如何在伺服器端驗證 Google reCAPTCHA v3?
P粉904191507
2023-08-27 16:48:47
<p>我剛剛設定了帶有複選框的新Google驗證碼,它在前端工作正常,但我不知道如何使用 PHP 在伺服器端處理它。我嘗試使用下面的舊程式碼,但即使驗證碼無效,表單也會發送。 </p>
<pre class="brush:php;toolbar:false;">require_once('recaptchalib.php');
$privatekey = "my key";
$resp = recaptcha_check_answer ($privatekey,
$_SERVER["REMOTE_ADDR"],
$_POST["recaptcha_challenge_field"],
$_POST["recaptcha_response_field"]);
if (!$resp->is_valid) {
$errCapt='<p style="color:#D6012C ">The CAPTCHA Code wasnot entered correctly.</p>';}</pre>
<p><br /></p>
私鑰安全性
雖然這裡的答案肯定有效,但它們使用
GET請求,這會暴露您的私鑰(即使使用https)。在 Google Developers 上,指定的方法是POST#。更多詳細資訊:https://stackoverflow.com/a/323286/1680919
#透過 POST 驗證
function isValid() { try { $url = 'https://www.google.com/recaptcha/api/siteverify'; $data = ['secret' => '[YOUR SECRET KEY]', 'response' => $_POST['g-recaptcha-response'], 'remoteip' => $_SERVER['REMOTE_ADDR']]; $options = [ 'http' => [ 'header' => "Content-type: application/x-www-form-urlencoded\r\n", 'method' => 'POST', 'content' => http_build_query($data) ] ]; $context = stream_context_create($options); $result = file_get_contents($url, false, $context); return json_decode($result)->success; } catch (Exception $e) { return null; } }陣列語法:我使用「新」陣列語法(
[和]而不是array(..))。如果您的 php 版本尚未支援此功能,您將必須相應地編輯這 3 個陣列定義(請參閱評論)。傳回值:如果使用者有效,則此函數傳回
來使用它true;如果無效,則傳回false;如果使用者有效,則傳回null如果發生錯誤。例如,您可以簡單地透過編寫if (isValid()) { ... }這是解決方案
index.html
<html> <head> <title>Google recapcha demo - Codeforgeek</title> <script src='https://www.google.com/recaptcha/api.js'></script> </head> <body> <h1>Google reCAPTHA Demo</h1> <form id="comment_form" action="form.php" method="post"> <input type="email" placeholder="Type your email" size="40"><br><br> <textarea name="comment" rows="8" cols="39"></textarea><br><br> <input type="submit" name="submit" value="Post comment"><br><br> <div class="g-recaptcha" data-sitekey="=== Your site key ==="></div> </form> </body> </html>驗證.php
<?php $email; $comment; $captcha; if(isset($_POST['email'])) $email=$_POST['email']; if(isset($_POST['comment'])) $comment=$_POST['comment']; if(isset($_POST['g-recaptcha-response'])) $captcha=$_POST['g-recaptcha-response']; if(!$captcha){ echo '<h2>Please check the the captcha form.</h2>'; exit; } $response = json_decode(file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=YOUR SECRET KEY&response=".$captcha."&remoteip=".$_SERVER['REMOTE_ADDR']), true); if($response['success'] == false) { echo '<h2>You are spammer ! Get the @$%K out</h2>'; } else { echo '<h2>Thanks for posting comment.</h2>'; } ?>http://codeforgeek.com/2014/12/google-recaptcha-tutorial /
#