FORUMS


Hello There, Guest! Register


Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Google Recaptcha
#1
Formtools Recaptcha is out of date because Google owns/runs Recaptcha now.  I hacked it in for a simple posted form without the api totally integrated, if anyone is interested in the code.
Reply
#2
Yeah! Can you post what you did? Would love to get it running on a few of my forms.
Reply
#3
Ok,

1)  After you create a recaptcha account with google using the Recaptcha 2.0 method,  For the Google Recaptcha on your webpage just use google's code (not the formtools api)

2)  Make sure the api is installed as per formtools documentation

3)  Change in the process.php and the api.php  any mention of   the challenge field to "g-recaptcha-response"  which is what google passes instead of recaptcha's

For instance:  if (isset($g_api_version) && isset($form_data["g-recaptcha-response"]))

4)   Put the private and the public key in the correct places in formtools documentation

5) change the recaptcha check answer function to:  

function recaptcha_check_answer ($privkey, $remoteip, $challenge){

if ($privkey == null || $privkey == '') {
die ("To use reCAPTCHA you must get an API key from Recaptcha");
}

if  ($remoteip == null || $remoteip == '') {
die ("For security reasons, you must pass the remote ip to reCAPTCHA");
}


         //error_log($challenge, 0, "formtools/error_log.txt");
       //discard spam submissions
       if ($challenge == null || strlen($challenge) == 0) {
               $recaptcha_response = new ReCaptchaResponse();
               $recaptcha_response->is_valid = false;
               $recaptcha_response->error = 'incorrect-captcha-sol';
               return $recaptcha_response;
       }
               

$url="https://www.google.com/recaptcha/api/siteverify";
$result = file_get_contents($url."?secret=".$privkey."&response=".$challenge."&remoteip=".$remoteip);
//error_log($result, 0, "formtools/error_log.txt");
               

       
       
       $recaptcha_response = new ReCaptchaResponse();

       if ($result['success'] == "true" || $result['success'] == 1  || $result['success'] == TRUE) {
               //error_log("true", 0 , "formtools/error_log.txt");
               $recaptcha_response->is_valid = true;
       }
       else {
               $recaptcha_response->is_valid = false;
               $recaptcha_response->error = $result[1];
       }
       return $recaptcha_response;

}


Last change the function call in process php to:

recaptcha_check_answer($g_api_recaptcha_private_key, $_SERVER["REMOTE_ADDR"], $recaptcha_challenge_field);
(you may need to do this in the api as well)

It works for me
Reply
#4
Also you may need to add the php suggested in the tutorial at the top of your page and the error php around your form as suggested in the tutorial
Reply
#5
hmm sounds nice i guess
Leeroy Jenkins...
Reply
#6
Thanks!! I'll try that out as soon as I get a chance, and report back.
Reply
#7
Sad 
Thanks for your post, it seems there aren't many people using FT and Google reCaptcha or else there are but their methodology is a closely guarded secret. Clearly I'm missing something (some brain cells perhaps). I have followed your instructions, to the letter I think. My form.php has, above the <html> tag, from the FT docs:
PHP Code:
<?php
require_once("formtools/global/api/api.php");
ft_api_start_sessions();
$fields = isset($_SESSION["form_tools_form_data"]) ?
 
 ft_strip_tags($_SESSION["form_tools_form_data"]) : array();
?>
The <HEAD> section has, just before the closing </HEAD>:
Code:
<script src="https://www.google.com/recaptcha/api.js" async defer></script>
Form declaration is:
Code:
<form action="http://eagletaxicabs.co.za/formtools/process.php" method="post">
Immediately below that I have:
PHP Code:
<?php ft_api_display_post_form_captcha_error(); ?>
At the bottom of the form, immediately before the submit button I have (data-sitekey obfuscated):
Code:
<div class="g-recaptcha" data-sitekey="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"></div>
The /formtools/global/config.php contains (keys obfuscated):
PHP Code:
// recaptcha keys
$g_api_recaptcha_private_key "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
$g_api_recaptcha_public_key "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
I know this is probably pointless but I modified the api.php call in process.php, commented out the include and replaced it with a require as per the FT docs:
PHP Code:
// if the API is supplied, include it as well
$folder dirname(__FILE__);
//@include_once("$folder/global/api/api.php");
require_once("$folder/global/api/api.php"); 
I modified the recaptcha_check_answer function calls in process.php and api.php to:
PHP Code:
$resp recaptcha_check_answer($g_api_recaptcha_private_key$_SERVER["REMOTE_ADDR"], $recaptcha_challenge_field); 
I commented out the original recaptcha_check_answer function in recaptchalib.php and replaced it with:
PHP Code:
function recaptcha_check_answer ($privkey$remoteip$challenge){

if (
$privkey == null || $privkey == '') {
die (
"To use reCAPTCHA you must get an API key from Recaptcha");
}

if 
 ($remoteip == null || $remoteip == '') {
die (
"For security reasons, you must pass the remote ip to reCAPTCHA");
}


 
        //error_log($challenge, 0, "formtools/error_log.txt");
 
      //discard spam submissions
 
      if ($challenge == null || strlen($challenge) == 0) {
 
              $recaptcha_response = new ReCaptchaResponse();
 
              $recaptcha_response->is_valid false;
 
              $recaptcha_response->error 'incorrect-captcha-sol';
 
              return $recaptcha_response;
 
      }
 
              

$url
="https://www.google.com/recaptcha/api/siteverify";
$result file_get_contents($url."?secret=".$privkey."&response=".$challenge."&remoteip=".$remoteip);
//error_log($result, 0, "formtools/error_log.txt");
 
              

       
       
       $recaptcha_response 
= new ReCaptchaResponse();

 
      if ($result['success'] == "true" || $result['success'] == 1  || $result['success'] == TRUE) {
 
              //error_log("true", 0 , "formtools/error_log.txt");
 
              $recaptcha_response->is_valid true;
 
      }
 
      else {
 
              $recaptcha_response->is_valid false;
 
              $recaptcha_response->error $result[1];
 
      }
 
      return $recaptcha_response;


...even kept your comments and formatting.
The form page loads correctly and I see the reCaptcha widget, which behaves as expected. The problem is that if I hit submit without having touched the reCaptcha, I don't get any error and the form is submitted as it would normally be. I don't think I have a PHP compiler/debugger with which to step through the code and troubleshoot. Am I missing something? Any help greatly appreciated. TIA
Time flies like an arrow...fruit flies like a banana
Reply
#8
You can uncomment the logging error line with the $challenge variable and see what it's sending with nothing clicked.

My customer eventually wanted to not have it processed unless it was clicked so I put this code in the header of the same page using the validation script provided through formtools. This takes care of the same problem from another direction.


<script type="text/javascript" src="http://archival.com/formtools/global/scripts/rsv.js"></script>

<script type="text/javascript">

var rules = [];

rules.push("required,first_name,Please enter your first name.");

rules.push("required,last_name,Please enter your last name.");

rules.push("required,email,Please enter your email address.");

rules.push("valid_email,email,Please enter a valid email address.");

rules.push("required,city,Please enter your city.");

rules.push("required,state,Please enter your state.");

rules.push("required,zip,Please enter your ZIP.");
rules.push("required,g-recaptcha-response,Please fill out the Recaptcha.");

rules.push("required,address,Please enter your address.");

// *IMPORTANT!* these lines are required if you're using the rsv.js file that's bundled

// with Form Tools. They reset the custom options used throughout the main Form Tools

// script that won't be needed for your own forms

rsv.errorFieldClass = null;

rsv.displayType = "alert-all";

rsv.customErrorHandler = null;

</script>
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)