replace random image captcha with Google reCaptcha v2

2020-08-12 19:55:48 -04:00 · 2020-08-12 19:55:48 -04:00 · e5f89165cb
parent 24af2c2a21
commit e5f89165cb
6 changed files with 28 additions and 55 deletions
--- a/captcha/background1.jpg
+++ b/captcha/background1.jpg
--- a/captcha/background2.jpg
+++ b/captcha/background2.jpg
--- a/captcha/background3.jpg
+++ b/captcha/background3.jpg
--- a/captcha/background4.jpg
+++ b/captcha/background4.jpg
--- a/captcha/randomimage.php
+++ b/captcha/randomimage.php
@ -1,52 +0,0 @@
-<?php
-session_start();
-
-// make a string with all the characters that we 
-// want to use as the verification code
-$alphanum  = "ABCDEFGHJKMNPQRSTUVWXYZ23456789";
-
-// generate the verication code 
-$rand = substr(str_shuffle($alphanum), 0, 5);
-
-// choose one of four background images
-$bgNum = rand(1, 4);
-
-// create an image object using the chosen background
-$image = imagecreatefromjpeg("background$bgNum.jpg");
-
-$textColor = imagecolorallocate ($image, 0, 0, 0); 
-
-// write the code on the background image
-imagestring ($image, 5, 5, 8,  $rand, $textColor); 
-	
-
-// create the hash for the verification code
-// and put it in the session
-$_SESSION['image_random_value'] = md5($rand);
-	
-// send several headers to make sure the image is not cached	
-// taken directly from the PHP Manual
-	
-// Date in the past 
-header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); 
-
-// always modified 
-header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); 
-
-// HTTP/1.1 
-header("Cache-Control: no-store, no-cache, must-revalidate"); 
-header("Cache-Control: post-check=0, pre-check=0", false); 
-
-// HTTP/1.0 
-header("Pragma: no-cache"); 	
-
-
-// send the content type header so the image is displayed properly
-header('Content-type: image/jpeg');
-
-// send the image to the browser
-imagejpeg($image);
-
-// destroy the image to free up the memory
-imagedestroy($image);
-?>
--- a/sendform.php
+++ b/sendform.php
@ -15,6 +15,10 @@
 	// $referals is a list of web site domains seperated by commas.  Only requests originating from
 	// these domains will be processed.
 	$referals = "domain.com";
+	
+	// Google reCaptcha v2 secret. Obtain your key from https://www.google.com/recaptcha/admin/create
+	// Enter your secret key below and be sure to integrate reCaptcha into your site with your site key.
+	$reCaptchaSecret = "";

 	// $excludeFields is a list of field names seperated by commas.  Field names listed here will not
 	// be included in the resulting email of this script.
@ -76,9 +80,30 @@

 	$theDomain = getdomain($_SERVER['HTTP_REFERER']);
 	checkreferal();
-	if(isset($_SESSION['image_random_value']) && strcasecmp(md5(strtoupper($_REQUEST['verification'])), $_SESSION['image_random_value']) != 0) {
-		die("Verification box did not match image");
-	}
+	
+	// Google reCaptcha v2
+	if(isset($reCaptchaSecret)){
+		if(isset($_POST['g-recaptcha-response'])) $captcha=$_POST['g-recaptcha-response'];
+		else errormsg("Verification failed. Please try again.");
+		
+		// post request to server
+        $url = 'https://www.google.com/recaptcha/api/siteverify?secret=' . urlencode($reCaptchaSecret) .  '&response=' . urlencode($captcha);
+        $ch = curl_init();
+
+		curl_setopt($ch, CURLOPT_AUTOREFERER, TRUE);
+		curl_setopt($ch, CURLOPT_HEADER, 0);
+		curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+		curl_setopt($ch, CURLOPT_URL, $url);
+		curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);       
+
+		$response = curl_exec($ch);
+		curl_close($ch);
+        
+        $responseKeys = json_decode($response,true);
+        // should return JSON with success as true
+        if(!$responseKeys["success"]) errormsg("Verification failed. Please try again.");
+    }
+    
 	checkrequired();
 	if(!validemail($defaultFrom) && !isset($_POST['email'])) bademail($defaultFrom);
 	fillrecipients();