Thanks for your post, it seems there aren't many people using FT and Google reCaptcha or else there are but their methodology is a closely guarded secret. Clearly I'm missing something (some brain cells perhaps). I have followed your instructions, to the letter I think. My form.php has, above the <html> tag, from the FT docs:
The <HEAD> section has, just before the closing </HEAD>:
Form declaration is:
Immediately below that I have:
At the bottom of the form, immediately before the submit button I have (data-sitekey obfuscated):
The /formtools/global/config.php contains (keys obfuscated):
I know this is probably pointless but I modified the api.php call in process.php, commented out the include and replaced it with a require as per the FT docs:
I modified the recaptcha_check_answer function calls in process.php and api.php to:
I commented out the original recaptcha_check_answer function in recaptchalib.php and replaced it with:
...even kept your comments and formatting.
The form page loads correctly and I see the reCaptcha widget, which behaves as expected. The problem is that if I hit submit without having touched the reCaptcha, I don't get any error and the form is submitted as it would normally be. I don't think I have a PHP compiler/debugger with which to step through the code and troubleshoot. Am I missing something? Any help greatly appreciated. TIA
PHP Code:
<?php
require_once("formtools/global/api/api.php");
ft_api_start_sessions();
$fields = isset($_SESSION["form_tools_form_data"]) ?
ft_strip_tags($_SESSION["form_tools_form_data"]) : array();
?>Code:
<script src="https://www.google.com/recaptcha/api.js" async defer></script>Code:
<form action="http://eagletaxicabs.co.za/formtools/process.php" method="post">PHP Code:
<?php ft_api_display_post_form_captcha_error(); ?>Code:
<div class="g-recaptcha" data-sitekey="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"></div>PHP Code:
// recaptcha keys
$g_api_recaptcha_private_key = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
$g_api_recaptcha_public_key = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
PHP Code:
// if the API is supplied, include it as well
$folder = dirname(__FILE__);
//@include_once("$folder/global/api/api.php");
require_once("$folder/global/api/api.php");
PHP Code:
$resp = recaptcha_check_answer($g_api_recaptcha_private_key, $_SERVER["REMOTE_ADDR"], $recaptcha_challenge_field);
PHP Code:
function recaptcha_check_answer ($privkey, $remoteip, $challenge){
if ($privkey == null || $privkey == '') {
die ("To use reCAPTCHA you must get an API key from Recaptcha");
}
if ($remoteip == null || $remoteip == '') {
die ("For security reasons, you must pass the remote ip to reCAPTCHA");
}
//error_log($challenge, 0, "formtools/error_log.txt");
//discard spam submissions
if ($challenge == null || strlen($challenge) == 0) {
$recaptcha_response = new ReCaptchaResponse();
$recaptcha_response->is_valid = false;
$recaptcha_response->error = 'incorrect-captcha-sol';
return $recaptcha_response;
}
$url="https://www.google.com/recaptcha/api/siteverify";
$result = file_get_contents($url."?secret=".$privkey."&response=".$challenge."&remoteip=".$remoteip);
//error_log($result, 0, "formtools/error_log.txt");
$recaptcha_response = new ReCaptchaResponse();
if ($result['success'] == "true" || $result['success'] == 1 || $result['success'] == TRUE) {
//error_log("true", 0 , "formtools/error_log.txt");
$recaptcha_response->is_valid = true;
}
else {
$recaptcha_response->is_valid = false;
$recaptcha_response->error = $result[1];
}
return $recaptcha_response;
}
The form page loads correctly and I see the reCaptcha widget, which behaves as expected. The problem is that if I hit submit without having touched the reCaptcha, I don't get any error and the form is submitted as it would normally be. I don't think I have a PHP compiler/debugger with which to step through the code and troubleshoot. Am I missing something? Any help greatly appreciated. TIA
Time flies like an arrow...fruit flies like a banana