reCaptcha is sending messages without activating the reCaptcha and last night I received over 300 messages a boot.
Help me please how to add so that only sent when the button is activated reCaptcha. Send sends works well but not activation reCaptcha.
To start contact.html within my template I have put this way:
<!-- Start formulario de contacto -->
<div class="row">
<div class="col-md-9">
<h2>Formulario de contacto</h2>
<form action="php/contact-form.php" id="contact-form">
<div class="alert alert-success hidden" id="contact-alert-success">
<strong>Mensaje enviado correctamente!</strong> Muchas gracias, pronto nos pondremos en contacto con usted, normalmente nuestro tiempo de respuesta es inferior a 2 horas.
</div>
<div class="alert alert-danger hidden" id="contact-alert-error">
<strong>Error!</strong> A sucedido un error si lo desea puede contactarnos directamente en XXXX@tize.XXXX
</div>
<div class="row">
<div class="col-md-4">
<div class="form-group">
<label>Nombre <span class="required">*</span></label>
<input type="text"
value=""
data-msg-required="Por favor introduzca su nombre"
class="form-control"
name="name" id="name">
</div>
</div>
<div class="col-md-4">
<div class="form-group">
<label>eMail <span class="required">*</span> </label>
<input type="email"
value=""
data-msg-required="Por favor introduzca su eMail"
data-msg-email="Por favor introduzca un eMail válido"
class="form-control"
name="email"
id="email">
</div>
</div>
<div class="col-md-4">
<div class="form-group">
<label>Asunto <span class="required">*</span></label>
<input type="text"
value=""
data-msg-required="Por favor introduzca el asunto"
class="form-control"
name="subject"
id="subject">
</div>
</div>
</div>
<div class="row">
<div class="col-md-12">
<div class="form-group">
<label>Mensaje <span class="required">*</span></label>
<textarea
data-msg-required="Por favor introduzca su mensaje"
rows="10"
class="form-control"
name="message"
id="message"></textarea>
</div>
</div>
</div>
<!-- Start Google Recaptcha -->
<div class="g-recaptcha" data-sitekey="6Lc88P4SAAAAANiT-ZXILUo-ET4xQmbivHy7uHc8"></div><br>
<!-- End Google Recaptcha -->
<div class="row">
<div class="col-md-12">
<input type="submit" value="Enviar mensaje" class="btn btn-primary" data-loading-text="Cargando...">
</div>
</div>
</form>
</div>
<!-- End formulario de contacto -->
And in php form to send the messages have this post with contact-form.php :
<?php
session_cache_limiter('nocache');
header('Expires: ' . gmdate('r', 0));
header('Content-type: application/json');
// Enter your email address
$to = 'XXXX@tize.XX';
$subject = $_POST['subject'];
if($to) {
$name = $_POST['name'];
$email = $_POST['email'];
$fields = array(
0 => array(
'text' => 'Name',
'val' => $_POST['name']
),
1 => array(
'text' => 'Email address',
'val' => $_POST['email']
),
2 => array(
'text' => 'Message',
'val' => $_POST['message']
)
);
$message = "";
foreach($fields as $field) {
$message .= $field['text'].": " . htmlspecialchars($field['val'], ENT_QUOTES) . "<br>
";
}
$headers = '';
$headers .= 'From: ' . $name . ' <' . $email . '>' . "
";
$headers .= "Reply-To: " . $email . "
";
$headers .= "MIME-Version: 1.0
";
$headers .= "Content-Type: text/html; charset=UTF-8
";
if (mail($to, $subject, $message, $headers)){
$arrResult = array ('response'=>'success');
} else{
$arrResult = array ('response'=>'error');
}
echo json_encode($arrResult);
} else {
$arrResult = array ('response'=>'error');
echo json_encode($arrResult);
}
?>
Picture of my form, If anyone wants to see my website please let me know and send you the link. Thank you very much. sending without activating the reCaptcha http://goo.gl/oSLQG9
1.) Using your current provided code <script src='https://www.google.com/recaptcha/api.js'></script> is missing and is required for recaptcha to work.
2.) Per Google's documentation on Re-Captcha, Google will send a response on a verified/non-verified submission in which you must use a $_GET call to evaluate the response for success / fail.
From Google Re-Captcha step 2 - server side integration:
When your users submit the form where you integrated reCAPTCHA, you'll get as part of the payload a string with the name "g-recaptcha-response". In order to check whether Google has verified that user, send a GET request with these parameters:
URL: https://www.google.com/recaptcha/api/siteverify secret(required) 6LedHvoSAAAAAN4cRa8x1FaVsKPsMrs8SGMqp4ef response(required) The value of 'g-recaptcha-response'. remoteip The end user's ip address.
In short - I don't see the required SCRIPT linking in your code provided, I also see no implementation of a $_GET call to Google re-captcha to verifiy success/failure of the re-captcha entered by the user.
Be sure you are implimenting and using the tools/directions provided directly from Google to make your integration located here:
From the code, I can't see link and declaration of private-key and public-key in it. I myself use this to handle it:
1.Place the google-recaptcha file in a directory. 2.declare on contact.php, as:
require_once('../recpatcha_google.php');
$publickey = '6LcZIfxxxxxxxxxxxxxxxxxxxxxxxxxxxx';
$privatekey = '6LcZIf8Sxxxxxxxxxxxxxxxxxxxxxxxxxxxx';
3.to check if user verify and pass the captcha:
$resp = recaptcha_check_answer ($privatekey,$_SERVER['REMOTE_ADDR'],strip_tags($_POST['recaptcha_challenge_field']),strip_tags($_POST['recaptcha_response_field']));
if (!$resp->is_valid) { //if not true ......
................
}
4.call the captcha inside your form, as:
<?php echo recaptcha_get_html($publickey); ?>
Note: Do not forget to register your site with WWW or without WWW to make sure everything runs OK.