys["success"]) !== 1) {
           echo '<h4 style="color:#c30000;text-align:center;">Sorry, we cannot verify that you are human</h4><br><br>';
         } else {
  
         //send email

[\code]

For some reason I am no longer getting a successful response.

Any help would be greatly appreciated

Thanx

 

 

Link to comment
Share on other sites

I do not find any errors. Based on the Google dashboard it states "We detected that your site is not verifying reCAPTCHA solutions.". Also shows that they appear to have been working on 2/25 with several passed but "no Captchas" on 2/28.

How do I log the $response?

Link to comment
Share on other sites

2 hours ago, WeBBy421 said:

I am beginning to think it is related to a php 7.3 upgrade? Can anyone verify this or not?

With just that code? No.

If it was working 2/25 and then not working 2/28 the obvious question is: what changed?

Link to comment
Share on other sites

Google gives a good example on how to setup ReCaptcha V2 and even you gives an option where you can test it on a local server. Here is the link -> https://developers.google.com/recaptcha/docs/display

There are even tutorials on how to setup up that might help you the ReCaptcha backup and running -> Here's just one link of many https://www.kaplankomputing.com/blog/tutorials/recaptcha-php-demo-tutorial/

Here's my code that I think is broken done pretty good (I think?) -> 

            /* The Following to get response back from Google recaptcha */
            $url = "https://www.google.com/recaptcha/api/siteverify";

            $remoteServer = filter_input(INPUT_SERVER, 'REMOTE_ADDR', FILTER_SANITIZE_URL);
            $response = file_get_contents($url . "?secret=" . PRIVATE_KEY . "&response=" . \htmlspecialchars($_POST['g-recaptcha-response']) . "&remoteip=" . $remoteServer);
            $recaptcha_data = json_decode($response);
            /* The actual check of the recaptcha */
            if (isset($recaptcha_data->success) && $recaptcha_data->success === TRUE) {
                $success = "Mail was sent!";
                $data['name'] = filter_input(INPUT_POST, 'name', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
                $data['email'] = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL);
                $data['phone'] = filter_input(INPUT_POST, 'phone', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
                $data['website'] = filter_input(INPUT_POST, 'website', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
                $data['reason'] = filter_input(INPUT_POST, 'reason', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
                $data['comments'] = filter_input(INPUT_POST, 'comments', FILTER_SANITIZE_FULL_SPECIAL_CHARS);

                $send = new Email($data);
            } else {
                $success = "You're not a human!"; // Not on a production server:
            }

 

Edited by Strider64
Grammar
Link to comment
Share on other sites

I do not get it. The only thing that has changed is an upgrade to php 7.3 from 5.6. I cannot believe this is the problem. But only thing that has changed

Your code gives the same result "You're not a human!":

 

 

<html>
  <head>
    <title>Captcha Test</title>
    <script src="https://www.google.com/recaptcha/api.js" async defer></script>
  </head>
  <body>
  <?
 	$siteKey = 'xxxx';
	$secretKey = 'xxxx';
?>
    <form action="" method="POST">
      <div class="g-recaptcha" data-sitekey="<? echo $siteKey; ?>"></div>
      <br/>
      <input type="submit" name="submit" value="Submit">
    </form>
<?
if(isset($_POST['submit']))
{
	        /* The Following to get response back from Google recaptcha */
            $url = "https://www.google.com/recaptcha/api/siteverify";

            $remoteServer = filter_input(INPUT_SERVER, 'REMOTE_ADDR', FILTER_SANITIZE_URL);
            $response = file_get_contents($url . "?secret=" . $secretKey . "&response=" . \htmlspecialchars($_POST['g-recaptcha-response']) . "&remoteip=" . $remoteServer);
            $recaptcha_data = json_decode($response);
            /* The actual check of the recaptcha */
            if (isset($recaptcha_data->success) && $recaptcha_data->success === TRUE) {
                $success = "Mail was sent!";
                $data['name'] = filter_input(INPUT_POST, 'name', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
                $data['email'] = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL);
                $data['phone'] = filter_input(INPUT_POST, 'phone', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
                $data['website'] = filter_input(INPUT_POST, 'website', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
                $data['reason'] = filter_input(INPUT_POST, 'reason', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
                $data['comments'] = filter_input(INPUT_POST, 'comments', FILTER_SANITIZE_FULL_SPECIAL_CHARS);

                $send = new Email($data);
				echo "Send Email";
            } else {
                $success = "You're not a human!"; // Not on a production server:
				echo $success;
            }
}
?>

</body>
</html>

 

Nothing makes sense (to me anyway)....

 

 

 

Link to comment
Share on other sites

10 minutes ago, WeBBy421 said:

Your code gives the same result "You're not a human!":

that's because it is using the same method and is lacking in any logging of information when the success value isn't true.

do you have php's error_reporting set to E_ALL and either log_errors set to ON or temporarily (turn off when finished) set display_errors to ON, so that php would help you?

while there's nothing php version specific in the code, there is something php configuration specific that could affect the code. allow_url_fopen is probably off (there would be php errors when the code runs.) what does a phpinfo() statement show for allow_url_fopen?

Link to comment
Share on other sites

THIS IS RIDICULOUS !!!

I had found the issue with allow_url_fopen in another post. And checked that it was on and it was.

/$ grep allow_url_fopen /usr/local/lib/php.ini
allow_url_fopen = On

Rather than ssh, decided to turn on php error reporting through cpanel WHM and in the Multiphp ini editor it said allow_url_fopen DISABLED !!!

WTF !!

Enabled and all working - dont want to even think of the hours wasted on this.

Why ssh says ON and cpanel says OFF ???

Link to comment
Share on other sites

finding a line in a php.ini file that has a value, doesn't mean that that php.ini or that line is being used (syntax errors in a php.ini stop the parsing of the following lines in the file/probably treat all the rest of the file as part of the line where the syntax error is at, w/o any error being reported), which is why i asked what a phpinfo() statement showed for the value. this is also why you need to ALWAYS have the error related settings set to report all errors and to log them on a live/public server.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.